Re: System hang when a data disk does error recovery

Julius

Those messages are referring to infections in System Restore Points.

TO CLEAR OLD SYSTEM RESTORE POINTS

On an infection-free computer, make a new restore point:

- Launch System Restore from its Start Menu | Programs | Accessories
shortcut (or directly launch C:\Windows\System32\restore\rstrui.exe from
a Run box).
- Select "Create a restore point." Click Next and follow out the menus.

Then, purge all restore points except the most recent:

- Run Disk Cleanup, either from its Start Menu shortcut, or from
right-click + Properties on C: in My Computer, or from directly
launching C:\Windows\System32\cleanmgr.exe from a Run box).
- After it scans, click the More Options tab, then Clean Up in the
System Restore section, confirm the action, then click OK to run it.
Source: http://aumha.net/viewtopic.php?t=15265

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

juliusseizure wrote:
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 24/01/2009
Time: 09:15:51
User: N/A
Computer: YOUR-447023AE6B
Description:
Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 36 30 30 30 2e .0.6000.
0028: 31 36 37 36 32 20 69 6e 16762 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000


Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 24/01/2009
Time: 00:12:42
User: N/A
Computer: YOUR-447023AE6B
Description:
The IMAPI CD-Burning COM Service service entered the stopped state.

Event Type: Warning
Event Source: Avira AntiVir
Event Category: Infection
Event ID: 4113
Date: 24/01/2009
Time: 02:15:42
User: NT AUTHORITY\SYSTEM
Computer: YOUR-447023AE6B
Description:
The description for Event ID ( 4113 ) in Source ( Avira AntiVir )
cannot be found. The local computer may not have the necessary
registry information or message DLL files to display messages from a
remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event:
WORM/Rbot.48690.1, C:\System Volume
Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP867\A0129823.exe,
, .


Event Type: Warning
Event Source: Avira AntiVir
Event Category: Infection
Event ID: 4113
Date: 24/01/2009
Time: 01:26:12
User: NT AUTHORITY\SYSTEM
Computer: YOUR-447023AE6B
Description:
The description for Event ID ( 4113 ) in Source ( Avira AntiVir )
cannot be found. The local computer may not have the necessary
registry information or message DLL files to display messages from a
remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event:
WORM/Rbot.48690.1, C:\System Volume
Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP867\A0129823.exe,
, . spybot search and destroy tx ger.

"Gerry" wrote:

Julius

You suffering malware attacks!

Can you post complete copies of these 5 reports.

Error 24/01/2009 09:15:51 Application Hang (101) 1002 N/A
YOUR-447023AE6B

Warning 24/01/2009 00:12:42 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B

Warning 24/01/2009 02:15:42 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B

Warning 24/01/2009 01:26:12 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer.

A tip for posting copies of Error Reports! Run Event Viewer and
double click on the error you want to copy. In the window, which
appears is a button resembling two pages. Click the button and close
Event Viewer. Now start your message (email) and do a paste into the
body of the message. Make sure this is the first paste after exiting
from Event Viewer.

What are your anti-spyware arrangements?

You will need to ascertain whether other attacks have succeeded.

You should also ascertain where these attacks are coming from. So we
need the name of the malware involved in these attacks. You should be
able to get this information from your Avira software.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
juliusseizure wrote:
hi again ger. hope this is legible. am runningspybot search n
destroy and antivir pe classic
Information 25/01/2009 14:27:37 ESENT General 101 N/A
YOUR-447023AE6B Information 25/01/2009 14:27:37 ESENT General 103
N/A YOUR-447023AE6B Information 25/01/2009 12:27:24 ESENT General
102 N/A YOUR-447023AE6B Information 25/01/2009 12:27:24 ESENT
General 100 N/A YOUR-447023AE6B Information 25/01/2009 12:16:29
ESENT General 101 N/A YOUR-447023AE6B Information 25/01/2009
12:16:29 ESENT General 103 N/A YOUR-447023AE6B Error 25/01/2009
11:26:14 Application Hang (101) 1002 N/A YOUR-447023AE6B
Information 25/01/2009 11:20:45 ESENT General 102 N/A
YOUR-447023AE6B Information 25/01/2009 11:20:45 ESENT General 100
N/A YOUR-447023AE6B Information 25/01/2009 11:20:43 usnjsvc
Messenger Sharing USN Journal Reader Service 12001 N/A
YOUR-447023AE6B Information 25/01/2009 11:20:04 iPod Service None 0
N/A YOUR-447023AE6B Information 25/01/2009 10:47:27 SecurityCenter
None 1800 N/A YOUR-447023AE6B Information 25/01/2009 10:47:26 Avira
AntiVir AntiVir 4096 SYSTEM YOUR-447023AE6B
Information 25/01/2009 10:47:22 STI Simulator None 105 N/A
YOUR-447023AE6B Information 25/01/2009 10:47:21 Bonjour Service None
1 N/A YOUR-447023AE6B Information 25/01/2009 10:47:19 gusvc None 0
N/A YOUR-447023AE6B Information 25/01/2009 10:47:16 Creative Service
for CDROM
Access None 105 N/A YOUR-447023AE6B
Information 25/01/2009 10:47:15 ATI Smart None 105 N/A
YOUR-447023AE6B Information 24/01/2009 21:31:50 ESENT General 101
N/A YOUR-447023AE6B Information 24/01/2009 21:31:50 ESENT General
103 N/A YOUR-447023AE6B Information 24/01/2009 20:00:08 ESENT
General 102 N/A YOUR-447023AE6B Information 24/01/2009 20:00:08
ESENT General 100 N/A YOUR-447023AE6B Information 24/01/2009
19:05:54 ESENT General 101 N/A YOUR-447023AE6B Information
24/01/2009 19:05:54 ESENT General 103 N/A YOUR-447023AE6B
Information 24/01/2009 18:58:20 ESENT General 102 N/A
YOUR-447023AE6B Information 24/01/2009 18:58:20 ESENT General 100
N/A YOUR-447023AE6B Information 24/01/2009 16:32:36 ESENT General
101 N/A YOUR-447023AE6B Information 24/01/2009 16:32:36 ESENT
General 103 N/A YOUR-447023AE6B Information 24/01/2009 15:38:50
ESENT General 102 N/A YOUR-447023AE6B Information 24/01/2009
15:38:50 ESENT General 100 N/A YOUR-447023AE6B Information
24/01/2009 13:42:28 ESENT General 101 N/A YOUR-447023AE6B
Information 24/01/2009 13:42:28 ESENT General 103 N/A
YOUR-447023AE6B Information 24/01/2009 13:03:11 ESENT General 102
N/A YOUR-447023AE6B Information 24/01/2009 13:03:11 ESENT General
100 N/A YOUR-447023AE6B Error 24/01/2009 09:15:51 Application Hang
(101) 1002 N/A YOUR-447023AE6B Warning 24/01/2009 02:15:42 Avira
AntiVir Infection 4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 01:31:32 ESENT General 101 N/A
YOUR-447023AE6B Information 24/01/2009 01:31:32 ESENT General 103
N/A YOUR-447023AE6B Information 24/01/2009 01:30:39 ESENT General
102 N/A YOUR-447023AE6B Information 24/01/2009 01:30:38 ESENT
General 100 N/A YOUR-447023AE6B Warning 24/01/2009 01:26:12 Avira
AntiVir Infection 4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 01:02:54 Winlogon None 1002 N/A
YOUR-447023AE6B Error 24/01/2009 00:47:06 Application Error None
1000 N/A YOUR-447023AE6B Information 24/01/2009 00:16:35 ESENT
General 101 N/A YOUR-447023AE6B Information 24/01/2009 00:16:35
ESENT General 103 N/A YOUR-447023AE6B Information 24/01/2009
00:13:17 ESENT General 102 N/A YOUR-447023AE6B Information
24/01/2009 00:13:16 ESENT General 100 N/A YOUR-447023AE6B
Information 24/01/2009 00:13:15 usnjsvc Messenger Sharing USN
Journal Reader Service 12001 N/A YOUR-447023AE6B
Warning 24/01/2009 00:12:42 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B
Warning 24/01/2009 00:12:40 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 00:12:33 iPod Service None 0 N/A
YOUR-447023AE6B Information 24/01/2009 00:12:23 SecurityCenter None
1800 N/A YOUR-447023AE6B Information 24/01/2009 00:12:16 Avira
AntiVir AntiVir 4096 SYSTEM YOUR-447023AE6B
Information 24/01/2009 00:12:10 STI Simulator None 105 N/A
YOUR-447023AE6B Information 24/01/2009 00:12:08 Bonjour Service None
1 N/A YOUR-447023AE6B Information 24/01/2009 00:12:05 gusvc None 0
N/A YOUR-447023AE6B Information 24/01/2009 00:12:01 Creative Service
for CDROM
Access None 105 N/A YOUR-447023AE6B
Information 24/01/2009 00:12:01 ATI Smart None 105

Information 25/01/2009 14:27:37 ESENT General 101 N/A
YOUR-447023AE6B Information 25/01/2009 14:27:37 ESENT General 103
N/A YOUR-447023AE6B Information 25/01/2009 12:27:24 ESENT General
102 N/A YOUR-447023AE6B Information 25/01/2009 12:27:24 ESENT
General 100 N/A YOUR-447023AE6B Information 25/01/2009 12:16:29
ESENT General 101 N/A YOUR-447023AE6B Information 25/01/2009
12:16:29 ESENT General 103 N/A YOUR-447023AE6B Error 25/01/2009
11:26:14 Application Hang (101) 1002 N/A YOUR-447023AE6B
Information 25/01/2009 11:20:45 ESENT General 102 N/A
YOUR-447023AE6B Information 25/01/2009 11:20:45 ESENT General 100
N/A YOUR-447023AE6B Information 25/01/2009 11:20:43 usnjsvc
Messenger Sharing USN Journal Reader Service 12001 N/A
YOUR-447023AE6B Information 25/01/2009 11:20:04 iPod Service None 0
N/A YOUR-447023AE6B Information 25/01/2009 10:47:27 SecurityCenter
None 1800 N/A YOUR-447023AE6B Information 25/01/2009 10:47:26 Avira
AntiVir AntiVir 4096 SYSTEM YOUR-447023AE6B
Information 25/01/2009 10:47:22 STI Simulator None 105 N/A
YOUR-447023AE6B Information 25/01/2009 10:47:21 Bonjour Service None
1 N/A YOUR-447023AE6B Information 25/01/2009 10:47:19 gusvc None 0
N/A YOUR-447023AE6B Information 25/01/2009 10:47:16 Creative Service
for CDROM
Access None 105 N/A YOUR-447023AE6B
Information 25/01/2009 10:47:15 ATI Smart None 105 N/A
YOUR-447023AE6B Information 24/01/2009 21:31:50 ESENT General 101
N/A YOUR-447023AE6B Information 24/01/2009 21:31:50 ESENT General
103 N/A YOUR-447023AE6B Information 24/01/2009 20:00:08 ESENT
General 102 N/A YOUR-447023AE6B Information 24/01/2009 20:00:08
ESENT General 100 N/A YOUR-447023AE6B Information 24/01/2009
19:05:54 ESENT General 101 N/A YOUR-447023AE6B Information
24/01/2009 19:05:54 ESENT General 103 N/A YOUR-447023AE6B
Information 24/01/2009 18:58:20 ESENT General 102 N/A
YOUR-447023AE6B Information 24/01/2009 18:58:20 ESENT General 100
N/A YOUR-447023AE6B Information 24/01/2009 16:32:36 ESENT General
101 N/A YOUR-447023AE6B Information 24/01/2009 16:32:36 ESENT
General 103 N/A YOUR-447023AE6B Information 24/01/2009 15:38:50
ESENT General 102 N/A YOUR-447023AE6B Information 24/01/2009
15:38:50 ESENT General 100 N/A YOUR-447023AE6B Information
24/01/2009 13:42:28 ESENT General 101 N/A YOUR-447023AE6B
Information 24/01/2009 13:42:28 ESENT General 103 N/A
YOUR-447023AE6B Information 24/01/2009 13:03:11 ESENT General 102
N/A YOUR-447023AE6B Information 24/01/2009 13:03:11 ESENT General
100 N/A YOUR-447023AE6B Error 24/01/2009 09:15:51 Application Hang
(101) 1002 N/A YOUR-447023AE6B Warning 24/01/2009 02:15:42 Avira
AntiVir Infection 4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 01:31:32 ESENT General 101 N/A
YOUR-447023AE6B Information 24/01/2009 01:31:32 ESENT General 103
N/A YOUR-447023AE6B Information 24/01/2009 01:30:39 ESENT General
102 N/A YOUR-447023AE6B Information 24/01/2009 01:30:38 ESENT
General 100 N/A YOUR-447023AE6B Warning 24/01/2009 01:26:12 Avira
AntiVir Infection 4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 01:02:54 Winlogon None 1002 N/A
YOUR-447023AE6B Error 24/01/2009 00:47:06 Application Error None
1000 N/A YOUR-447023AE6B Information 24/01/2009 00:16:35 ESENT
General 101 N/A YOUR-447023AE6B Information 24/01/2009 00:16:35
ESENT General 103 N/A YOUR-447023AE6B Information 24/01/2009
00:13:17 ESENT General 102 N/A YOUR-447023AE6B Information
24/01/2009 00:13:16 ESENT General 100 N/A YOUR-447023AE6B
Information 24/01/2009 00:13:15 usnjsvc Messenger Sharing USN
Journal Reader Service 12001 N/A YOUR-447023AE6B
Warning 24/01/2009 00:12:42 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B
Warning 24/01/2009 00:12:40 Avira AntiVir Infection
4113 SYSTEM YOUR-447023AE6B
Information 24/01/2009 00:12:33 iPod Service None 0 N/A
YOUR-447023AE6B Information 24/01/2009 00:12:23 SecurityCenter None
1800 N/A YOUR-447023AE6B Information 24/01/2009 00:12:16 Avira
AntiVir AntiVir 4096 SYSTEM YOUR-447023AE6B
Information 24/01/2009 00:12:10 STI Simulator None 105 N/A
YOUR-447023AE6B Information 24/01/2009 00:12:08 Bonjour Service None
1 N/A YOUR-447023AE6B Information 24/01/2009 00:12:05 gusvc None 0
N/A YOUR-447023AE6B Information 24/01/2009 00:12:01 Creative Service
for CDROM
Access None 105 N/A YOUR-447023AE6B
Information 24/01/2009 00:12:01 ATI Smart None 105
"juliusseizure" wrote:

soz ger. much appreciate ur reply but like i said "help" dont help
every time i hit "new" >"question" all i get is a bleep.will check
out event viewer tho tx

"Gerry" wrote:

Julius

Read this link so that you do not need to piggy back next time:
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#PostNewQuestion

What are your ant-virus and anti-spyware arrangements?

Are there any errors in Event Viewer? Have a look in the System
and Application logs in Event Viewer for Errors and Warnings and
post copies here. Don't post any more than 48hours ago.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the
meaning of the error, information regarding Event ID, Source and
Description are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP

http://support.microsoft.com/kb/308427/en-usA

A tip for posting copies of Error Reports! Run Event Viewer and
double click on the error you want to copy. In the window, which
appears is a button resembling two pages. Click the button and
close Event Viewer. Now start your message (email) and do a paste
into the body of the message. Make sure this is the first paste
after exiting from Event Viewer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


juliusseizure wrote:
sorry bout this but this site wont let me post new topic and
"help" doesnt. so im piggy backing on this post..do forgive. my
pc v.often wont boot its driving me nuts, the green light at the
front of my pc"startup button" flashes sometimes up to an hour
before it stops and i can then press the startup buttonand it
boots no prob. any help gratefully appreciated.

"Mark F" wrote:

I am running Windows XP Professional with Service Pack 3, 1GB
RAM, EIDE system disk.

I find that my system hangs when a data disk has an error,
temporary or permanent, that requires extensive data recovery.

My system and usual data disks are motherboard EIDE ports.

The disks with errors are on a PCI SATA adapter.

In particular, I use disks for backups and I "burn-in" the new
disks by writing random data to them and then reading them.
Typically there are one or two errors during the write pass that
cause the system to hang for at least a minute. Sometimes there
is a Event Viewer
Error Event ID: 9 message with Description:
"The device, \Device\Scsi\SI3114r1, did not respond within the
timeout period."
If I get the Event ID: 9 message there are also some Event ID:
51 Warning messages with description "An error was detected on
device \Device\HarddiskX\Y during a paging operation.
If I move the mouse
around or otherwise get impatient I can also some Event ID: 12,
Information, with description
"The ring buffer that stores incoming mouse data has overflowed
[buffer size is configurable via the PS/2 mouse properties in
device manager]."

My problem is not that there are errors on the disk, but rather
that the entire system seems to hang during the error recovery.

There also can be hangs that don't give any Event Viewer
messages; I assume that this is because although there was a
problem on the SATA disk under test, the problem was fixed in
times noticeable by a human, but not so long as to get a
recordable timeout error.

Is there a way that I can change my system configuration so
only processes doing operations on the disk doing error recovery
are delayed? It doesn't seem right that the entire system
hangs, given that the system disk, which is the paging disk,
are on a motherboard adapter for a different interface (PATA,
not SATA, in this case.)

Alternatively, is there a way to reduce the timeout time so that
I can get more Event Viewer messages.

For completeness: The most recent disks that I have had the
problem were Seagate ST31500341AS drives various part numbers
and firmware. However, I don't think that the hang is due to the


.

Loading