MANY event log errors and warnings (50,51,57,etc) Unknown Hard Error/NonPagedPool...

Hi everyone, I'm pretty worried because recently I've been getting intermittent errors such as "Windows - System Error : Unknown Hard Error" and Event Log warnings and errors. I think something is wrong with my MFT but I'm not quite sure...I just got rid of a TDL3 rootkit infection but apparently it did it's job. Here is my thread on that: http://www.bleepingcomputer.com/forums/t/310183/yourprotectiontrojanjavaredirectpopup-saga/ I'm running an HP laptop with XP Pro SP3 on it. Let me know if you need more info. I've got about 45 of these warnings over the course of 15 minutes:

Event Type: Warning
Event Source: Ntfs
Event Category: None
Event ID: 50
Date: 5/2/2010
Time: 4:46:30 AM
User: N/A
Computer: 1337B00K
Description:
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Data:
0000: 00040004 00520002 00000000 80040032
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000 c000009a


Here are a few other event errors and warnings I started getting:

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 5/2/2010
Time: 4:58:24 AM
User: N/A
Computer: 1337B00K
Description:
The server was unable to allocate from the system nonpaged pool because the pool was empty.

Data:
0000: 00040000 00540001 00000000 c00007e3
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000 00000002

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 5/2/2010
Time: 4:51:06 AM
User: N/A
Computer: 1337B00K
Description:
The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

Event Type: Warning
Event Source: Ftdisk
Event Category: Disk
Event ID: 57
Date: 5/2/2010
Time: 4:50:57 AM
User: N/A
Computer: 1337B00K
Description:
The system failed to flush data to the transaction log. Corruption may occur.

Data:
0000: 00000000 00be0001 00000002 80040039
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000

Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 5/4/2010
Time: 11:51:16 PM
User: N/A
Computer: 1337B00K
Description:
The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'resume.dat.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Data:
0000: 0000000e 004e0004 00000000 c0000001
0010: 00000000 00000000 00000000 00000000
0020: 00000000 00000000

got about 20 of these all at the same time, not sure if its related:

Event Type: Information
Event Source: NETw5x32
Event Category: None
Event ID: 5002
Date: 5/4/2010
Time: 5:49:41 PM
User: N/A
Computer: 1337B00K
Description:
The description for Event ID ( 5002 ) in Source ( NETw5x32 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: , Intel® WiFi Link 5300 AGN.
Data:
0000: 00080000 00620002 00000000 6000138a
0010: 00000000 00000000 00000000 00000000
0020: 00000000 00000000 4e4f4c41 00000135

I ran sfc \scannow and it found nothing except my patcehd uxtheme.dll and my patched tcpip.sys. I reinstalled HDD drivers and I ran Memtest86+ for about an hour and 45 minutes. Usually if I leave my computer on overnight I'll come back to it and have a Delayed Write fail popup or many in a row. Recently i had one and clicked it off, then went to my start menu and moused over all programs and it said (none). So I tried logging off and back on and that resulted in a BSOD stop error that dissppeared too fast for me to write down, but I think it was 0x000008be. Any ideas as to whats going on? thanks!

sounds like your harddrive is kicking off while the system is running.

did you try a scandisk /r

also check to see if hard drive power off is set for a time longer than system standby in your power managment setup

sounds like your harddrive is kicking off while the system is running.

did you try a scandisk /r

also check to see if hard drive power off is set for a time longer than system standby in your power managment setup

Hey thanks for the response. I haven't run scandisk but the system has automatically run CHKDSK a few times, I'll give scandisk a go right now. Hard disk is set to never turn off in my power options, but I didn't even think to look there, so thanks for the suggestion. I don't know whats goin on but I hope to get to the bottom of it! Thanks.

The command would be chkdsk /r, not scandisk (we know what you meant) .

Louis

The command would be chkdsk /r, not scandisk (we know what you meant) .

Louis

my bad... i did mean chkdsk /r

The command would be chkdsk /r, not scandisk (we know what you meant) .

Louis

my bad... i did mean chkdsk /r

Indeed, I ran it but I'm not entirely sure if it found anything because I was away from my computer.Nothin in the event log so I don't know the result. Nothin big going on yhet but I have 2 51's in my event log:

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 5/5/2010
Time: 11:54:45 PM
User: N/A
Computer: 1337B00K
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Data:
0000: 00680003 00b60001 00000000 80040033
0010: 0000012d 00000000 00000000 00000000
0020: c0017e00 00000000 0002e692 00000000
0030: ffffffff 00000003 84000040 00000002
0040: 120a2000 40200340 00000000 0000000a
0050: 00000000 89aaf450 00000000 8a105008
0060: 00000000 006000bf 60000028 0000bf00
0070: 00000008 00000000 00020070 0a000000
0080: 00000000 00000204 00000000 00000000

Now its teh factory recovery partition of my hard drive thats getting the errors. I turned off and back on system restore and pagefile.sys respectively, not srure what else to do.

That first error posted...the one citing NTFS...is the one that I would be concerned about.

To me, that indicates either a file system or a hard drive problem.

Generally...if chkdsk /r completed, that's hopeful. But chkdsk /r doesn't necessarily overcome NTFS problems or serious hard drive problems.

Try running BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html.

Double-click BlueScreenView.exe file.

When scanning is done, Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt. If the reported date for errors is not in chronological order (most recent at top), then you may want to sort that column to make it so...before saving the file.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Louis

That first error posted...the one citing NTFS...is the one that I would be concerned about.

To me, that indicates either a file system or a hard drive problem.

Generally...if chkdsk /r completed, that's hopeful. But chkdsk /r doesn't necessarily overcome NTFS problems or serious hard drive problems.

Try running BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html.

Double-click BlueScreenView.exe file.

When scanning is done, Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt. If the reported date for errors is not in chronological order (most recent at top), then you may want to sort that column to make it so...before saving the file.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Louis

Louis! That utility is amazing! how did I never hear about this before?? And yes, I figured as musch about the NTFS errors I was getting...At least my bhardware is still under factory warranty. Here it is:

==================================================
Dump File : Mini050510-01.dmp
Crash Time : 5/5/2010 3:16:47 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0x80000003
Parameter 2 : 0x8052b5ec
Parameter 3 : 0xf797eb68
Parameter 4 : 0x00000000
Caused By Driver : avfwot.sys
Caused By Address : avfwot.sys+1181
File Description : TDI filtering kernel driver
Product Name : AntiVir Desktop
Company : Avira GmbH
File Version : 10.1.10.6
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini050510-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini043010-01.dmp
Crash Time : 4/30/2010 3:20:06 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8a02bda0
Parameter 3 : 0x8a02bf14
Parameter 4 : 0x805d2954
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini043010-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini042810-01.dmp
Crash Time : 4/28/2010 7:50:45 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8a1a1d08
Parameter 3 : 0x8a1a1e7c
Parameter 4 : 0x805d2954
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042810-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

Thanks for your help! INteresting that Avira caused the stop error...as I said, I had a delayed write fail box up then when I tried to mouse ver start>all programs, it said it wasx empty which scared me half to death, cuz I thought it might be a hard drive failure. The blue screen came up when I tried to log out and log back in.

Hmm...I would uninstall Avira Free and then reinstall it, assuming that some key file is damaged.

Per [url="http://www.aumha.org/a/stop.htm""]http://www.aumha.org/a/stop.htm"[/url]

"0x000000F4: CRITICAL_OBJECT_TERMINATION
One of the many processes or threads crucial to system operation has unexpectedly exited or been terminated. As a result, the system can no longer function. Specific causes are many, and often best resolved by a careful history of the problem and the circumstances of the error message."

Not very enlightening .

I would also run chkdsk /r on each partition you have set up.

I would also check Event Viewer for any error that relates to either NTFS or any drive/disk.

Louis

Hmm...I would uninstall Avira Free and then reinstall it, assuming that some key file is damaged.

Per [url="http://www.aumha.org/a/stop.htm""]http://www.aumha.org/a/stop.htm"[/url]

"0x000000F4: CRITICAL_OBJECT_TERMINATION
One of the many processes or threads crucial to system operation has unexpectedly exited or been terminated. As a result, the system can no longer function. Specific causes are many, and often best resolved by a careful history of the problem and the circumstances of the error message."

Not very enlightening .

I would also run chkdsk /r on each partition you have set up.

I would also check Event Viewer for any error that relates to either NTFS or any drive/disk.

Louis

Thanks Louis, I'll get on the checkdisk and I think I've posted all the relevant event log entries...this is what I'm seeing currently:

Event Type: Error
Event Source: VolSnap
Event Category: None
Event ID: 5
Date: 5/6/2010
Time: 7:10:36 PM
User: N/A
Computer: 1337B00K
Description:
The shadow copy of volume F: could not be created due to insufficient non-paged memory pool for a bitmap structure.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000000 00580002 00000000 c0060005
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000

Lots of these:

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 5/6/2010
Time: 7:59:37 PM
User: N/A
Computer: 1337B00K
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00680004 00b60001 00000000 80040033
0010: 0000012d 00000000 00000000 00000000
0020: bc008e00 00000000 00497f68 00000000
0030: ffffffff 00000003 84000040 00000002
0040: 120a2000 40200180 00000000 0000000a
0050: fcaff000 89af80a0 00000000 837dc7f8
0060: 00000000 005e0047 5e00002a 00004700
0070: 00000008 00000000 00020070 0a000000
0080: 00000000 00000204 00000000 00000000


An this in sequence, over and over again:

Event Type: Information
Event Source: Removable Storage Service
Event Category: None
Event ID: 98
Date: 5/6/2010
Time: 9:16:01 PM
User: N/A
Computer: 1337B00K
Description:
RSM was stopped.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Then start and running entries. It's stopping and starting over and over again.

Anyways, no more stop errors or crazy system meltdowns so far, maybe chkdsk did something useful!

Thanks again.

From the disk errors...I'd have to guess that your hard drive is failing or the NTFS file system is fouled up.

The shadow copy of volume error...may result from either of the above...I don't know, just guessing. Some detail on that error is Here.

I suggest moving all valued data files from that drive...then running the long test from the appropriate hard drive manufacturer's website. That should give us some direction.

Louis

another issue that causes ntfs and file system errors if it is not failing hardware is a mismatched driver
i have see it before that you IDE or SATA driver updates and the BIOS is outdated or vise versa.
this will cause data corruption as the driver is incorrectly sending data to the drive.
check for updated bios and drivers for your hard drive controllers as well.

another issue that causes ntfs and file system errors if it is not failing hardware is a mismatched driver
i have see it before that you IDE or SATA driver updates and the BIOS is outdated or vise versa.
this will cause data corruption as the driver is incorrectly sending data to the drive.
check for updated bios and drivers for your hard drive controllers as well.

Apparently BC crashd when i posted my respon se which was extremely long and I don't care to reproduce.

Current evetn log entries in order>

Every hour on the hour, 12:10 - 4:10

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 5/7/2010
Time: 12:10:15 AM
User: N/A
Computer: 1337B00K
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00680004 00b60001 00000000 80040033
0010: 0000012d 00000000 00000000 00000000
0020: bd1d7e00 00000000 00582f0e 00000000
0030: ffffffff 00000003 84000040 00000002
0040: 120a2000 40200180 00000000 0000000a
0050: fddae000 89afca40 00000000 fd2815a0
0060: 00000000 005e8ebf 5e00002a 0000bf8e
0070: 00000018 00000000 00020070 0a000000
0080: 00000000 00000204 00000000 00000000


Then this:

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 5/7/2010
Time: 6:55:42 AM
User: N/A
Computer: 1337B00K
Description:
The server was unable to allocate from the system nonpaged pool because the pool was empty.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00040000 00540001 00000000 c00007e3
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000 00000002

Event Type: Warning
Event Source: avipbb
Event Category: None
Event ID: 18
Date: 5/7/2010
Time: 7:01:46 AM
User: N/A
Computer: 1337B00K
Description:
The description for Event ID ( 18 ) in Source ( avipbb ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: , TIMEOUT: event=18 PID=984.
Data:
0000: 00000000 00560002 00000000 80070012
0010: 00000000 00000000 00000000 00000000
0020: 00000000 00000000

This is where it gets scary:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 5/7/2010
Time: 7:01:46 AM
User: N/A
Computer: 1337B00K
Description:
The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Another one of these

Event Type: Warning
Event Source: avipbb
Event Category: None
Event ID: 18
Date: 5/7/2010
Time: 7:01:51 AM
User: N/A
Computer: 1337B00K
Description:
The description for Event ID ( 18 ) in Source ( avipbb ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: , TIMEOUT: event=18 PID=3172.
Data:
0000: 00000000 00560002 00000000 80070012
0010: 00000000 00000000 00000000 00000000
0020: 00000000 00000000


Then this is where the fun begins:

Event Type: Warning
Event Source: Ftdisk
Event Category: Disk
Event ID: 57
Date: 5/7/2010
Time: 7:02:05 AM
User: N/A
Computer: 1337B00K
Description:
The system failed to flush data to the transaction log. Corruption may occur.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000000 00be0001 00000002 80040039
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000

Then, BAM, 46 of these in 2 minutes, with 2 ftdisk/57 in between:

Event Type: Warning
Event Source: Ntfs
Event Category: None
Event ID: 50
Date: 5/7/2010
Time: 7:02:07 AM
User: N/A
Computer: 1337B00K
Description:
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00040004 00520002 00000000 80040032
0010: 00000000 c000009a 00000000 00000000
0020: 00000000 00000000 c000009a


This error and 2 more of the ntfs warnings before the ssytem shut itself down:

Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 5/7/2010
Time: 7:03:48 AM
User: N/A
Computer: 1337B00K
Description:
The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000000e 004e0004 00000000 c0000001
0010: 00000000 00000000 00000000 00000000
0020: 00000000 00000000

And since the restart, one of these every hour even up until right now:

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 5/7/2010
Time: 8:47:25 AM
User: N/A
Computer: 1337B00K
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00680003 00b60001 00000000 80040033
0010: 0000012d 00000000 00000000 00000000
0020: c00cae00 00000000 0001a538 00000000
0030: ffffffff 00000003 84000040 00000002
0040: 120a2000 40200340 00000000 0000000a
0050: 00000000 8a0e1b38 00000000 8ad59840
0060: 00000000 00600657 60000028 00005706
0070: 00000008 00000000 00020070 0a000000
0080: 00000000 00000204 00000000 00000000

So thats the deal so far. I'm off to reinstall drivers and antivirus.

Hello all.

This appears to have been either related to Avira AntiVir Suite Backup, or my system BIOS. I am still recieveing paging operation errors on my backup partition but the ntfs errors arent showing up anymore. I am going to run some torrents from my external HD to see if that causes any issues but I think flashing my BIOS with a new version and reinstalling Avira AntiVir Security Suite has done the trick. I unchecked Avira Backup as I use DriveImage XML to create disk image backups.

Thanks!

good deal.
post back any further issues.