Microsoft Windows Troubleshooting Guide

Introduction

Between January and October 2009 I worked for a Computer Networking Service Company that provided networking support for area businesses. This opportunity gave me the chance to get re-acquainted to troubleshooting Microsoft Windows problems. This was a very fast paced job and I joke that it was basically "crisis management" instead of a computer tech job. In order for me to retain the information I learned and to allow others to benefit from my experience, I decided to write this small troubleshooting guide.

As you read this guide, you must keep in mind that nothing is a "silver bullet" that fixes all Windows problems. You must realize that sometimes applying a few of these tips may fix your problems or doing all of these tips may not help your situation. Use this guide as a reference and not a foolproof way to fix Windows problems. Also keep in mind that I am not responsible for any damage that you may cause while following this guide, so don't sue me for your own actions.

Getting Windows to a Stable Environment

As you troubleshoot your Windows problems, you may encounter that the Operating System may be unstable to perform these actions, especially when dealing with Malware problems. The easiest way to combat this is to boot Windows into Safe Mode, which is a diagnostic mode that does not load any advanced drivers or any startup programs. In order to get into safe mode, you must press F8 while Windows starts to boot. Sometimes this is easier said than done and I recommend that you simply turn the computer on and repeatedly tap the F8 Key until you get the following screen.


Windows Advanced Options Screen
Windows Advanced Options Boot Screen

Using this menu, you can control how Windows will boot up. For most problems, you should select either "Safe Mode" or "Safe Mode with Networking".

For troubleshooting purposes, the ones you may want to try are "Last Known Good Configuration", "Enable Boot Logging" and "Disable automatic restart on system failure". The first option may give you a really quick fix if you are simply having registry problems, while the later 2 will give you more information on the problem(s) your system may be having.


Note: the location of the boot log is at C:\Windows\ntbtlog.txt



Safemode Options at StartupRunning Windows under Safe Mode
Working with Windows in "Safe Mode"

If for any reason you just cannot get into safe mode using F8, for instance your Keyboard doesn't register outside of Windows, you can always set Windows to boot into safe mode by running the msconfig command, going to the boot.ini tab and selecting /SAFEBOOT and hitting OK. Just remember to remove the /SAFEBOOT option in safe mode using msconfig, otherwise you will always boot into safemode.


Using MSConfig to boot into Safemode
Using MSConfig to boot into Safemode

If Windows refuses to even boot into Safe Mode, you may have a very serious problem and should jump directly to the section titled Repairing a System that Won't Boot, which covers how to use various boot CDs to fix common problems.

Malware Removal

Malware is short for "Malicious Software" and defines any software that either harms your computer, gathers data to send out to others, or bombards your desktop with Ads or other "annoying items". These "infections" range greatly from basic Ads to full fledge Viruses that destroy files on some computers. To make the subject of Malware even more complex, most Antivirus Software packages do not provide protection to Adware/Fraudware infections, I guess they think it is another revenue stream to push more expensive protection products.

Anyway, I am going to seperate these into 2 categories, Viruses and Other than Viruses, which include Trojans, Adware, Fraudware, etc. Viruses are more damaging to the system and are harder to get rid of and take the most time to scan for. Fortunately, most infections nowadays are not viruses, but are Adware/Fraudware, etc. I guess criminals nowadays like to make money more than being Vandals :-)

Prepping the System

Before I show you how to scan your system for Malware, I am going to show you a software program that will clear out various Temporary Files that are created on your computer during use. Removing these temporary files will greatly reduce your scan times, and occasionally will fix your Malware problems by simply removing the temporary files.

CCleaner

http://www.ccleaner.com/download

From the CCleaner Website - "CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! :)"

To install CCleaner, simply download the installation file from the link above and select "Run" once it is downloaded. This will install the application onto your system, if for any reason (viruses, system errors, etc) you cannot install it onto your system, there is a USB Drive version of CCleaner available at http://www.ccleaner.com/download/builds/downloading-portable, although you will probably have to use another computer to install it onto a USB Stick.


Running CCleanerCCleaner after cleaning a system
Running CCleaner to clean up Temporary Files

To run CCleaner, simply launch the application and ensure it is in "Cleaner Mode" (the tabs on the left), then simply click on "Run Cleaner" at the bottom right. This will scan your computer for Temporary Files and remove them. If your system is infected through temporary files, it may ask you to restart your computer after it is finished. Once the application is finished, you can move onto scanning the computer for Adware/Fraudware.


Note: If you want to script cleaning the system with CCleaner, you can automatically run a system cleanse with:

C:\Program Files\CCleaner\CCleaner.exe /Auto

Removing Trojans, Adware, Fraudware, etc.

To remove Malware, there are quite a few applications that will automatically scan for and remove various infections for you. Unfortunately there is not one "silver bullet" application that removes everything automatically, so you must run a few different applications that scan the system in various ways to find different infections.

This page covers all the applications that I run in order to clean a system of Malware, these applications usually get rid of all Adware, Fraudware, etc. from your system. You should run these in order as this has tested to be the fastest way to get rid of Malware.

Keep in mind that sometimes it may be required to boot the computer into "Safe Mode" in order to run these applications if your computer is severely infected. Also, you may have better luck if you immediately run these applications after a system boot, before the Malware has a chance to stop applications from starting.

Also note that all of these applications on this page can be used cost-free (although donations to these organizations would probably be helpful).


Combofix


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

Combofix is the Swiss Army Knife of Malware applications. This program has the quickest scan and will get rid of the majority of the resource-hogging malware that is out there. This program doesn't get "installed", you simply run the program and it does various system checks, then starts to scan the system.


Combofix asking to install the Recovery ConsoleCombofix Scanning the System
Combofix asking to install the Recovery Console and Combofix scanning the system

Combofix is being constantly updated, so if you download a copy from a few days ago, it is a good idea to download a new copy of it. To run Combofix, simply download it, then select run after it is downloaded, or double-click the file. Ocassionally some Malware will prevent Combofix from running, most of the time you can bypass this by simply renaming it to something else, like CF.exe. Also, if your system is infected with a Malicious Virus, Combofix will inform you of this and you should immediately skip to the next section to get rid of it.

Overall, Combofix will do the following:

  • Create a System Restore Point
  • Check to see if any Antivirus Applications are running (you should disable these first)
  • Ask you to install the Recovery Console (if it is not installed) - I usually don't recommend this unless you are highly technical
  • Scan the computer for Malware

For a more thorough guide on combofix, visit
http://www.bleepingcomputer.com/combofix/how-to-use-combofix.


Malwarebytes' Anti-Malware


http://www.malwarebytes.org/

The next application I use to remove Malware is Malwarebytes' Anti-Malware. Where combofix fails to remove certain malware, such as Antivirus 2009 and other similar ones, Malwarebytes usually picks them up and removes them. This appliation also gives you the opportunity to run a quick scan or a full scan, which is very helpful if you need to quickly clean a system.


Starting a Scan with MalwarebytesMalwarebytes' Finishing a Scan
Scanning a System with Malwarebytes' Anti-Malware

To install this application, simply download the installer and run it, once the installation is complete, it will ask if you want to check for updates and start the program, it is a good idea to do this as the installer does not get updated very often.

Once Malwarebytes is running, it will ask you if you want to do a Quick or a Full scan. The Quick scan usually picks up any major infections that you may have, so if you are in a hurry select Quick Scan, otherwise run a Full System Scan.


Removing Infections with Malwarebytes' Anti-Malware
Removing Infections with Malwarebytes' Anti-Malware

Once the scan is complete, it will tell you how man infections it has found. In order to clean these infections, click on "Show Results" which will bring up a detailed view of all the infections that the program has found. To remove the infections click on the "Remove Selected" button. It may ask to restart the computer if you had a major infection.

Malwarebytes' also comes in a "Paid" version, which allows you to have it run in the background to prevent Malware infections. If you tend to always catch Malware, it may be a good idea to purchase this application.


Spybot - Search & Destory


http://www.safer-networking.org/

The last application I usually use to clean up Malware is Spybot Search & Destroy. This is probably one one the oldest Adware Removal Utilities around, but it is still one of the most thorough. I especially like it because you can set it to do an automated scan which will automatically remove any infections (see below for details). This allows you to quickly clean the system using the 2 above programs, then simply start an automated scan and go do something else (or leave if you are on the clock).


Selecting Installation Options with SpybotImmunizing a System with Spybot
Installation Options and Immunizing a System with Spybot

To use this, download the installer file and run it, note that the installer does require a connection to the Internet to get an updated database. Also, during the installation, you will be prompted to use "SDHelper" and "Teatimer", if you are an advanced user these applications may quickly become annoying, so I usually don't use these features. Once the program is installed and you first run it, it will go through a "Startup Wizard" which includes:

  • Creating a Registry Backup
  • Searching for Updates
  • Ask to Immunize the System

Immunizing the system simply "tweaks browser settings to use their methods of blocking cookies, malware installations, bad websites and more". It is usually a good idea to apply the Immunization every once in a great while.


Scanning a System with SpybotFixing Problems with Spybot
Scanning a System and Removing Infections with Spybot

Once you finish with the Startup Wizard and once the application is running, to scan the system just go to the Search & Destroy tab and click on "Check for Problems". In later versions, the program may detect an abundance of temporary files and may ask you if it is alright to clear them out. Again, this will speed up the scans.

Once the scan is complete, to remove the infections click on "Fix Selected Items" and the program will remove the infections. In some instances, it may not be able to totally remove the infections and will ask you if it would be alright to run Spybot on system restart, if you say yes it will automatically schedule a scan when you restart the computer.


Note: You can make Spybot do an automated scan by issuing the following commands:

		cd "C:\Program Files\Spybot - Search & Destroy"
		SpybotSD /allhives /autocheck /autofix /autoclose /onlyspyware

You can also use the /taskbarhide option to have spybot run in the background


Dealing with Viruses


The more serious Malware problems are caused by Viruses, which by design tries to maliciously damage your computer system. Because of the Malicious nature of Viruses, getting them removed from your computer can sometimes be a challenge. Fortunately, at this time getting a true Malicious Virus is getting more and more rare since most online criminals try to make money using Adware/Fraudware/Trojans instead of simply damaging systems.

However, if you are one of the unlucky ones that do get a Malicious Virus, this page will try to guide you on how to remove viruses from your system using a few different tools. The tools on this page are listed in alphabetical order and this is by no means a complete list of Antivirus products available. These are simply the ones that I have used to remove viruses from computers. At the bottom of the page I have also a list of links to various utilities that were created for specific viruses, so if you know the exact virus you have you may find a tool written for that virus to get rid of it.

Avast Antivirus

http://www.avast.com
Avast Home Edition - Full Installer
Avast Professional Edition - Full Installer - works as a 60 day trial

Avast provides 2 different versions of it's product to home users, the Home Edition and the Professional Edition. The Home Edition is cost-free to use, although they do require you to register it every year, which confuses people thinking they have to purchase it when you don't. The Professional Edition does cost money to use it, but it can be used as a 60 day trial, so it can be used cost free to get rid of viruses.


Avast asking to run a boot-time scanAvast running a Memory Scan at Startup
Avast asking to run a boot-time scan and testing the memory for viruses at startup

What really sets Avast apart from most of the other Antivirus products is that it provides a "boot time scan", so if your computer is infected with a virus that prevents antivirus applications from running Avast will usually get rid of it using the boot time scan. However, the boot time scan does take forever to run, so unless you cannot get your antivirus software to run, I don't recommend the boot time scan for normal scans.


Selecting the local disks and starting a scanAvast running a virus scan
Starting a Virus Scan using Avast and Avast running the scan

Overall, Avast does seem to pick up most viruses and get rid of them. The performance hit on your system is pretty minimal for an antivirus product. The interface is pretty arcaic, but you can switch it to an "advanced interface" that is a little more managable.


Avast's Advanced Interface
Using Avast's Advanced Interface

The major problem that I found with Avast is that the company is located outside the United States and the support is not very good. Also if you are looking at purchasing multiple licenses you may have to wire them money. If you simply need to get a virus removed, or just use it at home this is a good solution.


AVG Free

http://www.grisoft.com/
AVG Free Home Page
AVG Download Page

AVG Free is probably one of the most popular Free Antivirus products out there right now. The Free Version doesn't nag you to register it or anything, you simply just install it and it works.


Option for Installing AVG Security ToolbarOption to provide anonymous information
Options to unselect installing the AVG Security Toolbar and sending anonymous information

Starting with version 8, AVG has been providing the AVG Security Toolbar with the install, personally I don't like it and just after they released it there was a huge backlash from the users, stating that it slowed their browsing down and they were concerned with the data that was being collected with the toolbar. Since the backlash, AVG allows you to not install the Security Toolbar during installation and I recommend that you don't install it at this time.


Starting a virus scan using AVGAVG showing the scan results after a scan
Starting a Virus Scan using AVG and AVG showing the scan results

Overall AVG Free does catch most viruses out there and for a free product is decent enough to run as your main Antivirus software. However, with the last few releases I have noticed a few computers that took a pretty good performance hit when running AVG, but that may be rare. If your computer does seem to become sluggish after installing AVG, you may want to try another Antivirus Solution.


Bitdefender

http://www.bitdefender.com/
Bitdefender Free Edition Home Page

I haven't personally used Bitdefender as the primary Antivirus program on a computer yet, but I have used it repeatedly to get some pretty bad viruses off of computers that other Antivirus products couldn't detect. So, if you still think you may have a virus after you cleaned it with other products, it may be a good idea to scan it with Bitdefender.


Running an Update on BitdefenderStarting a scan with Bitdefender
Updating Bitdefender and running a Virus Scan using Bitdefender

When you first start Bitdefender, it will ask you to "login" to a web account, if you are not going to use it as your primary antivirus solution you can simply skip this step.

The first time you run Bitdefender, I highly recommend that you update the program as the installation file doesn't get updated too often and there probably will be updates to it.


Bitdefender scanning a systemScan results with Bitdefender
Bitdefender scanning a system and showing the scan results

Bitdefenders scans usually don't take too long and it is somewhat good at removing the threats, however if it can't remove the threat it does provide more information on the threat. Write this information down and you can download a utility specifically designed for that virus to get rid of it. (see below)


Microsoft's Security Essentials

http://www.microsoft.com/
Security Essentials Home Page

Microsoft has recently stepped into the Antivirus field with their "Security Essentials" product. Since this is a relatively new product, I am not sure exactly how it does at catching viruses, or how well it protects your system, although the reviews have been favorable.


Starting a scan with Microsoft Security EssentialsMicrosoft Security Essentials scanning the computer
Starting a scan with Microsoft's Security Essentials

With my limited exposure to this product, I have found that it is free, it does detect spyware and it seems to integrate nicely with Windows without having too much of a performance hit. I guess time will tell whether or not this is a good product or not.


Specific Virus Removal Tools

If you cannot get an Antivirus program to remove certain viruses, there are many companies that provide free tools that will get rid of the viruses for you. Remember to write down the exact virus and keep note of the Antivirus program that you used to detect it and use the links below to see if there is a utility that will remove the virus for you.


http://www.avg.com/us-en/virus-removal
http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool/ http://www.symantec.com/norton/security_response/removaltools.jsp

After Malware is Removed

Once you clean Malware from your system, there is a possibility that more damage was done to your system than you first suspected. This page will give you some tips that may help in getting your system back to normal.


Running Combofix Again


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

I have found that Combofix may fix certain system issues that may result when removing malware and running Combofix again may fix the issues you are having.

Occasionally, removing a Malware infection could make Windows not able to run any executable, usually what happens is that Windows "forgets" how to handle executables and it asks how you want to open the program. To fix this, have windows open the executable with "C:\Windows\System32\cmd.exe", this will open a command prompt where you can manually running Combofix, which does fix this problem automatically for you.


Running CCleaner to Fix Registry Entries

http://www.ccleaner.com/download

Once you remove some Malware, there might be some registry keys still listed in your registry that links to that Malware. If you are getting errors stating that a certain program cannot be found or cannot be started you probably have registry keys linking to the removed Malware.


CCleaner's Registry CleanerCCleaner fixing Registry Problems
Running CCleaner to Scan for and Remove unneeded Registry Settings

The easiest way to fix these errors is to simply run CCleaner's Registry Scanner and have it remove anything that it finds. If you didn't install CCleaner before you started cleaning your system, there are quite a few other Registry Scanners available, and I do cover those later in this article.


Apply the latest Windows Service Pack again


Windows XP SP3 Page - Download WinXP SP3 Installer
Windows Vista SP1 - Windows Vista SP2

Ocassionally Malware will infect certain system files required by Windows. One of the Easiest ways to restore these system files is to simply re-apply the latest Service Pack that Microsoft Released for your version of Windows. Just remember to re-apply any updates for your system after the service pack is (re-)installed.


Running a Repair Installation

If Malware has really messed up your system, you may want to try to run a Repair Installation of the Operating System. To do this, simply put the Installation CD to your Operating System in and boot from the CD (usually hitting F12 during POST to bring up a Boot Menu). Once the installation procedure starts it will ask if you want to run a Repair on your system.


Simply Re-Install Windows

If your system is unuseable, you may want to just re-install your Windows Operating System. Just remember to backup any data you want to save, ensure you have all the hardware drivers for your system and ensure that you format the drive during installation (otherwise the problem may still be present after installation).

Basic Network Troubleshooting

Ocassionally I come across problems with Windows Networking that are somewhat easy to troubleshoot, others are not as easy. This page will attempt to give you simple troubleshooting steps to fix various networking issues that occur. These steps will hopefully track the problem down so you can fix it easily.

One of the first steps in troubleshooting network problems is the fact that you may have Malware preventing the network from working. If you suspect that you may have Malware, I recommend first scanning for and removing the Malware by following the previous sections in this guide.

Checking Internet Explorer's Settings

Occasionally, if you cannot access the Internet, the problem may simply be that a setting in Internet Explorer is wrong. I am not sure if Malware adjusts this setting or something else, but I have seen this mulitple times.


Checking LAN Settings in Internet ExplorerEnsuring Internet Explorer is not set to use a Proxy
Checking Internet Explorer's LAN Settings and Ensuring it is Not Using a Proxy Server

The fix for this is to simply open the Internet Explorer Settings, by launching Internet Explorer, then selecting "Tools -> Internet Settings". Then once the Settings are opened, click on the "Connection Tab", then open the "LAN Settings" option by clicking on that button.

Once the LAN Settings options is opened, ensure that your system is not set to using a Proxy (unless of course you are using a Proxy). If it was set to use a Proxy, uncheck that option and click OK, then click OK to close the Internet Explorer Settings. Try accessing a web site and hopefully the page will now come up. Note that even if you may use Firefox, this setting may (not always) prevent Firefox from accessing the Internet as well.

Checking the IP Address Information

Modern networking revolves around the TCP/IP networking stack and Windows is no exception. So for basic troubleshooting, we are going to look at all the components of the TCP/IP Stack on your system.

The first step is to ensure that your Network adapter is getting an IP address from a DHCP Server (unless you have statically assigned the IP address on your system). To do this you can either open a command prompt and type in "ipconfig /all" to gather the required information, or open the Network Connections Control Panel Utility and double click on your network connection. This will open the Status Page of your Network Adapter, now open the Support Tab, then click on the "Details" button to get more information for that connection.


Viewing the Support tab of the Network Connection Status PageViewing the Detailed Settings of your Network Connection
Viewing the Network Status and the Detailed Information of you Network Adapter.

The information you want to get is the following:

  • IP Address
  • DNS Server(s)
  • Gateway

IP Address - This is your "number" on your network (and possibly the Internet if you don't use a Router). It is a unique number on the network (no one else will have that address). If you do get an IP address from a DCHP Server (most routers will give out IP Addresses in this way) and the IP address starts with "169.254." means that your DHCP server did not give out an IP Address and Windows automatically assigned one. If this happens, restart your Router/Firewall, then your computer to see if it assigns an IP Address.

DNS Server(s) - This is the IP Address of a DNS Server(s) that your computer will use to get IP Addresses from the Domain Names you type in the address bar of your Browser. For instance, you will type "www.google.com" in your browser and the DNS Server translates it into "74.125.47.99".

Gateway - This is the address of your Router or the ISPs computer that you must access the Internet through to get outside of your local network.

Now, using the above information, you can troubleshoot your connection problem.

The first step is to ping your gateway address in a command prompt, or if you have a Firewall/Gateway device with a web page configuration utility, enter the gateway address into a browser.


Checking the Gateway using Ping under the Command PromptChecking the Gateway using the Router's Web Config Page
Checking the Gateway using the Ping command and Using the Router's Web Config Page

If the ping command returns Reply information or the Router's Web Page comes up you know that the Router is working correctly. If it doesn't, there is either something wrong with the Gateway/Router/Firewall or your connection to the network. Try restarting the Router/Firewall or trying another network cable. If you are using a wireless connection, open the Wireless connection properties and remove your saved connection information and try to connect to the wireless network again.

If the Gateway is working, the next thing to check is the DNS Server. The easiest way to check this on a Windows based computer is to simply "ping" a hostname. To do this, open a command prompt and type in "ping www.google.com" and press enter. This will attempt to ping that hostname by first translating the hostname into an IP address. If this translation fails you will get a "host not found error", otherwise the translation will occur and it will show the IP address of the hostname and attempt to communicate with it.

Note that some Internet hosts will not respond to a ping command, and if the ping command does come back with an IP address with no reply results, your DNS Server is working properly.

If the DNS Server is not working, but your gateway is working and you are using an outside DNS Server (not your router), you could try to manually enter a DNS Server to use that is open on the Internet, a quick google search should bring up a list, one site that I found is here. If this still doesn't fix your problem, check out the next section on how to reset your Winsock and TCP/IP Stack in Windows.

Trouble with "Seeing" Windows Shares

Ocassionally I get emails from people stating that they cannot "see" other Windows shares off of other machines, especially Samba Servers. Most of the time, the fix for this is to simply enable Netbios over TCP in your network settings. This is especially true if you are trying to use Windows Networking over a VPN connection without a DNS Server configured.


Viewing the TCP/IP Properties PageEnabling NetBIOS over TCP/IP
Opening the Advanced TCP/IP Properties Page and Enabling NetBIOS over TCP/IP

To enable NetBIOS over TCP/IP, simply click on the Properties of your Network Connection, then double click on the TCP/IP protocol. This will bring up the TCP/IP Properties Page, then click on the "Advanced" button to open the Advanced Properties. The NetBIOS setting is located under the WINS tab, change it to enable and click OK and close out of the opened property boxes. You should now be able to "See" all the other Windows Machines or Samba Servers on your network.

Resetting the Windows Networking Stack

With the release of Windows XP Service Pack 2 and any later Windows releases, Microsoft offers the ability to reset various parts of it's network stack. Specifically it allows you to reset the Winsock and the entire TCP Network Stack. This was added since many 3rd Party Vendors add various "features" to these Windows components and sometimes they "Step on each other".


Repairing the Network Connection

The first step you should take to repair the Network Stack is to simply do a "Repair" under the Network Adapter Status. To do this, simply double click on the Network Adapter under the Network Connections control Panel Applet, then under the support tab, click on the "Repair" button.


Viewing the Support tab of the Network Connection Status Page
Repairing the Network

The repair button will pretty much do everything to fix your network connection, except reset the Winsock or the IP Stack. It will clear out the ARP and NetBIOS cache, flush the DNS and renew the IP.


Resetting the Winsock

One of the most problematic parts of the Windows Networking stack is the Winsock. The Winsock is a sockets API that a programmer can write a software program to use for networking functionality. The problem with this is that a 3rd party application that is untested can cause problems with Winsock. This is especially true with Malware, which is known to cause Winsock issues.

With Windows XP Service Pack 2 and later, you can "reset" Winsock to a workable state. You do this by running the following command:

	netsh winsock reset catalog

The command will reset the winsock and ask you to restart the computer, the restart isn't 100% necessary, but you should probably do it anyways.

If you happen to have extremely weird problems with any networking application, I highly recommend to reset the Winsock to see if the problem disappears. I have witness very strange problems be fixed by resetting the Winsock.


Resetting the Entire Network Stack

As a last resort, Microsoft also gives you the ability to reset the entire TCP networking stack to a working state. Similar to resetting the winsock, you run the following command:

	netsh int ip reset c:\resetlog.txt

Where C:\resetlog.txt is a log file that you can view to ensure the stack was reset properly.

Repairing a System that Won't Boot

Sometimes, a problem with Windows will put the computer in such a state that it will simply not boot up. The causes of this is many various reasons, the most common causes of this is:

  • The Windows Partition needs to be checked for errors
  • The Boot Loader gets corrupt
  • The Windows Registry is corrupt
  • System files get corrupt

Unfortunately, to usually fix these problems will usually require you to either put the hard drive into another working system, use a Rescue CD, use the Recovery Console, etc.

The first step is to see what state your Windows installation is in, for instance, will it attempt to boot into Windows and simply restart or bluescreen, will it boot into safe mode but not in "normal mode", will it simply not even try to boot, etc. The easiest way to see if it is a problem with a boot loader, or something past the boot loader is to simply tap "F8" as your computer is booting to see if you get the Windows Boot Menu or not. If it does not come up, you may have a problem with the boot loader, if it does come up the problem with the system is with Windows itself and not the boot loader.


Using the Boot Menu to fix bootup issues
Using the Boot Menu to Troubleshoot Bootup Issues

If you are able to get to the boot menu, you can quickly try to use the "Last Good Configuration" option as this may use an older version of the registry that will allow you to boot the computer. If that does not work, you can try booting to safe mode to continue troubleshooting. If safe mode doesn't work and your computer just restarts, you can try the "disable automatic restart" option to see if you can view the exact error that occurs. If that still doesn't work, you can try a logged boot to document what exactly is happening during boot to use as a troubleshooting guide later on (the log is located at C:\Windows\ntbtlog.txt).


Problems with the Bootloader

If your system seems to simply do nothing when it starts to boot, or you get an archaic error such as NTLoader is missing, you may have a problem with your boot loader.

The Microsoft Windows NT/2K/XP/2003 Bootloader is called NTLDR, while the Vista/2008/7 bootloader is called BOOTMGR. Troubleshooting both bootmanagers can sometimes be a pain, as they are not very configurable and can sometimes be difficult to restore when they get corrupt.


GAG Bootloader

http://gag.sourceforge.net/

The first step I usually take when dealing with a boot loader issue is to simply attempt to boot the system using a GAG (Spanish initials of "Graphical Boot Manager") CD. To obtain the CD, download the zip file from GAG's home page and uncompress it, within the archive they include an ISO file that you can write to a blank cd and use to boot from it.


GAG's Main ScreenGAG's Setup Screen
GAG's Main Screen and it's Setup Screen

When you first boot off of the GAG's CD it will guide you through a mini-wizard which include:

  • To use GAG, Press 4 to select "Install GAG"
  • It will ask for the type of Keyboard, usually just press 1
  • Then it ask for the language to use, English is 8
  • After this mini wizard, you will be presented at the Main Screen (shown above)
  • Once the Main Screen shows up, press "A" to add a new Operating System


Selecting a Partition to Add an Entry ForThe Added Entry Shows Up in the Main Screen
Adding the Partition for the new Entry and the new Entry shows up on the Main Screen

Once you Press A to add a new Operating System, you will be shown a list of all the partitions available on your hard drive, select the Partition that holds your Windows Installation. It will then ask for a name for the Entry, just type in "Windows" or something similar. You should now be back at the Main Screen and the Windows Entry that you just added should be listed.

If you are simply trying to see if you can boot from Windows, just press "2" (or the number corresponding to your Windows Entry) and it will attempt to boot Windows. Keep in mind that GAG does not install or adjust anything on your hard drive. If you wish to continue to use this boot manager, you must press H to Save in Hard Drive in order for it to replace your existing Bootloader.


Recovery Console Tools

Microsoft does provide some tools within the Recovery Console environment to aide in fixing a bootloader problem. Specifically the fixmbr, fixboot and the bootcfg commands.

In order to get to the Recovery Console environment, boot from your Windows Installation CD and follow the prompts until it asks if you want to install Windows or use the Recovery Console, press R here. It will then ask which Windows installation you want to log into. Usually there is only one Windows Installation, but you still must select the number (for instance 1) instead of just hitting enter, which cancels out of the Recovery Console. Upon selecting the Windows installation, you may be required to enter the Administrator Password.


Pressing R to start the Recovery ConsoleUsing the Windows Recovery Console
Booting off of the Windows CD and running the Recovery Console from the CD

fixmbr - The fixmbr command will repair the Master Boot Record of the boot partition

fixboot - Fixboot will write a new bootsector on the system partition

bootcfg - Bootcfg allows you to adjust the boot configuration (manipulates the boot.ini file). Type in bootcfg /? to see the options to this command.


Checking the Partition for Errors

About half of the time when Windows will not boot it has to do with errors on the Windows Partition. There are various ways to check the partition for errors. For instance, you can use the Windows Recovery Console (see above) and run the following command:

	chkdsk c: /p

This will run the autochk command, which is a little different than the CHKDSK command that is available within Windows. If you wish to use the chkdsk command within Windows, you could connect the drive to another working computer and run:

	chkdsk e: /f

Where e: is the drive letter of the hard drive that you want scanned. If you wish to have Windows automatically check the hard drive during boot, you can enter the following command:

	fsutil dirty set c:

If you don't want to put the drive in another system, you can utilize some sort of Boot CD and scan it from within the CDs Operating System. The next section covers a few of these CDs that are available.

Using Various Boot CDs

In order to fix certain problems that prevent your system from booting you need to get your computer into a "mode" where you can run commands onto your Windows partition. Instead of physically removing the hard drive and putting it into another computer you can utilize what are called "Boot CDs" or "Rescue CDs". Below are some of the Rescue CDs that I have tried and the utilities I have used.


Note - Some of these Rescue CDs may be legally questionable to use.



System Rescue CD

http://www.sysresccd.org/

System Rescue CD is one of the many bootable CDs that are based on GNU/Linux. Because of this, it may be a little more difficult to use for those who only have experience with working on Windows Systems.

There are quite a few utilities on System Rescue CD that can be used on a Windows System that refuses to boot. Here are a few commands that you can use:

  • ntfsfix /dev/sda1 - This will check the NTFS Partition for errors, similar to chkdsk, where /dev/sda1 is the location of the partition, for more information on this nomenclature go here.
  • fschk.msdos /dev/sda1 - This will check a FAT Partition for errors.
  • ntfs-3g /dev/sda1 /mnt/windows - This will mount an NTFS Partition so that it is writable, this can be helpful to restore an older version of the Registry (discussed in next section)

System RescueCD also has multiple utilities to backup data from any Partition, including Windows Partitions. This can be very helpful if you need to backup files before you completely re-install Windows on a non-booting system.

There are many other GNU/Linux based CDs available, many include a graphical interface instead of the console interface of SysRescCD. Another extremely popular one is Knoppix.


Microsoft DaRT

http://www.microsoft.com/windows/enterprise/products/mdop/dart.aspx

A ways back Microsoft purchased Sysinternals, the company that created quite a few useful utilities for Windows, including "Emergency Repair Disk". ERD was a bootable CD which booted into a Windows XP environment to aid in fixing problems that prevent Windows from booting. Since Microsoft's purchase, Microsoft renamed ERD to DaRT, Microsoft Diagnostics and Recovery Toolset. DaRT is basically the same as the older ERD with additional tools added. For instance with DaRT, you can:

  • Automatically fix a corrupt registry if one if found
  • Use chkdsk as you would on any Windows system
  • Edit the Registry
  • Disable/Enable Various Drivers and Services starting
  • Remove any Hotfix that may have caused problems
  • Reset the Administrator Password
  • Roll Back to an earlier System Restore Point
  • Many, Many more utilities

DaRT 5 is based on Windows XP/2003 and can be used on Windows 2000,XP and 2003. DaRT 6.0 can be used on Windows Vista and Windows 2008 Server, Dart 6.5 can be used with Windows 7. Microsoft DaRT is available within the "Microsoft Desktop Optimization Pack", which is only available through "Microsoft Volume Licensing". Although a while back Microsoft released a 30-Day Demo of DaRT 5, which you can still find on the Internet.


Other Bootable CDs

The following CDs may be questionable on the legal status, but for reference, here are popular CDs on the Internet:

  • Hirens CD - Includes hundreds of DOS and Windows Utilities. Includes both a DOS bootable environment and a Windows bootable environment.
  • Ultimate Boot CD - Includes quite a few tools for Hardware Diagnostics and a Windows Environment with hundreds of Utilities.
  • Falcon 4 Boot CD - Includes other Bootable Utilities, such as Hirens, DaRT/ERD, Ulitmate Boot CD, Windows XP and Vista Recovery Console on one CD.

Last Ditch Attempts to Get the System to Boot

If repairing the Boot Loader or Scanning the Partition for errors doesn't fix your problem, then I would first do a Logged Boot and view the bootlog to see if you can see what the problem is first and try to fix it. If you can't seem to figure out the problem, there are a few more things you can try.


Restoring a Previous Registry

While half of the time a corrupt partition filesystem is to blame for not being able to boot, the other half of the time a registry error can cause your system not to boot. Unfortunately, to fix a registry error, it does take quite a few commands (and a good registry backup) to get your computer to be able to boot again.


Note: Before you try to restore a previous registry, I highly recommend that you attempt to boot from a Microsoft DaRT CD, as when the DaRT environment initializes it will check to see if the registry is corrupt and if it is, it will either repair it or restore a recent backup of it.

Also, their is a utility called Registry Restore Wizard on various Boot CD that will restore a previous registry from a System Restore Point, this is kind of an automated way to do what I will explain how to do below. You can get a copy of the Registry Restore Wizard here


To run the following commands, you must either use a Boot CD that will give you read/write access to the Windows partition, or put your drive into a working system and run these commands on your Windows Partition from that system. Note that the Windows Recovery Console will not work to run these commands because it will not allow read access to the "System Volume Information" folder.

First, backup the existing Registry - You can do this with the following commands using a GNU/Linux Boot CD:

	mkdir /windrive
	ntfs-3g /dev/sda1 /windrive    (this could be /dev/hda1 if using ide drives)
	mkdir /windrive/regbackup
	cp /windrive/WINDOWS/system32/config/system /windrive/regbackup
	cp /windrive/WINDOWS/system32/config/software /windrive/regbackup
	cp /windrive/WINDOWS/system32/config/sam /windrive/regbackup
	cp /windrive/WINDOWS/system32/config/security /windrive/regbackup
	cp /windrive/WINDOWS/system32/config/default /windrive/regbackup
	cd
	umount /windrive

Now, copy a System Restore Point Registry to the config directory - To do this, you have to figure out which System Restore Point is somewhat recent, you can do this using a Linux CD by issuing the "ls -l" command to find out the dates of the folders. The System Restore Points are located in the "System Volume Information" directory. Here is an example (remember that GNU/Linux has Tab Completion):

	mkdir /windrive
	ntfs-3g /dev/sda1 /windrive    (this could be /dev/hda1 if using ide drives)
	cd /windrive/System\ Volume\ Information
	ls -l
	cd _restore{2E926FD9-.......}
	cd RP1/snapshot
	cp _REGISTRY_MACHINE_SYSTEM /windrive/WINDOWS/system32/config/system
	cp _REGISTRY_MACHINE_SOFTWARE /windrive/WINDOWS/system32/config/software
	cp _REGISTRY_MACHINE_SAM /windrive/WINDOWS/system32/config/sam
	cp _REGISTRY_MACHINE_SECURITY /windrive/WINDOWS/system32/config/security
	cp _REGISTRY_MACHINE_.DEFAULT /windrive/WINDOWS/system32/config/default
	cd /
	umount /windrive
	

Now, when you restart the computer, you will be using the restored Registry. If it doesn't work, simply copy the registry backup that you created back and try again with another System Restore Registry (or go on to the next step).


Restoring a Previous System Restore Point

If restoring a previous Registry does not work, you can try to restore an entire System Restore Point, which will restore the Registry and quite a few System and various other files. To do this on a System that will not boot, you must obtain a Microsoft DaRT/ERD Boot CD (see previous page) and boot from it. The DaRT system includes a utility to restore the system using a previous Restore Point.


Using DaRT to Restore the SystemRestoring System Files using DaRT
Using Microsoft's DaRT/ERD to Restore a Previous Restore Point

Warning: Ensure you have a good backup of at least your User Profile (located in "C:\Documents and Settings" on Windows 2000/XP/2003 and "C:\Users" on Vista/2008/7) as restoring to a previous System State is known to overwrite User Preferences and Documents in some instances. Also note that if you use DaRT/ERD to restore the system, it will backup the current configuration to the root of the System Drive at "C:\ERDUndoCache" in case it overwrites any important information. You can also use DaRT to undo the System Restore if it does not work (again ensure you at least backup the User Profiles that you absolutely need).


Running a Recovery Installation

If your system still does not boot after you attempt to use a System Restore Point, you can try booting off of the Windows Installation CD and running a "Repair" install. If it works, you system will boot up with most of your settings in tact. Note that if you do run a Repair install, you should immediately (re-)apply the latest service pack and install all the latest updates from Windowsupdate.

If all else fails, backup all of your files and re-install Windows, formatting your Hard Drive in the process.


Google Ad

© 2017 Mike Petersen - All Rights Reserved