Microsoft KB Archive/316434

= How to perform advanced clean-boot troubleshooting in Windows XP =

Article ID: 316434

Article Last Modified on 5/7/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



This article was previously published under Q316434



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



INTRODUCTION
Many issues that you may experience on a Windows XP-based computer occur because of an incompatible or corrupted program. To determine whether this is the case, you can either perform a clean boot or restart Windows without starting the program in question.

This article describes how to perform advanced clean-boot troubleshooting to determine whether the problem in question is affiliated with the core operating system or with a program that is loading in the Windows environment. For more information about how to clean boot your computer, click the following article number to view the article in the Microsoft Knowledge Base:

310353 How to perform a clean boot in Windows XP



MORE INFORMATION
Clean-boot troubleshooting is designed to isolate a performance problem. To perform clean-boot troubleshooting, you must take a number of actions, and then restart the computer after each action (to test whether the action resolved the problem).

How to restart in Safe mode or in Safe mode with networking support
To troubleshoot potential environmental issues, first restart your computer in Safe mode or in Safe mode with networking support. If the issue is with a program that does not depend on network connectivity, Safe mode is appropriate. If the issue is with a network program, and you are using a network adapter to connect to a network, Safe mode with networking support may permit you to test the networking program, including browser issues.

Note You cannot use Safe mode with networking support when you use a modem or a PC Card connection to a network because modem drivers and PC Card drivers do not load in Safe mode or in Safe mode with networking support.

If you start the computer in Safe mode or in Safe mode with networking support, and you can perform an operation that you previously experienced problems with, the issue is most likely environmental.

Note In Windows XP, you can perform a clean-boot by using the System Configuration Utility (Msconfig.exe).

For more information about the System Configuration utility, click the following article number to view the article in the Microsoft Knowledge Base:

310560 How to troubleshoot by using the Msconfig utility in Windows XP

See the &quot;How to remove registry entries&quot; section for information about how to determine which program components may be causing the issue.

Note You may not be able to test some operations in Safe mode because not all services and devices load in Safe mode or in Safe mode with networking support. For example, you cannot test multimedia issues that involve sound, nor can you test suspend or hibernation issues in Safe mode.

If you start the computer in Safe mode or in Safe mode with networking support, and the issue still occurs, an environmental issue may still be the cause. Many function or filter drivers that third-party software installs may continue to load in Safe mode. Therefore, you may have to take an additional step to test and remove third-party drivers in Safe mode.

To start the computer in Safe mode, follow these steps:
 * 1) Print these instructions before you go to step 2. They will not be available after you shut down the computer in step 2.
 * 2) Restart your computer.
 * 3) Use the F8 key. On a computer that is configured to start to multiple operating systems, you can press F8 when you see the Startup menu.
 * 4) Use the arrow keys to select a Safe mode option, and then press ENTER.

Note NUM LOCK functionality must be turned off for the arrow keys on the numeric keypad to work.
 * 1) If you have a dual-boot or multiple-boot system, use the arrow keys to select the installation that you want to access, and then press ENTER.

In Safe mode, you have access to only basic files and drivers (such as mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can select from the following options:
 * The Safe Mode with Networking option loads all these files and drivers and the services and drivers necessary to start networking.
 * The Safe Mode with Command Prompt option is the same as Safe mode except that a command prompt starts instead of the graphical user interface (GUI).
 * The Last Known Good Configuration option starts your computer by using the registry information that was saved the last time that your computer shut down.

Safe mode helps you diagnose problems. If a symptom does not reappear when you start in Safe mode, you can rule out the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use Safe mode to remove the device or reverse the change.

There are circumstances where Safe mode cannot help you. For example, Safe mode cannot help you when Windows system files that are required to start the computer are corrupted or damaged. In this case, the Recovery Console may help you.

How to remove unsigned drivers
All the drivers that are included with Windows XP use digital signatures to verify that they have been tested by the Windows Hardware Quality Labs (WHQL). Many third-party programs are written for Windows XP must install additional drivers that have not been tested by WHQL. Therefore, they do not receive a digital signature.

Note Some third-party vendors have tools that they can use to generate a valid digital signature even if these products were not tested by WHQL. The following procedure cannot be used to determine whether these drivers are installed.

Windows XP includes the File Signature Verification tool (Sigverif.exe). You can use this tool to find all files on your computer that are not digitally signed. For the purposes of Windows XP clean-boot troubleshooting, you have to test only the files in the %Windir%\System32\Drivers folder.

To use the Sigverif.exe tool, follow these steps:
 * 1) Click Start, click Run, type sigverif in the Open box, and then click OK.
 * 2) Click Advanced, click Look for other files that are not digitally signed, click Browse, locate the Windows\System32\Drivers folder, and then click OK two times.
 * 3) Click Start.

After Sigverif.exe is completed, a list of all unsigned drivers that are installed on your computer appears.

Note Many video drivers are not digitally signed. The following steps may cause problems with your video resolution. These problems may prevent you from starting the computer.

The list of all signed and unsigned drivers that the Sigverif.exe tool finds is in the Sigverif.txt file in the %Windir% folder (typically, the Winnt or Windows folder). All unsigned drivers are noted as &quot;Unsigned.&quot;

When you determine which drivers are unsigned, create a folder to move the unsigned drivers to. Typically, SysDriversBak is an easy folder name to remember. Create the folder in the Windows directory so that if the computer is put into a no-boot situation, the drivers can be restored in the Recovery Console.

Move the unsigned drivers, restart the computer (without the unsigned drivers in the Windows\System32\Drivers folder), and then test the program or other functionality to see whether the same error messages or issues still occur.

Note Because most driver files are associated with registry entries that have not yet been changed, you may receive the following error message:

At least one driver or service failed to start...

If the issue no longer occurs, the issue was caused by a third-party unsigned filter or function driver. A function driver is a driver that is used to load a specific device that uses one of the computer buses. A filter driver loads at a level above or below a function driver to add or modify the behavior of the function driver.

To determine which unsigned driver is causing the problem, use one of the following methods:
 * Put drivers that are related to the same program or device back into the Windows\System32\Drivers folder together in the same test.
 * Put the top half of the drivers back into the Windows\System32\Drivers folder in the same test.

The first technique is generally better at determining the cause of an issue, but you may not be able to determine which drivers are related. After you determine which driver is causing the issue, you can either remove the driver or program, disable the driver, or turn off service.

To turn off a service, follow these steps:
 * 1) Click Start, and then click Run.
 * 2) Type %systemroot%\system32\services.msc /s, and then click OK.
 * 3) Double-click the service, click Disabled in the Startup Type list, and then click OK.
 * 4) Restart your computer.

Search for drivers or other program updates, or replace the software or driver with a program or driver that is written specifically for Windows XP.

To disable a driver, follow these steps:
 * 1) Click Start, and then click Run.
 * 2) Type %systemroot%\system32\compmgmt.msc /s, and then click OK.
 * 3) Click Device Manager.
 * 4) Double-click the device, click Do not use this device (disable) in the Device Usage list, and then click OK.
 * 5) Search for an updated driver for the device from the vendor.

For information about how to contact the manufacturer of your program, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Note Not all devices and services are listed in the Windows XP user interface.

If the device or service is not available in the Windows XP user interface, use the Recovery Console to turn off the driver or service.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

314058 Description of the Windows XP Recovery Console

How to remove registry entries
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

If you no longer experience problems running programs in Safe mode, the issue is likely caused by programs that are loading while the Windows XP computer is starting.

Programs that are a part of the startup process for Windows XP are generally added to one of the following locations:
 * The Startup folder on the Programs menu.
 * The Run line for all users in the registry.
 * The Run line for particular users in the registry.
 * The Load entry for all users in the registry.

Note Because the registry is the location for all computer and program settings for Windows XP, make sure that you back up the registry and particular registry entries in case you cannot start the computer after you edit the registry. To back up the Windows XP registry, use Windows Backup, and then perform a full system backup, including the system state.

Note The Backup utility is not included in the default installation of Windows XP Home Edition. The Backup icon is not present on the Start menu in Windows XP Home Edition, nor is Backup listed in the Add Remove Programs tool for Windows XP Home Edition. For additional information about how to install the Backup utility in Windows XP Home Edition, click the following article number to view the article in the Microsoft Knowledge Base:

302894 How to install Backup from the CD-ROM in Windows XP Home Edition

To back up the System State data, follow these steps:
 * 1) Click Start, point to All Programs (or Programs), click Accessories, click System Tools, and then click Backup.
 * 2) Click Advanced Mode.
 * 3) Click the Backup tab, and then click to select the System State check box.
 * 4) Click Start Backup.

This method backs up the System State data together with any other data that you have selected for the current backup operation. For more information about how to back up the system registry, click the following article number to view the article in the Microsoft Knowledge Base:

240363 How to use the Backup program to back up and restore the system state in Windows 2000

The Startup folder icons are loaded from two locations. To remove these entries, follow these steps:  Right-click Start, and then click Explore. Locate and select the following folder, and then click Cut on the Edit menu:

Documents and Settings\All Users\Start Menu\Programs\Startup

 Create a SysDriversBak folder on the desktop, create a UserStartup folder inside this folder, open the UserStartup folder, and then click Paste on the Edit menu. Repeat steps 1 and 2, and then locate the All Users\Start Menu\Programs\Startup folder. On the Edit menu, click Cut, locate and click the SysDriversBak folder on the desktop, create an AllUsersStartup folder, and then click Paste.

To remove values for the Run line in the registry for all users, follow these steps:  Click Start, click Run, type regedit, and then click OK.</li> Locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

</li> Click Export on the File menu.</li> Locate the SysDriversBak folder that you created, type HKLMRun in the File name box, and then click Save.</li> In the right pane, right-click each value except for the Default value, click Delete, and then click Yes to confirm.</li> View the related RunOnce and RunOnceEx keys to determine whether a program was not completely installed, and then repeat steps 3 through 5 with different save names to reflect the RunOnce and RunOnceEx keys.</li></ol>

To remove values for the Run line in the registry for the user account that you are logged on with, follow these steps:  Click Start, click Run, type regedit, and then click OK.</li> Locate and then click the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

</li> Click Export on the File menu.</li> Locate the SysDriversBak folder that you created, type HKCURun in the File name box, and then click Save.</li> In the right pane, right-click each value, and then click Delete.</li> View the related RunOnce key to see if a program was not completely installed, and then repeat steps 3 through 5, but change the name to reflect RunOnce.</li></ol>

To remove value data under Load, follow these steps:  Click Start, click Run, type regedit, and then click OK.</li> <li>Locate and then click the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

</li> <li>In the right pane, click Export on the File menu. If the value load has any value data, locate and click the SysDriversBak folder, type HKCUload in the File name box, and then click Save.</li> <li>Double-click the load value in the right pane, remove the value in the Value Data box, and then click OK.</li> <li>Restart the computer, and then test.</li></ol>

If the problem no longer occurs, merge the values that you removed in the following order:
 * 1) Startup icons from both the All Users group and the user account that you log on with.
 * 2) HKCURun
 * 3) HKLMRun
 * 4) HKCUload

Note To merge the values, you can double-click the .reg file in Windows Explorer or My Computer to automate the import. When you do this, you are prompted to confirm that you want to merge data into the registry. Click Yes to start the merge. After the file successfully merges into the registry, a success message appears. If the file has the wrong syntax and the merge is not successful, you receive an error message that explains that the file is not a registry script and cannot be imported to the registry.

To add the icons for the Startup menu, follow these steps: <ol> <li>Click Start, point to All Programs (or Programs), point to Accessories, and then click Windows Explorer.</li> <li>Locate and then click the SysDriversBak folder that you created earlier, open the AllUsersStartup folder, click Select All, and then click Copy on the Edit menu.</li> <li>Locate and click the following folder, and then click Paste:

Documents and Settings\All Users\Start Menu\Programs\Startup

</li> <li>Locate and then click the SysDriversBak\UserStartup folder, and then click Copy on the Edit menu.</li> <li>Locate and click the following folder, and then click Paste:

Documents and Settings\ \Start Menu\Programs\Startup

Where  is the name of the user who you have logged on as.</li> <li>Restart your computer, and then test.</li></ol>

How to test user profiles
A user's specific information may be corrupted, but other users on the same computer may have no problems. To determine whether this is the case, log on as a new user, or create a new user account, and then test the new logon.

Note A program may work correctly only when you log on with the default Administrator account. For example, older programs may demonstrate this behavior.

If the default Administrator profile becomes corrupted, reinstall Windows XP to correct this issue.

All user-specific configuration information (which appears in the  registry key) is stored in the Ntuser.dat file in the Documents and Settings\  folder.

How to turn off third-party services
To prevent or work around problems, you may have to turn off installed third-party services. Safe mode and Safe mode with networking do not load third-party services. If Safe mode works, the problem may be caused by a third-party service that is loading.

The following table is a partial list of core operating system services that load. However, this list varies according to the services that are installed and the version of Windows XP that you are using.

Additional services that can be installed include the following services:
 * Asc
 * AsynMac
 * Beep
 * Diskperf
 * Fastfat
 * Fsrec
 * Ftdisk
 * Gpc
 * Ismserv
 * Mountmgr
 * MSFTPSVC
 * MSIServer
 * MSKSSRV
 * MSPCQ
 * NDIS
 * NdisTapi
 * NdisWan
 * NDProxy
 * NetBIOS
 * NetBT
 * NetDetect
 * PartMgr
 * ParVdm
 * RCA
 * Schedule
 * SchedulingAgent
 * TermService
 * TlntSrv
 * TrkSrv
 * UPS
 * UtilMan
 * W32Time
 * WinMgmt
 * WMI

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

How to remove programs
If none of these methods resolve your issue, use the Add/Remove Programs tool in Control Panel to start removing programs. Restart your computer, and then test after each removal.

If these steps still do not resolve your issue, contact Microsoft Product Support Services, or reinstall the operating system and your programs.

<div class="references_section">