Bud's Troubleshooter

How To Perform Advanced Clean-Boot Troubleshooting In Windows XP

INTRODUCTION

Many issues that you may experience on a Windows XP-based computer occur because of an incompatible or corrupted program. To determine whether this is the case, you can either perform a clean boot or restart Windows without starting the program in question.

This article describes how to perform advanced clean-boot troubleshooting to determine whether the problem in question is affiliated with the core operating system or with a program that is loading in the Windows environment.

For additional information about how to clean boot your computer, click the following article number to view the article in the Microsoft Knowledge Base:
310353 How to perform a clean boot in Windows XP

MORE INFORMATION

Clean-boot troubleshooting is designed to isolate a performance problem. To perform clean-boot troubleshooting, you must take a number of actions, and then restart the computer after each action (to test whether the action resolved the problem).

The clean-boot troubleshooting protocol involves the following steps:
1. Restart in Safe mode or in Safe mode with networking support
2. Remove unsigned drivers
3. Remove registry entries
4. Test user profiles
5. Turn off third-party services
6. Remove programs

How to restart in Safe mode or in Safe mode with networking support

To troubleshoot potential environmental issues, first restart your computer in Safe mode or in Safe mode with networking support. If the issue is with a program that does not depend on network connectivity, Safe mode is appropriate. If the issue is with a network program, and you are using a network adapter to connect to a network, Safe mode with networking support may permit you to test the networking program, including browser issues.

Note You cannot use Safe mode with networking support when you use a modem or a PC Card connection to a network because modem drivers and PC Card drivers do not load in Safe mode or in Safe mode with networking support.

If you start the computer in Safe mode or in Safe mode with networking support, and you can perform an operation that you previously experienced problems with, the issue is most likely environmental.

Note In Windows XP, you can perform a clean-boot by using the System Configuration Utility (Msconfig.exe).

For additional information about the System Configuration utility, click the following article number to view the article in the Microsoft Knowledge Base:
310560 How to troubleshoot by using the Msconfig utility in Windows XP

See the "How to remove registry entries" section for information about how to determine which program components may be causing the issue.

Note You may not be able to test some operations in Safe mode because not all services and devices load in Safe mode or in Safe mode with networking support. For example, you cannot test multimedia issues that involve sound, nor can you test suspend or hibernation issues in Safe mode.

If you start the computer in Safe mode or in Safe mode with networking support, and the issue still occurs, an environmental issue may still be the cause. Many function or filter drivers that third-party software installs may continue to load in Safe mode. Therefore, you may have to take an additional step to test and remove third-party drivers in Safe mode.

To start the computer in Safe mode, follow these steps:
1. Print these instructions before you go to step 2. They will not be available after you shut down the computer in step 2.
2. Restart your computer.
3. Use the F8 key. On a computer that is configured to start to multiple operating systems, you can press F8 when you see the Startup menu.
4. Use the arrow keys to select a Safe mode option, and then press ENTER.

Note NUM LOCK functionality must be turned off for the arrow keys on the numeric keypad to work.
5. If you have a dual-boot or multiple-boot system, use the arrow keys to select the installation that you want to access, and then press ENTER.
In Safe mode, you have access to only basic files and drivers (such as mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can select from the following options:
• The Safe Mode with Networking option loads all these files and drivers and the services and drivers necessary to start networking.
• The Safe Mode with Command Prompt option is the same as Safe mode except that a command prompt starts instead of the graphical user interface (GUI).
• The Last Known Good Configuration option starts your computer by using the registry information that was saved the last time that your computer shut down.
Safe mode helps you diagnose problems. If a symptom does not reappear when you start in Safe mode, you can rule out the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use Safe mode to remove the device or reverse the change.

There are circumstances where Safe mode cannot help you. For example, Safe mode cannot help you when Windows system files that are required to start the computer are corrupted or damaged. In this case, the Recovery Console may help you.

How to remove unsigned drivers

All the drivers that are included with Windows XP use digital signatures to verify that they have been tested by the Windows Hardware Quality Labs (WHQL). Many third-party programs are written for Windows XP must install additional drivers that have not been tested by WHQL. Therefore, they do not receive a digital signature.

Note Some third-party vendors have tools that they can use to generate a valid digital signature even if these products were not tested by WHQL. The following procedure cannot be used to determine whether these drivers are installed.

Windows XP includes the File Signature Verification tool (Sigverif.exe). You can use this tool to find all files on your computer that are not digitally signed. For the purposes of Windows XP clean-boot troubleshooting, you have to test only the files in the %Windir%\System32\Drivers folder.

To use the Sigverif.exe tool, follow these steps:
1. Click Start, click Run, type sigverif in the Open box, and then click OK.
2. Click Advanced, click Look for other files that are not digitally signed, click Browse, locate the Windows\System32\Drivers folder, and then click OK two times.
3. Click Start.
After Sigverif.exe is completed, a list of all unsigned drivers that are installed on your computer appears.

Note Many video drivers are not digitally signed. The following steps may cause problems with your video resolution. These problems may prevent you from starting the computer.

The list of all signed and unsigned drivers that the Sigverif.exe tool finds is in the Sigverif.txt file in the %Windir% folder (typically, the Winnt or Windows folder). All unsigned drivers are noted as "Unsigned."

When you determine which drivers are unsigned, create a folder to move the unsigned drivers to. Typically, SysDriversBak is an easy folder name to remember.

Move the unsigned drivers, restart the computer (without the unsigned drivers in the Windows\System32\Drivers folder), and then test the program or other functionality to see whether the same error messages or issues still occur.

Note Because most driver files are associated with registry entries that have not yet been changed, you may receive the following error message:
At least one driver or service failed to start...
If the issue no longer occurs, the issue was caused by a third-party unsigned filter or function driver. A function driver is a driver that is used to load a specific device that uses one of the computer buses. A filter driver loads at a level above or below a function driver to add or modify the behavior of the function driver.

To determine which unsigned driver is causing the problem, use one of the following methods:
• Put drivers that are related to the same program or device back into the Windows\System32\Drivers folder together in the same test.
• Put the top half of the drivers back into the Windows\System32\Drivers folder in the same test.
The first technique is generally better at determining the cause of an issue, but you may not be able to determine which drivers are related. After you determine which driver is causing the issue, you can either remove the driver or program, disable the driver, or turn off service.

To turn off a service, follow these steps:
1. Click Start, and then click Run.
2. Type %systemroot%\system32\services.msc /s, and then click OK.
3. Double-click the service, click Disabled in the Startup Type list, and then click OK.
4. Restart your computer.
Search for drivers or other program updates, or replace the software or driver with a program or driver that is written specifically for Windows XP.

To disable a driver, follow these steps:
1. Click Start, and then click Run.
2. Type %systemroot%\system32\compmgmt.msc /s, and then click OK.
3. Click Device Manager.
4. Double-click the device, click Do not use this device (disable) in the Device Usage list, and then click OK.
5. Search for an updated driver for the device from the vendor.
For information about how to contact the manufacturer of your program, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:
65416 Hardware and Software Third-Party Vendor Contact List, A-K

60781 Hardware and Software Third-Party Vendor Contact List, L-P

60782 Hardware and Software Third-Party Vendor Contact List, Q-Z
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Note Not all devices and services are listed in the Windows XP user interface.

If the device or service is not available in the Windows XP user interface, use the Recovery Console to turn off the driver or service.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
314058 Description of the Windows XP Recovery Console

How to remove registry entries

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If you no longer experience problems running programs in Safe mode, the issue is likely caused by programs that are loading while the Windows XP computer is starting.

Programs that are a part of the startup process for Windows XP are generally added to one of the following locations:
• The Startup folder on the Programs menu.
• The Run line for all users in the registry.
• The Run line for particular users in the registry.
• The Load entry for all users in the registry.
Note Because the registry is the location for all computer and program settings for Windows XP, make sure that you back up the registry and particular registry entries in case you cannot start the computer after you edit the registry. To back up the Windows XP registry, use Windows Backup, and then perform a full system backup, including the system state.

Note The Backup utility is not included in the default installation of Windows XP Home Edition. The Backup icon is not present on the Start menu in Windows XP Home Edition, nor is Backup listed in the Add Remove Programs tool for Windows XP Home Edition.

For additional information about how to install the Backup utility in Windows XP Home Edition, click the following article number to view the article in the Microsoft Knowledge Base:
302894 How to install Backup from the CD-ROM in Windows XP Home Edition
To back up the System State data, follow these steps:
1. Click Start, point to All Programs (or Programs), click Accessories, click System Tools, and then click Backup.
2. Click Advanced Mode.
3. Click the Backup tab, and then click to select the System State check box.
4. Click Start Backup.
This method backs up the System State data together with any other data that you have selected for the current backup operation.

For additional information about how to back up the system registry, click the following article number to view the article in the Microsoft Knowledge Base:
240363 How to use the Backup program to back up and restore the system state in Windows 2000
The Startup folder icons are loaded from two locations. To remove these entries, follow these steps:
1. Right-click Start, and then click Explore.
2. Locate and select the following folder, and then click Cut on the Edit menu:
Documents and Settings\All Users\Start Menu\Programs\Startup
3. Create a SysDriversBak folder on the desktop, create a UserStartup folder inside this folder, open the UserStartup folder, and then click Paste on the Edit menu.
4. Repeat steps 1 and 2, and then locate the All Users\Start Menu\Programs\Startup folder.
5. On the Edit menu, click Cut, locate and click the SysDriversBak folder on the desktop, create an AllUsersStartup folder, and then click Paste.
To remove values for the Run line in the registry for all users, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Click Export on the File menu.
4. Locate the SysDriversBak folder that you created, type HKLMRun in the File name box, and then click Save.
5. In the right pane, right-click each value except for the Default value, click Delete, and then click Yes to confirm.
6. View the related RunOnce and RunOnceEx keys to determine whether a program was not completely installed, and then repeat steps 3 through 5 with different save names to reflect the RunOnce and RunOnceEx keys.
To remove values for the Run line in the registry for the user account that you are logged on with, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Click Export on the File menu.
4. Locate the SysDriversBak folder that you created, type HKCURun in the File name box, and then click Save.
5. In the right pane, right-click each value, and then click Delete.
6. View the related RunOnce key to see if a program was not completely installed, and then repeat steps 3 through 5, but change the name to reflect RunOnce.
To remove value data under Load, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
3. In the right pane, click Export on the File menu. If the value load has any value data, locate and click the SysDriversBak folder, type HKCUload in the File name box, and then click Save.
4. Double-click the load value in the right pane, remove the value in the Value Data box, and then click OK.
5. Restart the computer, and then test.
If the problem no longer occurs, merge the values that you removed in the following order:
1. Startup icons from both the All Users group and the user account that you log on with.
2. HKCURun
3. HKLMRun
4. HKCUload
Note To merge the values, you can double-click the .reg file in Windows Explorer or My Computer to automate the import. When you do this, you are prompted to confirm that you want to merge data into the registry. Click Yes to start the merge. After the file successfully merges into the registry, a success message appears. If the file has the wrong syntax and the merge is not successful, you receive an error message that explains that the file is not a registry script and cannot be imported to the registry.

To add the icons for the Startup menu, follow these steps:
1. Click Start, point to All Programs (or Programs), point to Accessories, and then click Windows Explorer.
2. Locate and then click the SysDriversBak folder that you created earlier, open the AllUsersStartup folder, click Select All, and then click Copy on the Edit menu.
3. Locate and click the following folder, and then click Paste:
Documents and Settings\All Users\Start Menu\Programs\Startup
4. Locate and then click the SysDriversBak\UserStartup folder, and then click Copy on the Edit menu.
5. Locate and click the following folder, and then click Paste:
Documents and Settings\user name\Start Menu\Programs\Startup
Where user name is the name of the user who you have logged on as.
6. Restart your computer, and then test.

How to test user profiles

A user's specific information may be corrupted, but other users on the same computer may have no problems. To determine whether this is the case, log on as a new user, or create a new user account, and then test the new logon.

Note A program may work correctly only when you log on with the default Administrator account. For example, older programs may demonstrate this behavior.

If the default Administrator profile becomes corrupted, reinstall Windows XP to correct this issue.

All user-specific configuration information (which appears in the HKEY_CURRENT_USER registry key) is stored in the Ntuser.dat file in the Documents and Settings\user name folder.

How to turn off third-party services

To prevent or work around problems, you may have to turn off installed third-party services. Safe mode and Safe mode with networking do not load third-party services. If Safe mode works, the problem may be caused by a third-party service that is loading.

The following table is a partial list of core operating system services that load. However, this list varies according to the services that are installed and the version of Windows XP that you are using.

Service Description Start Mode
Alerter Alerter Automatic
AppMgmt Application Management Manual
ClipSrv Clipbook Manual
EventSystem COM+ Event System Manual
Browser Computer Browser Automatic
DHCP DHCP Client Automatic
Dfs Distributed File System Automatic
TrkWks Distributed Link Tracking Client Automatic
TrkSrv Distributed Link Tracking Server Manual
MSDTC Distributed Transaction Coordinator Automatic
DNSCache DNS Client Automatic
EventLog Event Log Automatic
Fax Fax Service Disabled
NtFrs File Replication Manual
IISADMIN IIS Admin Service Automatic
cisvc Indexing Service Manual
SharedAccess Internet Connection Sharing (Firewall) Manual
PolicyAgent IPSEC Policy Agent(IPSEC Service) Automatic
LicenseService License Logging Service Automatic
dmserver Logical Disk Manager Automatic
dmadmin Logical Disk Manager Administrative Service Manual
Messenger Messenger Automatic
mspadmin Microsoft Proxy Server Administration Automatic
wspsrv Microsoft Winsock Proxy Service Automatic
Netlogon Net Logon Automatic
mnmsrvc NetMeeting Remote Desktop Sharing Manual
Netman Network Connections Manual
NetDDE Network DDE Manual
NetDDEdsdm Network DDE DSDM Manual
NtLmSsp NT LM Security Support Provider Automatic
OnlBroad On-Line Presentation Broadcast Manual
SysmonLog Performance Logs and Alerts Manual
PlugPLay Plug and Play Automatic
Spooler Print Spooler Automatic
ProtectedStorage Protected Storage Automatic
mailalrt Proxy Alert Notification Service Automatic
RSVP QoS RSVP Manual
RasAuto Remote Access Auto Connection Manager Manual
RasMan Remote Access Connection Manager Automatic
RpcSs Remote Procedure Call (RPC) Automatic
RPCLOCATOR Remote Procedure Call (RPC) Locator Manual
RemoteRegistry Remote Registry Service Automatic
NtmsSvc Removable Storage Automatic
seclogon RunAs Service Automatic
SamSs Security Accounts Manager Automatic
lanmanserver Server Automatic
ScardSvr Smart Card Manual
ScardDrv Smart Card Helper Manual
SNMP SNMP Service Automatic
SNMPTRAP SNMP Trap Service Manual
SENS System Event Notification Automatic
Schedule Task Scheduler Automatic
LmHosts TCP/IP NetBIOS Helper Service Automatic
TapiSrv Telephony Manual
W3svc World Wide Web Publishing Service Automatic
LanmanWorkstation WorkStation Automatic

Additional services that can be installed include the following services:
• Asc
• AsynMac
• Beep
• Diskperf
• Fastfat
• Fsrec
• Ftdisk
• Gpc
• Ismserv
• Mountmgr
• MSFTPSVC
• MSIServer
• MSKSSRV
• MSPCQ
• NDIS
• NdisTapi
• NdisWan
• NDProxy
• NetBIOS
• NetBT
• NetDetect
• PartMgr
• ParVdm
• RCA
• Schedule
• SchedulingAgent
• TermService
• TlntSrv
• TrkSrv
• UPS
• UtilMan
• W32Time
• WinMgmt
• WMI
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

How to remove programs

If none of these methods resolve your issue, use the Add/Remove Programs tool in Control Panel to start removing programs. Restart your computer, and then test after each removal.

If these steps still do not resolve your issue, contact Microsoft Product Support Services, or reinstall the operating system and your programs.

REFERENCES

For additional information about troubleshooting startup issues in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
310353 How to perform a clean boot in Windows XP
308041 Resources for troubleshooting startup problems in Windows XP
310560 How to troubleshoot by using the Msconfig utility in Windows XP
229716 Description of the Windows Recovery Console
242518 Long pause during Windows startup process
244905 How to disable a service or device that prevents Windows from starting
249000 Windows Advanced Options Boot Menu missing at startup
252448 How to create an MS-DOS network startup disk in Windows 2000
266169 How to troubleshoot problems with standby mode, hibernate mode, and shutting down your computer in Windows 2000
298427 How to restore the disabled startup programs after an upgrade from Windows 98 or Windows Millennium Edition
300886 A description of the "Restore Startup Programs" option that is used when you upgrade to Windows XP
303561 Windows XP shortcuts in the Startup group do not work when you first start the computer
306084 How to restore the operating system to a previous state in Windows XP
310126 Troubleshooting device conflicts with Device Manager
244601 How to troubleshoot unknown devices listed in Device Manager

Back To The Top
Bud's CDs FREE MP3s Alphabetical Index Of Everything In This Site