Find the cause of a Vista blue screen
I finally managed to get to the bottom of my vista blue screen problem, so I thought I’d share how I determined which driver was causing the problems.
Vista keeps a log of application and kernel crashes in Control Panel -> Problems Reports and Solutions -> View problem history:
Double clicking on the latest Windows “shut down unexpectedly” shows the blue screen details. These don’t give much useful information, for example which driver was responsible:
Clicking on “View a temporary copy of these files” opens an explorer window with the crash dump file, which you can copy to your own directory.
To analyse the crash dump you’ll need to install the Microsoft Windows Debugging Tools (17MB msi). This adds a whole set of command line tools under “C:\Program Files\Debugging Tools for Windows (x86)”. Use the dumpchk.exe tool to analyse the crash file:
And there’s the culprit: “Probably caused by: eacfilt.sys”. This is the driver used by Nortel’s Contivity VPN client. I’m using the “vista friendly” version, which worked fine before I applied Vista SP1, but I guess SP1 broke its driver. The solution to all my problems? Uninstall it!
Hurrah! My T61’s suspend and hibernate work again!
For help with this and other Vista problems, these books may be useful:
Tags: Vista
July 3rd, 2008 at 1:28 pm
[...] da? Vista im Standby einen Bluescreen verursacht, kann ich dir dieses Tutorial ans Herz legen: Find cause of Vista bluescreen. Dadurch konnte ich meinen Stick als St?rquelle identifizieren, die Infos von Vista selbst waren [...]
December 14th, 2008 at 4:37 pm
thanks
February 10th, 2009 at 10:58 am
ok ok so uninstalling solves the issue, but what if you absolutely require nortel contivity to VPN back to your office? got any alternatives?
Nortel contivity is similar to public transport, it sucks but theres no alternative
February 10th, 2009 at 11:28 am
Chase Nortel for an updated version that actually works with Vista SP1!!
I wrote this 9 months ago, hopefully they’ve released a newer version since that doesn’t break Vista SP1.
At the time I was already in the process of moving over to a different vendor’s VPN solution, so I didn’t persue it further.
February 22nd, 2009 at 5:38 pm
What driver is the file libehlog.sys a part of?
February 22nd, 2009 at 5:41 pm
Found it in C:\Windows\System32…so what now?
February 25th, 2009 at 2:47 am
Thanks for the info!
March 14th, 2009 at 9:18 am
Hi, I tried following the tips you gave, but it doesn’t work.
After installing the Debug Tools, I tried opening the dumpchk.exe file, but the window closes as soon as I double-click on the file. So I can’t find out the driver that’s causing the blue screen. Any suggestions?
March 14th, 2009 at 9:28 am
M: You need to run dumpchk.exe from a command prompt. Go to Start Menu->All Programs->Accessories->Command Prompt. That’ll give you a black window where you can run dumpchk – just like the third screenshot above.
March 15th, 2009 at 6:27 am
Alright, thanks a lot for your help!
March 31st, 2009 at 12:33 am
What if you can not get online? I need the debugging tools
April 14th, 2009 at 11:54 pm
This looked very promising, but it has some problems on my Vista Ultimate computer. When I ran dumpchk.exe, i got a whole lot of messages saying:
“Your debugger is not using the correct symbols”
“In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.”
“Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.”
“Type referenced: nt!_KPRCB [and severl more like this]”
Then:
“Symbols can not be loaded because symbol path is not initialized.”
“The Symbol Path can be set by:
using the _NT_SYMBOL_PATH environment variable.
using the -y argument when starting the debugger.
using .sympath and .sympath+”
I looked at three different dumps, and they blamed 3 different files: dxgkrnl.sys, portcls.sys, and ntoskrnl.exe. I have no idea what all this means. Any help?
April 18th, 2009 at 7:09 am
Hey,
i tried to follow up all of your directions and everything was going well until i got to command prompt. after i typed in the stuff to identify the cause of blue screen it showed error 80070002
(Could not open dump file [Mini041809-02.dmp], Win32 error 0n2
“The system cannot find the file specified.”
**** DebugClient cannot open DumpFile – error 80070002)
I am 100% sure that i typed the name of the file correctly and therefore i have no clue what to do next. Could you help me pls?
May 11th, 2009 at 8:00 pm
Can you please give instructions on how to launch the debugging tool and how to get the dump file because i cant tell how to do it from those screen shots.
May 11th, 2009 at 8:09 pm
Hi Tom,
The debugging tool runs in a command prompt window, exactly as shown. You need to start a command prompt (there’s a shortcut under Accessories in the start menu) and type the command as shown in the screenshot.
May 11th, 2009 at 11:36 pm
I’ve tried following the instructions, but i just don’t get how to do it. I’ve copied the dumpchk.exe file to a desktop folder and tried to activate it. I have no idea looking at the pictures what i’m supposed to do, the command on the screen shot does nothing and says “c:\users\tom\desktop\bsod is not recognized as an internal or external command”.
May 29th, 2009 at 8:54 am
hi, i had the same problem and every time i turn on the laptop i got this blue screen, and donno what was the problem, i formated the laptop and still have this problem.
i had to change my RAM to speed my laptop coz i installed a program that requiered a faster speed, and after this no more blue screen.
And also on my desktop, the same problem, so i switched the RAM places and pouf the blue sceen vanished too.
so hope i solved ur problem
June 4th, 2009 at 12:01 pm
i found dxgkrnl.sys as d cause of blue screen in my system…which driver should i uninstall 4 that??
plzz help..
June 7th, 2009 at 1:10 pm
when i open it it closes. i canr find whats wrong
June 8th, 2009 at 8:14 pm
Well I did everything after messing around with it for a bit and it says that the probable cause of mine is hardware. So now what?
June 11th, 2009 at 10:39 pm
Hi, when using command prompt to open the debugger I get this error
**** DebugClient cannot open DumpFile – error 80070002 ****
Can you help? Thanks.
June 15th, 2009 at 5:58 am
I just bought my HP Pavilion dv6 not even a week ago and already today I had the blue screen on my PC 3 times, and that was just today. The very first time it happened it was coming back from hibernation, then it happened again right afterwards just while the PC was trying to restart itself. Then it happened just 15 minutes ago while I was in the middle of typing in a word document. I need my PC for college, I cannot have this going on all the time. I lost half of my assignment when that happened. HELP!!! PLEASE!!!!
June 21st, 2009 at 11:25 pm
Hi, i get the blue screen like often on my dv6,dont know if i understand all this but i’ll try anyway. i’ll try first..thanx
August 2nd, 2009 at 8:33 pm
can you please tell me this step by step like what to do after i open the command box and other stuff because i am just a kid and i don’t want my dad to know that something happened to my laptop
August 22nd, 2009 at 4:48 pm
I could kiss you right now. THANK YOU. That tool is absolutely fantastic.
And on a related note: DARN YOU, STUPID PRE-INSTALLED ROXIO EASY CD CREATOR!
August 26th, 2009 at 6:50 pm
OK, I’ve figured out the problem. However, it’s only leaving me with any even bigger one. Dump Check is telling me that “ntoskrnl.exe” is causing the problem. A quick search for that file shows me that it is necessary for Windows to run and definitely not an easy fix.
Any advice?
August 26th, 2009 at 6:54 pm
DJ: That’s the core of windows, not a device driver, so as you say it’s not an easy fix. Either your copy of Windows is corrupted or your hardware may be in some way faulty.
You could try testing your RAM with memtest86 (free download from http://www.memtest86.com/), this is relatively easy to do and rules out one common cause of errors.
August 28th, 2009 at 4:09 am
Hey, thanks for the information
but i cannot turn on my laptop normally
i have to come in as the safe mode with connectino
so i can use the internet to figure how to fix this
and it really sounds like it could fix it but
i cannot down load the debugging tools
do you have any solution for that?
i just got my laptop and it’s killing me!
PLEASE HELP ME!!!
August 28th, 2009 at 5:00 am
I was having the same problem DJ was having. You have to uninstall a Windows Update. Windows says there is a problem with the update. I forget which number (KB97…??) it said, but if you go to Microsoft’s website, you should be able to find it.
August 28th, 2009 at 1:15 pm
Hi,
After checking out the problem history, I’m not able to “view a temporary copy of these files” – there’s no option to do that. Advice?
August 28th, 2009 at 1:17 pm
Never mind
August 28th, 2009 at 1:17 pm
@Anna so it doesn’t look like the screenshot above?
August 28th, 2009 at 5:39 pm
I keep getting the same message: The system cannot find the path specified. Is it possible that it is not in “Program Files”?
In the command prompt, I type C:\Users\Parents>”C:\Program Files\Debugging Tools for Windows (x86)\dumpchk.exe”mini082809-01.dmp
I am running Vista SP1 and I downloaded the x32 debugging software.
Please help – I am getting the awful blue screen on my new Dell 10x per day!
August 28th, 2009 at 5:41 pm
J, you don’t actually type “C:\Users\Parents>” – and make sure you have a space between dumpchk.exe” and mini082809-01.dmp.
If you’re seeing blue screens on a new PC you should consider returning it to the manufacturer!
August 29th, 2009 at 1:33 am
i got the debugging tools but when i type “C:\Program Files (x86)\Debugging Tools for Windows (x86)\dumpchk.exe” Mini082809-07.dmp its keep on saying Mini082809-07.dmp cannot be specified and not working ): can you please please help me steve please dont ignore me!
August 29th, 2009 at 9:35 am
@Nicky: If you type “dir” can you see a file called Mini082809-07.dmp? Look at the 3rd screenshot above, I’ve already changed directory to where the dump file is (cd c:\path\to\dump\file).
August 30th, 2009 at 10:20 am
Hello Steve, my laptop is almost two weeks old, and it’s been getting bsods lately. Anyways, i ran the installer ( i run vista 64 bit), but how do i do the command prompt thing? All i get is ” ‘c:Program’ is not recognized as an internal or external command, operable patch or batch file.
What should I do? I can’ understand what the command should be, if it’s not what you typed in the last two lines of the third screen shot. I can’t really send my laptop back, because I need to use it for school Thanks in advanced.
August 30th, 2009 at 10:30 am
@Ernie: Here’s a tutorial to using the command prompt: http://www.youtube.com/watch?v=7Mu9ZxUHa-w
August 31st, 2009 at 8:36 pm
My XP computer died a sudden death so I purchase a new one and moved some hardware to my new Lenovo with Vista Home Premium operating system. I had moved the old Intel 537EP Modem, along with other hardware, to the Vista machine. Vista began to shut down 4 to 5 times a day without warnings. After doing many things in your list, one day I disabled the modem and suddenly no more shut downs. I replaced the modem with a Vista compatable and no more problems. I just want to pass this along because it is a simple fix.
September 1st, 2009 at 5:59 pm
You’ll find a much easier tool at http://www.nirsoft.net/utils/blue_screen_view.html
October 19th, 2009 at 3:50 am
I got it to work! I had to move the mini file into my main folder in the C drive. Which for instance would be his bsod file. If it’s not there then it won’t find it and it’ll give you an error.
November 8th, 2009 at 1:34 am
magic, thank you, tried to do this many times but your explanation was the definitive easy to follow answer.
November 12th, 2009 at 8:32 pm
I have a question, Steve. I am unsure of which Debugging Tools to install. I run Vista 64-bit on AMD Athlon processor.
November 26th, 2009 at 6:52 pm
Hiya steve, did all of the above as you describe & it’s came up adiusbaw.sys (adiusbaw+fc57). I look it up & it said adsl usb driver, that maybe what causing my blue screen. But i check in my device manager & it said the device is working properly & i also update the driver but said it has the right driver for it. What do you think & do you have a solution to the problem. Thanks. I would appreciate it if you could reply & have the answer.
November 26th, 2009 at 6:55 pm
@Jennet: It’s highly likely that your USB modem driver IS causing the blue screen. If you have the latest driver installed I suggest you replace the ADSL modem with one from another vendor. Preferably one who writes drivers that work!
November 26th, 2009 at 6:59 pm
Ok thanks, i will try that, thanks for the quick reply.
December 2nd, 2009 at 3:53 pm
Hiya steve, just wanted to let you know that i have had no more blue screen since i uninstall the driver & reinstall it again. I downloaded the driver again from a different site. It’s been a week tomorrow since i done this & no problem whatsoever. Thanks.
December 3rd, 2009 at 1:41 am
Hello Steve,
First, thanks for this. It helped me out a lot! So I was able to complete the steps, I found out the probable culprit was “Netw4v32.sys.”
Now the only thing is I’m not sure what to do after this. Does this have anything to do with a network card?
December 3rd, 2009 at 8:15 am
@Carlos: Netw4v32.sys appears to be your Intel Wi-Fi driver, so you should try updating that to the newest version.
I found this information by just googling “Netw4v32.sys”. This is the top result: http://www.techsupportforum.com/microsoft-support/windows-vista-windows-7-support/229731-solved-bsod-driver_irql_not_less_or_equal.html
December 28th, 2009 at 4:19 am
I had the same problem as the person D who commented they got error 80070002
(Could not open dump file [Mini041809-02.dmp], Win32 error 0n2
“The system cannot find the file specified.”
**** DebugClient cannot open DumpFile – error 80070002)
Can you explain this Steve?