Solving Blue Screen Crashes

1. Blue screens are caused by faulty hardware or faulty hardware drivers.
2.  
3.  
4.  
5. To See if a Fix is Available
6.  
7. In Control Panel (and select Classic view in the left hand pane) choose Problem Reports and Solutions (type problem in Start's search box), go to Problem History, right click your error and choose Check For Solution. You may also right click and choose Details for more info. Post those details here.
8.  
9.  
10.  
11. To See if a Recent System Change Caused It
12.  
13. In Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then choose Reliability and Performance Monitor and choose Monitoring Tools then Reliability Monitor (type Reliability in search on Start) . This list is a chart of software installs, uninstalls, Windows updates, and crashes by date (scroll left to see earlier dates). See if your crashes started happening after you installed or uninstalled something.
14.  
15.  
16. Standard Hardware Troubleshooting
17.  
18.  
19. First lets test what hardware we can. Hardware faults can appear as many software faults, therefore we need to test hardware first..
20.  
21. Please do the following in order. Memory faults can cause disk corruption, disk faults can cause disk corruption. Disk corruption causes corrupted files (which SFC may be able to fix). If you get an hardware error stop and post back. Do not run chkdsk with faulty memory.
22.  
23.  
24. Memory Diagnostic
25. If you haven't run a memory diagnostic then please do so. Click Start - Control Panel - choose Classic View in left hand pane - choose Administrative Tools - then Memory Diagnostics Tool.
26.  
27. S.M.A.R.T
28. Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
29.  
30. Disk drives in Windows monitor themselves for impending failure. The feature is called S.M.A.R.T. It will detect impending failure 30% of the time. In an elevated command prompt type (it's one line)
31.  
32. wmic /namespace:\\root\wmi PATH MSStorageDriver_FailurePredictStatus get active,predictfailure,reason /format:List
33.  
34. If it's on Active will be true, if not on turn it on in the computer's BIOS.
35.  
36. Predict Failure should be False if everything's ok. There are two reasons.
37.  
38. 0 Unknown
39. 255 Test - Not a failure
40.  
41.  
42. In Vista and later if SMART predicts failure Windows prompts the user to run Backup.
43.  
44. Run Chkdsk
45. In Computer right click all your drives and choose Properties, then Tools tab, then click Check Now. Tick BOTH checkboxes then Start. Reboot. This will take overnight.
46.  
47.  
48. SFC
49. Check for file corruption by clicking Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
50.  
51. sfc /scannow
52.  
53. Heat
54. Heat can cause problems like this and also sudden reboots without crashing. Ensure your fans are not clogged with dust.
55.  
56. Processor (CPU)
57. Intel has a utility to check processors.
58.  
59. 32 Bit Windows
60. https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19791
61.  
62. 64Bit Bit Windows
63. https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19792
64.  
65.  
66. For Memory Diagnostic Results
67. Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at Event Viewer (Local) - Applications and Services - Microsoft - Windows - MemoryDiagnostic-Results for entries.
68.  
69. Look for EventID is 1201 or 1101 and Source is MemoryDiagnostic-Results
70.  
71. Double click the entry for details on that entry.
72.  
73. For Chkdsk Results
74.  
75. Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
76.  
77. edit c:\bootex.log
78.  
79. Does this file exist with something in it?
80.  
81. The following commands query the event logs.
82.  
83. For boot time checking using source name for any Windows version (as it varies).
84.  
85. wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Autocheck' or sourcename='Winlogon' or sourcename='WinInit') get /format:HForm
86.  
87. For running chkdsk within Windows.
88.  
89. wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Chkdsk') get /format:HForm
90.  
91.  
92. For warnings about disk problems detected during normal operations and automatic repairs made by Windows at the time the problems were discovered.
93.  
94. wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='NTFS' or Sourcename='Disk') get /format:HForm
95.  
96. Then to view the file created.
97.  
98. start "" "%userprofile%\desktop\DiskEvents.html"
99.  
100. Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at both the Application and System logs (under Windows Logs) for entries.
101.  
102. Look for EventID is 7 and Source is Disk
103. Look for EventID is 11 and Source is Disk
104. Look for EventID is 50 and Source is Disk
105. Look for EventID is 51 and Source is Disk
106. Look for EventID is 52 and Source is Disk
107. Look for EventID is 55 and Source is NTFS
108. Look for EventID is 130 and Source is NTFS
109. Look for EventID is 134 and Source is NTFS
110. Look for EventID is 137 and Source is NTFS
111. Look for EventID is 1001 and Source is Autochk
112. Look for EventID is 1001 and Source is Winlogon
113. Look for EventID is 1001 and Source is WinInit
114. Look for EventID is 1001 and Source is Chkdsk
115. Look for EventID is 26212 and Source is Chkdsk
116.  
117. Look for EventID is 26213 and Source is Chkdsk
118. Look for EventID is 26214 and Source is Chkdsk
119.  
120. Double click the entry for details on that entry.
121.  
122. P.S. 7 and 55 are the auto repair codes where windows repairs disk errors silently on the fly. 52 is the SMART warning.
123.  
124. If the results don't get transferred to the event logs from a boot time chkdsk then the results are probably in the following file c:\Bootex.log. This file gets deleted when the results are moved into the event logs.
125.  
126. For SFC Results
127. Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
128.  
129. findstr /c:"[SR] Cannot" %windir%\logs\cbs\cbs.log|more
130.  
131. This will see which files are corrupted.
132.  
133. To see if it did anything
134.  
135. findstr /c:"[SR] Repairing" %windir%\logs\cbs\cbs.log|more
136.  
137. There are frequent false positives for small text files Windows uses such as desktop.ini and settings.ini. Also due to an update .mof files starting with wd may also be flagged. Ignore these.
138.  
139.  
140. --------------------------------------------------------------------------------
141.  
142.  
143. Dump Files
144.  
145. Dump files are files containing the state of the machine when it crashed. We can analyse the file to identify the driver (or program) causing the crash. See the last section on how to get them analysed by a volunteer.
146.  
147. Analyse Dump Files
148. If you want to analyse your own dump files.
149.  
150. You need to start Explorer as Administrator to access the files in C:\windows\Minidump. Right click Explorer and choose Run As Administrator.
151.  
152. Download and install Debugging Tools for Windows
153.  
154. http://msdn.microsoft.com/en-us/windows/hardware/hh852363
155.  
156. Install theWindows SDK but just choose the debugging tools.
157.  
158. Create a folder called Symbols in C:\
159.  
160. Start Windbg. File menu - Symbol File Path and enter
161.  
162. srv*C:\symbols*http://msdl.microsoft.com/download/symbols
163.  
164. Close and reopen WinDbg. File menu - Open Crash Dump
165.  
166. This will analyse the crash dump. You need to close and reopen WinDbg for each dump file analysed. Because you are downloading symbols from the internet WinDbg will appear to be doing nothing. But it's downloading. Be patient.
167.  
168. You are looking for a driver or system library that the crash occurred in at the end of the listing. Find the file, right click then Properties - Details tab. If it shows a driver you'll need to update the driver identified. Most drivers are in c:\windows\system32\drivers.
169.  
170. Search the Drive for a File.
171. Click Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type replacing drivername.sys with the name of the file being searched (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
172.  
173.  
174. dir c:\drivername.sys /a /s
175.  
176.  
177. If it shows a system file see if you can get a program from analyze -v.
178.  
179. Type in theWinDbg command prompt
180.  
181. !analyze -v
182.  
183. -v stands for Verbose and if the crash was originated by a program, as opposed to hardware or a driver, it will appear in the middle of the listing.
184.  
185. eg
186.  
187. PROCESS_NAME: java.exe
188. IMAGE_NAME: ntkrnlmp.exe
189.  
190. PROCESS_NAME only appears in the analyze -v output and only if a program originated the call that faulted.
191.  
192.  
193. --------------------------------------------------------------------------------
194.  
195.  
196. Upload Them for Analysis
197.  
198. Or upload the minidump files to your Public folder on Skydrive and copy the link from the address bar and I'll analyse them.
199.  
200. Skydrive is Microsoft's Windows Live file upload site at https://skydrive.live.com/. Read about it at http://explore.live.com/skydrive.
201.  
202. If you have downloaded any of the Live applications or have a web based Live mail account you already have access to your Skydrive.
203.  
204. Put your event list in the Public folder and copy the link from the address bar.
205.  
206. .
207. --