A Lesson in Failure: PC Troubleshooting

by Posted on

Hello! I’ve decided to revive this blog since I’ve been paying for the domain and hosting for the past few years, but have neglected to post anything.

Over the past couple of weeks, my brand new PC has been crashing a bunch. I had a bit of free time today and decided I’m finally going to sort this out as it’s really interrupting my need to play Among Us with my buddies.

I’ve broken this post down into observations, a preliminary investigation, interrogation, and (possible) resolution. Enjoy!

UPDATE: PC crashed after another hour so guess the issue isn’t resolved! I’ll leave this up since I think while it’s important to document your successes, it’s just as, if not more so, important to document your failures. Please let me know if you have any tips! I’m writing this on my phone, but did take screenshots. Will add them into the post when my PC is stable enough.

Observations: 

PC crashes regularly – does not BSOD, just shuts down. 

Doesn’t occur at any particular time or during any particular activity, appears random in nature. 

Sometimes occurs after I’ve logged in, sometimes before reaching the login screen, and other times when the PC is just idling in sleep mode.

Preliminary investigation:

I started by unplugging all external devices and giving the PC a clean boot. To my surprise, it still crashed! This led me to believe it may have been a hardware issue, so I opened up thee case and reseated my HDD, GPU and RAM, and made sure all motherboard connections were tightened. A reboot later and whattayaknow, still crashes! I’m now thinking there’s an issue with a startup service or program.

Hoping that the simplest solution was correct, I opened up the PC’s reliability history, which identified a bunch of errors with the Logitech G HUB application, used to manage Logitech peripherals.

I uninstalled the G HUB app as I don’t really use its features, and hey presto, almostly immediately – another crash!

To make sure my issues weren’t hardware-related, I opened up Task Manager to review the utilisation and temperatures of my resources. Nothing stuck out as particularly notable, so I’ll need to continue investigating.

Easy options out of the way, I decided to do some real digging in the event logs.

Interrogation:

Like all good SOC analysts, I started by opening Event Viewer (eventvwr.exe) while in Safe Mode. I had a look for Event ID 41 (Kernel-Power) to get the exact timestamp of the last crash, and to see if I could discern the reason for the crashes.

To do this, I created a custom event view, and filtered by Windows events with an ID of 41.

This gave me the last time that a crash occurred (10/01/23, 10:00:58 AM). 

Armed with this information, I created a second custom view, using the “Logged:” parameter to obtain events within 30-60 seconds surrounding the power event.

This helped me to determine when the actual shutdown event occurred (i.e. 9:28:58 AM). This turned out to be a fast shut off with no real surrounding events, however it did lead me to an earlier shutdown at 8:39:42 AM.

By expanding the time range to start from 8:38 AM, I found some additional COM and SCM errors. The SCM errors related to the “Radarr” service, a movie collection manager. The COM errors relate to an application ID of {15C20B67-12E7-4BB6-92BB-7AFF07997402}.

I adjusted the date / time range again to go to the crash prior to this one. The events surrounding that shutdown event also included some COM errors relating to the same application ID, so I decided to dig into this app ID a little further. The warning directly prior to the COM error indicates an issue with permission settings related to Windows.SecurityCenter.WscDataProtection.

This leads me to believe there may be an issue with the Radarr service, and there’s also some kinda issue with whatever application relates to the app ID {15C20B67-12E7-4BB6-92BB-7AFF07997402}. Seems like it’s attempting to read / write some protected data and Defender (or something else) is shutting down the process.

I fired up regedit to find out some more information about that application ID by navigating to HKCR\CLSID\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}. This informed me that the application is “PerAppRuntimeBroker”.

This info in hand, I opened up Component Services to adjust the permissions for the application.

I granted my SID the requisite permissions and saved the permission settings.

(Possible) resolution:

To recap, at this point, I have:

  • Performed some hardware checks, a bit of acoustic maintenance, and reseated peripherals
  • Uninstalled a few applications (Logitech G HUB, Radarr)
  • Reviewed event logs, service and registry configurations
  • Adjusted the permissions for PerAppRuntimeBroker

It’s now been a good few hours and I’ve not experienced a crash. Will update this post some more if the above steps didn’t truly resolve the issue, but fingers crossed!

Thanks for reading! 🙂