[RESOLVED] Update pack causes blackscreen after splashscreen

Questions about Update Pack making? Ask here.
Locked
creep in the cellar
Posts: 31
Joined: Fri May 19, 2006 1:09 am

Post by creep in the cellar » Mon Jun 12, 2006 3:09 pm

to me it seems like either something getting removed, system file overwritten, windows updates????? cuz zero problems with a virgin xp sp2 and SCS

well wga notifications works fine. no black screens with it. so out goes my idea of it causing the problem.

User avatar
dumpydooby
Posts: 530
Joined: Sun Jan 15, 2006 6:09 am

Post by dumpydooby » Mon Jun 12, 2006 3:20 pm

Well, try running WU and getting all of the updates. *shrug*

creep in the cellar
Posts: 31
Joined: Fri May 19, 2006 1:09 am

Post by creep in the cellar » Mon Jun 12, 2006 3:22 pm

yeah well the most thorough thing to do would be to do them 1by1 so gonna take much time.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Mon Jun 12, 2006 3:27 pm

It's a conflict between SAV/SCS and a post SP2 file or reg entry. What happens to me is the problem arrises after the first successful user logon - all the way to having a Start Menu. My script initiated reboots from RunOnceEx - and mind you a user is logged in for ROE, just not fully - do not trigger the hang.

Also, for me the hang seems dependant on when SAV is installed. If it's installed during svcpack.inf, RunOnceEx, or via Group Policy there's a problem. If I manually initiate the install, there's no problem.

So it seems like the issue is quite specific in the how and the why. It's just that up to this point, just pinning the issue on Symantec was hard enough. Now figuring out exact specifics probably won't be much easier.

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Mon Jun 12, 2006 3:28 pm

dumpydooby wrote:Well, try running WU and getting all of the updates. *shrug*
Well, I had already tried that and my laptop is still working fine. The problem with starting from scratch and downloading all the WU files is that it renders this website almost useless. The whole point is to make these packs rock-solid, and SCS SAV triggers the fault. I think we've estabished that the fault exists with Ryans pack 2.0.6 and 2.0.5 and SCS/SAV, I think we might have to start with a known bad system and work backwards throught the packs (as Ryan originally suggested) until we find one that works.

I agree with RogueSpear. Symantec itself isn't the problem. It's a known trigger and just conflicts with one file sometime during the boot process and locks up. The problem is that this halt doesn't show up in the event logs. It's possible (I think) to step through the boot process in VMware (which I don't have) to the point of the hang. Smack me if I'm wrong here.
Last edited by mr_smartepants on Mon Jun 12, 2006 3:32 pm, edited 1 time in total.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Mon Jun 12, 2006 3:31 pm

dumpydooby wrote:Well, try running WU and getting all of the updates. *shrug*
I don't think that method would find the problem anyway. If you have a Symantec product installed already and are successfully rebooting, then adding hotfixes one by one probably won't get it to hang.

I think that what needs to be determined is what hotfix is integrated in the install so that when you install SAV automatically (not manually) it hangs.

User avatar
dumpydooby
Posts: 530
Joined: Sun Jan 15, 2006 6:09 am

Post by dumpydooby » Mon Jun 12, 2006 3:34 pm

For what it's worth, SAV 10.0.0.359 installs just fine. No errors. I even rebooted a couple times, and updated all definitions (not that they would likely make a difference ... just wanted to let you know).


I had used RVM206 on this disc.

creep in the cellar
Posts: 31
Joined: Fri May 19, 2006 1:09 am

Post by creep in the cellar » Mon Jun 12, 2006 3:48 pm

that failed for me. i had to go to and older build of windows i made from feb to get no black screens. also had to use SCS 3.0 to get noblack screen.

User avatar
dumpydooby
Posts: 530
Joined: Sun Jan 15, 2006 6:09 am

Post by dumpydooby » Mon Jun 12, 2006 3:54 pm

You used build 359? I thought you were saying you used 400?

creep in the cellar
Posts: 31
Joined: Fri May 19, 2006 1:09 am

Post by creep in the cellar » Mon Jun 12, 2006 4:11 pm

i have used both. look back at old posts. much good info in the rest of this topic. we have tried SCS 3.0 - 3.1 with various SCS maintenance patches. to try and determine if it has anything to do with certain builds of SCS.

creep in the cellar
Posts: 31
Joined: Fri May 19, 2006 1:09 am

Post by creep in the cellar » Mon Jun 12, 2006 5:42 pm

well i have gotten it to fail using ryan's pack as far back 2.0.2a. beyond that have not gone back any further.

User avatar
buletov
Posts: 380
Joined: Tue Feb 15, 2005 11:30 am

Post by buletov » Mon Jun 12, 2006 7:16 pm

Maybe the problem is related with Symantec's correlation with this:
Microsoft: Oops, We Forgot to Mention, WGA Calls Home Daily

Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction. For example, if the company suddenly started seeing a rash of reports that Windows copies were pirated, it might want to shut down the program to make sure it wasn't delivering false results.

"It's kind of a safety switch," said David Lazar, who directs the Windows Genuine Advantage program. Lazar said the company added the safety measure because the piracy check, despite widespread distribution, is still a pilot program. He said the company was worried that it might have an unforeseen emergency that would require the program to terminate quickly.
By the way, unrelated to the quote above, I can not understand how IT versed people like the people on this forum still trust Symantec's products? They are like so full of security holes and omissions with their so much deep (and unnecessary) system integration. There are so much better, faster and more secure solutions out on the market available. The last Symatec product I used was NAV 2002. After 2003 release, I realised where are thing going with it and started exploring other options (I will not say what I'm using now so that this post is not taken as a advertisement). Anyways, people, think for yourself, question authority.
Never know what life is gonna throw at you.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Mon Jun 12, 2006 7:49 pm

Sometimes it's hard to give up old habits. Symantec has always served me well in the field of AV protection. Terribly with firewall protection. In the last several years, the central local government where I work has been taken down a couple of times with virus outbreaks. They were using IncocuLAN, which I believe was absorbed by someone else. They switched to Symantec because we had never been hit. The county government got totally wiped out once and severly pounded a couple of other times. They had been using Trend and have since switched over to McAfee's Enterprise solution. My network is directly connected to these other networks with dedicated wireless and T1, respectively. I never even skipped a beat on my end.

A 100% batting average is hard to argue with sometimes. And BTW, I'm sure this isn't unique to me, but I have some people on my network that just need to be seen to be believed. I swear these are the people you have in mind when you say you want something to be "idiot proof". They click on every single phishing scam, bring all kinds of crap in on floppies, etc. /offtopic

I am investigating other solutions and not too crazy about any of them, but I will need to support SAV for quite some time to come. Even if I don't use it at my main job, most of my clients were using it since before I came along and most are pretty happy with their investment in it too. If any of you are still reading this :P what I'm getting at is that I would really like to get to the bottom of this issue and put it to bed.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Tue Jun 13, 2006 9:10 am

I've come up with a little workaround for this issue that so far seems to be working for me. I am assuming that if you're installing SAV or SCS that you have a grc.dat file in your install source that contains all of your settings.

Use Symantec's tool ConfigEd to modify the grc.dat file. Click on the Advanced button under Auto Protect Settings and change the Startup Options from "System Start" to "Symantec AntiVirus start". This delays the loading of a lot of things I am presuming and it seems to eliminate this hang for me.

While you're at it, you might want to click on the Actions button and put in an exception under the Hack Tools category for "HackTool.HideWindow" to eliminate the false positives on cmdow.exe.

User avatar
Denney
Posts: 92
Joined: Sun Feb 19, 2006 8:25 am
Location: Brisbane, Australia
Contact:

Post by Denney » Tue Jun 13, 2006 9:22 am

Hey guys. I've told Ryan about this but I need someone else to test it to confirm.

Perform the following:

1. Install a stock Windows XP Service Pack 2 installation.
2. Goto Windows Update and apply all updates (including WGA).
3. SILENTLY install SAV.
4. Reboot a few times.

If you manage to get a black screen, PLEASE REPLY BACK. Doing this produces a black screen for me and is reproducable on 3 different computers.

It also appears to have something to do with the LegitCheckControl.dll file from WGA. Replacing that file with a *patched* version appears to negate this issue.

Installing SAV manually WON'T create the issue. Nor will installing SAV silently THEN installing the updates.

It must be done in this order:

Install WinXP -> Update WinXP -> Silently Install SAV -> Reboot a few times.

The number of times required to reboot seems a little random but 2 or 3 should produce the black screen.

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Tue Jun 13, 2006 12:01 pm

Denney wrote: It must be done in this order:

Install WinXP -> Update WinXP -> Silently Install SAV -> Reboot a few times.

The number of times required to reboot seems a little random but 2 or 3 should produce the black screen.
Yup. In that order does it for me.
And installing SAV manually (or silently) blackscreens for me.(see my chronology above)

If I do the following it's good:
Install WinXP -> Install SAV -> Update WinXP -> Reboot as needed.
Works fine.

I've got my fresh new WinXP source (OEM w/SP2 preintegrated). I'm going to rebuild my ISO from scratch using this new source and see what happens. I'll report back my findings.

larciel
Posts: 216
Joined: Tue Dec 21, 2004 3:14 am

Post by larciel » Tue Jun 13, 2006 2:26 pm

just a chip in, I've used 10.1.0.394 since RVpack 2.0.5 and 10.0.2.xxx (i think) before 2.0.5 and never had this problem. (installed in over 20 different real computers)

I used wpi to install SAV silently at first logon.

hope this gets resolved soon

User avatar
jessry
Posts: 14
Joined: Mon Jan 24, 2005 2:57 pm
Location: Australia

Same Problem but different product.

Post by jessry » Tue Jun 13, 2006 5:09 pm

I have been getting the same problem on several computers, but it's not until i install nortons antivirus 2006 that the issue happens. so i'm not running an antivirus on 1 machine to see if it stops, and haven't had the problem for a couple of weeks now. so thats what i put it down to myslef, not knowing other ppl had the same problem till i saw this thread today.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Tue Jun 13, 2006 6:33 pm

If this has been addressed I'm sorry for the double post. But did anyone consider this.

I've read almost every post in this thread and thought of something that could be the culprite (I appologize for the poor spelling) SCS digs its way into the Windows network subsystem. And from what I gather SCS and SAV load their protection systems before certain Windows components as-to try and incress the level of protection. Did anyone consider that maybe SCS or SAV is starting its firewall routeen before WGA can "call home"? I have seen first hand that WGA can cripple a illegitimate system. Maybe, just Maybe, WGA is invoking a stop boot script when it sees that it can't call home. Of course this is all specualtion but I think that it could be part of the issue. Also has anyone tried to Google a program that can log Windows boot errors? I have a copy of Acronis Disk Director Suite 10 that has such a feature. It could prove very useful in at least tracking down the real root of the problem.

Hatefulsorrow...

User avatar
dumpydooby
Posts: 530
Joined: Sun Jan 15, 2006 6:09 am

Post by dumpydooby » Tue Jun 13, 2006 8:26 pm

^That's what I'm leaning toward; something along those lines. My copy of Windows isn't "Genuine" and as such, I use a modified LegitCheckControl.dll. I'm going to assume that the reason I don't have this problem is because I don't have WGA.


So to the ones that are troubleshooting this, have you tried integrating KB095474 WGA v1.5.0532.2 (as opposed to the one in Ryan's pack, which is v1.5.0532.0)? Perhaps this has been fixed already. Alternatively, you guys could try using all of the Windows Updates except KB905474 and see if that does anything. *shrug*


PS-
I, too, haven't read through the entire thread. So if this was already suggested, oopsies.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Tue Jun 13, 2006 9:13 pm

I've tried all versions of legitcheck, hacked and real. Tried removing the winlogonnotify registry entries and it doesn't seem to make any difference. If you think about when the lockup happens, I think it's way before the TCP/IP stack is initialized.

I'm not saying that somehow WGA isn't involved, I'm just saying I don't think the phone home "feature" has anything to do with it.

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Wed Jun 14, 2006 1:04 am

Well, I just got done installing my freshly-built ISO on my laptop and everything is FINE! :D
Now I'm more confused as to the cause.
Here's what I did.
Used nlite for everything.
Used OEM single-user WinXP w/SP2 preintegrated as source.
integrated the following packs
RVMUpdatePack2.0.6.cab
RVMAddonsWMP10_2.5.cab
Microsoft_.NET_Framework_1.1_SP1___2.0_Addon.cab
RVMAddons_1.6.4.cab
Kels_swgreed_codec_addon_v2.4.CAB
ADDON_Vista_Sounds.CAB
KELS_OSX4XP_addon_V1.CAB
Kels_Royale_Addon_4.4.cab
rytukz_Vista_Icons_Pack_Ultimate_System_Patch_addon_1.1.cab
rytukz_patched_files_with_VISTA_icons_MAIN_addon_1.1.cab
rytukz_patched_files_with_VISTA_icons_WMP10_addon_1.0.cab
acrobatsmall-addon.cab
Boooggy_CCleaner130_Addon.cab
KTT_Firefox_1.5.4_addon.cab

used nlite to accomplish all the unattended options and tweaks and integrated drivers.
loaded , activated, and booted fine
installed ATI drivers
rebooted fine
installed new SCS 3.1.0.401 (updated source)
shutdown, reboot GOOD!
Visit WU and download all the 'patch-tuesday' patches including KB095474 WGA v1.5.0532.2
shutdown, reboot GOOD!

Everything is still working fine. I'm at a loss. The only thing I can think of is that I did the WU visit last after SCS.
Hatefulsorrow: You might be on to something there. We're not entirely sure exactly what WGA is doing during the boot sequence. Your thoughts make sense to me though.

Edit:
The laptop was working fine this morning for me and around lunchtime for my wife but when I got home from work this evening it blackscreened on me!
Arrgghh.
I'm trying to get it to a normal boot but I can't uninstall WGA (remove button is missing).
Last edited by mr_smartepants on Fri Jun 16, 2006 8:30 am, edited 1 time in total.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 1:10 am

Maybe WGA or SCS is attepting to connet before the TCP/IP stack is enabled, thus causing the essencial deadlock. A good way to really see is to wait and get the new WGA when the next cycle comes around. If indeed WGA is the problem, due to its habbit of running every reboot, then the next version will change all this. I was over on MSFN today and read this article:

Article

Some people consider WGA to be a form of spyware. I would have to agree with that point. If it looks like spyware and acts like spyware then the damage will be of the same effect.

:idea:
Also I was thinking. Most people in this thread will conced to the fact that there is not a problem when SCS or SAV is installed via RIS or RunOnceEx. Only when set via SVCPACK. Maybe certain functionality can only be implemented when the system is stable and not in such a fluxual state, IE: Durring an install. Has anyone done a comparision of all SCS and SAV registry entries in a install via SVCPACK vs an install via RunOnceEx or the old fasioned way? You could also check DCOM registration and the ODBC.

One final thought, and I know this is a stupid one but it has not been addressed from what I've read, IS SAV or SCS dependant on Dot Net? And if not the Programs themselves, is the installer?? :?:
:?
Hatefulsorrow...[/url]

Submariner
Posts: 9
Joined: Fri Aug 26, 2005 3:21 am

Post by Submariner » Wed Jun 14, 2006 2:32 am

mr_smartepants wrote:Well, I just got done installing my freshly-built ISO on my laptop and everything is FINE! :D
Used nlite for everything.
Which version of nlite? If I use the latest nlite version 8, with Ryans pack 206, I get blue screens of death, no matter how I integrate it.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 2:52 am

Ok Idea. Maybe change the SCS or SAV service boot order as-to have the system call the service for start after TCP/IP stack implimentation and WGA calls. If someone can upload a reg file with the information for the SCS and/or SAV services I can edit it to change the boot order during system boot. It should be located at HKEY_LOCAL_MACHINE\CurrentControlSet\Services

Look through them and find which ones are related to SCS and/or SAV and export. Also I'll need the reg entries for HKEY_LOCAL_MACHINE\CurrentControlSet\Control\GroupOrderList to make this work.

I know that this is a far fetched idea but it could work if the system was told not to call the Firewall/Anti-Virus protection services untill the system login rather then during boot.

I'll continue to research on when and how the LegitCheckControll.dll is called during the boot process.

..................

Also maybe it has something to do with the fact that SCS and SAV work strongly with WMI. Maybe WMI is not fully functional untill after T-13 in the setup process. This would cause some serious issues with the installtion. I had a client machine with the same problem about a year ago. They did not have any addons or anything of the sort. Just a OEM copy of XP Home SP1. There WMI was crippled and, after many hours of troubleshooting and tech support with Symantic, the problem was indeed because of the error in WMI. I had to re-install the machine but it ended up working after the WMI had been fixed.

Just another passing thought.

RougeSpear: You stated that you have used legit and hacked versions of WGA but that wouldn't change the "phone-home" problem. Hacked versions are made as-to tell the M$ website that you are running a legit copy of windows or to tell the LegitCheckControl.dll that there is a Timeout when trying to connect to the M$ website. By default if such a thing happens WGA gives the "All Clear" to prevent issues with people on dial up and those with Legit copys of Windows. But this does not disable the process that is invoked durring the call home. It just lies to the dll telling it something other then what is actually going on. This is also how the javascript code to bypass WGA worked. Don't get me wrong. I'm not trying to flame you or anything of the sort. I'm just trying to help out. I've been visiting this site for about 6 months and love everything that everyone has done. Your packs are great and I use them all the time. :)

Hatefulsorrow.....

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Wed Jun 14, 2006 3:10 am

Submariner wrote:
mr_smartepants wrote:Well, I just got done installing my freshly-built ISO on my laptop and everything is FINE! :D
Used nlite for everything.
Which version of nlite? If I use the latest nlite version 8, with Ryans pack 206, I get blue screens of death, no matter how I integrate it.
I used nlite 1.0RC8. Nlite requires .net 2.0. I would suggest downloading the new installer from nliteos.com; Nuhi silently fixed RC8 and didn't change the numbering. That could fix your problem. YMMV

When I get home from work, I'll look for the reg entries and export them for SCS/SAV.

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Wed Jun 14, 2006 3:21 am

Hatefulsorrow wrote: It should be located at HKEY_LOCAL_MACHINE\CurrentControlSet\Services
I just had a quick look at the registry for this machine at work and the registry path is:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Wow, there are at least 8 keys that relate to liveupdate, NAV*, SAV*, Sym*, or Symantec*.

If you can be more specific on which ones you need that'd be great. I'll do what I can.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 3:25 am

I personally dont use Symantic products for this very reason. So i cant be sure what ones are related to boot protection. I do know that the ones for LiveUpdate arent invoked untill the system calls the wlnotify.dll during the login process so those are out. But any of the others would be very helpful.

Thanks.

Hatefulsorrow....

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 7:42 am

Hatefulsorrow wrote:You stated that you have used legit and hacked versions of WGA but that wouldn't change the "phone-home" problem. Hacked versions are made as-to tell the M$ website that you are running a legit copy of windows or to tell the LegitCheckControl.dll that there is a Timeout when trying to connect to the M$ website. By default if such a thing happens WGA gives the "All Clear" to prevent issues with people on dial up and those with Legit copys of Windows. But this does not disable the process that is invoked durring the call home. It just lies to the dll telling it something other then what is actually going on. This is also how the javascript code to bypass WGA worked.
Yes, I'm aware of how WGA and the various hacks of it work. That's why I said I removed the winlogon notify registry entries.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 10:43 am

RogueSpear wrote:Yes, I'm aware of how WGA and the various hacks of it work. That's why I said I removed the winlogon notify registry entries.
I'm sorry I didn't see that part. :(

I do remember reading in some obscure article about how removing the winlogon notify registry entries for WGA don't do anything beacuse they will be re-imputed by WGA when they aren't found. I haven't tested this so I can't attest to its validity but maybe you could check to see it they are back.

Hatefulsorrow....

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 10:52 am

They will be restored if you go to the Windows/Microsoft Update site or if you have Automatic Updates turned on. Otherwise they won't.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 11:04 am

RogueSpear thank you for clearing that up. /off topic

Has the event log showed anything when this happens?

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 11:50 am

No, the event log service has not yet started.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 12:04 pm

If you enable boot logging, safe mode, ect. there should be a file named Ntbtlog.txt in your Windows directory. This will have the log for the boot process.

User avatar
Denney
Posts: 92
Joined: Sun Feb 19, 2006 8:25 am
Location: Brisbane, Australia
Contact:

Post by Denney » Wed Jun 14, 2006 12:09 pm

1. We seem to centered on SAV/SCS. It's not ONLY those programs. I managed to get it to black screen with just installing Windows Live Messenger 8!! Only did it once but I did it. There are many other programs I've tried that cause this issue.

2. This issue MUST have something to do with WGA because doing everything EXACTALLY the same but WITHOUT the WGA hotfix, everything is fine.

3. The "call-home" feature has nothing to do with this because the black screen can occur before OR after WGA calls home (again, packet sniffers are usefull!).

4. I still can't figure out where the hell this deadlock is occuring. :(

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 1:46 pm

Why not comment out the WGA entries in Ryans pack and see if that fixes the problem. If so then we know 100% that WGA is the problem. And has anyone tryed emailing M$ to see if this is a know compilation? Or maybe email Symantic and see if they know of this. Last night I did some googleing and found a couple articles that seem similar, although not the same, to this.

Another thing is that WGA might not be registaring properly, maybe in the activex controls for IE, and when the system gos to parse the entries it locks up.

If anyone one has a copy that is doing this and is wiling to dump the whole registy on the bad copy and dump also a copy in which the install was done manually, I'd be willing to poor over it for the next day or two and see if there are any differences between that and one where the install was manual.

Hatefulsorrow....

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 1:51 pm

I know that the entirety of this thread can be a long and tedious read and I don't want to sound like a dickhead, but the last dozen+ posts have mostly been rehashing what has already been discussed and tested. You guys may want to read over the full thread so you don't waste your time with something that's been checked off.

User avatar
Hatefulsorrow
Posts: 16
Joined: Tue Jun 13, 2006 3:00 pm
Location: South Lake Tahoe, CA

Post by Hatefulsorrow » Wed Jun 14, 2006 2:17 pm

RogueSpear: I appologize for bring back things that have already been ruled out. I have read this thread start to finish twice now. I honestly thought that these points had not been addressed.

But back on topic, RogueSpear, I would like to know what your thoughts are on some of the step that I have mentioned. Do you think a side by side comparision of the registry entries from a working machine and a machine with this problem would lead to a posible conclusion? And if so would you be willing to send me the registry dumps?

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Wed Jun 14, 2006 2:23 pm

Just a quick update on my install.
The laptop was working fine this morning for me and around lunchtime for my wife but when I got home from work this evening it blackscreened on me!
Arrgghh.
I'm trying to get it to a normal boot but I can't uninstall WGA (remove button is missing).

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 2:46 pm

It may give some clues. It may not. One of the problems is reliably getting an install to hang under VMware. I think using snapshots is probably the way to go. The other problem is that we don't know what the trigger is. Yes, Symantec is involved, but it's not even the mere presence of a Symantec product, but how and when it's installed.

At one point I had thought that if I could get a VMware install to lock every time, then I would just start replacing files one by one from SP2 until I found the conflicting file. But I seriously doubt that would even work.

WGA may or may not be involved. It seems like a likely candidate because of the nefarious way in which it works. I have to wonder if Symantec's Anti-Tampering technology is fighting with WGA. But how do you obtain empirical data to support that? It's just far too time consuming to be grasping at straws forever. A couple of days ago I posted a workaround that seems to be working for me. I think I'm going to need to just stick with that as I don't have the time work on this issue other than during the course of what I happen to be doing anyway. That's how I made my last observations.

User avatar
mr_smartepants
Posts: 824
Joined: Thu May 18, 2006 5:56 am
Location: Cambridgeshire, UK

Post by mr_smartepants » Wed Jun 14, 2006 2:51 pm

Well bad news guys. My laptop won't even boot into safe mode now. I'm going to have to start over. I got it into safe mode once. I did check the ntbtlog and didn't find any WGA or SCS listings at all.

I'm going to try again and NOT install WGA and see how far I can get.

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 2:58 pm

mr_smartepants, you may want to integrate SysInternal's Autoruns into your install routine. If you're able to get into safe mode, you can always uncheck all of the Symantec entries. That always works for me.

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Wed Jun 14, 2006 4:37 pm

For another fun test - both boooggy's and Xable's XP SP2 update packs also include WGA. It would be nice to see if the blackscreen can be reproduced with their packs.
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
dumpydooby
Posts: 530
Joined: Sun Jan 15, 2006 6:09 am

Post by dumpydooby » Wed Jun 14, 2006 5:31 pm

Oh yeah, I was gonna start using Xable's pack in lieu of yours. It would be funny if I got this error with his, since I have never gotten with yours.


edit:
And since I'm not getting this error when I use the same steps as you guys, is it possible that it could be a hardware issue? I know it seems rather unlikely, but why would I not get this error?

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Wed Jun 14, 2006 5:47 pm

There was a point in time where I got this error with VMware. If I'm not mistaken Ryan has experienced it in VPC. I personally have experienced it in all manner of P3 and P4 based desktops and laptops. Different chipsets, video, sound, NIC, etc.

I would give anything to be abe to reliably reproduce the issue again in VMware though so that I could really play around by way of snapshots.

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Thu Jun 15, 2006 9:51 am

Yes, I've reproduced it on all types of hardware and in VirtualPC
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

a06
Posts: 139
Joined: Thu Dec 23, 2004 2:11 pm

Post by a06 » Thu Jun 15, 2006 10:24 am

I've been using Ryan's packs for a long time now.
I have never experienced this problem.

I don't know if this is any help, but here's what I do (feel free to compare it to others, maybe it will help narrow the problem):

WinXP Pro (Geuine Corporate copy) + SP2

◘ Updates & Addons:
• Update: WMP10 Addon Version 2.5 (RyanVM)
• Update: RyanVM's Windows XP Post-SP2 Update Pack 2.0.6 (May 14, 2006)
• Program: Unlocker Light 1.8.3 (Xable)
• Hacked File: Tcpip.sys 1.1 (RyanVM)
• Hacked File: UXTheme.dll 1.1 (RyanVM)
• Theme: CrystalXP dlb2 1.1 (Siginet)
• Theme: Luna Element 5 1.3 (Siginet)
• Program: Calculator Plus 1.2 (Xable)

Software (to install this, I use W.A.I.T. v0.21):
+ Meedio Pro 1.41
+ Firefox 1.5.0.4
+ Adobe Reader 7.0.8
+ Office 2003 SP2
+ Office 2003 Updates
+ Media Player Classic 6.4.9.0
+ uTorrent 1.5.437
+ J2SE Runtime Environment 5.0 Update 7
+ DotNet2.0
+ Winamp 5.21
+ Real Alternative 1.47
+ Winrar 3.51
+ Arcsoft DVD Slideshow code
+ BitTornado 0.3.7 stable
+ LimeWire Pro 4.10.0
+ QuickTime Alternative 1.68
+ Girder 3.2.9b
+ MixMeister BPM Analyzer
+ MP3Gain 1.2.5
+ Foxit PDF Editor 1.2
+ FFDshow 2005-11-29
+ CMenu 2.3
+ HashTab v1.9
+ Spybot S&D 1.4
+ Macromedia Flash Player 8
+ Macromedia Shockwave Player 10
+ DVD-to-AVI 1.9
+ ArcSoft DVD Slideshow 1.0.0.50
+ Tag&Rename 3.1.7
+ Flexible Renamer 7.3
+ .NET 1.1 SP1 - includes Hotfix KB886903 (RyanVM version)
+ MediaMonkey 2.4.1.862
+ PDFCreator
+ FlashFXP
+ Symantec Antivirus Corporate Edition v9.0.3.1000 (with updated LiveUpdate v2.6)
+ PowerDVD v6
+ Nero 6.6.0.0



Hope this helps, somehow...

User avatar
Denney
Posts: 92
Joined: Sun Feb 19, 2006 8:25 am
Location: Brisbane, Australia
Contact:

Post by Denney » Thu Jun 15, 2006 11:16 am

Hey Ryan, I might have found a solution... update your pack! lol.

I've tested it with booogy's and Xable's packs and can reproduce this issue easy.

Now, to the solution... I downloaded the latest updates and slipstreamed them into the source (haven't done that in a while, the pack looks a little different now than to when you started out Ryan.. :P) and created the CD.

I ran this CD on all 3 computers doing exactally what I did before to cause the problem and I cannot reproduce it anymore... I don't know if it's shear luck or what but it seems MS might have fixed the problem in their latest bout of updates.

Note: For other people to test this, you must slipstream the updates like Ryan does into your source. Manually installing the updates seems to work sometimes but not others. Installing the updates AFTER installing SAV seems to have the same effect. Sometimes it works, other times it doesn't.

I only know for sure that slipstreaming the updates into the source has worked for me 8 times so far with the various tests I'm doing.

a06
Posts: 139
Joined: Thu Dec 23, 2004 2:11 pm

Post by a06 » Thu Jun 15, 2006 12:23 pm

Denney wrote:Hey Ryan, I might have found a solution... update your pack! lol.
...
Now, to the solution... I downloaded the latest updates and slipstreamed them into the source (haven't done that in a while, the pack looks a little different now than to when you started out Ryan.. :P) and created the CD.
...
I only know for sure that slipstreaming the updates into the source has worked for me 8 times so far with the various tests I'm doing.
Oh man, if this is true, then that's just funny. :lol:

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Thu Jun 15, 2006 12:31 pm

Denny may have a point. It seems the higher the build number in legitcheck.dll, the less and less I'm able to reproduce the problem.

Locked