In IT, information is king. Keeping tabs on a machine — knowing what is happening, knowing what is running, knowing what is starting at bootup — is one of the key elements in maintaining a healthy system. To keep control over what is running, you can always use a tool like Autoruns, but for some, that tool is overkill.
If you just want to analyze what occurs during the boot process on a Windows 7 machine, you should consider using msconfig.exe. With msconfig, you can set up a boot logger that will log every driver that is loaded during the boot process. Once you have this information, you can troubleshoot numerous problems. Here’s how to enable the boot log using Windows built-in msconfig.exe tool.
Step 1: Fire up msconfig
To open the tool, do the following:
- Click the Super-r (aka Windows-R) key combination to open the run dialog.
- Type msconfig.exe.
- Click either OK or the Enter key to run the command.
Step 2: Enable boot log
Once the msconfig tool is opened, click the Boot tab (Figure A), check the box for Boot Log, and click OK. You’ll receive a prompt to reboot the machine, which you’ll need to do to complete the setup.
Figure A
Click the image to enlarge.
Step 3: View the logfile
When the reboot completes, open the msconfig tool. In order to view the log file, do the following:
- Open Notepad by going to Start | All Programs | Accessories | Notepad or opening the Run dialog, typing notepad.exe, and clicking OK.
- Navigate to C:\Windows\ and open the file ntbtlog.txt.
- Pour through the boot log (Figure B) to troubleshoot whatever issue you are having. You can also see what service pack the machine has installed from this log.
Figure B
Click the image to enlarge.
Step 4: Save the file
Every time you reboot Windows, new entries will be added to this log; this means the log can get long, and too many entries will cause problems troubleshooting. Since there is no method of log rotation here, you might save the file in a dated folder, so you know exactly what you are dealing with. You can also delete the old entries from the log file to save this from growing too large.
Once you complete troubleshooting, you might consider disabling the feature, as msconfig will continue logging.
What to do?
Once you locate a problem driver, you can continue using the msconfig tool to disable any unwanted drivers from being loaded. To do this, follow these steps:
- Open msconfig.
- Click the Startup tab.
- Scroll through the listing (Figure C) and uncheck what you do not want loading. Make sure you know for sure which drive you are disabling before you follow through.
Figure C
Click the image to enlarge.
If the offending driver isn’t listed in this tab, said driver could be a piece of malicious software and would need to be removed using your anti-malware tool of choice.
The second method of removing stubborn startup apps is done through the registry (note: make sure you back up your registry before you make any edits or delete any entries):
- Open the registry by typing regedit at the run dialog.
- Navigate to HKEY_Local_Machine/Software/Microsoft/Sharedtools/MSconfig.
- Look in the StartupFolder and StartupReg folders and delete unwanted entries.
After you remove drivers/applications from loading at boot, restart the computer and then go back to the boot log to make sure those offending drivers/applications aren’t loading. You should no longer find entries for them in the log file.