W7 sometimes freezes a few minutes after startup

[Roger Mills]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night, and start it up first thing in
the morning. It has a nasty habit of freezing in the first half hour
after boot-up - typically after about 10 minutes. When this happens,
whatever was displayed on the screen is still there, but all animation
stops[1] and there's no response to keyboard or mouse - not even
Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power
switch until it switches off, and then start again. After starting the
second time, it is invariably ok for the rest of the day.

I go through periods where it does this more or less every day, but
sometimes it can go for a week or more without a problem.

My hunch is that the processor is still running, but is stuck in a loop
waiting for something to happen - which never does - so it just appears
frozen to the outside world. Can anyone suggest anything which I can
look for after the event (log files, etc.) which might throw any light
on what's happening? [Or, better still, how I can unfreeze it without
having to re-boot!].

TIA.

[1] I tend to display the clock from "Set Date & Time" at the bottom RH
corner of the screen. This way I can see that it is frozen, because the
second hand stops moving and, if I'm away from the computer, I can see
exactly *when* it stopped.
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Big Steel]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night, and start it up first thing in
the morning. It has a nasty habit of freezing in the first half hour
after boot-up - typically after about 10 minutes. When this happens,
whatever was displayed on the screen is still there, but all animation
stops[1] and there's no response to keyboard or mouse - not even
Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power
switch until it switches off, and then start again. After starting the
second time, it is invariably ok for the rest of the day.

I go through periods where it does this more or less every day, but
sometimes it can go for a week or more without a problem.

My hunch is that the processor is still running, but is stuck in a loop
waiting for something to happen - which never does - so it just appears
frozen to the outside world. Can anyone suggest anything which I can
look for after the event (log files, etc.) which might throw any light
on what's happening? [Or, better still, how I can unfreeze it without
having to re-boot!].

TIA.

[1] I tend to display the clock from "Set Date & Time" at the bottom RH
corner of the screen. This way I can see that it is frozen, because the
second hand stops moving and, if I'm away from the computer, I can see
exactly *when* it stopped.

I have gone through this thing in the last couple of weeks with my
desktop running Vista Ultimate where the machine just locks-up after
setting idle for a while. It's happened 3 times where I have had to reboot.

 

[Ed Cryer]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night, and start it up first thing in
the morning. It has a nasty habit of freezing in the first half hour
after boot-up - typically after about 10 minutes. When this happens,
whatever was displayed on the screen is still there, but all animation
stops[1] and there's no response to keyboard or mouse - not even
Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power
switch until it switches off, and then start again. After starting the
second time, it is invariably ok for the rest of the day.

I go through periods where it does this more or less every day, but
sometimes it can go for a week or more without a problem.

My hunch is that the processor is still running, but is stuck in a loop
waiting for something to happen - which never does - so it just appears
frozen to the outside world. Can anyone suggest anything which I can
look for after the event (log files, etc.) which might throw any light
on what's happening? [Or, better still, how I can unfreeze it without
having to re-boot!].

TIA.

[1] I tend to display the clock from "Set Date & Time" at the bottom RH
corner of the screen. This way I can see that it is frozen, because the
second hand stops moving and, if I'm away from the computer, I can see
exactly *when* it stopped.

I'd expect something to be logged in Windows for a problem as regular
and severe as this.

Have a look at;
Control Panel
Administrative Tools
Event Viewer
Windows Logs
(especially System and Application)

Come back here with any info you can garner.

Ed

 

[meagain]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night,

HOW exactly do you shut it down? pull the plug, "hibernate", or "sleep"?

and start it up first thing in the morning.
It has a nasty habit of freezing in the first half hour after boot-up - typically
after about 10 minutes. When this happens, whatever was displayed on the screen is
still there, but all animation stops[1] and there's no response to keyboard or mouse
- not even Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power switch until
it switches off, and then start again. After starting the second time, it is
invariably ok for the rest of the day.

It could be any number of things, but I have made all programs STOP checking for
"updates" upon startup. When all your programs start checking for updates, and the
Windows indexer tracks all y our files it will look as if it has hung. In fact, it
may hang waiting for those update contacts! There has to be a better way!

 

[charlie]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night, and start it up first thing in
the morning. It has a nasty habit of freezing in the first half hour
after boot-up - typically after about 10 minutes. When this happens,
whatever was displayed on the screen is still there, but all animation
stops[1] and there's no response to keyboard or mouse - not even
Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power
switch until it switches off, and then start again. After starting the
second time, it is invariably ok for the rest of the day.

I go through periods where it does this more or less every day, but
sometimes it can go for a week or more without a problem.

My hunch is that the processor is still running, but is stuck in a loop
waiting for something to happen - which never does - so it just appears
frozen to the outside world. Can anyone suggest anything which I can
look for after the event (log files, etc.) which might throw any light
on what's happening? [Or, better still, how I can unfreeze it without
having to re-boot!].

TIA.

[1] I tend to display the clock from "Set Date & Time" at the bottom RH
corner of the screen. This way I can see that it is frozen, because the
second hand stops moving and, if I'm away from the computer, I can see
exactly *when* it stopped.

I'd expect something to be logged in Windows for a problem as regular
and severe as this.

Have a look at;
Control Panel
Administrative Tools
Event Viewer
Windows Logs
(especially System and Application)

Come back here with any info you can garner.

Ed

I've had this happen also, but with Win7 Pro 32 and Vista Ultimate 32.
It can be due to Hardware or software.

Hardware (I've had this happen)
The system heats up. If the BIOS is set to "automatic" for various
timings, voltages, etc, what it sets with the system cold may not be the
same when it's warmed up. This seems to be more of an issue with
automatic overclocking using the BIOS to determine settings.

The system I'm currently using to write this has an occasional problem
that occurs on boot that is very similar.

Another dissimilar system system had similar problems, until I locked
the memory timing and voltages. Although that solved the problem, I
still don't know exactly why the system was behaving as it was.
The memory is fairly decent quality, and has always passed most testing.
The clue was that 2 memory locations out of 8G were occasionally acting up.

Finally, some video card driver versions for the high performance video
cards seem to have a problem that causes symptoms in this area. The
symptom is usually one of initial display minor or major corruption,
followed by a blank screen. There may or may not be error messages that
have some bearing. At different times, I've had this happen with both
ATI and Nvidia video driver versions across quite different system
hardware and windows versions.

 

[Gene E. Bloch]

HOW exactly do you shut it down? pull the plug, "hibernate", or "sleep"?

Or maybe via Windows Shutdown?

and start it up first thing in the morning.
It has a nasty habit of freezing in the first half hour after boot-up -
typically
after about 10 minutes. When this happens, whatever was displayed on the
screen is
still there, but all animation stops[1] and there's no response to keyboard
or mouse
- not even Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no
effect. The
only way that I can find to recover from this is to hold down the power
switch until
it switches off, and then start again. After starting the second time, it
is
invariably ok for the rest of the day.

It could be any number of things, but I have made all programs STOP checking
for "updates" upon startup. When all your programs start checking for
updates, and the
Windows indexer tracks all y our files it will look as if it has hung. In
fact, it
may hang waiting for those update contacts! There has to be a better way!

Those events don't normally stop the clock...

 

[Rob]

I'm running W7 Professional 32-bit SP1 on a Dell Vostro 1520 laptop.

I shut it down when I go to bed at night, and start it up first thing in
the morning. It has a nasty habit of freezing in the first half hour
after boot-up - typically after about 10 minutes. When this happens,
whatever was displayed on the screen is still there, but all animation
stops[1] and there's no response to keyboard or mouse - not even
Ctrl/Alt/Del. Unplugging and re-plugging USB devices has no effect. The
only way that I can find to recover from this is to hold down the power
switch until it switches off, and then start again. After starting the
second time, it is invariably ok for the rest of the day.

I go through periods where it does this more or less every day, but
sometimes it can go for a week or more without a problem.

My hunch is that the processor is still running, but is stuck in a loop
waiting for something to happen - which never does - so it just appears
frozen to the outside world. Can anyone suggest anything which I can
look for after the event (log files, etc.) which might throw any light
on what's happening? [Or, better still, how I can unfreeze it without
having to re-boot!].

TIA.

[1] I tend to display the clock from "Set Date & Time" at the bottom RH
corner of the screen. This way I can see that it is frozen, because the
second hand stops moving and, if I'm away from the computer, I can see
exactly *when* it stopped.

Have a look at the MS site there is a Fix it for this. Not sure which
one it is now.

http://fixitcenter.support.microsoft.com/Portal/GetStarted

 

[Roger Mills]

Or maybe via Windows Shutdown?

Yes - START / Shut down - always done cleanly (except when it freezes!)
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Roger Mills]

I'd expect something to be logged in Windows for a problem as regular
and severe as this.

Have a look at;
Control Panel
Administrative Tools
Event Viewer
Windows Logs
(especially System and Application)

Come back here with any info you can garner.

I've captured some of the system log either side of the crash, together
with the explanation which is displayed when you click on each line of
the log. I'll post it below, but I suspect that it will get scrambled
because some of the lines are pretty long.

Basically, the system started at 07:41:04 and it was busy loading stuff
(and I was also running Firefox and Mailwasher)

My log extract at 07:46:36 (shown as 0807:46:36 - my capturing process
seems to have lost the/02/2012 part of the date!) At that point, it was
still loading stuff.

The first sign of trouble seems to be at 07:49:10 when "The Volume
Shadow Copy service entered the stop state"
The last entry before the freeze at 07:49:17 when "The Software
protection service entered the stop state"

Everything after that relates to the re-start - including a couple of
entries indicating that there had been an unexpected shutdown.

The actual log follows - (needs to be read from the bottom up):
________________________________________________________
Critical 0807:56:10 Kernel-Power
41 (63) The system has rebooted without
cleanly shutting down first. This error could be caused if the system
stopped responding, crashed, or lost power unexpectedly.
Information 0807:56:06 FilterManager
6 None File System Filter
'RapportCerberus_34302' (5.0, ‎2011‎-‎12‎-‎05T09:54:44.000000000Z) has
successfully loaded and registered with Filter Manager.

Information 0807:56:06 FilterManager
6 None File System Filter 'Avgmfx86'
(6.1, ‎2011‎-‎08‎-‎08T03:40:42.000000000Z) has successfully loaded and
registered with Filter Manager.
Information 0807:56:27 EventLog
6013 None The system uptime is 33 seconds.
Information 0807:56:27 EventLog
6005 None The Event log service was started.

Information 0807:56:27 EventLog
6009 None Microsoft (R) Windows (R) 6.01.
7601 Service Pack 1 Multiprocessor Free.
Error 0807:56:27 EventLog
6008 None The previous system shutdown
at 07:50:18 on ‎08/‎02/‎2012 was unexpected.

Information 0807:55:57 FilterManager
6 None File System Filter 'FileInfo'
(6.1, ‎2009‎-‎07‎-‎13T23:21:51.000000000Z) has successfully loaded and
registered with Filter Manager.
Information 0807:55:53 Kernel-General
12 None The operating system started at
system time ‎2012‎-‎02‎-‎08T07:55:53.375199800Z.

Information 0807:49:17 SCoManager
7036 None The Software Protection service entered
the stopped state.
Information 0807:49:16 SCoManager
7036 None The Windows Media Center Scheduler
Service service entered the stopped state.
Information 0807:49:10 SCoManager
7036 None The Volume Shadow Copy service entered
the stopped state.

Information 0807:49:05 SCoManager
7036 None The Windows Media Center Receiver
Service service entered the running state.
Information 0807:47:20
Application-Experience 206 None The Program Compatibility
Assistant service successfully performed phase two initialization.

Information 0807:46:37 SCoManager
7036 None The Peer Networking Grouping service
entered the running state.
Information 0807:46:37 SCoManager
7036 None The Peer Name Resolution Protocol
service entered the running state.
Information 0807:46:37 SCoManager
7036 None The Peer Networking Identity Manager
service entered the running state.

Information 0807:46:36 SCoManager
7036 None The HomeGroup Listener service entered
the running state.
_________________________________________


--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Rob]

I've captured some of the system log either side of the crash, together
with the explanation which is displayed when you click on each line of
the log. I'll post it below, but I suspect that it will get scrambled
because some of the lines are pretty long.

Basically, the system started at 07:41:04 and it was busy loading stuff
(and I was also running Firefox and Mailwasher)

My log extract at 07:46:36 (shown as 0807:46:36 - my capturing process
seems to have lost the/02/2012 part of the date!) At that point, it was
still loading stuff.

The first sign of trouble seems to be at 07:49:10 when "The Volume
Shadow Copy service entered the stop state"
The last entry before the freeze at 07:49:17 when "The Software
protection service entered the stop state"

Everything after that relates to the re-start - including a couple of
entries indicating that there had been an unexpected shutdown.

The actual log follows - (needs to be read from the bottom up):
________________________________________________________
Critical 0807:56:10 Kernel-Power 41 (63) The system has rebooted without
cleanly shutting down first. This error could be caused if the system
stopped responding, crashed, or lost power unexpectedly.
Information 0807:56:06 FilterManager 6 None File System Filter
'RapportCerberus_34302' (5.0, ‎2011‎-‎12‎-‎05T09:54:44.000000000Z) has
successfully loaded and registered with Filter Manager.

Information 0807:56:06 FilterManager 6 None File System Filter
'Avgmfx86' (6.1, ‎2011‎-‎08‎-‎08T03:40:42.000000000Z) has successfully
loaded and registered with Filter Manager.
Information 0807:56:27 EventLog 6013 None The system uptime is 33 seconds.
Information 0807:56:27 EventLog 6005 None The Event log service was
started.

Information 0807:56:27 EventLog 6009 None Microsoft (R) Windows (R)
6.01. 7601 Service Pack 1 Multiprocessor Free.
Error 0807:56:27 EventLog 6008 None The previous system shutdown at
07:50:18 on ‎08/‎02/‎2012 was unexpected.

Information 0807:55:57 FilterManager 6 None File System Filter
'FileInfo' (6.1, ‎2009‎-‎07‎-‎13T23:21:51.000000000Z) has successfully
loaded and registered with Filter Manager.
Information 0807:55:53 Kernel-General 12 None The operating system
started at system time ‎2012‎-‎02‎-‎08T07:55:53.375199800Z.

Information 0807:49:17 SCoManager 7036 None The Software Protection
service entered the stopped state.
Information 0807:49:16 SCoManager 7036 None The Windows Media Center
Scheduler Service service entered the stopped state.
Information 0807:49:10 SCoManager 7036 None The Volume Shadow Copy
service entered the stopped state.

Information 0807:49:05 SCoManager 7036 None The Windows Media Center
Receiver Service service entered the running state.
Information 0807:47:20 Application-Experience 206 None The Program
Compatibility Assistant service successfully performed phase two
initialization.

Information 0807:46:37 SCoManager 7036 None The Peer Networking Grouping
service entered the running state.
Information 0807:46:37 SCoManager 7036 None The Peer Name Resolution
Protocol service entered the running state.
Information 0807:46:37 SCoManager 7036 None The Peer Networking Identity
Manager service entered the running state.

Information 0807:46:36 SCoManager 7036 None The HomeGroup Listener
service entered the running state.
_________________________________________

How much ram?

Can you remove ram and check each piece as it maybe a glitch with one
chip. Memtest will not correctly check it.

 

[Roger Mills]

How much ram?

Can you remove ram and check each piece as it maybe a glitch with one
chip. Memtest will not correctly check it.

2GB. Haven't looked inside, but I suspect that it's a single 2G module.

If that were the problem, why would it crash 10 minutes after the first
boot of the day and then run all day after the second boot?
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Ed Cryer]

I've captured some of the system log either side of the crash, together
with the explanation which is displayed when you click on each line of
the log. I'll post it below, but I suspect that it will get scrambled
because some of the lines are pretty long.

Basically, the system started at 07:41:04 and it was busy loading stuff
(and I was also running Firefox and Mailwasher)

My log extract at 07:46:36 (shown as 0807:46:36 - my capturing process
seems to have lost the/02/2012 part of the date!) At that point, it was
still loading stuff.

The first sign of trouble seems to be at 07:49:10 when "The Volume
Shadow Copy service entered the stop state"
The last entry before the freeze at 07:49:17 when "The Software
protection service entered the stop state"

Everything after that relates to the re-start - including a couple of
entries indicating that there had been an unexpected shutdown.

The actual log follows - (needs to be read from the bottom up):
________________________________________________________
Critical 0807:56:10 Kernel-Power 41 (63) The system has rebooted without
cleanly shutting down first. This error could be caused if the system
stopped responding, crashed, or lost power unexpectedly.
Information 0807:56:06 FilterManager 6 None File System Filter
'RapportCerberus_34302' (5.0, ‎2011‎-‎12‎-‎05T09:54:44.000000000Z) has
successfully loaded and registered with Filter Manager.

Information 0807:56:06 FilterManager 6 None File System Filter
'Avgmfx86' (6.1, ‎2011‎-‎08‎-‎08T03:40:42.000000000Z) has successfully
loaded and registered with Filter Manager.
Information 0807:56:27 EventLog 6013 None The system uptime is 33 seconds.
Information 0807:56:27 EventLog 6005 None The Event log service was
started.

Information 0807:56:27 EventLog 6009 None Microsoft (R) Windows (R)
6.01. 7601 Service Pack 1 Multiprocessor Free.
Error 0807:56:27 EventLog 6008 None The previous system shutdown at
07:50:18 on ‎08/‎02/‎2012 was unexpected.

Information 0807:55:57 FilterManager 6 None File System Filter
'FileInfo' (6.1, ‎2009‎-‎07‎-‎13T23:21:51.000000000Z) has successfully
loaded and registered with Filter Manager.
Information 0807:55:53 Kernel-General 12 None The operating system
started at system time ‎2012‎-‎02‎-‎08T07:55:53.375199800Z.

Information 0807:49:17 SCoManager 7036 None The Software Protection
service entered the stopped state.
Information 0807:49:16 SCoManager 7036 None The Windows Media Center
Scheduler Service service entered the stopped state.
Information 0807:49:10 SCoManager 7036 None The Volume Shadow Copy
service entered the stopped state.

Information 0807:49:05 SCoManager 7036 None The Windows Media Center
Receiver Service service entered the running state.
Information 0807:47:20 Application-Experience 206 None The Program
Compatibility Assistant service successfully performed phase two
initialization.

Information 0807:46:37 SCoManager 7036 None The Peer Networking Grouping
service entered the running state.
Information 0807:46:37 SCoManager 7036 None The Peer Name Resolution
Protocol service entered the running state.
Information 0807:46:37 SCoManager 7036 None The Peer Networking Identity
Manager service entered the running state.

Information 0807:46:36 SCoManager 7036 None The HomeGroup Listener
service entered the running state.
_________________________________________

Well that's no real help. The nearest comment is after the reboot; "The
previous system shutdown at 07:50:18 on ‎08/‎02/‎2012 was unexpected."

How old is the machine? If it's still under guarantee, take it back.
If it isn't, then it's a matter of trying to remember just when the
problem started, and what was going on just before then.

This thing about being ok after the reboot should be a big clue, but I
can't fathom it; apart from stating that it's had time to warm up and
power up by then. And that suggests some dodgy hardware.

What hardware have you got; memory, HD, DVD? What else? And particularly
what added lately?


Ed

 

[Roger Mills]

Well that's no real help. The nearest comment is after the reboot; "The
previous system shutdown at 07:50:18 on ‎08/‎02/‎2012 was unexpected."

How old is the machine? If it's still under guarantee, take it back.
If it isn't, then it's a matter of trying to remember just when the
problem started, and what was going on just before then.

It was a Savastore 'special' (in other words, one of a big batch of
superseded models which they bought from Dell) which came with very
little documentation and no warranty card. It's nearly two years old, so
I doubt whether there's any mileage in 'sending it back'.

This thing about being ok after the reboot should be a big clue, but I
can't fathom it; apart from stating that it's had time to warm up and
power up by then. And that suggests some dodgy hardware.

What hardware have you got; memory, HD, DVD? What else? And particularly
what added lately?

It's a Dell laptop with 2G memory, 250G HD and built-in DVD writer. I
don't know whose internals they use.

I have actually got a theory which I'm going to follow up. This laptop
is my main computer which I use both at home and at my holiday flat
(where I spend about 1 week per month throughout the year). As far as I
can remember, this problem never occurs at the flat. If so, what is
different?

One thing that's different is that, at home, I have a 500GB
mains-powered USB-connected external HD plugged in. Although I shut down
the computer cleanly each night, I sometimes turn off the power to the
peripherals - external monitor, printer, scanner, etc. *including* this
external HD, before shutdown is complete. I'm wondering whether this
could be confusing it, and causing it to crash shortly after startup.
Some of the log entries seem to indicate a problem with the "Volume
Shadow copy service" for that drive - whatever that is. I'm going to try
waiting until shutdown is complete before turning off the power, to see
whether the problem still happens.
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Paul]

Well that's no real help. The nearest comment is after the reboot; "The
previous system shutdown at 07:50:18 on ‎08/‎02/‎2012 was unexpected."

How old is the machine? If it's still under guarantee, take it back.
If it isn't, then it's a matter of trying to remember just when the
problem started, and what was going on just before then.

This thing about being ok after the reboot should be a big clue, but I
can't fathom it; apart from stating that it's had time to warm up and
power up by then. And that suggests some dodgy hardware.

What hardware have you got; memory, HD, DVD? What else? And particularly
what added lately?


Ed

Some options:

Disable Automatic restart, copy BSOD info off the screen.

Look for minidmp information, use Nirsoft BlueScreenViewer to look at the
..dmp file and figure out what crashed. The BSOD info should be in there
as well.

In the picture here, the Automatically restart box ix unticked, and that
will make any blue screen stay put until you copy it down. If there is a
driver name in the message, that helps.

http://techstroke.com/wp-content/uploads/2010/11/windows-startup-recovery.jpg

A blue screen is an OS crash, and the STOP code can be looked up here.

http://aumha.org/a/stop.htm

The dump file created, can vary in size and perhaps name as well. The minidump
format is the most compact, and for debugging purposes, is frequently enough
to get a STOP code or driver name. A complete dump, copying the entire memory,
is useful if you know how to use the various debugger utilities. But would
otherwise be overkill. If you knew you would only get one chance at it
(not easily reproducible bug), you might go for a full dump, whereas if the
failure happens over and over again, the minidump option can help
you note the consistency (software problem) or inconsistency (hardware problem)
nature of it. If the same STOP code and driver name came up each time,
you might suspect a driver update would fix it. Whereas, if the errors have
a degree of randomness to them, you might not suspect that poking at software
is going to fix it. You might run a memory test, as an example of something
to try in that case.

http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/

http://blogs.msdn.com/b/wer/archive...orage-and-clean-up-behavior-in-windows-7.aspx

*******

For crashing applications, Windows 7 is set up to "report to Microsoft", and
that can prevent useful local logging. You'll see a dialog if that happens.
Werfault intercepts the dump, and sends it to Microsoft. There is a registry setting
(LocalDumps) to change that, so you can do some "home debugging". I verified
that, by writing my own short C program that dereferenced an illegal location,
so I could have a consistently crashing application to test with.
This is not the OS crashing though, and is to help if an application crashes,
and the error report to Microsoft isn't helping you out.

http://al.howardknight.net/msgid.cgi?STYPE=msgid&A=0&MSGI=<[email protected]>

I have to use the archive there, as Google Groups doesn't archive alt.windows7.general .

Paul

 

[Paul]

One thing that's different is that, at home, I have a 500GB
mains-powered USB-connected external HD plugged in. Although I shut down
the computer cleanly each night, I sometimes turn off the power to the
peripherals - external monitor, printer, scanner, etc. *including* this
external HD, before shutdown is complete. I'm wondering whether this
could be confusing it, and causing it to crash shortly after startup.
Some of the log entries seem to indicate a problem with the "Volume
Shadow copy service" for that drive - whatever that is. I'm going to try
waiting until shutdown is complete before turning off the power, to see
whether the problem still happens.

You can use the "Safely Remove" hardware icon in the lower right hand corner,
to tell the OS to expect the USB hard drive to "disappear".

To make things fun, Windows 7 has an "icon storage" thing in that corner.
Clicking it, brings up the icons that can't be displayed. On my Win 7
laptop, the Safely Remove hardware icon ends up stored in there, where
you cannot immediately see it. Selecting the icon, it should tell you
what drive letter(s) are about to disappear. And then the file system
gets flushed to disk properly, so you can turn off the power to the
drive or unplug it etc. If you do that, then you can turn off the power
to the USB drive in mid-session (after the software removal process
is complete).

http://www.techrena.net/images/How-...-H_BF16/Safely-remove-hardware-media-tray.png

Safely Remove isn't always required, as some storage devices have
no "caching" in the path to the storage device. So there is no
write data cached somewhere that can go missing. But if the drive
path has caching, then Safely Remove (or an orderly shutdown with
power still available), will help flush out the cached data to disk.

The other advantage of Safely Remove, is if you Sleep or Hibernate
the computer, you want the hardware config at startup, to match
the hardware config when you put the computer to sleep. While a
computer should be able to handle missing hardware, by bleating
out a warning on the next startup, I can see cases where it might
not be very happy.

VSS shadow copy, keeps track of file system changes. It's used
by System Restore, to track things that change, automatically.
One disadvantage of it, is if changes occur that it wasn't
allowed to see, it can get pissed off. I suspect that's why
I've had a non-booting laptop a couple of times. It's VSS related.
I'm tempted to disable it entirely, but then I wouldn't be
able to make "System Image" backups from the appropriate Windows
control panel.

Maybe VSS is monitoring the state of the external USB drive,
when you could just turn that off. Then, it would be one less
thing for VSS to get upset about.

In this example, you can see that C: is being tracked by System
Restore. You might not want the external USB drive and it's drive
letter(s) tracked in this way. There could be some value to tracking
changes on C:, or you could disable System Restore points entirely.
I don't know right off hand, what the shortest path is to changing that.
Typing "system restore' in one of the search boxes will probably get
you there.

http://streaminggates.com/images/windows7/windows-7-system-restore-protection-468x257.jpg

Paul

 

[Roger Mills]

Some options:

Disable Automatic restart, copy BSOD info off the screen.

Look for minidmp information, use Nirsoft BlueScreenViewer to look at the
.dmp file and figure out what crashed. The BSOD info should be in there
as well.

In the picture here, the Automatically restart box ix unticked, and that
will make any blue screen stay put until you copy it down. If there is a
driver name in the message, that helps.

http://techstroke.com/wp-content/uploads/2010/11/windows-startup-recovery.jpg

But I don't get a BSOD. When it freezes, the screen display stays as is
except that any animation stops, and there's no response to mouse or
keyboard activity.

When I force a restart by holding down the power button, I get a screen
which says that Windows didn't shut down normally, and giving various
options - Start Windows Normally, Safe Mode, Do a repair (I think) etc.
the default seems to be to start normally. I always select that anyway,
but I guess it would do it itself after N seconds if I didn't do
anything. I don't think there are any error codes on the screen. I've
seen a BSOD many times on XP systems, and it ain't like that.

--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Roger Mills]

You can use the "Safely Remove" hardware icon in the lower right hand
corner,
to tell the OS to expect the USB hard drive to "disappear".

Yes, I know about "Safely Remove" - and use it often when removing thumb
drives and SD memory cards etc. [It sometimes says they're in use when
they're not, and I have to use Unlocker to release any stray handles
before I can remove them.

But there's no point in doing that with my external HD - it's easier
just a wait a few more seconds for the computer to shut down completely
before removing its power.
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

 

[Paul]

But I don't get a BSOD. When it freezes, the screen display stays as is
except that any animation stops, and there's no response to mouse or
keyboard activity.

When I force a restart by holding down the power button, I get a screen
which says that Windows didn't shut down normally, and giving various
options - Start Windows Normally, Safe Mode, Do a repair (I think) etc.
the default seems to be to start normally. I always select that anyway,
but I guess it would do it itself after N seconds if I didn't do
anything. I don't think there are any error codes on the screen. I've
seen a BSOD many times on XP systems, and it ain't like that.

Well, that's going to be a problem then.

The thing is, there are various hooks for doing things to a system,
but they also require the system to be responsive. In this example, there
is an option to "crash dump" a system from the keyboard. But such a notion
isn't going to work, if the character from the keyboard can't get to the
appropriate piece of software.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx

The purpose of doing that, would be for capturing an entire picture of memory
when the system was frozen.

********

There is also a technique for doing this, that doesn't use the keyboard.
It's called Firewire RDMA transfer. Firewire interfaces have the ability
to "reach into" another computer and Remote DMA a chunk of memory (um, what
a horrible security hole). Forensic specialists sometimes use this, to
perhaps find a password for something that is encrypted (where the password
is still somewhere in memory). I don't know if this feature is still
available in Windows 7 systems or not. (Firewire networking was removed
from Windows 7, but other aspects of Firewire should still be supported.)

For that to work, you'd have to be pretty lucky. You'd need two computers,
both with Firewire interfaces. My Win7 laptop doesn't have Firewire,
so I can't experiment with that here. I have a couple other machines with
Firewire, but no other copies of Windows 7.

USB doesn't have that capability. It's unique to Firewire. It's a hacker thing.

********

So unless the computer is still responsive enough, to be triggerable
by some method like that keyboard hack, it's going to be pretty hard
to capture the system when it freezes.

It's possible to connect a kernel debugger, over a serial interface.
But again, if the kernel was actually frozen, would anything come
across the cable ?

I had a frustrating experience like that, with a recent Ubuntu (Linux)
system installer. The system would freeze, half way through the install.
Boneheadedly stupid!

I tried two things to debug it. I used "ping" from a second computer,
to see if the TCP/IP stack was still working. I've discovered times
on Windows, where only the display subsystem and keyboard/mouse are
dead, and the computer is otherwise working. And getting a "ping" response
from another computer, hints at that situation.

On the Ubuntu machine, I enabled a serial port console option at boot,
such that the serial port would function as a terminal (like a command
prompt window). If you have a terminal or equivalent connected to
the serial port, you can talk to it. I figured for sure, it'll stay up
and I'd be able to debug serially from another computer. I think that
Windows Windbg has a similar kind of concept, for remote debugging.
But that was frozen on the Ubuntu box as well. No response. Bang
on the Enter key, nothing.

It turned out, that during install, Ubuntu would access a certain
Canonical server with software on it. The server had ICMP disabled,
which means the server can not contribute to fragmentation detection
on an MTU mismatch. Normally, when you have a "black hole" routing
problem like that, just the application freezes. But it seemed in this
case, the entire TCP/IP stack deadlocked, freezing the system somewhere
in the kernel. One poster to a forum said "change the MTU" before installing,
and that fixed it! Now, from the outside, to me it looked like a serious
issue, when in fact it was something pretty stupid (and caused by how
the Canonical server was set up in the first place). And the Linux
guys didn't have a clue why it did that, until someone happened to
post that suggestion.

I've had a problem like that on a Mac running MacOSX, but all that
misbehaved in that case, was the email application I was using, simply
didn't get mail from the mail server. No drama in that case. So the
black hole routing issue, caused by disabled ICMP on the server,
doesn't always result in a frozen computer.

I'm not suggesting that is your problem but merely illustrating that
sometimes these things are architecture-related issues. In the case
of things like black hole routing, there are fixes for that, but they
may still not be enabled on all OSes you happen to play with.

********

Given the difficulty of debugging problems like this (unable to
get a debugger to look at the system), the other approach is
hardware testing. If hardware testing is negative though, where
do you go next ?

One place to start, would be with the removal of "startup items".
For example, a Safe Mode boot, disables a good deal of cruft. It
could even be, a couple AV applications having a fight.

I noticed in your log, AVG as well as "Trusteer RapportCerberus" ?
I don't know what the latter one does, but that might not be
something the rest of us are using. Just a thought, in terms
of things we can see from here, that are out of the ordinary.

http://en.wikipedia.org/wiki/Trusteer

I used to have problems with Kaspersky AV, locking up my computer.
My technical term for this was "it got into a knife fight" with
some other software. Heuristic detection sometimes results in
two programs getting into a loop, and effectively doing a
"denial of service" on the computer. Funny stuff. When using
Kaspersky, half the free utilities on Sysinternals, would
trigger a knife fight and a frozen computer. I couldn't use
things like Process Explorer, without KAV intervening and
locking up the computer. And you wonder why I don't have
a subscription to KAV any more

Paul

 

[Char Jackson]

But I don't get a BSOD. When it freezes, the screen display stays as is
except that any animation stops, and there's no response to mouse or
keyboard activity.

Is there any chance it's just a video problem, that the machine hasn't
actually locked up? I had a system some years back that appeared to
lock up like what you're describing, but Winamp was playing an
mp3...and continued to play long after the video locked up. That was a
desktop system so I just changed the video card.

 

[Ed Cryer]

Well, that's going to be a problem then.

The thing is, there are various hooks for doing things to a system,
but they also require the system to be responsive. In this example,
there is an option to "crash dump" a system from the keyboard. But
such a notion isn't going to work, if the character from the keyboard
can't get to the appropriate piece of software.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx



The purpose of doing that, would be for capturing an entire picture
of memory when the system was frozen.

********

There is also a technique for doing this, that doesn't use the
keyboard. It's called Firewire RDMA transfer. Firewire interfaces
have the ability to "reach into" another computer and Remote DMA a
chunk of memory (um, what a horrible security hole). Forensic
specialists sometimes use this, to perhaps find a password for
something that is encrypted (where the password is still somewhere in
memory). I don't know if this feature is still available in Windows 7
systems or not. (Firewire networking was removed from Windows 7, but
other aspects of Firewire should still be supported.)

For that to work, you'd have to be pretty lucky. You'd need two
computers, both with Firewire interfaces. My Win7 laptop doesn't have
Firewire, so I can't experiment with that here. I have a couple other
machines with Firewire, but no other copies of Windows 7.

USB doesn't have that capability. It's unique to Firewire. It's a
hacker thing.

********

So unless the computer is still responsive enough, to be triggerable
by some method like that keyboard hack, it's going to be pretty hard
to capture the system when it freezes.

It's possible to connect a kernel debugger, over a serial interface.
But again, if the kernel was actually frozen, would anything come
across the cable ?

I had a frustrating experience like that, with a recent Ubuntu
(Linux) system installer. The system would freeze, half way through
the install. Boneheadedly stupid!

I tried two things to debug it. I used "ping" from a second
computer, to see if the TCP/IP stack was still working. I've
discovered times on Windows, where only the display subsystem and
keyboard/mouse are dead, and the computer is otherwise working. And
getting a "ping" response from another computer, hints at that
situation.

On the Ubuntu machine, I enabled a serial port console option at
boot, such that the serial port would function as a terminal (like a
command prompt window). If you have a terminal or equivalent
connected to the serial port, you can talk to it. I figured for sure,
it'll stay up and I'd be able to debug serially from another
computer. I think that Windows Windbg has a similar kind of concept,
for remote debugging. But that was frozen on the Ubuntu box as well.
No response. Bang on the Enter key, nothing.

It turned out, that during install, Ubuntu would access a certain
Canonical server with software on it. The server had ICMP disabled,
which means the server can not contribute to fragmentation detection
on an MTU mismatch. Normally, when you have a "black hole" routing
problem like that, just the application freezes. But it seemed in
this case, the entire TCP/IP stack deadlocked, freezing the system
somewhere in the kernel. One poster to a forum said "change the MTU"
before installing, and that fixed it! Now, from the outside, to me it
looked like a serious issue, when in fact it was something pretty
stupid (and caused by how the Canonical server was set up in the
first place). And the Linux guys didn't have a clue why it did that,
until someone happened to post that suggestion.

I've had a problem like that on a Mac running MacOSX, but all that
misbehaved in that case, was the email application I was using,
simply didn't get mail from the mail server. No drama in that case.
So the black hole routing issue, caused by disabled ICMP on the
server, doesn't always result in a frozen computer.

I'm not suggesting that is your problem but merely illustrating that
sometimes these things are architecture-related issues. In the case
of things like black hole routing, there are fixes for that, but
they may still not be enabled on all OSes you happen to play with.

********

Given the difficulty of debugging problems like this (unable to get a
debugger to look at the system), the other approach is hardware
testing. If hardware testing is negative though, where do you go next
?

One place to start, would be with the removal of "startup items". For
example, a Safe Mode boot, disables a good deal of cruft. It could
even be, a couple AV applications having a fight.

I noticed in your log, AVG as well as "Trusteer RapportCerberus" ? I
don't know what the latter one does, but that might not be something
the rest of us are using. Just a thought, in terms of things we can
see from here, that are out of the ordinary.

http://en.wikipedia.org/wiki/Trusteer

"Recently, updates made to Rapport have caused user machines to fail at
boot-up with a Blue Screen of Death; the problems are resolved by
re-naming the file RapportEI.sys.[10]"
(from the above site)

Ah, now then. Given that Win7 uses the BSOD as seldom as possible, that
could be it.
Give it a try. Remove it from loading at boot and see what happens.

Ed