Windows OS Troubleshooting
Key Takeaways
- A **Blue Screen of Death (BSOD)** is a kernel-level stop error; record the stop code and any named driver file first, then reboot once before assuming hardware failure.
- **Safe Mode** loads Windows with minimal drivers and services so you can roll back a bad driver, remove malware, or undo a setting that blocks a normal boot.
- **System Restore** reverts system files, the registry, drivers, and installed programs to a restore point but never touches personal files — it is not a backup.
- The **Windows Recovery Environment (WinRE)** offers Startup Repair, System Restore, Command Prompt, System Image Recovery, and Reset this PC when Windows will not boot; trigger it by interrupting boot three times.
- On the V15 Core 2 (220-1202) exam, Software Troubleshooting is 23% of objectives and is tested through scenario and performance-based questions — know the CLI repair sequence: sfc /scannow, DISM /RestoreHealth, then chkdsk /f /r.
Blue Screen of Death (BSOD)
A Blue Screen of Death (BSOD), formally a stop error, appears when the Windows kernel hits a fault it cannot safely recover from and halts to protect data on disk. CompTIA expects you to treat the on-screen stop code as the primary diagnostic clue rather than guessing. Modern Windows 10/11 screens show a short code (for example, DRIVER_IRQL_NOT_LESS_OR_EQUAL) and often the failing driver file name (such as nvlddmkm.sys), which points directly at the culprit.
Common Stop Codes and Their Real Causes
| Stop Code | Most Likely Cause | First Action |
|---|---|---|
| IRQL_NOT_LESS_OR_EQUAL | Bad driver or faulty RAM | Roll back driver, run Windows Memory Diagnostic |
| PAGE_FAULT_IN_NONPAGED_AREA | Faulty RAM or corrupt driver | Test RAM, update driver |
| SYSTEM_SERVICE_EXCEPTION | Incompatible driver, corrupt file | sfc /scannow, update driver |
| CRITICAL_PROCESS_DIED | Corrupt system files or malware | sfc, DISM, malware scan |
| DPC_WATCHDOG_VIOLATION | Storage/SSD driver timeout | Update storage controller driver and firmware |
| UNMOUNTABLE_BOOT_VOLUME | Corrupt boot sector, failing drive | WinRE → chkdsk C: /f /r |
| INACCESSIBLE_BOOT_DEVICE | Changed SATA/RAID mode in firmware | Restore prior SATA mode (AHCI/RAID) |
Worked Triage Sequence
- Photograph or write down the stop code and any
.sysfile named — this is the single most testable habit. - Reboot once. A lone BSOD can be a transient glitch; do not replace hardware on a single event.
- If it repeats, boot to Safe Mode and roll back or uninstall the most recently changed driver (Device Manager → driver → Roll Back Driver).
- Run sfc /scannow (repairs protected system files from a local cache), then DISM /Online /Cleanup-Image /RestoreHealth (repairs the component store that sfc relies on). Run DISM first if sfc cannot fix files.
- Run Windows Memory Diagnostic (
mdsched.exe) if a code points to RAM, and review Event Viewer → Windows Logs → System for the matching error.
Exam trap: Stop codes ending in
IRQLor naming a driver are driver/RAM problems, not malware. Reserve malware as the prime suspect forCRITICAL_PROCESS_DIEDand unexplained reboots after a download.
Boot Sequence and Startup Repair
Knowing where a boot fails tells you which tool to reach for. The Windows boot order is: POST (hardware self-test) → UEFI/BIOS locates the boot device → Windows Boot Manager (bootmgr) reads the Boot Configuration Data (BCD) → ntoskrnl.exe (kernel) loads drivers → smss.exe (Session Manager) → winlogon.exe presents the sign-in screen. A failure before the spinning logo is usually firmware or BCD; after the logo points to drivers or the user profile.
Boot Symptoms → Fix
| Symptom | Likely Stage | Repair |
|---|---|---|
| "Bootmgr is missing" / "BOOTMGR not found" | Boot Manager / BCD | WinRE Command Prompt → bootrec commands |
| Spinning dots, never reaches desktop | Driver init | Safe Mode, roll back recent driver |
| Boot loop before sign-in | Kernel/driver or BCD | WinRE → Startup Repair, then System Restore |
| Black screen after sign-in | explorer.exe / profile | Ctrl+Alt+Del → Task Manager → run explorer.exe |
| "Automatic Repair" loop | Corrupt files | WinRE Command Prompt → sfc, DISM, chkdsk |
Boot Repair Commands (run from WinRE → Troubleshoot → Command Prompt)
| Command | What It Does |
|---|---|
bootrec /fixmbr | Writes a fresh Master Boot Record (legacy BIOS disks) |
bootrec /fixboot | Writes a new boot sector to the system partition |
bootrec /rebuildbcd | Scans for installs and rebuilds the BCD store |
sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows | Offline system file check when Windows will not boot |
chkdsk C: /f /r | Fixes file-system errors and recovers readable bad sectors |
Reach WinRE by holding Shift while clicking Restart, by booting installation media and choosing Repair your computer, or by powering off during boot three times so Windows triggers it automatically. Always try the least-destructive option first — Startup Repair before a reset, and Reset this PC (which can keep files) before a clean reinstall.
Safe Mode, Slow Performance, and System Restore
Safe Mode
Safe Mode boots Windows with only essential drivers and services, giving you a clean environment to undo whatever blocks a normal boot. There are three variants:
- Safe Mode — minimal drivers, basic VGA display, no networking.
- Safe Mode with Networking — adds network drivers so you can download a fixed driver or malware tool.
- Safe Mode with Command Prompt — boots to
cmd.exeinstead of the desktop for scripted repair.
Access it from Settings → System → Recovery → Advanced startup, or WinRE → Troubleshoot → Advanced options → Startup Settings → Restart, then press 4 / 5 / 6 (or F4/F5/F6). msconfig (System Configuration → Boot tab) can also force the next boot into Safe Mode — remember to uncheck it afterward or the PC keeps booting safe.
Slow-Performance Triage
- Open Task Manager (Ctrl+Shift+Esc) and sort by CPU, Memory, and Disk to find the resource hog.
- Disable unneeded startup programs (Task Manager → Startup apps).
- Scan for malware — a hidden miner or adware is a classic cause.
- Confirm at least 15–20% free space on the system drive; a near-full SSD throttles hard.
- Check drive health via SMART (chkdsk, or a SMART utility) — rising reallocated-sector counts mean a failing disk.
Common Windows Issues
| Issue | Causes | Fix |
|---|---|---|
| Frequent freezes | Bad RAM, driver, overheating | Test RAM, update drivers, check temps |
| "Connected, no internet" | DNS, proxy, IP conflict | ipconfig /flushdns, release/renew, check proxy |
| Profile won't load | Corrupt user profile | Create new profile, migrate data |
| Wrong time/date | Dead CMOS battery, NTP off | Replace battery, enable time sync |
System Restore
System Restore rolls back system files, the registry, drivers, and installed programs to a saved restore point (launch with rstrui.exe). It is ideal after a bad update or driver. It does not touch personal documents, photos, or music, and it is not a backup — for user data you need File History or a real backup. Because malware can survive a restore, always run an antimalware scan after restoring.
Exam logistics: The current A+ Core 2 is 220-1202 (V15) — up to 90 questions in 90 minutes, passing score 700 of 900, including drag-and-drop and performance-based items. The retired 220-1102 listed this domain at 22%; V15 raises it to 23%.
A Windows PC shows a BSOD with stop code DRIVER_IRQL_NOT_LESS_OR_EQUAL and names the file nvlddmkm.sys. What is the BEST first action?
Windows fails to boot and keeps entering an Automatic Repair loop. From the WinRE Command Prompt, which command set repairs corrupted protected system files offline?
A technician used System Restore to recover a PC after a malware infection. The desktop is usable again. What should the technician do NEXT?
A user reports general slowness on an otherwise healthy Windows laptop. Which single check most directly identifies the cause before any changes are made?