Windows 7 / Getting Started

How to Analyze Boot Logs

Boot logging lists the files that successfully and unsuccessfully processed during startup. You use boot logging to log the Windows features that are processed when you start your computer in safe mode and also in normal mode. By comparing the differences between the two logs, you can determine which features are not required to start.

Windows records the name and path of each file that runs during startup in a log, %WinDir%\Ntbtlog.txt. The log marks each file as successful ("Loaded Driver...") or unsuccessful ("Did Not Load Driver..."). Boot logging appends entries to Ntbtlog.txt when you start Windows in safe mode. Comparing normal mode and safe mode entries enables you to determine which services run in normal mode only-one of which must be the cause of the startup problem if Windows is able to start in safe mode successfully. The following lines are sample Ntbtlog.txt entries.

Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\DRIVERS\sflpydisk.SYS

Note that not every "Did Not Load Driver" message necessarily indicates an error that would prevent Windows from booting, because many drivers are not required for Windows to start. To repair problems caused by problematic drivers when you can start safe mode, follow these steps:

  1. Restart the computer and enable boot logging.
  2. Restart the computer after it fails and then start safe mode.
  3. Click Start and then type %WinDir%\ntbtlog.txt. The boot log file opens in Notepad.
  4. Compare the list of drivers loaded in normal mode to the list of drivers loaded in safe mode. The driver that is causing the system to fail is one of the drivers listed with "Loaded Driver..." in the normal mode boot log, but listed with "Did Not Load Driver..." in the safe mode boot log.
  5. In safe mode, use Device Manager to replace or roll back potentially problematic drivers, as described in the next section, "How to Roll Back Drivers." Start by replacing drivers that have been recently installed or updated. After replacing a driver, repeat this process until the system starts successfully in normal mode.

For the services that run only in normal mode, disable those services one at a time, trying to restart your computer in normal mode after you disable each service. Continue to disable services individually until your computer starts in normal mode.

To repair problems caused by problematic drivers when the computer does not start in safe mode, follow these steps:

  1. Restart the computer and then load System Recovery tools.
  2. Click Command Prompt. At the command prompt, type Notepad %WinDir%\ ntbtlog.txt. Notepad opens and displays the boot log.
  3. Compare the boot log created when the system failed to start in safe mode to a boot log created when the system started successfully in safe mode. If you do not have a boot log that was created when the system started successfully in safe mode, create a boot log on a similarly configured computer by starting it in safe mode. The driver that is causing safe mode to fail is one of the drivers that is not listed in the boot log that was created when the system failed but is listed with "Loaded Driver..." in the boot log created when safe mode started successfully.
  4. Replace the driver file with a working version, using the Copy command at the command prompt. Start by replacing or deleting drivers that have been recently installed or updated. After replacing a driver, repeat this process until the system starts successfully in normal mode.
[Previous] [Contents] [Next]

In this tutorial:

  1. Configuring Startup and Troubleshooting Startup Issues
  2. What is New with Windows Startup
  3. Boot Configuration Data
  4. BCD Stores
  5. System Recovery
  6. Windows Boot Performance Diagnostics
  7. Understanding the Startup Process
  8. Power-on Self Test Phase
  9. Initial Startup Phase
  10. Initial Startup Phase for BIOS Computers
  11. Initial Startup Phase for EFI Computers
  12. Windows Boot Manager Phase
  13. Windows Boot Loader Phase
  14. Kernel Loading Phase
  15. Control Sets
  16. Values for the Start Registry Entry
  17. Value Descriptions for Type Entries
  18. Other Registry Entries in the Servicename Subkeys
  19. Session Manager
  20. Logon Phase
  21. Important Startup Files
  22. How to Configure Startup Settings
  23. How to Use the Startup And Recovery Dialog Box
  24. How to Use the System Configuration Tool
  25. How to Use BCDEdit
  26. How to Interpret BCDEdit Output
  27. How to Back Up and Restore Settings
  28. How to Change the Default Operating System Entry
  29. How to Change the Boot Menu Time-Out
  30. How to Change the Order of Boot Manager Menu Items
  31. How to Create an Entry for Another Operating System
  32. How to Remove a Boot Entry
  33. How to View and Update Global Debugger Settings
  34. How to Remove the Windows 7 Boot Loader
  35. How to Configure a User Account to Automatically Log On
  36. How to Disable the Windows Startup Sound
  37. How to Speed Up the Startup Process
  38. The Process of Troubleshooting Startup
  39. Startup Troubleshooting Before the Starting Windows Logo Appears
  40. How to Start the System Recovery Tools
  41. How to Run Startup Repair
  42. How to Use BootRec.exe
  43. How to Diagnose Hardware Problems
  44. How to Use System Restore
  45. How to Manually Repair the Boot Sector
  46. How to Manually Update the BCD Registry File
  47. How to Manually Replace Files
  48. How to Reinstall Windows
  49. Startup Troubleshooting After the Starting Windows Logo Appears
  50. How to Restore the Last Known Good Configuration
  51. How to Enable Boot Logging
  52. How to Start in Safe Mode
  53. How to Identify Failing Drivers and Services
  54. How to Analyze Startup Problems in Safe Mode
  55. Event Viewer (Eventvwr.msc)
  56. System Information
  57. Error Reporting Service
  58. How to Use Device Manager to View or Change Resources
  59. How to Analyze Boot Logs
  60. How to Roll Back Drivers
  61. How to Temporarily Disable a Service
  62. Troubleshooting Startup Problems After Logon
  63. How to Temporarily Disable Startup Applications and Processes
  64. How to Disable Startup Applications Using the Shift Key
  65. How to Disable Startup Programs Using the System Configuration Utility
  66. How to Disable Startup Applications Configured Using Group Policy or Logon Scripts
  67. How to Permanently Disable Startup Applications and Processes
  68. Manually Remove the Entry