When facing a system crash or startup up problems on Windows Computers, troubleshooting the problem can be difficult to resolve. The first step with recovery is to use Windows Safe Mode option during startup. One Safe Mode option that will help troubleshoot boot problems is to enable Boot Logging which will create a log and help identify the device or driver that is causing the problem during startup.





When Boot Logging is enable, Windows boots normally, until the device or driver that is causing the problem either crashes the system or completes starting up but causes an error message in the Event Log. While booting, Windows creates a log file that lists every step processed that is attempted and completed.



You can then reboot in to Safe Mode and review the log file named ntbootlog.txt. The log is stored in the %SYSTEMROOT% directory (normally C:\Windows or C:\WINNT folder). Below is an example of ntbootlog.txt log file on Windows XP (Vista log is similar):

Service Pack 2 5 4 2007 10:45:44.500

Loaded driver \WINDOWS\system32

tkrnlpa.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver compbatt.sys

Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS

Loaded driver intelide.sys

Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver vmscsi.sys

Loaded driver \WINDOWS\System32\DRIVERS\SCSIPORT.SYS

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys



To enable Boot Logging on Windows XP and Vista, boot your Computer, and during startup continually press F8 until the menu screen appears:

NOTE: screen shot is from XP. Vista menu will look slightly different than XP.

Press F8 to display the Advanced Menu screen and select Enable Boot Logging

You will be returned to the menu screen and you should see Enable Boot Logging in blue displayed at the bottom of the screen (don't worry if this screen is not displayed and Windows starts to boot):

If the problem does not cause Windows to crash, and after startup has completed, you can review the ntbootlog.txt file. Look for any signs of problems loading device drivers. If you find problems, go into Device Manager and disable the device or uninstall the program, then reboot again. If the problem does not occur then you know it was that device and you should check the vendor website for new drivers or known issues.

If your problem does cause Windows to crash, reboot into Safe mode by selecting Safe Mode from the Advanced Menu screen. When reviewing ntbootlog.txt file, look for events that were attempted to load but not completed. More than likely the problem will be toward the end of the file (since that was the last item logged before crashing). When you identify the problem, either uninstall the application or go in to Device Manager and disable the device. Reboot your Computer and see if the problem still exist. If it boots without crashing, check the vendor website for new drivers or known issues.

If you are still having problems, enable Boot Logging again to see if new events are logged after you have disabled the device or uninstalled the program. If you are unable to fix the problem, you may need to have a Computer shop troubleshoot the problem for you.

Notes on Boot Logging:

