Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to identifying source of system hang on boot


  • Please log in to reply
15 replies to this topic

#1 caen44

caen44

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 05 November 2008 - 11:12 PM

Hi Folks,

I know that this topic has been done to death, but after 2 days of searching through the forums, I can't find anything that helps.

Here is the situation:

My wife used my computer during the day and everything was fine. She says she just used photoshop, and then shut down. In the evening I turn on the computer (XP pro) and get a BSOD right after the windows splash screen.

Right at the beginning I started making mistakes.

1. I couldn't read the BSOD message, and even though windows is not set to restart after a system failure, the message still disappeared after a third of a second or so. I could have gotten my camera and taken a picture of the message for that short time, but figured I wouldn't have any problem fixing this in safe mode, so I didn't.

2. I booted into safe mode (that still works), and used system restore to back up to the last restore point that I installed software at. No help. System still crashes on boot, but now there is no BSOD, only a black screen after the windows spash screen, and it hangs there.

3. Logging of events and the small crash dump is enabled (always was). However I searched for dump files, but I only have files from a previous set of crashes about a year ago, nothing recent. The event log has lots of stuff, but mostly complaints about what couldn't be started under safe mode. There are a few errors telling me that a certain set of services couldn't be started.

4. Using F8 from the boot up, I can try selecting anything (VGA mode, last known good, enable boot logging, disable automatic restart), but nothing fixes the crash or lets me see what it was.

Other information:

I have a linux partition on the same computer, and that works fine, even stressing the video card, cpu and memory under linux, so I don't think that I have an actual hardware failure.

The most recent thing I installed was an application virtualization program from Symantec. It was working fine for several days before this crash. I used system restore to go back to before that install, which is when I lost the BSOD for the black screen of dispair.

Any ideas what I should do. I though about uninstalling the nvidia video driver (as the crash seems to happen right when you would expect to switch to the nvidia driver). But I thought that I might best ask for advice before I do any more damage and can't even get into safe mode. I did that once a while back, and don't want to repeat that experience.

Thanks for any suggestions you might have.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:06 AM

Posted 06 November 2008 - 09:40 AM

Hi :thumbsup:.

To get a handle on error messages at boot, you can try to Disable Auto Reboot On System Crash - http://www.theeldergeek.com/auto_reboot_on_system_crash.htm

That should allow you to get the content and post it here. Without error message detail, it degenerates into a rather large guessing game.

Louis

#3 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 06 November 2008 - 10:26 AM

Hi,

Thanks for the reply. Yeah, I already had that disabled, and still the BSOD lasted only 0.3 seconds or so. Of course, now after using system "restore", I have traded the BSOD for the "black screen of despair".

Is there any way to systematically ask windows to start different sets of drivers that are excluded from safe mode. Even better, would there be a way to step through the boot process one driver at a time? I've been looking into MSconfig, but that doesn't quite help.

Being as I have safe mode this seems like it shouldn't be so difficult.

If I ever figure this out, I'll let you all know. Of course at some point, reinstalling everything from scratch is faster then fixing the problem.

Thanks.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 06 November 2008 - 10:34 AM

What are the errors for that say a certain set of services couldn't start?

When the Splash Screen shows up, that's the time that the boot sequence transitions from NTLDR to NTOSKRNL.exe
It starts the Boot Start drivers, then the System Start drivers
Then it launches smss.exe (the first user mode process)

In general, crashes here are caused by either a bad driver or a corrupt registry hive.
BUT - since there's no record of the crash, this complicates things. Windows will record a crash only if it recognizes it - if not, then it just won't be recorded. When this happens is variable because Windows loads different things at different times - and the thing it needs to recognize the crash may not be loaded (or, the crash may come from a level that Windows never recognizes).

I'd suggest trying System Restore back even further than you have gone. I prefer to use the System Checkpoint restore points as they were made at a time when nothing was happening to the system.

I don't know if this will work, but it's worth a shot. Try enabling Driver Verifier in Safe Mode - then reboot to normal mode.

To enable Driver Verifier in XP/2000, go to Start...Run...and type in "verifier" (without the quotes) and press Enter
Then, click Next to Create Standard Settings
Click Next to Automatically select unsigned drivers
Click Finish to accept the drivers that were selected and close the dialog.
Reboot.


If that doesn't give you something, then try it again - but this time select "Automatically select all drivers installed on this computer" instead of the unsigned drivers.

This may force a crash, the crash may stay on the screen for you to read, it may create a dump file that we can analyze, or it may not work.

Once you're done with the generating the crashes, go back into Safe Mode and run the Driver Verifier and select "Delete existing settings" to stop it from running again. If you don't do this, the system will most likely continue to crash on you.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 06 November 2008 - 11:50 PM

One additional piece of information. I tried adding the /SOS option to the end of boot.ini (msconfig does this for you). After rebooting to normal mode the splash screen no longer obscures the listings of drivers loading. However, after a bunch of drivers loading flys by the screen, it switches to a pale blue splash screen while something loads (at least the hdd light is blinking). Then the splash screen goes away, and I can see three messages saying something like "checking drive c: clean". Anyway, no help from that little foray.

Thats as far as it gets. I'm going to try the verifier thing you mentioned, and if no go, thens its backup the files and a clean install.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 07 November 2008 - 04:11 PM

The light blue screen is likely to be Autocheck running chkdsk on your system.
I forgot to mention this earlier, but here's the link on how to run an analysis of the memory dump file (if we can get one): http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 07 November 2008 - 11:28 PM

Oh, that makes sense.

Verifier didn't seem to help me see the crash or generate a dump file. Just for kicks I uninstalled my nvidia display driver. It still crashes at the same point.

This is rather annoying. I know that the problem must be caused by something that doesn't load in safe mode, yet there is seemingly no way to identify what. I would have though that I could disable one half of the drivers or something, and see if the culprit was in that half. If this was linux I could track it right down to the offending instruction, but I know so little about windows. It seems ridiculous that I can't fix this easily. Oh well.

I don't know that continuing this effort will be worth the time. Looking at the bright side, the drives didn't fail (its raid 1) so I didn't lose all my data. I have acronis true image, and I made a backup about 4 months ago, so, assuming I can find the recovery cd it won't be like starting from scratch. Remind me to take weekly drive images from now on!!!

Thanks again for the help. If I manage to figure this out I'll be sure to post what I found.

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 08 November 2008 - 08:43 AM

You can enable boot logging - then do a Safe Mode boot and a normal mode boot - then compare the drivers that load (if the crash lets it get logged).
It's a long list, so copying it to a spreadsheet with the two boots side-by-side will ease the searching.

Disabling drivers is fairly easy to do with regedit - but it's very likely that you'll hose your system in the process. ALWAYS backup your registry before attempting this!!! Driver loading is controlled through different parts of the registry - so it's not gonna be real easy!

Edited by usasma, 08 November 2008 - 08:45 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 November 2008 - 12:21 PM

Not that it is going to help much, but running the verifier and selecting to verify all drivers (from safe mode) gives me fairly the following non-useful BSOD STOP message. Unfortunately, I don't get a dump file to dig through.

IRQL_NOT_LESS_OR_EQUAL blah blah blah - STOP 0x0000000A (param1, param2, ...). Unfortunately, no driver file is specified.

Still not sure what to do now...At least I have some more information to start googling with.

EDIT: After using clearing the verifier settings and not getting the bsod message. I tried selecting to verify all drivers again in verifier, and didn't get the bsod message. I'm not sure that receiving the bsod message had anything to do with the verifier.

Edited by caen44, 08 November 2008 - 12:50 PM.


#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 08 November 2008 - 01:23 PM

Have you checked to make sure that XP is set to create dump files?
Go to Start...Run...and type in "sysdm.cpl" (without the quotes) and press Enter.
Click on the Advanced tab
Click on the Startup and Recovery Settings button
Under "Write debugging information" please let us know what it says there.

Also, on some systems the C:\Windows\Minidump directory may be hidden. You'll have to enable the viewing of hidden files in Windows Explorer in order to locate it (Tools...Folder Options...View tab)
Move the selection to "Show hidden files and folders"
Then uncheck the "Hide extensions for known file types" and the "Hide protected operating system files (recommended)"
Select "Yes" when it asks if you're sure, then click on Apply to apply the settings.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 November 2008 - 03:00 PM

Yeah, its set to make a small memory dump in the systemroot/minidump folder. I have a few file in there, but they are from some crashes over a year ago.

Other dmp files on the system correspond to application crashes from quite a while back.

Anyway, I'll need a working computer next week, so if I can't fix this by today, I'm going to go back to my last drive image.

Thanks again

#12 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 08 November 2008 - 03:05 PM

Since you have a visible dump, and it's still not recording it - you've either got issues with Windows, or the dump occurs too early in the boot process for it to be saved (not very likely IMO). The image restore sounds like a good idea at this point. Good luck!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#13 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 November 2008 - 04:10 PM

This gets way weirder.

I tried using msconfig and chose diagnostic startup. I thought that I had tried this and it didn't work. Well this time it did boot up. So I went back into msconfig and chose selective startup, with nothing extra selected. It also booted up. I added system and win inis. Still booted. Then I tried adding system services. I got a funny error message about not being able to add a service unless I was logged in as adminstrator. Didn't tell me what service, so I just said apply and rebooted. Again it started up, but seemed very sluggish. Finally I added in the startup items. It still started up and got to the desktop (an ugly one cause I had previously uninstalled the video drivers). But the computer was behaving very strange and sluggish, and both cores of the cpu hung in at 85% for about 5 minutes. Programs (like Process explorer) will launch but take forever to do so.

So now I select normal boot, and sure enough, it boots to the desktop. But it is still horrendously sluggish, and the cpus are just cranked up. I'll reinstall the nvidia drivers and try again. But something just isn't working right.

The only thing that isn't running is zone alarm, probably because I disabled the true vector service sometime in previous boot attempts.

Crazy.

#14 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:06 AM

Posted 08 November 2008 - 04:41 PM

Actually, things are getting better! :thumbsup:
Now that you've gotten into Windows you can do some troubleshooting.

First is to use the Task Manager....Processes tab and figure out which image name is hogging the most CPU and memory.
You can also do this with Process Explorer - and it has a few features that may help to further diagnose the problem.
If you right click on a troublesome process and select Properties, you can look at the Threads tab to find the different things running that may be causing the issue.

You can also use Event Viewer to look for errors that may be significant. Here's a link on how to use Event Viewer - but it was written primarily for Blue Screen errors - so what you're looking for may be different. It's hard to say exactly what you're looking for - but it's usually an error that repeats. I'd be especially watchful for errors during the time it is booting.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#15 caen44

caen44
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 November 2008 - 05:00 PM

By the way, thanks for all the suggestions.

I did get another BSOD when I changed from normal startup to selective startup. With another restart and no changes it booted without a crash. So that seems intermittent now. Still no memory dumps though.

Even under a diagnostic startup, it appears the "system idle processes" are eating up most of cpu time. But I am not sure that the task manager and process explorer are really reporting what is going on. The graphs and the reported CPU% don't match. Explorer.exe also likes to eat up lots of cpu.

There really isn't many process running under diagnostic startup but there still is a problem with the incredibly sluggish performance. Seems like it settles down if I don't touch the computer, but even launching process explorer takes 30 seconds or so. Stuff seems to work fast under safe mode though.

I really don't suspect a hardware problem as my linux system works just fine on the same hardware. It appears as there is a corruption to a critical part of windows somewhere between what runs in safe mode and what runs in diagnostic mode. That can't be much I wouldn't think.

EDIT: I made a mistake. I meant to say that process explorer sometimes show high cpu usage when "system idle processes" are using up the cpu. In other words even when the cpu isn't doing anything. I'm not quite sure yet when and what is eating up the cpu. I'll need to do a few more tests.

Edited by caen44, 08 November 2008 - 05:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users