Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing On Cold Boot And Reset // Vss Error


  • Please log in to reply
14 replies to this topic

#1 Ron Devito

Ron Devito

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 07 May 2008 - 05:19 AM

Good morning all.

My computer always locks and freezes on cold boot, and sometimes after a reset. If I go into any form of safe mode, then do a normal restart, the machine comes up fine.

I have AVG Free, Comodo and Spybot Search/Destroy and did full scans in both normal and safe modes with clean results. Ditto for Verizon's suite, which I had prior to installing these three apps.

I have tested the RAM using a RAM tester and the RAM is good.

I've uninstalled and re-installed various applications. This is a fresh build less than a week old.

My application log is showing this error just as I shut the machine down after normal use:

VSS Event ID 12289

Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{2961f54d-1927-11dd-b036-806d6172696f},0xc0000000,0x00000003,...). hr = 0x80070005.


I am also getting this warning in conjunction with the VSS error

Userenv Event ID 1517

Windows saved user DEVITOR\ronmeister registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account


The other error I get in the Application Log is:

WinMgmt Event ID 63

A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


I'm not certain if any or all of these are responsible for the boot locks/freezing. They all appear to be related to some application or service running and either causing a security breach or not flushing correctly.

Also, this machine is a custom-build. I had a major with the stock fan with the CPU...the fan wouldn't stay on, and when I finally got it on, it never cooled the CPU down to acceptable levels. My machine had thermally shut down at least half a dozen times during the first week I had it, till I liquid-cooled the CPU. So, I'm wondering if I did something to the CPU.

Here is the spec on the machine and running software:

MassTherm "air conditioned" case (note: the AC is a gimmick. Call it a glorified front fan)

XFX 790i mobo with factory bios, not flashed. This board is a replacement for a 790i on which I did flash (read that "flush") the bios and it failed, rendering the board inop.

OCZ Gamestream 1010W PSU

4 GB DDR3 OCZ RAM

Two Palit 1GB NVIDIA 9600 video cards

Two Seagate 750GB SATA drives

One LiteOn DVD Burner

One Artec CD Burner

One Ultra Card Reader

Numerous USB devices including CH Flight Sim Yoke and Rudder Pedals, IPOD, JVC Everio Camcorder, a Sony MiniDV camcorder (firewire), a Pinnacle Video Capture Device, Olympus Voice Recorder, Fantom 500 GB external HDD, edimensional USB headset, Motorola Phone Tools, and a flash drive.

Software:

Windows XP Pro SP2.
MSIE 7.0
MS Office Enterprise 2007 SP1
FSX SP2
X-Plane 9.0
Pinnacle Plus/Ultimate 11.2
AVG Free
Comodo
Spybot Search and Destroy
Real Player, QuickTime+iTunes, Windows Media Player -- all latest versions
Audacity
AOPA Real Time Flight Planner
Windows Live Messenger, and Photo Gallery
Carbonite

Thank you.

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:45 AM

Posted 07 May 2008 - 09:26 AM

Wow, that is a noodle scratcher, isn't it?

Shot in the dark here but check the event logs for an error like this one:

"An error was detected on device \Device\Harddisk0\ during a paging operation."

#3 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 07 May 2008 - 03:03 PM

Andrew,

Yes. On May 3, I got the following errors in the system log:

Disk Event ID 51:

An error was detected on device \Device\Harddisk7\D during a paging operation.

FT Disk Event ID 57:

The system failed to flush data to the transaction log. Corruption may occur.

The ID 57 error appeared four times.


The errors have not occurred before or since.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:45 AM

Posted 07 May 2008 - 03:35 PM

run chkdsk /r and see if that clears it up. Defragging may also help, but no guarantees.

#5 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 07 May 2008 - 07:56 PM

Andrew,

I ran chkdsk /r. It found nothing wrong with the disk....clean result.

I also applied this fix...

http://www.microsoft.com/downloads/details...70-42470E2F3582

...which addresses the VSS and the 1517 error. The fix worked in that I have ceased getting the error messages. So that part of the problem is resolved.

But, I'm still having this problem cold-booting the machine. The only way I can use the machine from a cold boot is to go into some form of safe mode first, then do a restart and go in normally. When the cold boot locks up, it happens in my logon sound and about the same time icons would start appearing in the system tray. When the machine locks, the start up sound stutters at a high rate -- like records of old playing the same groove over and over again when the needle hits a scratch....only at a much faster rate. I don't know if the audio has something to do with it. I'm using the RealTek driver. I also have a USB headset and that's a C-Media driver. When the crash happens, the mouse freezes and the keyboard locks. I have to reset or power off. Nothing is written to the event log from these crashes.

Now....there is another matter I did not mention and it relates to hardware. As you see from the spec, I have this "air conditioned case." Problem is, I had to remove the exhaust fan to put in the liquid cool unit for the CPU. So, while the CPU is nice and cool, the mobo and video cards cards are running somewhat hot. The front fan must be turned on separately as it's part of the AC (which is a thermo-electric thingy, but once its output temperature coincides with ambient, it shuts off, and I have to go to fan only). Quite frankly, I'd dump the case, but I've already invoked the rebate on it and trashed the box. I've ordered -- and will receive two PCI Evercool 42 CFM fans tomorrow. One will be located between my two video cards and one will be located above them. These will provide 84 CFM of exhaust, which should help a lot.

But....a thermal shutdown would just power the system off entirely. I don't know what to make of this cold boot problem. My virus/spyware scans are clean. Good mobo. Good RAM. Clean disk. Fresh build ... this is not a machine I'd been using and installing and uninstalling stuff from for two, three, or four years. Latest hotfixes, latest drivers...the whole smack.

==========================
May 8 Update:

My system is now XP Pro SP3. The SP3 upgrade has slowed down the cold boot crash profile. Cold boot crashing occurs after Windows Live Messenger loads...it's one of the last items in the system tray. As before, if I boot into any form of Safe Mode, then do a restart, I'm OK. Nothing is being written to the event log from these crashes. There are no dump files being output, even though XP is configured to output them. Also....even though I have 4 GB RAM, XP only sees 2.5.

Edited by Ron Devito, 08 May 2008 - 04:59 AM.


#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:45 AM

Posted 08 May 2008 - 07:40 AM

A shot in the dark, but try this fix to see if it's a problem with your user profile: http://www.microsoft.com/downloads/details...;displaylang=en
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 08 May 2008 - 02:26 PM

John,

Thank you, but I already applied that fix last night, then I applied SP3 (which I think contains the fix). The 1517 error is gone....which that fix is supposed to address. The cold-booting problem is what remains. While the fix and SP3 improved things some, I still can't cold boot into the normal XP implementation.

The slot fans are in now and have drastically improved air flow in the case. Now the air conditioning in the case appears to work right...and the temps in there are much more reasonable. Those two exhaust fans help a lot.

The VSS error remains (the hotfix and SP3 did not fix that -- they did fix the 1517), as does the cold booting problem.

Edited by Ron Devito, 08 May 2008 - 05:50 PM.


#8 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 08 May 2008 - 08:20 PM

Well...I opened a support request with MS, and it turned out....remember I was fooling with MS config? I had it selective mode. And left it there. Applied SP3 with it like that. Lucky I didn't blow up the SP3. Anyway, I put it back to normal, took a deep breath and did a shut down. Waited. Powered back up. Waited for the crash. :flowers: None. :thumbsup: Checked the event log. No more VSS error. I then went into Nero and disabled the scout via Nero to stop the WMS error that I tried to stop by fooling around with the MS Config.

Right now, things seem to be resolved over here, though I'm going to leave both the MS Support ticket open and this thread, just in case.

This was a heck of a rough build for me. A lot changed in the last four years, and I guess some of my rust was to blame too.

===============

May 9 Update. VSS error returned. VSS actually has an admin function that can be executed at command line. Check this link. http://blogs.technet.com/asksbs/archive/20...and-backup.aspx Even though it pertains to small business server, the commands can be run in XP. VSS is used for Windows Backup. Since I have Carbonite and an external HDD, I do not need the backup service. So, I went into the services.msc snap-in, went to standard, stopped and disabled VSS altogether. No negative effects on my applications. In fact, in the cold boot that followed, my desktop icons all came up at once -- before they would slowly fill in. Disabling this service not only eliminates VSS errors, but significantly speeds up the desktop upon booting.

The bottom line is for anyone who has an XP-based machine, if it's crashing on cold boots, check the event logs for VSS Event ID 12289. If it's there, go into the services snap-in, stop and disable VSS entirely.

Edited by Ron Devito, 09 May 2008 - 05:27 AM.


#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:45 AM

Posted 09 May 2008 - 05:57 AM

Thanks for letting us know the resolution Ron! I'm sure it'll help others with the same problem.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 09 May 2008 - 05:57 PM

I spoke too soon. VSS is gone, but the cold boot crashes are not. Back to MS....

#11 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 11 May 2008 - 07:51 PM

Maybe this means something?

Service Control Manager Event ID 7026

The following boot-start or system-start driver(s) failed to load:
AvgLdx86
AvgMfx86
cmdGuard
Fips
intelppm

The first two files are from AVG. The third one is from Comodo Firewall. The fourth and fifth are from service packs. These failed to load on my last cold boot crash. This is the same behavior as my Verizon software exhibiting. Also, AVG found a trojan....mind you this is on a new build. I'm wondering now, if this is some type of infection. Thoughts anyone?

#12 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 12 May 2008 - 03:00 PM

OK...I think finally, I might have resolved this. First off, my "trojan" referenced earlier was a false alarm. The "trojan" AVG ID'd is actually part of the Yahoo/AVG toolbar! My machine is clean. So why would the antivirus fail to start? I stumbled upon this:

http://www.askdavetaylor.com/autoupdated_w...l_the_time.html

It refers to Data Execution Protection (DEP) and it has to do with when you are using Physical Address Extension or PAE. The trouble is for DEP to work, PAE must be enabled either via software or hardware. My setting was opt-in. This assumes that the hardware -- i.e. the motherboard -- is enforcing DEP and the OS acts accordingly. The fix in my case was to set it to AlwaysOff, exactly as you see it. This shuts of DEP unless you put a /PAE in the boot.ini. This first link above teaches you how to manually edit the boot.ini file. You must clear the system, read only, and hidden attributes first, then change the setting.

There is an easier way....check this link:

http://www.microsoft.com/technet/security/...p/depcnfxp.mspx

Go down to "Configuring System-wide DEP Options"

Follow the instructions and verify that the boot.ini was modified. I looked at mine through MSconfig (without making changes), before I shut down and took the cold boot. I'm going to take a few more cold boots today and tomorrow. If they're all clean, I'll accept this as being the resolution. I did notice that the boot process SIGNIFICANTLY sped up upon shutting off DEP.

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:45 AM

Posted 13 May 2008 - 06:34 AM

Thanks for posting the solution. This'll help a lot of other people with the same problem.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 Ron Devito

Ron Devito
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 May 2008 - 03:29 PM

John,

Well...it turns out that was not the solution either, but I think the third time might be the charm. I called Intel thinking maybe it might be my CPU. After all, with it running up past the boiling point of water at least 10x, and being shut down, who knows? I could have cooked the chip. But Intel told me the failure mode would be that CPU would just stop working altogether. He told me to check the RAM...and that 4 GB in a 32-bit machine is not the best idea...especially if one of the sticks is bad.

You know what happens when you run a 32-bit OS with 4 GB of RAM? You see about 3.2 of it. Well, my XP was only seeing about 2 and change. Hmmm.....so, I pulled out two sticks of RAM -- the second two slots naturally. I cold booted twice. Hmmm. No problem. No errors. Could it be that one of the sticks was bad and the RAM test just wasn't picking it up? Tough to tell.

I'll post once more after I've taken several more cold boots, and hopefully that will be the final resolution. If nothing else, this back-and-forth shows that a problem of this nature requires extensive troubleshooting.

#15 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:45 AM

Posted 14 May 2008 - 06:04 AM

4 gB of RAM in a 32 bit OS has been known to cause issues. There's very little info available about this, and most posts refer to errors in DMA as a consequence. It seems to happen mostly with older motherboards.

Here's a link to a more in-depth discussion: http://www.bleepingcomputer.com/forums/ind...st&p=602330
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users