Actually 15 seconds a day is a standard spec for inexpensive watch/clock crystals. Even though the motherboard is new, I would have done that a long time ago but I found that the battery is under the video card, so a partial disassembly of the computer is required.
I have a big preseentation coming up in a few days. When that's past I will pull down the computer.
Yes, I'm a bit irritated that the battery couldn't be put in a more accessible place, like every other motherboard I've ever had.
My paper is tonight and I need the computer to prepare; changing the battery requires pulling the video card which ripples into messing with the KVM switch, etc. so I will do that tomorrow, after the paper. This avoids a personal crisis in the unlikely event that the computer doesn't boot after being put back together or otherwise needs attention that I don't have time to give. Likewise I haven't spent time with online support because of time pressure with tonight's deadline.
My information is that for a computer that is plugged in all the time and is of ATX vintage or later, the battery is never in play. The power supply 5 V stand-by voltage is used for keep-alive and clock, even when the computer is shut down or "off" This is why most computer batteries last far beyond their three-year stated life expectancy, except when left in unplugged computers, when they last a year or two. This motherboard was refurbished in the December 2013 time frame which almost certainly included a new battery. So I expect no change when putting in a new battery. But I will do so tomorrow morning.
The computer clock drift as observed is consistent with specifications of inexpensive clock crystals an typical of what I have observed in computer clocks over the years. This observation is over innumerable computers built over the years beginning with a Dallas Semiconductor chip put under another chip on the motherboard of a Tandy 1000 that replaced my TRS-80 Model 4.
BUT, I HAVE IDENTIFIED A REPEATABLE SEQUENCE LEADING TO 3038,104 AND 8920,208 ERRORS. Whenever there is a large virus definitions file update, the error occurs. Sometimes I get an 8920,208 error after the lengthy download process, and the update fails, more often the LU process completes and then I get the 3038,104 error until I boot the computer. This happens EVERY TIME. Apparently something in my configuration causes LU or IU to corrupt my N360 process that operates the scans and it invokes the 3038,104 error. Sometimes the N360 process that uses downloaded files to update the databases detects an error and invokes the 8920,208 error.
Just now I downloaded a 500K virus definitions update file, which took about a minute, the update failed, and I got a screen that liked to a Norton web page that does not list an error but tells me to wait 24 hour or un IU. I'm downloading the IU file now but speed is limited to about 20 KBPS, bursty, as opposed to the usual ISP-limited speed, probably because hundreds of other users are also downloading the IU updater right now for the same reason. N360 will still do a scan, but in the past I have found that I will get a 3038,104 error after the IU.
In summary, I have concluded:
For now I must simply resolve the problem with a reboot. I don't have four hours to wait for an IU download so I will not continue my usual course of running IU and then verifying that I then get the 3038,104 error as I have every time I have done this before. And, tomorrow, I will change my computer battery.
I expect that rebooting the computer will restore N360 as it always does, and resume preparing for my presentation. Tomorrow I will change my computer battery. When the error occurs again, then, if regular business hours are in effect, and I can take the time, I will go to Norton online support with the error in effect and resume the support process.
Correct me if I am wrong, but this is the first time you noted the 8920,208 error massage. That gives us more information to work with.
If you use a proxy, check your proxy settings are correct.
Reset Winsock (In cmd with Admin Rights-> Type netsh winsock reset) -->Restart PC-->Run Live Update
Clear your DNS cache. See https://www.whatsmydns.net/flush-dns.html
Obviously you will want to try this after your presentation, so let us know if any of this helps.
I reset the winsock and flushed the DNS data. I'll shut down now and change the battery. Unless removing the video card ripples into other problems, I should be back up in an hour.
I changed the battery. The video card got enough out of the way without disconnecting the adapter to the KVM switch or the auxiliary power supply connectors, and the motherboard connector has an error-save alignment and latching lever like those in RAM slots, so it was less of a teardown than I expected.
The old battery read 3.132 Volts on a Fluke 77. The new one read 3.32 Volts. So, the old one was OK but the new one is better, never having sat in a motherboard bereft of a power supply with standby voltage.
Since there is a new major virus definitions update every two days or so, we will have to wait and see if the winsock reset and DNS cache clear accomplished anything. Part of the process of the winsock reset is a restart, and that always solves the problem for a few days.
Let us know, as there are some other suggestions for your second error.
Since my last update on June 27, after resetting the winsock and clearing the DNS cache, I had an 8920,208 error on June 29 when a LU failed to implement an update of the virus database. Smaller updates did succeed. I ignored it and in the morning everything seemed OK. But I had a 3038,104 later in the morning of June 30. Computer clock was 7 seconds fast; I did not correct it. I rebooted and cleared the error.
I downloaded a copy of SymHelp.exe and ran it but don't see what it can do for me except under instructions from Norton Tech Support. It did a system scan and, like NPE, it doesn't like my old ASCII Art Generator and takes umbrage at the PowerDesk 9 file manager DLL, both of which are false positives.
That's the status at this point. Suggestions welcome.
Wow, just had another 3038,104, the second one today. System clock is still 7 seconds faster (sooner?) than time-b.nist.com. Will reboot in a few minutes.
With the 3038,104 active, I ran SymHelp.exe and collected a data file, filled out the form, giving case 16137302 (assigned by online support on June 3) and uploaded it to:
I'll reboot now.
Had a couple more 3038,104's and 8920,208's and went to Norton/Symatec online support. Apparently the old case was closed so we opened a new case. No smoking guns; Windee turned off scanning inside archvies and insisted on un-installing MalwarBytes and SuperAntiSpyware that I could see. I don't expect that this will change anything. I'll just keep coming back on the new case number.
[edit: Removed case number per the Participation Guidelines and Terms of Service.]
motorfingers11 wrote:I ran NPE and got rid of a registry entry "Hideicons" for "Explorer," probably Windows Explorer, not IE. I did a chkdsk of all four HDs and all are clean and OK.
When you ran chkdisk did you use the /r option to check the physical disc for errors?
I did not use the /4 or /r option with Chkdsk. The HDs are two new WD Black 2 TB and have zero bad sectors. Running a chkdsk /r on a 2 TB disk takes over a day. The HD hardware has ECC built-in with SMART reporting of soft errors - and hard errors - that would flag any problems, and there are none. Diskeeper monitors the SMART data. Both of them were new in November. The two HDs in the computer are C: and E:, I have external RAID drives that Acronis (paid, not free WD) uses to back up C: and E: with rolling backups. If Diskeeper or other utility sees SMART data indicating that a HD is beginning to have errors, I will use Acronis to move the data to a new HD.
I had been intending to do a chkdsk /4 on the new HDs as I have historically done when setting up a computer but I did not have a week to watch asterisks creep across a screen because this whole upgrade was unplanned and I needed the computer. My laptop is great for travelling and some emergencies but it just isn't up to my Lightroom/Photoshop antics and the big number crunching. It's good for application development but its small screen is a liabilty in a GUI development environment. I could put it on the KVM switch, and that is Plan C if I have an emergency.
I have close to 200 applications installed on this computer. It is using HPFS-initialized HDs on a UEFI BIOS that is backward-compatible. There are lots of unusual things about this computer. I use it for everything. I put 16 GB of RAM in it because I watched 8 GB fill up when I was wheeling and dealing with Lightroom and Photoshop, which I do often. Everything works flawlessly except AsusFanControlService, which stopped working after I installed a bunch of stuff and hooked up my nest of USB hubs, so something conflicts with that. I also have a LInux computer on the same Verizon FIOS router through an Ethernet switch (it;s in the DMZ and is a Sourceforge buildbot), and my TV talks to the WWW through WiFi to the same FIOS router with an access point that I hacked from a cheap Belkin router and some GNU router firmware from Germany. Something is conflicting with the N360 virus x64 database update, I believe, because N360 goes unstable every time there is a big one. But a reboot clears it right up every time.
I gave a talk to the IEEE last week that is a draft for a technical paper, and an preparing another one on an entirely different subject for a seminar to a major University in Phidelphia for the fall. A third task for the computer is of research that requires running processes 24/7 for weeks; I once ran my dual quad-core Xeon computer for over a year with all eight processes going for an earlier stage of a related project; I would freeze one core when I needed the computer by assigning it a low priority with the task manager. Newer compilers and all eight cores in one CPU allow me to exercise all eight cores with multithreading and parallelization, and I may try that this time. If I need to start that while I am having to reboot every two days to keep N360 going, I will have a decision to make. I am currently in a position to pospone that.
This last session with online remote assistance has convinced me that this problem needs to be elevated because the people that take the calls have a troubleshooting flow chart that they follow but do not seem to have the global ambience of issues like you do. The last one un-installed Malwarebytes and SuperAntiSpyware, stopped responding, and hung up - i.e. she gave up. She also failed to delete registry keys labeled MBAM, although it was obvios that these are MalwareBytes Anti-Malware keys, but they were harmless when MalwareByes was there and N360 Registry Cleanup left them, so they are apparently harmless.
You don't have access to the computer like they do. So, this must get the attention of someone that does remote access support who deals with rare problems like mine. I found that they close cases if you don't get back to them soon. So, I will get back with them with case 16661922 every time I have a 3038,104 until either this is resolved or I become convinced that my particular configuration is just not compatible with N360 as it exists today (21.3.0.12).
Do a web search on 3038,104 and look carefuly at what you find. There are others out ther with this problem. Questions and threads get opened, and there is essentially no solution to most of them, the threads just die out. This thead has had a lot of very good suggestions and it is my best hope. I would like to be a resource for Norton to find and fix this problem, or at least identify it and plan a revision that will fix it. I just need to figure out how to make that happen.
motorfingers11 wrote:I did not use the /4 or /r option with Chkdsk. The HDs are two new WD Black 2 TB and have zero bad sectors. Running a chkdsk /r on a 2 TB disk takes over a day. The HD hardware has ECC built-in with SMART reporting of soft errors - and hard errors - that would flag any problems, and there are none. Diskeeper monitors the SMART data. Both of them were new in November. The two HDs in the computer are C: and E:, I have external RAID drives that Acronis (paid, not free WD) uses to back up C: and E: with rolling backups. If Diskeeper or other utility sees SMART data indicating that a HD is beginning to have errors, I will use Acronis to move the data to a new HD.
Quite a system you have. You also seem to know your stuff.
Even a new HD can have problems. That's why we have warrantees. There are also differences between the scans done by the SMART features and the HD diagnostics from the manufacturer and the Windows chkdisk. Windows does not use the drive's table of bad sectors, but uses its own record. That can only be populated by chkdisk.
I tried to find my original source for this information, but only came up with a couple of pages. One from Microsost Answers forum http://social.technet.microsoft.com/Forums/windows/en-US/1576ba98-a43a-4b8a-afe8-35e1fba7b856/chkdsk-hdtune-show-bad-sectors-but-no-smart-reallocation-events?forum=itprovistahardware
and one from Bleeping Computer http://www.bleepingcomputer.com/forums/t/457645/chkdsk-vs-manufacturer-hd-diagnosis-tool/
Obviously your call, but might be worth a try. If it is any help, it is only the system drive you would need to check. As it is, you said you usually run a chkdisk /4 (I could not find a reference to this option, or are you referring to stage 4 of the full scan with /r?), so maybe you could have avoided this long quest.
The observable symptom is that when N360 update the x64 virus definitions, it can no longer do a scan without a 3038,104, and sometimes it has an 8920,208 error while installing a virus definitions update (not while downloading it), after which it will have a 3038,104 error if you try to do a scan. This apparently happens every time Symantec provides an update to the x64 virus definitions. This indicates network errors. My network card driver is up-to-date and I don’t know what else to check.
It's interesting that you have links to two thoughtful discussions about disk errors. It seems that one of them is about a HD that has a blemish in the surface when new, always a bad sign. The other points out the limitations of chkdsk, and asks the user to use the BIOS HD scanning utility. Here's why I believe that my HDs are good.
As you know, HDs have ECC built into the written data, including the sector markers and other formatting information, and ECC is used in the read operations. The ECC used is the "correct ND, detect ND+E" bit errors (with a large number for ND and NE). When an error is detected but corrected, we have a "soft" error. When too many bits are wrong in a read area and the error is not correctable, we have a "hard" error. The HD firmware uses this information to flag bad sectors, and sectors that are going bad before they have a hard error. This data is available as S.M.A.R.T (https://en.wikipedia.org/wiki/S.M.A.R.T.) information and can be interrogated by applications. The application that I use to monitor SMART is Diskeeper. The manufacturers usually provide small applications that you can download for free. I just downloaded WD Data Lifeguard Diagnostic, which specifically supports the WD Black line of HDs, and it itemizes SMART parameters.
Although anything is possible in this world, high-end HDs that support SMART just don't have bad sectors without some notification of problems in the SMART data. WD Black HDs are about as reliable as you get without getting into the high-bucks stuff you just don't see in individual workstations.
Nothing else on the computer is showing any signs of problems. SMART as interpreted by both Diskeepter and WD Data Lifeguard Diagnostic gives both HDs a clean bill of health. WD Data Lifeguard Diagnostic and gives all the SMART parameters for the two WD Black HDs in the case (and one of the external RAIDs), and they also show a clean bill of health. I have re-installed N360 four times since the problem started, three times with NRnR.exe downloaded fresh each time, so that its location on the HD has varied and the problem hasn't changed in any obvious way. I use Diskeeper 12 that de-frags in the background, plugs in the Windows de-frag utility so thatN360 calls Diskeeper when it does a System Tune-up. When an application is installed it is usually fragmented and immediately gets moved to another location on the HD where it is not fragmented.
WD SMART for their higher-end HDs includes a background surface scan over the HD looking for errors. I recall that OS/2 did this, but Cutler seems to have dropped that feature out when he was developing OS/2 NT -> Windows NT. It may still be on the Server versions of Windows.
I started a chkdsk with sector check (GUI driven from the Properties/Tools menu) on E:. It's occupying 12 GB of RAM in a 32-bit process. I can do without the second HD so long as I don't do anything with my photography on the computer. If it gets done in a couple of hours, I'll flag my C: drive to do one on the next boot, and start it when I go to bed tonight. It doesn’t look good; in a half hour it is under 10% done. The WD scan utilities look risky and they recommend that you back up your data, so if I do a scan of C: I will use Acronis to move an image of my C: drive to an offline USB 3 TB I keep laying around, off, for such use – a big USB scratch disk. I have a rolling backup but nothing beats a boot DVD and a handy image of the HD.
Re the 8920, 208 error, Do you use a proxy? If you do, check that you have the correct settings in your 360. I use NIS and the settings are found in slightly different places, but you may be able to find it, or someone else will help us find this.
In NIS it is at Settings - Network - Network Security Settings. Click Configure beside Proxy Server.
No proxy is used. I use Verizon FIOS with the Actiontec MI424WR router for Verizon FIOS and have for years with no problems. I have the minimum speed, 5 MB/s download, 25 MB/s upload, and get those speeds according to http://www.bandwidthplace.com/ and http://www.speedtest.net/ (just now checked to be sure).
Whoops, initiated full system background scan by accident looking for proxy settings. Then, LU failed with a 8920,208. Waiting to see if the background scan fails with a 3038,104 when it gets to that. Usually background scans just skip a step if it fails, so I'll look at the log.
Here is a log entry that may bear on the 8920,208:
Date: 7/5/2014 4:45:24 PM
Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE
Actor PID: 8508
Target: C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\buIH.exe
Target PID: 1416
Action: Access Process Data
Reaction: Unauthorized access blocked
Here's the log entry on the failed LU:
Type of Update: Interactive
Result: Not all o fthe updates were successful.
Date & Time: 7/5/2014 4:45:10 PM
Total Updates Applied
Norton Web Protection Definittions: Success (9.99KB)
Norton Virus Definitions X64: Failed to complte (918.84KB)
Norton Antispam Definitions: Success (467.70KB)
Reboot Required: No
Risk: Medium
Note that the 8920.208 happened as N360 refused access to buIH.exe.
Whooa. Browsing the security history, I see something made a whole lot of file accesses that were refused abour 11:25 this morning. They were all attempts to access N360 files. There are a total of 64 blocked file access warnings. The first one is (hey, I discovered Copy to Clipboard!)
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Action,Reaction
7/5/2014 11:24:53 AM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,7/5/2014 11:24:53 AM,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,13888,"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\Lue\Downloads\norton$202009$20streaming$20virus$20definitions_1.0_symalllanguages_livetri.zip",Open File,Unauthorized access blocked
The last one is
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Action,Reaction
7/5/2014 11:28:11 AM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,7/5/2014 11:28:11 AM,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,13888,C:\ProgramData\Norton\00000082,Open File,Unauthorized access blocked
BTW, the surface scan for E: completed with no errors found.
I have completed a chkdsk surface scan of both HDs. I used the Windows GUI under Computer -> Properties -> Tools -> Error Checking, with the "Scan for and attept recovery of bad sectors" box checked. To my amazement, checking C: took only a few minutes, apparently because it executes during the early stages of a boot and has the undivided atttention of the machine. If this turns out to be an 8-bit utility that sees only 63 MB of a 2 TB HD or some such, I can use a boot DVD and the command line.
I've brought your issue to the attention of some of my colleagues to see if someone with more experience can comment/help on your issue.
I really appreciate it. It seems that the security log has shown that the application protection may be interfering with the virus database update. That's why the system error log showed nothing.
<< I used the Windows GUI under Computer -> Properties -> Tools -> Error Checking, with the "Scan for and attept recovery of bad sectors" box checked. >>
Whenever I do that on the drive with the active operating system in -- I multiboot -- I get a message that it can't do the check on the active OS drive and do I want to reboot now or let it do it the next time it reboots ....
Did you not get that? Have you rebooted since invoking that test?