If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Reliability Monitor
In message , Paul
writes: J. P. Gilliver (John) wrote: In message , Paul writes: [] so the keywords seem to be RACAgent and RACTask. And some folders that it keeps. It probably does that, so a user can erase Event Viewer, without damaging the RAC collection. Paul RACAgent not on my system; RacTask exists (as a 4,502 byte file - with no extension - as the only file in C:\Windows\System32\Tasks\Microsoft\Windows\RAC) . This shows the size and file types of the two data folders it uses. It keeps information in SQL Compact databases (doesn't use Microsoft ESE Jet Blue). https://s17.postimg.org/m1ravgwvz/RAC_Data_Folders.gif My C:\ProgramData\Microsoft\RAC\PublishedData contains one file, RacWmiDatabase.sdf, size 148 KB; my C:\ProgramData\Microsoft\RAC\StateData contains two, RacDatabase.sdf 543 KB and RacMetaData.dat 1 KB, actually 8 bytes (AB BF FA 00 AD DB BA 00). Still getting just the grey pillars with no overgraph. And I see evidence here, that this thing ties into CEIP and Telemetry. So if a program fails, it's probably reported to the software developer. And RAC is keeping statistics. The machine I was looking at was "polluted" by a Visual Studio installation, so I have to be careful to not jump to too many conclusions. But the stuff looks "complicated at the edges". There is a RAC Engine DLL that does some math or something, but I can't figure out much else. Paul If _you_ can't, I have _no_ chance (-:! -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Radio 4 is the civilising influence in this country ... I think it is the most important institution in this country. - John Humphrys, Radio Times 7-13/06/2003 |
Ads |
#17
|
|||
|
|||
Reliability Monitor
J. P. Gilliver (John) wrote:
In message , Paul writes: J. P. Gilliver (John) wrote: In message , Paul writes: [] so the keywords seem to be RACAgent and RACTask. And some folders that it keeps. It probably does that, so a user can erase Event Viewer, without damaging the RAC collection. Paul RACAgent not on my system; RacTask exists (as a 4,502 byte file - with no extension - as the only file in C:\Windows\System32\Tasks\Microsoft\Windows\RAC). This shows the size and file types of the two data folders it uses. It keeps information in SQL Compact databases (doesn't use Microsoft ESE Jet Blue). https://s17.postimg.org/m1ravgwvz/RAC_Data_Folders.gif My C:\ProgramData\Microsoft\RAC\PublishedData contains one file, RacWmiDatabase.sdf, size 148 KB; my C:\ProgramData\Microsoft\RAC\StateData contains two, RacDatabase.sdf 543 KB and RacMetaData.dat 1 KB, actually 8 bytes (AB BF FA 00 AD DB BA 00). Still getting just the grey pillars with no overgraph. And I see evidence here, that this thing ties into CEIP and Telemetry. So if a program fails, it's probably reported to the software developer. And RAC is keeping statistics. The machine I was looking at was "polluted" by a Visual Studio installation, so I have to be careful to not jump to too many conclusions. But the stuff looks "complicated at the edges". There is a RAC Engine DLL that does some math or something, but I can't figure out much else. Paul If _you_ can't, I have _no_ chance (-:! Well, we're working at this a bit at a time, and hoping it's something simple, right ? What I notice in your description, is you're missing the two WMI files. My folder had four files. Your folder has two files. Both your WMI are missing. Does this imply a WMI thing is broken ? And that gives us another keyword to work with :-) For example, in this short thread, it almost suggests a "policy" might be available to switch WMI off. We'll ignore this for the moment, as this is likely a red herring. https://social.technet.microsoft.com...m=winservergen HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI WMIEnable ******* In this article, the only thing I'm initially interested in, is the first line. https://answers.microsoft.com/en-us/...1-b52971bda91e reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v WMIEnable /T REG_DWORD /D 1 /F The script likely came from here, and you can change the extension on the .bat file to .txt and look at this in Notepad if you want. *Don't* be in a rush to run this. This cleans out the entire Event Viewer, as well as the two folders used by RAC. Sure it works, but now you'll have to wait for a day to get enough data to test the Reliability Monitor. I prefer to turn on WMI as a first step. http://www.thewindowsclub.com/downloads/RRM.zip Here is a picture of me verifying my key is correct in Windows 7. Make sure yours looks like this. https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif Because your WMI is missing, that's my guess as to why. While it could be GPEDIT related, like the "policy" key above we're ignoring, how exactly would that have happened ? I'm more willing to buy a story, where WMI doesn't start the first time on its own, and something "bootstraps" it, and turns on that registry key. But you can have a look and see what is what. Paul |
#18
|
|||
|
|||
Reliability Monitor
In message , Paul
writes: [] Well, we're working at this a bit at a time, and hoping it's something simple, right ? What I notice in your description, is you're missing the two WMI files. My folder had four files. Your folder has two files. Both your WMI are missing. Does this imply a WMI thing is broken ? Your guess is better than mine! And that gives us another keyword to work with :-) For example, in this short thread, it almost suggests a "policy" might be available to switch WMI off. We'll ignore this for the moment, as this is likely a red herring. https://social.technet.microsoft.com...-d762-4761-ace f-e991fdc22033/automated-way-to-enable-reliability-monitor?forum=winserv ergen HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI WMIEnable OK, I'll ignore it - except I checked out of curiosity, and: under HKLM\SOFTWARE\Policies\Microsoft\Windows, I don't _have_ a Reliability Analysis "folder". ******* In this article, the only thing I'm initially interested in, is the first line. https://answers.microsoft.com/en-us/...10-performance /reliability-monitor-view-all-problem-reports-empty/f989f4df-cbf1-4f0b-9 6c1-b52971bda91e reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v WMIEnable /T REG_DWORD /D 1 /F The script likely came from here, and you can change the extension on the .bat file to .txt and look at this in Notepad if you want. *Don't* be in a rush to run this. This cleans out the entire Event Viewer, as well as the two folders used by RAC. Sure it works, but now you'll have to wait for a day to get enough data to test the Reliability Monitor. I prefer to turn on WMI as a first step. Indeed. When I run the Reliability Monitor, although I have just the naked grey pillars, if I click View all problem reports at the bottom of the window, I _do_ have entries - the latest being 2018-3-24. http://www.thewindowsclub.com/downloads/RRM.zip Here is a picture of me verifying my key is correct in Windows 7. Make sure yours looks like this. https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif Because your WMI is missing, that's my guess as to why. No, I have that key there, with the same value. While it could be GPEDIT related, like the "policy" key above we're ignoring, how exactly would that have happened ? I'm more willing to buy a story, where WMI doesn't start the first time on its own, and something "bootstraps" it, and turns on that registry key. But you can have a look and see what is what. Paul I await my next instructions (provided they're simple) with interest! But you don't have to do this for me; until a couple of days ago I had no idea this reliability monitor existed, so not having it hasn't hurt! -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf .... the pleasure of the mind is an amazing thing. My life has been driven by the satisfaction of curiosity. - Jeremy Paxman (being interviewed by Anne Widdecombe), Radio Times, 2-8 July 2011. |
#19
|
|||
|
|||
Reliability Monitor
J. P. Gilliver (John) wrote:
In message , Paul writes: [] Well, we're working at this a bit at a time, and hoping it's something simple, right ? What I notice in your description, is you're missing the two WMI files. My folder had four files. Your folder has two files. Both your WMI are missing. Does this imply a WMI thing is broken ? Your guess is better than mine! And that gives us another keyword to work with :-) For example, in this short thread, it almost suggests a "policy" might be available to switch WMI off. We'll ignore this for the moment, as this is likely a red herring. https://social.technet.microsoft.com...-d762-4761-ace f-e991fdc22033/automated-way-to-enable-reliability-monitor?forum=winserv ergen HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliabili ty Analysis\WMI WMIEnable OK, I'll ignore it - except I checked out of curiosity, and: under HKLM\SOFTWARE\Policies\Microsoft\Windows, I don't _have_ a Reliability Analysis "folder". ******* In this article, the only thing I'm initially interested in, is the first line. https://answers.microsoft.com/en-us/...10-performance /reliability-monitor-view-all-problem-reports-empty/f989f4df-cbf1-4f0b-9 6c1-b52971bda91e reg add "HKLM\SOFTWARE\Microsoft\Reliability Analysis\WMI" /v WMIEnable /T REG_DWORD /D 1 /F The script likely came from here, and you can change the extension on the .bat file to .txt and look at this in Notepad if you want. *Don't* be in a rush to run this. This cleans out the entire Event Viewer, as well as the two folders used by RAC. Sure it works, but now you'll have to wait for a day to get enough data to test the Reliability Monitor. I prefer to turn on WMI as a first step. Indeed. When I run the Reliability Monitor, although I have just the naked grey pillars, if I click View all problem reports at the bottom of the window, I _do_ have entries - the latest being 2018-3-24. http://www.thewindowsclub.com/downloads/RRM.zip Here is a picture of me verifying my key is correct in Windows 7. Make sure yours looks like this. https://s17.postimg.org/akoq930f3/Re...n7_WMI_key.gif Because your WMI is missing, that's my guess as to why. No, I have that key there, with the same value. While it could be GPEDIT related, like the "policy" key above we're ignoring, how exactly would that have happened ? I'm more willing to buy a story, where WMI doesn't start the first time on its own, and something "bootstraps" it, and turns on that registry key. But you can have a look and see what is what. Paul I await my next instructions (provided they're simple) with interest! But you don't have to do this for me; until a couple of days ago I had no idea this reliability monitor existed, so not having it hasn't hurt! I thought it might be something simple. I'm running out of stuff to try, so you're "off the hook". Paul |
#21
|
|||
|
|||
Win 7 Startup Problems - Again!
Ken1943 wrote:
On Mon, 02 Apr 2018 15:07:17 -0500, wrote: On Thu, 29 Mar 2018 16:06:06 -0500, wrote: On Wed, 28 Mar 2018 10:02:49 -0400, Paul wrote: dadiOH wrote: "philo" wrote in message news On 03/27/2018 03:43 PM, wrote: After replacing the HD one week ago, it worked fine every day, until today. Now some of the same symptoms are back: Everything appears normal up to the Login screen. I enter my password and "Welcome" appears but nothing more happens. Sometimes it will finish startup, but take much longer. No error messages appear except on a restart after a lockup, the basic Windows startup menu appears because of a failed proper shutdown. I'm really upset. After all I did, it appears I'm back to square one. I have no idea what to try now. Could be a RAM problem or possibly a bad mobo. Or power supply The OP has already tested the RAM, which passed. And if it is a power supply issue, why does it have the earmarks of a "failed profile at startup" ? A power supply failure will cause random failures at different times of the day. Or perhaps consistently, when the system has "power peaks". I've seen power peaks at BIOS level (because the power management isn't very good there), and if the PSU is pooping out, it could die just as easily at BIOS level, before the desktop appears. If, during shutdown, the system is actually doing "unclean" shutdowns, that could be damaging some registry related stuff. If you had "Automatically Reboot" set, your system probably wouldn't shut down for you. It would reboot. If the Automatically Reboot on a failure wasn't set, the system could crash during shutdown, not write the registry properly, and just... stop. Sometimes you get log entries for things like that (Event Viewer), but not if it was a BSOD. It might crash before having time to make a log entry. Now, that's a lot of supposition on my part, but it's the most likely thing to be messing up the profile (without it being a disk issue, and the disk has been replaced). When it comes to "BSOD Spectrum", if you look at a large number of BSODS on your system, you'll notice a fingerprint. For example, say the NVidia driver is really crap, then there will be a ton of BSODS with "nvxx" in the name for you to look at. If, on the other hand, the power supply is bad, you'll be getting obscure errors nobody has ever heard of. Ones you might have trouble finding in the Aumha STOP list. At the moment, the OPs symptoms seem to be pretty focused, but we don't have an overview of Event Viewer to see anything else that might be interesting. Or a view of any minidumps. (Pictures for dramatic effect...) https://www.nirsoft.net/utils/blue_screen_view.html Paul You made me think about a corrupted User Profile. I went he https://support.microsoft.com/en-us/...d-user-profile Followed the steps and created a new user as administrator, like my original user account. I thought if a new account wasn't corrupted, it would start properly. Today I ran some tests and was disappointed. Didn't matter which user I tried logging on as. The symptoms of not getting beyond the "Welcome" screen and the disk activity light being mostly steady for a few minutes occurred. Sometimes it would finish starting and seem to work ok. But even then, a normal automated Log off, Shutdown and Restart, might or might not go smoothly. Tomorrow I'll read the pages you linked to see if I can understand/learn anything else to try. DC Still having the problem and it's still a crap shoot every time to see if it will complete successfully or if I have to shut off power and restart, The only suspicious Event that happens at every startup (if successful or not) is this one for ATC.SYS not loading. It's a file installed by BitDefender AV Free. Here's the full content of the Event Viewer Details: Begin============ Log Name: System Source: Service Control Manager Date: 4/2/2018 1:57:13 PM Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: AVA-386876-1 Description: The following boot-start or system-start driver(s) failed to load: atc Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" / EventID Qualifiers="49152"7026/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x8080000000000000/Keywords TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" / EventRecordID502112/EventRecordID Correlation / Execution ProcessID="876" ThreadID="880" / ChannelSystem/Channel ComputerAVA-386876-1/Computer Security / /System EventData Data Name="param1" atc/Data /EventData /Event End============== I found this: https://social.technet.microsoft.com...w7itprogeneral where someone was having a similar problem and Kate Li (MSFT CSG) suggested removing the file to see if that solved it. I was able to copy it to another drive for safe keeping, but I can't remove or rename it. I receive a msg saying I need permission from the administrators to do so. I am an administrator but that's not enough. At first the atc.sys properties said TrustedInstaller was in control and I couldn't find a way to edit/change that. But now after several attempts the TrustedInstaller entry is gone and it says SYSTEM is in control, but it still won't let me mess with it. I also tried to rename or delete it via Command Prompt (run as Administrator) and as another user I created earlier (also an administrator), but no go. Next to try will be to learn how to use process monitor to capture the statup process, but that will take a while. Note that when startup does complete successfully and the desktop appears, etc., everything seems to work fine for as long as I want to use it. But then a restart, with normal appearing logoff, shutdown and restart may or may not be a successful startup. DC Uninstall Bit Defender, not just a file. While Windows is running, not only does it have permissions (like TrustedInstaller), but it also has Windows File Protection, to prevent malware from messing around. Of course, real malware doesn't particularly care about WFP, but WFP is a great way to prevent *users* from messing around. Your advice is a good one, to simply remove Bit Defender as part of an experiment, to see if it's the root cause. If I was doing this, for safety I would back up C: first, then remove BitDefender. I could then restore my perfectly working BitDefender + Windows installation later, from that backup, if I didn't like the mess I'd made for myself. Just yesterday, I "walked out of a mess" by using a 100GB backup of C: , so I regularly use this backup technique when I know an experiment will lead to grief. I had made extensive changes to a multitude of network settings, and I "didn't have to be careful, because I had a backup". AV companies regularly provide "uninstall/cleaner tools" for their products. Going to Programs and Features and uninstalling, is the first step. The "cleaner" can remove AV services which are "difficult" to remove. Some AV companies make this kind of utility harder to find than others. And note, that the instructions for usage are important. A cleaner can either be run, to do the entire job. Or a cleaner can be intended to *only* be run after the Programs and Features removal has been attempted. You need to download the cleaner, but also carefully read the instructions for usage. https://www.bitdefender.com/uninstall/ Paul |
#22
|
|||
|
|||
Win 7 Startup Problems - Again!
On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote: Ken1943 wrote: On Mon, 02 Apr 2018 15:07:17 -0500, wrote: On Thu, 29 Mar 2018 16:06:06 -0500, wrote: On Wed, 28 Mar 2018 10:02:49 -0400, Paul wrote: dadiOH wrote: "philo" wrote in message news On 03/27/2018 03:43 PM, wrote: After replacing the HD one week ago, it worked fine every day, until today. Now some of the same symptoms are back: Everything appears normal up to the Login screen. I enter my password and "Welcome" appears but nothing more happens. Sometimes it will finish startup, but take much longer. No error messages appear except on a restart after a lockup, the basic Windows startup menu appears because of a failed proper shutdown. I'm really upset. After all I did, it appears I'm back to square one. I have no idea what to try now. Could be a RAM problem or possibly a bad mobo. Or power supply The OP has already tested the RAM, which passed. And if it is a power supply issue, why does it have the earmarks of a "failed profile at startup" ? A power supply failure will cause random failures at different times of the day. Or perhaps consistently, when the system has "power peaks". I've seen power peaks at BIOS level (because the power management isn't very good there), and if the PSU is pooping out, it could die just as easily at BIOS level, before the desktop appears. If, during shutdown, the system is actually doing "unclean" shutdowns, that could be damaging some registry related stuff. If you had "Automatically Reboot" set, your system probably wouldn't shut down for you. It would reboot. If the Automatically Reboot on a failure wasn't set, the system could crash during shutdown, not write the registry properly, and just... stop. Sometimes you get log entries for things like that (Event Viewer), but not if it was a BSOD. It might crash before having time to make a log entry. Now, that's a lot of supposition on my part, but it's the most likely thing to be messing up the profile (without it being a disk issue, and the disk has been replaced). When it comes to "BSOD Spectrum", if you look at a large number of BSODS on your system, you'll notice a fingerprint. For example, say the NVidia driver is really crap, then there will be a ton of BSODS with "nvxx" in the name for you to look at. If, on the other hand, the power supply is bad, you'll be getting obscure errors nobody has ever heard of. Ones you might have trouble finding in the Aumha STOP list. At the moment, the OPs symptoms seem to be pretty focused, but we don't have an overview of Event Viewer to see anything else that might be interesting. Or a view of any minidumps. (Pictures for dramatic effect...) https://www.nirsoft.net/utils/blue_screen_view.html Paul You made me think about a corrupted User Profile. I went he https://support.microsoft.com/en-us/...d-user-profile Followed the steps and created a new user as administrator, like my original user account. I thought if a new account wasn't corrupted, it would start properly. Today I ran some tests and was disappointed. Didn't matter which user I tried logging on as. The symptoms of not getting beyond the "Welcome" screen and the disk activity light being mostly steady for a few minutes occurred. Sometimes it would finish starting and seem to work ok. But even then, a normal automated Log off, Shutdown and Restart, might or might not go smoothly. Tomorrow I'll read the pages you linked to see if I can understand/learn anything else to try. DC Still having the problem and it's still a crap shoot every time to see if it will complete successfully or if I have to shut off power and restart, The only suspicious Event that happens at every startup (if successful or not) is this one for ATC.SYS not loading. It's a file installed by BitDefender AV Free. Here's the full content of the Event Viewer Details: Begin============ Log Name: System Source: Service Control Manager Date: 4/2/2018 1:57:13 PM Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: AVA-386876-1 Description: The following boot-start or system-start driver(s) failed to load: atc Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" / EventID Qualifiers="49152"7026/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x8080000000000000/Keywords TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" / EventRecordID502112/EventRecordID Correlation / Execution ProcessID="876" ThreadID="880" / ChannelSystem/Channel ComputerAVA-386876-1/Computer Security / /System EventData Data Name="param1" atc/Data /EventData /Event End============== I found this: https://social.technet.microsoft.com...w7itprogeneral where someone was having a similar problem and Kate Li (MSFT CSG) suggested removing the file to see if that solved it. I was able to copy it to another drive for safe keeping, but I can't remove or rename it. I receive a msg saying I need permission from the administrators to do so. I am an administrator but that's not enough. At first the atc.sys properties said TrustedInstaller was in control and I couldn't find a way to edit/change that. But now after several attempts the TrustedInstaller entry is gone and it says SYSTEM is in control, but it still won't let me mess with it. I also tried to rename or delete it via Command Prompt (run as Administrator) and as another user I created earlier (also an administrator), but no go. Next to try will be to learn how to use process monitor to capture the statup process, but that will take a while. Note that when startup does complete successfully and the desktop appears, etc., everything seems to work fine for as long as I want to use it. But then a restart, with normal appearing logoff, shutdown and restart may or may not be a successful startup. DC Uninstall Bit Defender, not just a file. While Windows is running, not only does it have permissions (like TrustedInstaller), but it also has Windows File Protection, to prevent malware from messing around. Of course, real malware doesn't particularly care about WFP, but WFP is a great way to prevent *users* from messing around. Your advice is a good one, to simply remove Bit Defender as part of an experiment, to see if it's the root cause. If I was doing this, for safety I would back up C: first, then remove BitDefender. I could then restore my perfectly working BitDefender + Windows installation later, from that backup, if I didn't like the mess I'd made for myself. Just yesterday, I "walked out of a mess" by using a 100GB backup of C: , so I regularly use this backup technique when I know an experiment will lead to grief. I had made extensive changes to a multitude of network settings, and I "didn't have to be careful, because I had a backup". AV companies regularly provide "uninstall/cleaner tools" for their products. Going to Programs and Features and uninstalling, is the first step. The "cleaner" can remove AV services which are "difficult" to remove. Some AV companies make this kind of utility harder to find than others. And note, that the instructions for usage are important. A cleaner can either be run, to do the entire job. Or a cleaner can be intended to *only* be run after the Programs and Features removal has been attempted. You need to download the cleaner, but also carefully read the instructions for usage. https://www.bitdefender.com/uninstall/ Paul Thanks, Paul. I'll follow your suggestions and see what happens. DC |
#23
|
|||
|
|||
Win 7 Startup Problems - Again!
On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote: snipped for brevity Uninstall Bit Defender, not just a file. While Windows is running, not only does it have permissions (like TrustedInstaller), but it also has Windows File Protection, to prevent malware from messing around. Of course, real malware doesn't particularly care about WFP, but WFP is a great way to prevent *users* from messing around. Your advice is a good one, to simply remove Bit Defender as part of an experiment, to see if it's the root cause. If I was doing this, for safety I would back up C: first, then remove BitDefender. I could then restore my perfectly working BitDefender + Windows installation later, from that backup, if I didn't like the mess I'd made for myself. Just yesterday, I "walked out of a mess" by using a 100GB backup of C: , so I regularly use this backup technique when I know an experiment will lead to grief. I had made extensive changes to a multitude of network settings, and I "didn't have to be careful, because I had a backup". AV companies regularly provide "uninstall/cleaner tools" for their products. Going to Programs and Features and uninstalling, is the first step. The "cleaner" can remove AV services which are "difficult" to remove. Some AV companies make this kind of utility harder to find than others. And note, that the instructions for usage are important. A cleaner can either be run, to do the entire job. Or a cleaner can be intended to *only* be run after the Programs and Features removal has been attempted. You need to download the cleaner, but also carefully read the instructions for usage. https://www.bitdefender.com/uninstall/ Paul Turns out their Uninstall is for Paid or Trial version. I have the Free version. So I'll follow your strategy but use the Control Panel Uninstall feature and see how it goes. I'll use Windows Explorer and RegEdit to look for leftover stuff to delete. Startup is invoked with a scheduled task so I'll look there too. I should have time tomorrow. Thanks, DC |
#24
|
|||
|
|||
Win 7 Startup Problems - Again!
On Mon, 02 Apr 2018 17:58:14 -0400, Paul
wrote: Ken1943 wrote: On Mon, 02 Apr 2018 15:07:17 -0500, wrote: On Thu, 29 Mar 2018 16:06:06 -0500, wrote: On Wed, 28 Mar 2018 10:02:49 -0400, Paul wrote: dadiOH wrote: "philo" wrote in message news On 03/27/2018 03:43 PM, wrote: After replacing the HD one week ago, it worked fine every day, until today. Now some of the same symptoms are back: Everything appears normal up to the Login screen. I enter my password and "Welcome" appears but nothing more happens. Sometimes it will finish startup, but take much longer. No error messages appear except on a restart after a lockup, the basic Windows startup menu appears because of a failed proper shutdown. I'm really upset. After all I did, it appears I'm back to square one. I have no idea what to try now. Could be a RAM problem or possibly a bad mobo. Or power supply The OP has already tested the RAM, which passed. And if it is a power supply issue, why does it have the earmarks of a "failed profile at startup" ? A power supply failure will cause random failures at different times of the day. Or perhaps consistently, when the system has "power peaks". I've seen power peaks at BIOS level (because the power management isn't very good there), and if the PSU is pooping out, it could die just as easily at BIOS level, before the desktop appears. If, during shutdown, the system is actually doing "unclean" shutdowns, that could be damaging some registry related stuff. If you had "Automatically Reboot" set, your system probably wouldn't shut down for you. It would reboot. If the Automatically Reboot on a failure wasn't set, the system could crash during shutdown, not write the registry properly, and just... stop. Sometimes you get log entries for things like that (Event Viewer), but not if it was a BSOD. It might crash before having time to make a log entry. Now, that's a lot of supposition on my part, but it's the most likely thing to be messing up the profile (without it being a disk issue, and the disk has been replaced). When it comes to "BSOD Spectrum", if you look at a large number of BSODS on your system, you'll notice a fingerprint. For example, say the NVidia driver is really crap, then there will be a ton of BSODS with "nvxx" in the name for you to look at. If, on the other hand, the power supply is bad, you'll be getting obscure errors nobody has ever heard of. Ones you might have trouble finding in the Aumha STOP list. At the moment, the OPs symptoms seem to be pretty focused, but we don't have an overview of Event Viewer to see anything else that might be interesting. Or a view of any minidumps. (Pictures for dramatic effect...) https://www.nirsoft.net/utils/blue_screen_view.html Paul You made me think about a corrupted User Profile. I went he https://support.microsoft.com/en-us/...d-user-profile Followed the steps and created a new user as administrator, like my original user account. I thought if a new account wasn't corrupted, it would start properly. Today I ran some tests and was disappointed. Didn't matter which user I tried logging on as. The symptoms of not getting beyond the "Welcome" screen and the disk activity light being mostly steady for a few minutes occurred. Sometimes it would finish starting and seem to work ok. But even then, a normal automated Log off, Shutdown and Restart, might or might not go smoothly. Tomorrow I'll read the pages you linked to see if I can understand/learn anything else to try. DC Still having the problem and it's still a crap shoot every time to see if it will complete successfully or if I have to shut off power and restart, The only suspicious Event that happens at every startup (if successful or not) is this one for ATC.SYS not loading. It's a file installed by BitDefender AV Free. Here's the full content of the Event Viewer Details: Begin============ Log Name: System Source: Service Control Manager Date: 4/2/2018 1:57:13 PM Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: AVA-386876-1 Description: The following boot-start or system-start driver(s) failed to load: atc Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" / EventID Qualifiers="49152"7026/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x8080000000000000/Keywords TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" / EventRecordID502112/EventRecordID Correlation / Execution ProcessID="876" ThreadID="880" / ChannelSystem/Channel ComputerAVA-386876-1/Computer Security / /System EventData Data Name="param1" atc/Data /EventData /Event End============== I found this: https://social.technet.microsoft.com...w7itprogeneral where someone was having a similar problem and Kate Li (MSFT CSG) suggested removing the file to see if that solved it. I was able to copy it to another drive for safe keeping, but I can't remove or rename it. I receive a msg saying I need permission from the administrators to do so. I am an administrator but that's not enough. At first the atc.sys properties said TrustedInstaller was in control and I couldn't find a way to edit/change that. But now after several attempts the TrustedInstaller entry is gone and it says SYSTEM is in control, but it still won't let me mess with it. I also tried to rename or delete it via Command Prompt (run as Administrator) and as another user I created earlier (also an administrator), but no go. Next to try will be to learn how to use process monitor to capture the statup process, but that will take a while. Note that when startup does complete successfully and the desktop appears, etc., everything seems to work fine for as long as I want to use it. But then a restart, with normal appearing logoff, shutdown and restart may or may not be a successful startup. DC Uninstall Bit Defender, not just a file. While Windows is running, not only does it have permissions (like TrustedInstaller), but it also has Windows File Protection, to prevent malware from messing around. Of course, real malware doesn't particularly care about WFP, but WFP is a great way to prevent *users* from messing around. Your advice is a good one, to simply remove Bit Defender as part of an experiment, to see if it's the root cause. If I was doing this, for safety I would back up C: first, then remove BitDefender. I could then restore my perfectly working BitDefender + Windows installation later, from that backup, if I didn't like the mess I'd made for myself. Just yesterday, I "walked out of a mess" by using a 100GB backup of C: , so I regularly use this backup technique when I know an experiment will lead to grief. I had made extensive changes to a multitude of network settings, and I "didn't have to be careful, because I had a backup". AV companies regularly provide "uninstall/cleaner tools" for their products. Going to Programs and Features and uninstalling, is the first step. The "cleaner" can remove AV services which are "difficult" to remove. Some AV companies make this kind of utility harder to find than others. And note, that the instructions for usage are important. A cleaner can either be run, to do the entire job. Or a cleaner can be intended to *only* be run after the Programs and Features removal has been attempted. You need to download the cleaner, but also carefully read the instructions for usage. https://www.bitdefender.com/uninstall/ Paul Removing BitDefender Free seems like it solved the problem. After removing it via Control Panel Uninstall, I cleaned up empty folders and some logs. The Task that launched it was gone and the registry looked good too. Startup times are much faster - every time. I tried Windows Restart, Shutdown (and manual restart) and power down and restart. A total of 16 times with no hesitation. Apps open faster too. Everything feels fresh and brisk now. Using MR images before and after changes is THE way to go. Thanks to all who offered advice! DC |
#25
|
|||
|
|||
Win 7 Startup Problems - Again!
ok, now what you want to do, is go to novirusthanks.com
and get the malware remover. Download it. Then run the thing. It will reset windows so that you are clean. Make sure you delete everything it shows you in the temp files. Yes, it offers this to you instead of just whamo. Check all items, then it will ever start up faster. http://www.novirusthanks.org/products/malware-remover/ believe me, you want those original values. On 4/4/2018 1:21 PM, scribbled: On Mon, 02 Apr 2018 17:58:14 -0400, wrote: Ken1943 wrote: On Mon, 02 Apr 2018 15:07:17 -0500, wrote: On Thu, 29 Mar 2018 16:06:06 -0500, wrote: On Wed, 28 Mar 2018 10:02:49 -0400, wrote: dadiOH wrote: wrote in message news On 03/27/2018 03:43 PM, wrote: After replacing the HD one week ago, it worked fine every day, until today. Now some of the same symptoms are back: Everything appears normal up to the Login screen. I enter my password and "Welcome" appears but nothing more happens. Sometimes it will finish startup, but take much longer. No error messages appear except on a restart after a lockup, the basic Windows startup menu appears because of a failed proper shutdown. I'm really upset. After all I did, it appears I'm back to square one. I have no idea what to try now. Could be a RAM problem or possibly a bad mobo. Or power supply The OP has already tested the RAM, which passed. And if it is a power supply issue, why does it have the earmarks of a "failed profile at startup" ? A power supply failure will cause random failures at different times of the day. Or perhaps consistently, when the system has "power peaks". I've seen power peaks at BIOS level (because the power management isn't very good there), and if the PSU is pooping out, it could die just as easily at BIOS level, before the desktop appears. If, during shutdown, the system is actually doing "unclean" shutdowns, that could be damaging some registry related stuff. If you had "Automatically Reboot" set, your system probably wouldn't shut down for you. It would reboot. If the Automatically Reboot on a failure wasn't set, the system could crash during shutdown, not write the registry properly, and just... stop. Sometimes you get log entries for things like that (Event Viewer), but not if it was a BSOD. It might crash before having time to make a log entry. Now, that's a lot of supposition on my part, but it's the most likely thing to be messing up the profile (without it being a disk issue, and the disk has been replaced). When it comes to "BSOD Spectrum", if you look at a large number of BSODS on your system, you'll notice a fingerprint. For example, say the NVidia driver is really crap, then there will be a ton of BSODS with "nvxx" in the name for you to look at. If, on the other hand, the power supply is bad, you'll be getting obscure errors nobody has ever heard of. Ones you might have trouble finding in the Aumha STOP list. At the moment, the OPs symptoms seem to be pretty focused, but we don't have an overview of Event Viewer to see anything else that might be interesting. Or a view of any minidumps. (Pictures for dramatic effect...) https://www.nirsoft.net/utils/blue_screen_view.html Paul You made me think about a corrupted User Profile. I went he https://support.microsoft.com/en-us/...d-user-profile Followed the steps and created a new user as administrator, like my original user account. I thought if a new account wasn't corrupted, it would start properly. Today I ran some tests and was disappointed. Didn't matter which user I tried logging on as. The symptoms of not getting beyond the "Welcome" screen and the disk activity light being mostly steady for a few minutes occurred. Sometimes it would finish starting and seem to work ok. But even then, a normal automated Log off, Shutdown and Restart, might or might not go smoothly. Tomorrow I'll read the pages you linked to see if I can understand/learn anything else to try. DC Still having the problem and it's still a crap shoot every time to see if it will complete successfully or if I have to shut off power and restart, The only suspicious Event that happens at every startup (if successful or not) is this one for ATC.SYS not loading. It's a file installed by BitDefender AV Free. Here's the full content of the Event Viewer Details: Begin============ Log Name: System Source: Service Control Manager Date: 4/2/2018 1:57:13 PM Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: AVA-386876-1 Description: The following boot-start or system-start driver(s) failed to load: atc Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" / EventID Qualifiers="49152"7026/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x8080000000000000/Keywords TimeCreated SystemTime="2018-04-02T18:57:13.063476500Z" / EventRecordID502112/EventRecordID Correlation / Execution ProcessID="876" ThreadID="880" / ChannelSystem/Channel ComputerAVA-386876-1/Computer Security / /System EventData Data Name="param1" atc/Data /EventData /Event End============== I found this: https://social.technet.microsoft.com...w7itprogeneral where someone was having a similar problem and Kate Li (MSFT CSG) suggested removing the file to see if that solved it. I was able to copy it to another drive for safe keeping, but I can't remove or rename it. I receive a msg saying I need permission from the administrators to do so. I am an administrator but that's not enough. At first the atc.sys properties said TrustedInstaller was in control and I couldn't find a way to edit/change that. But now after several attempts the TrustedInstaller entry is gone and it says SYSTEM is in control, but it still won't let me mess with it. I also tried to rename or delete it via Command Prompt (run as Administrator) and as another user I created earlier (also an administrator), but no go. Next to try will be to learn how to use process monitor to capture the statup process, but that will take a while. Note that when startup does complete successfully and the desktop appears, etc., everything seems to work fine for as long as I want to use it. But then a restart, with normal appearing logoff, shutdown and restart may or may not be a successful startup. DC Uninstall Bit Defender, not just a file. While Windows is running, not only does it have permissions (like TrustedInstaller), but it also has Windows File Protection, to prevent malware from messing around. Of course, real malware doesn't particularly care about WFP, but WFP is a great way to prevent *users* from messing around. Your advice is a good one, to simply remove Bit Defender as part of an experiment, to see if it's the root cause. If I was doing this, for safety I would back up C: first, then remove BitDefender. I could then restore my perfectly working BitDefender + Windows installation later, from that backup, if I didn't like the mess I'd made for myself. Just yesterday, I "walked out of a mess" by using a 100GB backup of C: , so I regularly use this backup technique when I know an experiment will lead to grief. I had made extensive changes to a multitude of network settings, and I "didn't have to be careful, because I had a backup". AV companies regularly provide "uninstall/cleaner tools" for their products. Going to Programs and Features and uninstalling, is the first step. The "cleaner" can remove AV services which are "difficult" to remove. Some AV companies make this kind of utility harder to find than others. And note, that the instructions for usage are important. A cleaner can either be run, to do the entire job. Or a cleaner can be intended to *only* be run after the Programs and Features removal has been attempted. You need to download the cleaner, but also carefully read the instructions for usage. https://www.bitdefender.com/uninstall/ Paul Removing BitDefender Free seems like it solved the problem. After removing it via Control Panel Uninstall, I cleaned up empty folders and some logs. The Task that launched it was gone and the registry looked good too. Startup times are much faster - every time. I tried Windows Restart, Shutdown (and manual restart) and power down and restart. A total of 16 times with no hesitation. Apps open faster too. Everything feels fresh and brisk now. Using MR images before and after changes is THE way to go. Thanks to all who offered advice! DC |
#26
|
|||
|
|||
Win 7 Startup Problems - Again!
On Sat, 07 Apr 2018 17:29:49 -0700, tesla sTinker
wrote: ok, now what you want to do, is go to novirusthanks.com and get the malware remover. Download it. From your link above: Last Updated April 30, 2011 Wow, still pushing that old dog? I say "No, thanks." -- Char Jackson |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|