7/28: Added step 10, registry swap.
8/4: Clarification of steps.
8/14: Added step 11, please give me the URL to your post with the problem so we can all learn from it.
8/17: Emphasis added on driver updates and Windows updates. Get them all. Update them all. Install them all. This ONE step solves many problems! Oh, and added BIOS updates note for Intel hyperthreaded systems.
9/5: Added how-to-fix-minor-registry-issues.
I thought it would be wise to post a few specific steps (that perhaps I and others can refer back to) in troubleshooting Windows blue screens of death, or BSODs (or reboots, since most have the autoreboot turned on.) These are the steps I take; others might use something a bit different.
Here are a few that I recommend everyone who sends me a dump use:
**** If you read nothing else, read step 1 completely ****
1. If your machine is rebooting, before you do anything else, visit Windows Update and get all (*all*) updates (yes, ALL - critical, non-critical, and drivers - even if it has nothing to do with your problem - Yes, this DOES mean to upgrade to Service Pack 2 if you can!) Then go to your vendor (graphics, network, motherboard chipset, sound card, etc.) and update all those drivers...yep, all of them! This step - updating audio, video, NIC, & Microsoft Windows software, etc. - solves most problems right here! And get the latest BIOS update - particularly if you're using a system with Intel hyperthreaded CPUs. Finally, it should go without saying - normally clock your machine. No overclocking!
This is always the baseline; dumps made before this point don't count.
2. Send me the .CAB file that is generated when running MPS Reports. Get MPS Reports from here: http://download.microsoft.com/...6/MPSRPT_SETUPPerf.EXE (all in one line). Say 'yes' to the questions about EULA and MSINFO32. Run this in normal mode if you can, safe mode if you can't otherwise boot.
3. If you suspect a virus, boot in safe mode and run MSINFO32. Go to the FILE menu (the leftmost menu) and SAVE a System Information report (.NFO file) and send the NFO file to me. Various OSs have slightly different wording. Win2000, XP, and 2003 all have this utility. Also, if you can pop out your hard drive and plug it in another machine that works successfully and scan it for viruses from that other machine, do so.
4. If your machine is rebooting, right-click on My Computer, Properties, Advanced Tab, Startup & Shutdown button, and ensure the Mini or Small dump is selected. Turn off the auto-reboot checkbox. When a dump / BSOD happens, send me the dump from that date and time. You'll find the dump in c:\windows\minidump. Please only send it if you have *already* done the steps above, and send only the dumps made *after* you made the other changes listed above.
So, now try to reproduce the problem, and get a memory dump, and then mail it to me.
5. I do my best to give timely, accurate information. I'll also try to tell you if I don't have any ideas. If your dumps are a STOP 50 here, a 235 there, and a 7F there, for example, then it's likely it is hardware. (In other words, totally random dumps, and lots of them, are typically hardware.) If your dump is consistently the same, it is more likely I'll be able to give you something accurate. There are a few others on here that are vastly better than I at reading dumps, and perhaps they'll be able to help too, so make your case known and clearly ask for help in a new post.
6. If you've made any changes prior to the dump happening (for example, installed a new software package or driver) please clearly state that. If you've done any troubleshooting steps already, say so. However, if you just changed something and it reboots, logic says it's the new change that's the problem, so try removing the change first.
7. If SAFE MODE (reboot, hit F8 prior to Windows loading, select SAFE MODE) works, then you can use MSCONFIG to hide all Microsoft services, and turn everything else off, then boot in normal mode. If that works, then turn on a service (one or two at a time) until you can isolate the problem.
8. If you just ran WayCoolRegistryEnhancingProgram and it changed something in your registry so you can no longer boot, try LastKnownGood. Hit F8 when you boot (prior to Windows loading) and select LastKnownGood. You might now be able to boot successfully, and if you can fully log in, that will overwrite your previously bad registry changes.
9. Sometimes I ask for a registry file. To send a copy of the registry, run NTBACKUP (installed by default in 2003, 2000, and XP Pro; available on the XP Home CD), select the option to back up the System State (it's found under My Computer, under the drive letters, from within NTBACKUP), tell it to save to the C:\backup.bkf file, and start the backup. Then delete that backup.bkf file (or save it if you like), and send me the SYSTEM and SOFTWARE files found in c:\windows\repair directory (or c:\windows\repair\regback if it's a Windows 2000 system). That will let me see what is installed on the system. The files can be large; WinRAR (www.rarsoft.com) will let you segment these files into smaller chunks if necessary.
10. Finally, one handy way to troubleshoot if the issue concerns the registry or your Windows files (excluding hardware) is, via recovery console, to make a backup copy of (sam|software|system|security) files found in c:\windows\system32\config (perhaps making a new directory in there called backup) and then copying those same files from c:\windows\repair to c:\windows\system32\config. This makesyour original registry (or the registry you had from your last NTBACKUP of the system state) the 'active' registry. If this works, you can determine that it's a problem with the registry. If this does not work and still reboots, etc, then you can determine the issue is likely a problem with files on the system....but if it works, you can now edit your previous registry, turn off auto-reboots, and more.
11. If you're having a bluescreen problem, I'm happy to help, but I do need to ask you that you make a new topic on AnandTech's forums, post the problem you're having, when it happens, any patterns that you see, etc., and then mail me the URL to that new topic you've made plus the MPS Reports information (the .CAB file) and the minidumps you've got, plus your AnandTech alias. The new topic allows everyone to see and comment on the problem, and it allows everyone to try to help find a solution - and everyone gets to learn when a solution is found.
12. Registry problems? Fix minor registry problems with chkreg (see www.microsoft.com for this download, but it will take 6 floppies - bleh) or by doing the following: 1. Perform a parallel install of Windows XP or later to another disk or directory. 2. Install (in the case of XP) SP1 or SP2; at least SP1 is required. 3. Start/Run/RegEdit, highlight/select HKey Local Machine, click FileMenu-LoadHive, and navigate to (the partition that contains the bad Windows registry):\windows\system32\config\ and load, one by one, the software, sam, security, and system hives. Each will prompt for a name; give each a name. If any problems are found, you'll be told, and minor problems will be fixed automatically. Then you can reboot and see if you can load the original Windows installation.
Thoughts?
8/4: Clarification of steps.
8/14: Added step 11, please give me the URL to your post with the problem so we can all learn from it.
8/17: Emphasis added on driver updates and Windows updates. Get them all. Update them all. Install them all. This ONE step solves many problems! Oh, and added BIOS updates note for Intel hyperthreaded systems.
9/5: Added how-to-fix-minor-registry-issues.
I thought it would be wise to post a few specific steps (that perhaps I and others can refer back to) in troubleshooting Windows blue screens of death, or BSODs (or reboots, since most have the autoreboot turned on.) These are the steps I take; others might use something a bit different.
Here are a few that I recommend everyone who sends me a dump use:
**** If you read nothing else, read step 1 completely ****
1. If your machine is rebooting, before you do anything else, visit Windows Update and get all (*all*) updates (yes, ALL - critical, non-critical, and drivers - even if it has nothing to do with your problem - Yes, this DOES mean to upgrade to Service Pack 2 if you can!) Then go to your vendor (graphics, network, motherboard chipset, sound card, etc.) and update all those drivers...yep, all of them! This step - updating audio, video, NIC, & Microsoft Windows software, etc. - solves most problems right here! And get the latest BIOS update - particularly if you're using a system with Intel hyperthreaded CPUs. Finally, it should go without saying - normally clock your machine. No overclocking!
This is always the baseline; dumps made before this point don't count.
2. Send me the .CAB file that is generated when running MPS Reports. Get MPS Reports from here: http://download.microsoft.com/...6/MPSRPT_SETUPPerf.EXE (all in one line). Say 'yes' to the questions about EULA and MSINFO32. Run this in normal mode if you can, safe mode if you can't otherwise boot.
3. If you suspect a virus, boot in safe mode and run MSINFO32. Go to the FILE menu (the leftmost menu) and SAVE a System Information report (.NFO file) and send the NFO file to me. Various OSs have slightly different wording. Win2000, XP, and 2003 all have this utility. Also, if you can pop out your hard drive and plug it in another machine that works successfully and scan it for viruses from that other machine, do so.
4. If your machine is rebooting, right-click on My Computer, Properties, Advanced Tab, Startup & Shutdown button, and ensure the Mini or Small dump is selected. Turn off the auto-reboot checkbox. When a dump / BSOD happens, send me the dump from that date and time. You'll find the dump in c:\windows\minidump. Please only send it if you have *already* done the steps above, and send only the dumps made *after* you made the other changes listed above.
So, now try to reproduce the problem, and get a memory dump, and then mail it to me.
5. I do my best to give timely, accurate information. I'll also try to tell you if I don't have any ideas. If your dumps are a STOP 50 here, a 235 there, and a 7F there, for example, then it's likely it is hardware. (In other words, totally random dumps, and lots of them, are typically hardware.) If your dump is consistently the same, it is more likely I'll be able to give you something accurate. There are a few others on here that are vastly better than I at reading dumps, and perhaps they'll be able to help too, so make your case known and clearly ask for help in a new post.
6. If you've made any changes prior to the dump happening (for example, installed a new software package or driver) please clearly state that. If you've done any troubleshooting steps already, say so. However, if you just changed something and it reboots, logic says it's the new change that's the problem, so try removing the change first.
7. If SAFE MODE (reboot, hit F8 prior to Windows loading, select SAFE MODE) works, then you can use MSCONFIG to hide all Microsoft services, and turn everything else off, then boot in normal mode. If that works, then turn on a service (one or two at a time) until you can isolate the problem.
8. If you just ran WayCoolRegistryEnhancingProgram and it changed something in your registry so you can no longer boot, try LastKnownGood. Hit F8 when you boot (prior to Windows loading) and select LastKnownGood. You might now be able to boot successfully, and if you can fully log in, that will overwrite your previously bad registry changes.
9. Sometimes I ask for a registry file. To send a copy of the registry, run NTBACKUP (installed by default in 2003, 2000, and XP Pro; available on the XP Home CD), select the option to back up the System State (it's found under My Computer, under the drive letters, from within NTBACKUP), tell it to save to the C:\backup.bkf file, and start the backup. Then delete that backup.bkf file (or save it if you like), and send me the SYSTEM and SOFTWARE files found in c:\windows\repair directory (or c:\windows\repair\regback if it's a Windows 2000 system). That will let me see what is installed on the system. The files can be large; WinRAR (www.rarsoft.com) will let you segment these files into smaller chunks if necessary.
10. Finally, one handy way to troubleshoot if the issue concerns the registry or your Windows files (excluding hardware) is, via recovery console, to make a backup copy of (sam|software|system|security) files found in c:\windows\system32\config (perhaps making a new directory in there called backup) and then copying those same files from c:\windows\repair to c:\windows\system32\config. This makesyour original registry (or the registry you had from your last NTBACKUP of the system state) the 'active' registry. If this works, you can determine that it's a problem with the registry. If this does not work and still reboots, etc, then you can determine the issue is likely a problem with files on the system....but if it works, you can now edit your previous registry, turn off auto-reboots, and more.
11. If you're having a bluescreen problem, I'm happy to help, but I do need to ask you that you make a new topic on AnandTech's forums, post the problem you're having, when it happens, any patterns that you see, etc., and then mail me the URL to that new topic you've made plus the MPS Reports information (the .CAB file) and the minidumps you've got, plus your AnandTech alias. The new topic allows everyone to see and comment on the problem, and it allows everyone to try to help find a solution - and everyone gets to learn when a solution is found.
12. Registry problems? Fix minor registry problems with chkreg (see www.microsoft.com for this download, but it will take 6 floppies - bleh) or by doing the following: 1. Perform a parallel install of Windows XP or later to another disk or directory. 2. Install (in the case of XP) SP1 or SP2; at least SP1 is required. 3. Start/Run/RegEdit, highlight/select HKey Local Machine, click FileMenu-LoadHive, and navigate to (the partition that contains the bad Windows registry):\windows\system32\config\ and load, one by one, the software, sam, security, and system hives. Each will prompt for a name; give each a name. If any problems are found, you'll be told, and minor problems will be fixed automatically. Then you can reboot and see if you can load the original Windows installation.
Thoughts?
Facebook
Twitter