A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Win 7 Startup Problems - Again!



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old March 29th 18, 10:59 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 1,663
Default Reliability Monitor

In message , Paul
writes:
J. P. Gilliver (John) wrote:
In message , Paul
writes:

[]
so the keywords seem to be RACAgent and RACTask. And some
folders that it keeps. It probably does that, so a user can
erase Event Viewer, without damaging the RAC collection.

Paul

RACAgent not on my system; RacTask exists (as a 4,502 byte file -
with no extension - as the only file in
C:\Windows\System32\Tasks\Microsoft\Windows\RAC) .


This shows the size and file types of the two data folders it uses.
It keeps information in SQL Compact databases (doesn't use Microsoft
ESE Jet Blue).

https://s17.postimg.org/m1ravgwvz/RAC_Data_Folders.gif


My C:\ProgramData\Microsoft\RAC\PublishedData contains one file,
RacWmiDatabase.sdf, size 148 KB; my
C:\ProgramData\Microsoft\RAC\StateData contains two, RacDatabase.sdf 543
KB and RacMetaData.dat 1 KB, actually 8 bytes (AB BF FA 00 AD DB BA 00).
Still getting just the grey pillars with no overgraph.

And I see evidence here, that this thing ties into CEIP and Telemetry.
So if a program fails, it's probably reported to the software developer.
And RAC is keeping statistics.

The machine I was looking at was "polluted" by a Visual Studio
installation, so I have to be careful to not jump to too many
conclusions. But the stuff looks "complicated at the edges".

There is a RAC Engine DLL that does some math or something, but
I can't figure out much else.

Paul


If _you_ can't, I have _no_ chance (-:!
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)[email protected]+H+Sh0!:`)DNAf

Radio 4 is the civilising influence in this country ... I think it is the most
important institution in this country. - John Humphrys, Radio Times
7-13/06/2003
Ads
  #17  
Old March 30th 18, 03:40 AM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 6,390
Default Reliability Monitor

J. P. Gilliver (John) wrote:
In message , Paul
writes:
J. P. Gilliver (John) wrote:
In message , Paul
writes:

[]
so the keywords seem to be RACAgent and RACTask. And some
folders that it keeps. It probably does that, so a user can
erase Event Viewer, without damaging the RAC collection.

Paul
RACAgent not on my system; RacTask exists (as a 4,502 byte file -
with no extension - as the only file in
C:\Windows\System32\Tasks\Microsoft\Windows\RAC).


This shows the size and file types of the two data folders it uses.
It keeps information in SQL Compact databases (doesn't use Microsoft
ESE Jet Blue).

https://s17.postimg.org/m1ravgwvz/RAC_Data_Folders.gif


My C:\ProgramData\Microsoft\RAC\PublishedData contains one file,
RacWmiDatabase.sdf, size 148 KB; my
C:\ProgramData\Microsoft\RAC\StateData contains two, RacDatabase.sdf 543
KB and RacMetaData.dat 1 KB, actually 8 bytes (AB BF FA 00 AD DB BA 00).
Still getting just the grey pillars with no overgraph.

And I see evidence here, that this thing ties into CEIP and Telemetry.
So if a program fails, it's probably reported to the software developer.
And RAC is keeping statistics.

The machine I was looking at was "polluted" by a Visual Studio
installation, so I have to be careful to not jump to too many
conclusions. But the stuff looks "complicated at the edges".

There is a RAC Engine DLL that does some math or something, but
I can't figure out much else.

Paul


If _you_ can't, I have _no_ chance (-:!


Well, we're working at this a bit at a time, and hoping
it's something simple, right ?

What I notice in your description, is you're missing the two WMI
files. My folder had four files. Your folder has two files.
Both your WMI are missing. Does this imply a WMI thing is broken ?

And that gives us another keyword to work with :-)

For example, in this short thread, it almost suggests a "policy"
might be available to switch WMI off. We'll ignore this for
the moment, as this is likely a red herring.

https://social.technet.microsoft.com...m=winservergen

HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI
WMIEnable

*******

In this article, the only thing I'm initially interested in, is the
first line.

https://answers.microsoft.com/en-us/...1-b52971bda91e

reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v WMIEnable /T REG_DWORD /D 1 /F

The script likely came from here, and you can change the extension
on the .bat file to .txt and look at this in Notepad if you want.
*Don't* be in a rush to run this. This cleans out the entire
Event Viewer, as well as the two folders used by RAC. Sure it
works, but now you'll have to wait for a day to get enough
data to test the Reliability Monitor. I prefer to turn on WMI
as a first step.

http://www.thewindowsclub.com/downloads/RRM.zip

Here is a picture of me verifying my key is correct in Windows 7.
Make sure yours looks like this.

https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif

Because your WMI is missing, that's my guess as to why.

While it could be GPEDIT related, like the "policy" key above
we're ignoring, how exactly would that have happened ? I'm more
willing to buy a story, where WMI doesn't start the first time
on its own, and something "bootstraps" it, and turns on that
registry key. But you can have a look and see what is what.

Paul
  #18  
Old March 30th 18, 04:24 AM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 1,663
Default Reliability Monitor

In message , Paul
writes:
[]
Well, we're working at this a bit at a time, and hoping
it's something simple, right ?

What I notice in your description, is you're missing the two WMI
files. My folder had four files. Your folder has two files.
Both your WMI are missing. Does this imply a WMI thing is broken ?


Your guess is better than mine!

And that gives us another keyword to work with :-)

For example, in this short thread, it almost suggests a "policy"
might be available to switch WMI off. We'll ignore this for
the moment, as this is likely a red herring.

https://social.technet.microsoft.com...-d762-4761-ace
f-e991fdc22033/automated-way-to-enable-reliability-monitor?forum=winserv
ergen

HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI
WMIEnable


OK, I'll ignore it - except I checked out of curiosity, and: under
HKLM\SOFTWARE\Policies\Microsoft\Windows, I don't _have_ a Reliability
Analysis "folder".

*******

In this article, the only thing I'm initially interested in, is the
first line.

https://answers.microsoft.com/en-us/...10-performance
/reliability-monitor-view-all-problem-reports-empty/f989f4df-cbf1-4f0b-9
6c1-b52971bda91e

reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v WMIEnable
/T REG_DWORD /D 1 /F

The script likely came from here, and you can change the extension
on the .bat file to .txt and look at this in Notepad if you want.
*Don't* be in a rush to run this. This cleans out the entire
Event Viewer, as well as the two folders used by RAC. Sure it
works, but now you'll have to wait for a day to get enough
data to test the Reliability Monitor. I prefer to turn on WMI
as a first step.


Indeed. When I run the Reliability Monitor, although I have just the
naked grey pillars, if I click View all problem reports at the bottom of
the window, I _do_ have entries - the latest being 2018-3-24.

http://www.thewindowsclub.com/downloads/RRM.zip

Here is a picture of me verifying my key is correct in Windows 7.
Make sure yours looks like this.

https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif

Because your WMI is missing, that's my guess as to why.


No, I have that key there, with the same value.

While it could be GPEDIT related, like the "policy" key above
we're ignoring, how exactly would that have happened ? I'm more
willing to buy a story, where WMI doesn't start the first time
on its own, and something "bootstraps" it, and turns on that
registry key. But you can have a look and see what is what.

Paul

I await my next instructions (provided they're simple) with interest!
But you don't have to do this for me; until a couple of days ago I had
no idea this reliability monitor existed, so not having it hasn't hurt!
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)[email protected]+H+Sh0!:`)DNAf

.... the pleasure of the mind is an amazing thing. My life has been driven by
the satisfaction of curiosity. - Jeremy Paxman (being interviewed by Anne
Widdecombe), Radio Times, 2-8 July 2011.
  #19  
Old March 30th 18, 01:02 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 6,390
Default Reliability Monitor

J. P. Gilliver (John) wrote:
In message , Paul
writes:
[]
Well, we're working at this a bit at a time, and hoping
it's something simple, right ?

What I notice in your description, is you're missing the two WMI
files. My folder had four files. Your folder has two files.
Both your WMI are missing. Does this imply a WMI thing is broken ?


Your guess is better than mine!

And that gives us another keyword to work with :-)

For example, in this short thread, it almost suggests a "policy"
might be available to switch WMI off. We'll ignore this for
the moment, as this is likely a red herring.

https://social.technet.microsoft.com...-d762-4761-ace
f-e991fdc22033/automated-way-to-enable-reliability-monitor?forum=winserv
ergen

HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI
WMIEnable


OK, I'll ignore it - except I checked out of curiosity, and: under
HKLM\SOFTWARE\Policies\Microsoft\Windows, I don't _have_ a Reliability
Analysis "folder".

*******

In this article, the only thing I'm initially interested in, is the
first line.

https://answers.microsoft.com/en-us/...10-performance
/reliability-monitor-view-all-problem-reports-empty/f989f4df-cbf1-4f0b-9
6c1-b52971bda91e

reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v
WMIEnable /T REG_DWORD /D 1 /F

The script likely came from here, and you can change the extension
on the .bat file to .txt and look at this in Notepad if you want.
*Don't* be in a rush to run this. This cleans out the entire
Event Viewer, as well as the two folders used by RAC. Sure it
works, but now you'll have to wait for a day to get enough
data to test the Reliability Monitor. I prefer to turn on WMI
as a first step.


Indeed. When I run the Reliability Monitor, although I have just the
naked grey pillars, if I click View all problem reports at the bottom of
the window, I _do_ have entries - the latest being 2018-3-24.

http://www.thewindowsclub.com/downloads/RRM.zip

Here is a picture of me verifying my key is correct in Windows 7.
Make sure yours looks like this.

https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif

Because your WMI is missing, that's my guess as to why.


No, I have that key there, with the same value.

While it could be GPEDIT related, like the "policy" key above
we're ignoring, how exactly would that have happened ? I'm more
willing to buy a story, where WMI doesn't start the first time
on its own, and something "bootstraps" it, and turns on that
registry key. But you can have a look and see what is what.

Paul

I await my next instructions (provided they're simple) with interest!
But you don't have to do this for me; until a couple of days ago I had
no idea this reliability monitor existed, so not having it hasn't hurt!


I thought it might be something simple.

I'm running out of stuff to try, so you're "off the hook".

Paul
  #20  
Old April 2nd 18, 09:07 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 171
Default Win 7 Startup Problems - Again!

On Thu, 29 Mar 2018 16:06:06 -0500, wrote:

On Wed, 28 Mar 2018 10:02:49 -0400, Paul
wrote:

dadiOH wrote:
"philo" wrote in message
news On 03/27/2018 03:43 PM,
wrote:
After replacing the HD one week ago, it worked fine every day, until
today.

Now some of the same symptoms are back:

Everything appears normal up to the Login screen. I enter my password
and "Welcome" appears but nothing more happens.

Sometimes it will finish startup, but take much longer.

No error messages appear except on a restart after a lockup, the
basic Windows startup menu appears because of a failed proper
shutdown.

I'm really upset. After all I did, it appears I'm back to square one.
I have no idea what to try now.



Could be a RAM problem or possibly a bad mobo.

Or power supply


The OP has already tested the RAM, which passed.

And if it is a power supply issue, why does it have
the earmarks of a "failed profile at startup" ? A power
supply failure will cause random failures at different
times of the day. Or perhaps consistently, when the
system has "power peaks". I've seen power peaks at
BIOS level (because the power management isn't very good
there), and if the PSU is pooping out, it could die
just as easily at BIOS level, before the desktop appears.

If, during shutdown, the system is actually doing "unclean"
shutdowns, that could be damaging some registry related
stuff. If you had "Automatically Reboot" set, your system
probably wouldn't shut down for you. It would reboot.
If the Automatically Reboot on a failure wasn't set, the
system could crash during shutdown, not write the registry
properly, and just... stop. Sometimes you get log entries
for things like that (Event Viewer), but not if it was a BSOD.
It might crash before having time to make a log entry.

Now, that's a lot of supposition on my part, but it's the
most likely thing to be messing up the profile (without
it being a disk issue, and the disk has been replaced).

When it comes to "BSOD Spectrum", if you look at a large
number of BSODS on your system, you'll notice a fingerprint.
For example, say the NVidia driver is really crap, then
there will be a ton of BSODS with "nvxx" in the name for
you to look at. If, on the other hand, the power supply
is bad, you'll be getting obscure errors nobody has
ever heard of. Ones you might have trouble finding in
the Aumha STOP list. At the moment, the OPs symptoms
seem to be pretty focused, but we don't have an overview
of Event Viewer to see anything else that might be
interesting. Or a view of any minidumps.

(Pictures for dramatic effect...)

https://www.nirsoft.net/utils/blue_screen_view.html

Paul


You made me think about a corrupted User Profile.

I went he
https://support.microsoft.com/en-us/...d-user-profile

Followed the steps and created a new user as administrator, like my
original user account.

I thought if a new account wasn't corrupted, it would start properly.
Today I ran some tests and was disappointed.

Didn't matter which user I tried logging on as. The symptoms of not
getting beyond the "Welcome" screen and the disk activity light being
mostly steady for a few minutes occurred.

Sometimes it would finish starting and seem to work ok. But even
then, a normal automated Log off, Shutdown and Restart, might or might
not go smoothly.

Tomorrow I'll read the pages you linked to see if I can
understand/learn anything else to try.

DC


Still having the problem and it's still a crap shoot every time to see
if it will complete successfully or if I have to shut off power and
restart,

The only suspicious Event that happens at every startup (if successful
or not) is this one for ATC.SYS not loading. It's a file installed by
BitDefender AV Free.

Here's the full content of the Event Viewer Details:

Begin============

Log Name: System
Source: Service Control Manager
Date: 4/2/2018 1:57:13 PM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: AVA-386876-1
Description:
The following boot-start or system-start driver(s) failed to load:
atc
Event Xml:
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"
System
Provider Name="Service Control Manager"
Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
Control Manager" /
EventID Qualifiers="49152"7026/EventID
Version0/Version
Level2/Level
Task0/Task
Opcode0/Opcode
Keywords0x8080000000000000/Keywords
TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" /
EventRecordID502112/EventRecordID
Correlation /
Execution ProcessID="876" ThreadID="880" /
ChannelSystem/Channel
ComputerAVA-386876-1/Computer
Security /
/System
EventData
Data Name="param1"
atc/Data
/EventData
/Event

End==============

I found this:

https://social.technet.microsoft.com...w7itprogeneral

where someone was having a similar problem and Kate Li (MSFT CSG)
suggested removing the file to see if that solved it.

I was able to copy it to another drive for safe keeping, but I can't
remove or rename it. I receive a msg saying I need permission from
the administrators to do so. I am an administrator but that's not
enough.

At first the atc.sys properties said TrustedInstaller was in control
and I couldn't find a way to edit/change that. But now after several
attempts the TrustedInstaller entry is gone and it says SYSTEM is in
control, but it still won't let me mess with it.

I also tried to rename or delete it via Command Prompt (run as
Administrator) and as another user I created earlier (also an
administrator), but no go.

Next to try will be to learn how to use process monitor to capture the
statup process, but that will take a while.

Note that when startup does complete successfully and the desktop
appears, etc., everything seems to work fine for as long as I want to
use it. But then a restart, with normal appearing logoff, shutdown
and restart may or may not be a successful startup.

DC
  #21  
Old April 2nd 18, 10:58 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 6,390
Default Win 7 Startup Problems - Again!

Ken1943 wrote:
On Mon, 02 Apr 2018 15:07:17 -0500, wrote:

On Thu, 29 Mar 2018 16:06:06 -0500,
wrote:

On Wed, 28 Mar 2018 10:02:49 -0400, Paul
wrote:

dadiOH wrote:
"philo" wrote in message
news On 03/27/2018 03:43 PM,
wrote:
After replacing the HD one week ago, it worked fine every day, until
today.

Now some of the same symptoms are back:

Everything appears normal up to the Login screen. I enter my password
and "Welcome" appears but nothing more happens.

Sometimes it will finish startup, but take much longer.

No error messages appear except on a restart after a lockup, the
basic Windows startup menu appears because of a failed proper
shutdown.

I'm really upset. After all I did, it appears I'm back to square one.
I have no idea what to try now.


Could be a RAM problem or possibly a bad mobo.
Or power supply
The OP has already tested the RAM, which passed.

And if it is a power supply issue, why does it have
the earmarks of a "failed profile at startup" ? A power
supply failure will cause random failures at different
times of the day. Or perhaps consistently, when the
system has "power peaks". I've seen power peaks at
BIOS level (because the power management isn't very good
there), and if the PSU is pooping out, it could die
just as easily at BIOS level, before the desktop appears.

If, during shutdown, the system is actually doing "unclean"
shutdowns, that could be damaging some registry related
stuff. If you had "Automatically Reboot" set, your system
probably wouldn't shut down for you. It would reboot.
If the Automatically Reboot on a failure wasn't set, the
system could crash during shutdown, not write the registry
properly, and just... stop. Sometimes you get log entries
for things like that (Event Viewer), but not if it was a BSOD.
It might crash before having time to make a log entry.

Now, that's a lot of supposition on my part, but it's the
most likely thing to be messing up the profile (without
it being a disk issue, and the disk has been replaced).

When it comes to "BSOD Spectrum", if you look at a large
number of BSODS on your system, you'll notice a fingerprint.
For example, say the NVidia driver is really crap, then
there will be a ton of BSODS with "nvxx" in the name for
you to look at. If, on the other hand, the power supply
is bad, you'll be getting obscure errors nobody has
ever heard of. Ones you might have trouble finding in
the Aumha STOP list. At the moment, the OPs symptoms
seem to be pretty focused, but we don't have an overview
of Event Viewer to see anything else that might be
interesting. Or a view of any minidumps.

(Pictures for dramatic effect...)

https://www.nirsoft.net/utils/blue_screen_view.html

Paul
You made me think about a corrupted User Profile.

I went he
https://support.microsoft.com/en-us/...d-user-profile

Followed the steps and created a new user as administrator, like my
original user account.

I thought if a new account wasn't corrupted, it would start properly.
Today I ran some tests and was disappointed.

Didn't matter which user I tried logging on as. The symptoms of not
getting beyond the "Welcome" screen and the disk activity light being
mostly steady for a few minutes occurred.

Sometimes it would finish starting and seem to work ok. But even
then, a normal automated Log off, Shutdown and Restart, might or might
not go smoothly.

Tomorrow I'll read the pages you linked to see if I can
understand/learn anything else to try.

DC

Still having the problem and it's still a crap shoot every time to see
if it will complete successfully or if I have to shut off power and
restart,

The only suspicious Event that happens at every startup (if successful
or not) is this one for ATC.SYS not loading. It's a file installed by
BitDefender AV Free.

Here's the full content of the Event Viewer Details:

Begin============

Log Name: System
Source: Service Control Manager
Date: 4/2/2018 1:57:13 PM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: AVA-386876-1
Description:
The following boot-start or system-start driver(s) failed to load:
atc
Event Xml:
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"
System
Provider Name="Service Control Manager"
Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
Control Manager" /
EventID Qualifiers="49152"7026/EventID
Version0/Version
Level2/Level
Task0/Task
Opcode0/Opcode
Keywords0x8080000000000000/Keywords
TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" /
EventRecordID502112/EventRecordID
Correlation /
Execution ProcessID="876" ThreadID="880" /
ChannelSystem/Channel
ComputerAVA-386876-1/Computer
Security /
/System
EventData
Data Name="param1"
atc/Data
/EventData
/Event

End==============

I found this:

https://social.technet.microsoft.com...w7itprogeneral

where someone was having a similar problem and Kate Li (MSFT CSG)
suggested removing the file to see if that solved it.

I was able to copy it to another drive for safe keeping, but I can't
remove or rename it. I receive a msg saying I need permission from
the administrators to do so. I am an administrator but that's not
enough.

At first the atc.sys properties said TrustedInstaller was in control
and I couldn't find a way to edit/change that. But now after several
attempts the TrustedInstaller entry is gone and it says SYSTEM is in
control, but it still won't let me mess with it.

I also tried to rename or delete it via Command Prompt (run as
Administrator) and as another user I created earlier (also an
administrator), but no go.

Next to try will be to learn how to use process monitor to capture the
statup process, but that will take a while.

Note that when startup does complete successfully and the desktop
appears, etc., everything seems to work fine for as long as I want to
use it. But then a restart, with normal appearing logoff, shutdown
and restart may or may not be a successful startup.

DC


Uninstall Bit Defender, not just a file.


While Windows is running, not only does it have permissions
(like TrustedInstaller), but it also has Windows File Protection,
to prevent malware from messing around. Of course, real malware
doesn't particularly care about WFP, but WFP is a great way
to prevent *users* from messing around.

Your advice is a good one, to simply remove Bit Defender
as part of an experiment, to see if it's the root cause.

If I was doing this, for safety I would back up C: first,
then remove BitDefender. I could then restore my perfectly
working BitDefender + Windows installation later, from
that backup, if I didn't like the mess I'd made for myself.

Just yesterday, I "walked out of a mess" by using a 100GB
backup of C: , so I regularly use this backup technique when I know
an experiment will lead to grief. I had made extensive changes
to a multitude of network settings, and I "didn't have to
be careful, because I had a backup".

AV companies regularly provide "uninstall/cleaner tools"
for their products. Going to Programs and Features and
uninstalling, is the first step. The "cleaner" can remove
AV services which are "difficult" to remove. Some AV companies
make this kind of utility harder to find than others.
And note, that the instructions for usage are important.
A cleaner can either be run, to do the entire job. Or
a cleaner can be intended to *only* be run after the
Programs and Features removal has been attempted.
You need to download the cleaner, but also carefully
read the instructions for usage.

https://www.bitdefender.com/uninstall/

Paul
  #22  
Old April 3rd 18, 09:17 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 171
Default Win 7 Startup Problems - Again!

On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote:

Ken1943 wrote:
On Mon, 02 Apr 2018 15:07:17 -0500, wrote:

On Thu, 29 Mar 2018 16:06:06 -0500,
wrote:

On Wed, 28 Mar 2018 10:02:49 -0400, Paul
wrote:

dadiOH wrote:
"philo" wrote in message
news On 03/27/2018 03:43 PM,
wrote:
After replacing the HD one week ago, it worked fine every day, until
today.

Now some of the same symptoms are back:

Everything appears normal up to the Login screen. I enter my password
and "Welcome" appears but nothing more happens.

Sometimes it will finish startup, but take much longer.

No error messages appear except on a restart after a lockup, the
basic Windows startup menu appears because of a failed proper
shutdown.

I'm really upset. After all I did, it appears I'm back to square one.
I have no idea what to try now.


Could be a RAM problem or possibly a bad mobo.
Or power supply
The OP has already tested the RAM, which passed.

And if it is a power supply issue, why does it have
the earmarks of a "failed profile at startup" ? A power
supply failure will cause random failures at different
times of the day. Or perhaps consistently, when the
system has "power peaks". I've seen power peaks at
BIOS level (because the power management isn't very good
there), and if the PSU is pooping out, it could die
just as easily at BIOS level, before the desktop appears.

If, during shutdown, the system is actually doing "unclean"
shutdowns, that could be damaging some registry related
stuff. If you had "Automatically Reboot" set, your system
probably wouldn't shut down for you. It would reboot.
If the Automatically Reboot on a failure wasn't set, the
system could crash during shutdown, not write the registry
properly, and just... stop. Sometimes you get log entries
for things like that (Event Viewer), but not if it was a BSOD.
It might crash before having time to make a log entry.

Now, that's a lot of supposition on my part, but it's the
most likely thing to be messing up the profile (without
it being a disk issue, and the disk has been replaced).

When it comes to "BSOD Spectrum", if you look at a large
number of BSODS on your system, you'll notice a fingerprint.
For example, say the NVidia driver is really crap, then
there will be a ton of BSODS with "nvxx" in the name for
you to look at. If, on the other hand, the power supply
is bad, you'll be getting obscure errors nobody has
ever heard of. Ones you might have trouble finding in
the Aumha STOP list. At the moment, the OPs symptoms
seem to be pretty focused, but we don't have an overview
of Event Viewer to see anything else that might be
interesting. Or a view of any minidumps.

(Pictures for dramatic effect...)

https://www.nirsoft.net/utils/blue_screen_view.html

Paul
You made me think about a corrupted User Profile.

I went he
https://support.microsoft.com/en-us/...d-user-profile

Followed the steps and created a new user as administrator, like my
original user account.

I thought if a new account wasn't corrupted, it would start properly.
Today I ran some tests and was disappointed.

Didn't matter which user I tried logging on as. The symptoms of not
getting beyond the "Welcome" screen and the disk activity light being
mostly steady for a few minutes occurred.

Sometimes it would finish starting and seem to work ok. But even
then, a normal automated Log off, Shutdown and Restart, might or might
not go smoothly.

Tomorrow I'll read the pages you linked to see if I can
understand/learn anything else to try.

DC
Still having the problem and it's still a crap shoot every time to see
if it will complete successfully or if I have to shut off power and
restart,

The only suspicious Event that happens at every startup (if successful
or not) is this one for ATC.SYS not loading. It's a file installed by
BitDefender AV Free.

Here's the full content of the Event Viewer Details:

Begin============

Log Name: System
Source: Service Control Manager
Date: 4/2/2018 1:57:13 PM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: AVA-386876-1
Description:
The following boot-start or system-start driver(s) failed to load:
atc
Event Xml:
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"
System
Provider Name="Service Control Manager"
Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
Control Manager" /
EventID Qualifiers="49152"7026/EventID
Version0/Version
Level2/Level
Task0/Task
Opcode0/Opcode
Keywords0x8080000000000000/Keywords
TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" /
EventRecordID502112/EventRecordID
Correlation /
Execution ProcessID="876" ThreadID="880" /
ChannelSystem/Channel
ComputerAVA-386876-1/Computer
Security /
/System
EventData
Data Name="param1"
atc/Data
/EventData
/Event

End==============

I found this:

https://social.technet.microsoft.com...w7itprogeneral

where someone was having a similar problem and Kate Li (MSFT CSG)
suggested removing the file to see if that solved it.

I was able to copy it to another drive for safe keeping, but I can't
remove or rename it. I receive a msg saying I need permission from
the administrators to do so. I am an administrator but that's not
enough.

At first the atc.sys properties said TrustedInstaller was in control
and I couldn't find a way to edit/change that. But now after several
attempts the TrustedInstaller entry is gone and it says SYSTEM is in
control, but it still won't let me mess with it.

I also tried to rename or delete it via Command Prompt (run as
Administrator) and as another user I created earlier (also an
administrator), but no go.

Next to try will be to learn how to use process monitor to capture the
statup process, but that will take a while.

Note that when startup does complete successfully and the desktop
appears, etc., everything seems to work fine for as long as I want to
use it. But then a restart, with normal appearing logoff, shutdown
and restart may or may not be a successful startup.

DC


Uninstall Bit Defender, not just a file.


While Windows is running, not only does it have permissions
(like TrustedInstaller), but it also has Windows File Protection,
to prevent malware from messing around. Of course, real malware
doesn't particularly care about WFP, but WFP is a great way
to prevent *users* from messing around.

Your advice is a good one, to simply remove Bit Defender
as part of an experiment, to see if it's the root cause.

If I was doing this, for safety I would back up C: first,
then remove BitDefender. I could then restore my perfectly
working BitDefender + Windows installation later, from
that backup, if I didn't like the mess I'd made for myself.

Just yesterday, I "walked out of a mess" by using a 100GB
backup of C: , so I regularly use this backup technique when I know
an experiment will lead to grief. I had made extensive changes
to a multitude of network settings, and I "didn't have to
be careful, because I had a backup".

AV companies regularly provide "uninstall/cleaner tools"
for their products. Going to Programs and Features and
uninstalling, is the first step. The "cleaner" can remove
AV services which are "difficult" to remove. Some AV companies
make this kind of utility harder to find than others.
And note, that the instructions for usage are important.
A cleaner can either be run, to do the entire job. Or
a cleaner can be intended to *only* be run after the
Programs and Features removal has been attempted.
You need to download the cleaner, but also carefully
read the instructions for usage.

https://www.bitdefender.com/uninstall/

Paul


Thanks, Paul. I'll follow your suggestions and see what happens.

DC
  #23  
Old April 3rd 18, 09:58 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 171
Default Win 7 Startup Problems - Again!

On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote:

snipped for brevity


Uninstall Bit Defender, not just a file.


While Windows is running, not only does it have permissions
(like TrustedInstaller), but it also has Windows File Protection,
to prevent malware from messing around. Of course, real malware
doesn't particularly care about WFP, but WFP is a great way
to prevent *users* from messing around.

Your advice is a good one, to simply remove Bit Defender
as part of an experiment, to see if it's the root cause.

If I was doing this, for safety I would back up C: first,
then remove BitDefender. I could then restore my perfectly
working BitDefender + Windows installation later, from
that backup, if I didn't like the mess I'd made for myself.

Just yesterday, I "walked out of a mess" by using a 100GB
backup of C: , so I regularly use this backup technique when I know
an experiment will lead to grief. I had made extensive changes
to a multitude of network settings, and I "didn't have to
be careful, because I had a backup".

AV companies regularly provide "uninstall/cleaner tools"
for their products. Going to Programs and Features and
uninstalling, is the first step. The "cleaner" can remove
AV services which are "difficult" to remove. Some AV companies
make this kind of utility harder to find than others.
And note, that the instructions for usage are important.
A cleaner can either be run, to do the entire job. Or
a cleaner can be intended to *only* be run after the
Programs and Features removal has been attempted.
You need to download the cleaner, but also carefully
read the instructions for usage.

https://www.bitdefender.com/uninstall/

Paul


Turns out their Uninstall is for Paid or Trial version. I have the
Free version.

So I'll follow your strategy but use the Control Panel Uninstall
feature and see how it goes. I'll use Windows Explorer and RegEdit to
look for leftover stuff to delete. Startup is invoked with a
scheduled task so I'll look there too.

I should have time tomorrow.

Thanks,

DC
  #24  
Old April 4th 18, 09:21 PM posted to alt.windows7.general
No_Name
external usenet poster
 
Posts: 171
Default Win 7 Startup Problems - Again!

On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote:

Ken1943 wrote:
On Mon, 02 Apr 2018 15:07:17 -0500, wrote:

On Thu, 29 Mar 2018 16:06:06 -0500,
wrote:

On Wed, 28 Mar 2018 10:02:49 -0400, Paul
wrote:

dadiOH wrote:
"philo" wrote in message
news On 03/27/2018 03:43 PM,
wrote:
After replacing the HD one week ago, it worked fine every day, until
today.

Now some of the same symptoms are back:

Everything appears normal up to the Login screen. I enter my password
and "Welcome" appears but nothing more happens.

Sometimes it will finish startup, but take much longer.

No error messages appear except on a restart after a lockup, the
basic Windows startup menu appears because of a failed proper
shutdown.

I'm really upset. After all I did, it appears I'm back to square one.
I have no idea what to try now.


Could be a RAM problem or possibly a bad mobo.
Or power supply
The OP has already tested the RAM, which passed.

And if it is a power supply issue, why does it have
the earmarks of a "failed profile at startup" ? A power
supply failure will cause random failures at different
times of the day. Or perhaps consistently, when the
system has "power peaks". I've seen power peaks at
BIOS level (because the power management isn't very good
there), and if the PSU is pooping out, it could die
just as easily at BIOS level, before the desktop appears.

If, during shutdown, the system is actually doing "unclean"
shutdowns, that could be damaging some registry related
stuff. If you had "Automatically Reboot" set, your system
probably wouldn't shut down for you. It would reboot.
If the Automatically Reboot on a failure wasn't set, the
system could crash during shutdown, not write the registry
properly, and just... stop. Sometimes you get log entries
for things like that (Event Viewer), but not if it was a BSOD.
It might crash before having time to make a log entry.

Now, that's a lot of supposition on my part, but it's the
most likely thing to be messing up the profile (without
it being a disk issue, and the disk has been replaced).

When it comes to "BSOD Spectrum", if you look at a large
number of BSODS on your system, you'll notice a fingerprint.
For example, say the NVidia driver is really crap, then
there will be a ton of BSODS with "nvxx" in the name for
you to look at. If, on the other hand, the power supply
is bad, you'll be getting obscure errors nobody has
ever heard of. Ones you might have trouble finding in
the Aumha STOP list. At the moment, the OPs symptoms
seem to be pretty focused, but we don't have an overview
of Event Viewer to see anything else that might be
interesting. Or a view of any minidumps.

(Pictures for dramatic effect...)

https://www.nirsoft.net/utils/blue_screen_view.html

Paul
You made me think about a corrupted User Profile.

I went he
https://support.microsoft.com/en-us/...d-user-profile

Followed the steps and created a new user as administrator, like my
original user account.

I thought if a new account wasn't corrupted, it would start properly.
Today I ran some tests and was disappointed.

Didn't matter which user I tried logging on as. The symptoms of not
getting beyond the "Welcome" screen and the disk activity light being
mostly steady for a few minutes occurred.

Sometimes it would finish starting and seem to work ok. But even
then, a normal automated Log off, Shutdown and Restart, might or might
not go smoothly.

Tomorrow I'll read the pages you linked to see if I can
understand/learn anything else to try.

DC
Still having the problem and it's still a crap shoot every time to see
if it will complete successfully or if I have to shut off power and
restart,

The only suspicious Event that happens at every startup (if successful
or not) is this one for ATC.SYS not loading. It's a file installed by
BitDefender AV Free.

Here's the full content of the Event Viewer Details:

Begin============

Log Name: System
Source: Service Control Manager
Date: 4/2/2018 1:57:13 PM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: AVA-386876-1
Description:
The following boot-start or system-start driver(s) failed to load:
atc
Event Xml:
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"
System
Provider Name="Service Control Manager"
Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
Control Manager" /
EventID Qualifiers="49152"7026/EventID
Version0/Version
Level2/Level
Task0/Task
Opcode0/Opcode
Keywords0x8080000000000000/Keywords
TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" /
EventRecordID502112/EventRecordID
Correlation /
Execution ProcessID="876" ThreadID="880" /
ChannelSystem/Channel
ComputerAVA-386876-1/Computer
Security /
/System
EventData
Data Name="param1"
atc/Data
/EventData
/Event

End==============

I found this:

https://social.technet.microsoft.com...w7itprogeneral

where someone was having a similar problem and Kate Li (MSFT CSG)
suggested removing the file to see if that solved it.

I was able to copy it to another drive for safe keeping, but I can't
remove or rename it. I receive a msg saying I need permission from
the administrators to do so. I am an administrator but that's not
enough.

At first the atc.sys properties said TrustedInstaller was in control
and I couldn't find a way to edit/change that. But now after several
attempts the TrustedInstaller entry is gone and it says SYSTEM is in
control, but it still won't let me mess with it.

I also tried to rename or delete it via Command Prompt (run as
Administrator) and as another user I created earlier (also an
administrator), but no go.

Next to try will be to learn how to use process monitor to capture the
statup process, but that will take a while.

Note that when startup does complete successfully and the desktop
appears, etc., everything seems to work fine for as long as I want to
use it. But then a restart, with normal appearing logoff, shutdown
and restart may or may not be a successful startup.

DC


Uninstall Bit Defender, not just a file.


While Windows is running, not only does it have permissions
(like TrustedInstaller), but it also has Windows File Protection,
to prevent malware from messing around. Of course, real malware
doesn't particularly care about WFP, but WFP is a great way
to prevent *users* from messing around.

Your advice is a good one, to simply remove Bit Defender
as part of an experiment, to see if it's the root cause.

If I was doing this, for safety I would back up C: first,
then remove BitDefender. I could then restore my perfectly
working BitDefender + Windows installation later, from
that backup, if I didn't like the mess I'd made for myself.

Just yesterday, I "walked out of a mess" by using a 100GB
backup of C: , so I regularly use this backup technique when I know
an experiment will lead to grief. I had made extensive changes
to a multitude of network settings, and I "didn't have to
be careful, because I had a backup".

AV companies regularly provide "uninstall/cleaner tools"
for their products. Going to Programs and Features and
uninstalling, is the first step. The "cleaner" can remove
AV services which are "difficult" to remove. Some AV companies
make this kind of utility harder to find than others.
And note, that the instructions for usage are important.
A cleaner can either be run, to do the entire job. Or
a cleaner can be intended to *only* be run after the
Programs and Features removal has been attempted.
You need to download the cleaner, but also carefully
read the instructions for usage.

https://www.bitdefender.com/uninstall/

Paul


Removing BitDefender Free seems like it solved the problem.

After removing it via Control Panel Uninstall, I cleaned up empty
folders and some logs. The Task that launched it was gone and the
registry looked good too.

Startup times are much faster - every time. I tried Windows Restart,
Shutdown (and manual restart) and power down and restart. A total of
16 times with no hesitation. Apps open faster too. Everything feels
fresh and brisk now.

Using MR images before and after changes is THE way to go.

Thanks to all who offered advice!

DC
  #25  
Old April 8th 18, 01:29 AM posted to alt.windows7.general
tesla sTinker
external usenet poster
 
Posts: 120
Default Win 7 Startup Problems - Again!

ok, now what you want to do, is go to novirusthanks.com

and get the malware remover. Download it.

Then run the thing. It will reset windows so that you are clean.
Make sure you delete everything it shows you in the temp files.
Yes, it offers this to you instead of just whamo. Check all items,
then it will ever start up faster.

http://www.novirusthanks.org/products/malware-remover/

believe me, you want those original values.

On 4/4/2018 1:21 PM, scribbled:
On Mon, 02 Apr 2018 17:58:14 -0400,
wrote:

Ken1943 wrote:
On Mon, 02 Apr 2018 15:07:17 -0500,
wrote:

On Thu, 29 Mar 2018 16:06:06 -0500,
wrote:

On Wed, 28 Mar 2018 10:02:49 -0400,
wrote:

dadiOH wrote:
wrote in message
news On 03/27/2018 03:43 PM,
wrote:
After replacing the HD one week ago, it worked fine every day, until
today.

Now some of the same symptoms are back:

Everything appears normal up to the Login screen. I enter my password
and "Welcome" appears but nothing more happens.

Sometimes it will finish startup, but take much longer.

No error messages appear except on a restart after a lockup, the
basic Windows startup menu appears because of a failed proper
shutdown.

I'm really upset. After all I did, it appears I'm back to square one.
I have no idea what to try now.


Could be a RAM problem or possibly a bad mobo.
Or power supply
The OP has already tested the RAM, which passed.

And if it is a power supply issue, why does it have
the earmarks of a "failed profile at startup" ? A power
supply failure will cause random failures at different
times of the day. Or perhaps consistently, when the
system has "power peaks". I've seen power peaks at
BIOS level (because the power management isn't very good
there), and if the PSU is pooping out, it could die
just as easily at BIOS level, before the desktop appears.

If, during shutdown, the system is actually doing "unclean"
shutdowns, that could be damaging some registry related
stuff. If you had "Automatically Reboot" set, your system
probably wouldn't shut down for you. It would reboot.
If the Automatically Reboot on a failure wasn't set, the
system could crash during shutdown, not write the registry
properly, and just... stop. Sometimes you get log entries
for things like that (Event Viewer), but not if it was a BSOD.
It might crash before having time to make a log entry.

Now, that's a lot of supposition on my part, but it's the
most likely thing to be messing up the profile (without
it being a disk issue, and the disk has been replaced).

When it comes to "BSOD Spectrum", if you look at a large
number of BSODS on your system, you'll notice a fingerprint.
For example, say the NVidia driver is really crap, then
there will be a ton of BSODS with "nvxx" in the name for
you to look at. If, on the other hand, the power supply
is bad, you'll be getting obscure errors nobody has
ever heard of. Ones you might have trouble finding in
the Aumha STOP list. At the moment, the OPs symptoms
seem to be pretty focused, but we don't have an overview
of Event Viewer to see anything else that might be
interesting. Or a view of any minidumps.

(Pictures for dramatic effect...)

https://www.nirsoft.net/utils/blue_screen_view.html

Paul
You made me think about a corrupted User Profile.

I went he
https://support.microsoft.com/en-us/...d-user-profile

Followed the steps and created a new user as administrator, like my
original user account.

I thought if a new account wasn't corrupted, it would start properly.
Today I ran some tests and was disappointed.

Didn't matter which user I tried logging on as. The symptoms of not
getting beyond the "Welcome" screen and the disk activity light being
mostly steady for a few minutes occurred.

Sometimes it would finish starting and seem to work ok. But even
then, a normal automated Log off, Shutdown and Restart, might or might
not go smoothly.

Tomorrow I'll read the pages you linked to see if I can
understand/learn anything else to try.

DC
Still having the problem and it's still a crap shoot every time to see
if it will complete successfully or if I have to shut off power and
restart,

The only suspicious Event that happens at every startup (if successful
or not) is this one for ATC.SYS not loading. It's a file installed by
BitDefender AV Free.

Here's the full content of the Event Viewer Details:

Begin============

Log Name: System
Source: Service Control Manager
Date: 4/2/2018 1:57:13 PM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: AVA-386876-1
Description:
The following boot-start or system-start driver(s) failed to load:
atc
Event Xml:
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"
System
Provider Name="Service Control Manager"
Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
Control Manager" /
EventID Qualifiers="49152"7026/EventID
Version0/Version
Level2/Level
Task0/Task
Opcode0/Opcode
Keywords0x8080000000000000/Keywords
TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" /
EventRecordID502112/EventRecordID
Correlation /
Execution ProcessID="876" ThreadID="880" /
ChannelSystem/Channel
ComputerAVA-386876-1/Computer
Security /
/System
EventData
Data Name="param1"
atc/Data
/EventData
/Event

End==============

I found this:

https://social.technet.microsoft.com...w7itprogeneral

where someone was having a similar problem and Kate Li (MSFT CSG)
suggested removing the file to see if that solved it.

I was able to copy it to another drive for safe keeping, but I can't
remove or rename it. I receive a msg saying I need permission from
the administrators to do so. I am an administrator but that's not
enough.

At first the atc.sys properties said TrustedInstaller was in control
and I couldn't find a way to edit/change that. But now after several
attempts the TrustedInstaller entry is gone and it says SYSTEM is in
control, but it still won't let me mess with it.

I also tried to rename or delete it via Command Prompt (run as
Administrator) and as another user I created earlier (also an
administrator), but no go.

Next to try will be to learn how to use process monitor to capture the
statup process, but that will take a while.

Note that when startup does complete successfully and the desktop
appears, etc., everything seems to work fine for as long as I want to
use it. But then a restart, with normal appearing logoff, shutdown
and restart may or may not be a successful startup.

DC

Uninstall Bit Defender, not just a file.


While Windows is running, not only does it have permissions
(like TrustedInstaller), but it also has Windows File Protection,
to prevent malware from messing around. Of course, real malware
doesn't particularly care about WFP, but WFP is a great way
to prevent *users* from messing around.

Your advice is a good one, to simply remove Bit Defender
as part of an experiment, to see if it's the root cause.

If I was doing this, for safety I would back up C: first,
then remove BitDefender. I could then restore my perfectly
working BitDefender + Windows installation later, from
that backup, if I didn't like the mess I'd made for myself.

Just yesterday, I "walked out of a mess" by using a 100GB
backup of C: , so I regularly use this backup technique when I know
an experiment will lead to grief. I had made extensive changes
to a multitude of network settings, and I "didn't have to
be careful, because I had a backup".

AV companies regularly provide "uninstall/cleaner tools"
for their products. Going to Programs and Features and
uninstalling, is the first step. The "cleaner" can remove
AV services which are "difficult" to remove. Some AV companies
make this kind of utility harder to find than others.
And note, that the instructions for usage are important.
A cleaner can either be run, to do the entire job. Or
a cleaner can be intended to *only* be run after the
Programs and Features removal has been attempted.
You need to download the cleaner, but also carefully
read the instructions for usage.

https://www.bitdefender.com/uninstall/

Paul


Removing BitDefender Free seems like it solved the problem.

After removing it via Control Panel Uninstall, I cleaned up empty
folders and some logs. The Task that launched it was gone and the
registry looked good too.

Startup times are much faster - every time. I tried Windows Restart,
Shutdown (and manual restart) and power down and restart. A total of
16 times with no hesitation. Apps open faster too. Everything feels
fresh and brisk now.

Using MR images before and after changes is THE way to go.

Thanks to all who offered advice!

DC

  #26  
Old April 8th 18, 10:58 PM posted to alt.windows7.general
Char Jackson
external usenet poster
 
Posts: 9,269
Default Win 7 Startup Problems - Again!

On Sat, 07 Apr 2018 17:29:49 -0700, tesla sTinker
wrote:

ok, now what you want to do, is go to novirusthanks.com

and get the malware remover. Download it.


From your link above:
Last Updated April 30, 2011

Wow, still pushing that old dog? I say "No, thanks."

--

Char Jackson
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 11:47 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2004-2018 PCbanter.
The comments are property of their posters.