• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2001
  • Last Modified:

System Restore filter crashes with '0xC000009A'

Win XP SP3, new HP xw4600.
About once a week, the system freezes, requiring a restart. It is reported as Event ID 1, and "The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'CTT9069.tmp' on the volume 'Harddisk Volume1'. It has stopped monitoring the volume."
1) I suspect that the files (zero-length) such as CTT####.tmp are in use by some other [unknown] application at that moment. They are found in ~user/Local Settings/Temp.
2) Microsoft had a hotfix patch, but only for XP SP2, for a similar problem but the error code was '0xC000000D'  (discussed kn KB888402).
3) Google searches only discuss the older SP2 treatment, or things like power supplies.
A. How might I find out what is using the file(s) CTT####?
B. A workaround would be to shut off System Restore completely, thouigh I believe that is a rash move, and only a workaround, not a fix.
C. Is it possible to tell System Restore not to look in the Local Settings/Temp directories? How?
What now, coach?
0
bstaud
Asked:
bstaud
  • 5
  • 5
  • 5
5 Solutions
 
torimarCommented:
Turn off System Restore, reboot the computer, then turn on System Restore again and create a restore point.
This should fix the issue: http://support.microsoft.com/kb/903264

The CTT*.tmp files are created by SQLServer when you use recordsets. They should be deleted once the recordset is closed. If they don't get deleted, you can delete them safely after stopping the server, then restarting.
0
 
torimarCommented:
Note: Following the above advice will delete all your previous restore points (and let you regain lots of space). If the problem you related in this thread is the only one that troubles you, there is no reason to hesitate. You may safely clear all and start from scratch.

On a side note:
How often have you already used System Restore successfully to repair/revert a broken system? I find it either does not work at all for some reason (which you only get to know when you actually would need it), or it provides unwanted side effects.
The first and only time I "successfully" used System Restore I lost some files and folders on my desktop. Now people say that this is impossible because SR doesn't mess with your personal data. But then, Microsoft also say that SR does not care about files in Temp folders, and look what has happened to you.

My advice:
- save your registry from time to time with EruNT (http://www.larshederer.homepage.t-online.de/erunt/) - it's a great tool for doing the only thing that SR is of use for.
- make an image/clone of your system when it works fine
- make regular backups of your data with a free backup utility

-- and forget about System Restore.
0
 
nobusCommented:
it may also be your Os is corrupted; you can run sfc /scannow from the run box, or even a repair install.
also, running a chkdsk on the drive can help.
another thought is that the disk may have problems, test its status with : http://www.tacktech.com/display.cfm?ttid=287
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bstaudAuthor Commented:
1.Following torimar's suggestion, I have turned off System Restore, rebooted, and turned it on again. Now we wait a week to see if it chokes on some CTT###.tmp file again.
2. Strange that there is no known SQLServer, MySQL, or Access on this machine. Perhaps some other (Microsoft?) app also makes CTT*.tmp files?
3. Based on the suggested KB903264, choking on a Change.log, it appears that System Restore does not gracefully handle any number of  different files if they are, say, open, move, change size, or have permissions issues. Moreso that such an error in a "system protection" feature can, ironically, freeze or crash the system.
4. A hierarchy of other backup strategies is in place, but the suggested alternative for saving registry has an appeal.
4. nobus's suggestions point in a different direction; maybe the issue isn't System Restore. But chkdsk, often run, shows no errors. I will pursue the other OS/disk diagnostics as well, while waiting for the weekly collision.
0
 
torimarCommented:
1. If I interpret the KB article correctly, the choking will in fact eventually reoccur, but not now or in one week, rather after the 999th reboot of the machine - which could be in a couple of years.

2. Since the KB article identifies the issue to the point, and explains it, I'd hesitate to assume an alternative cause.

3. If a backup strategy is in place, and you could get used to using EruNT (which is much better in restoring registry backups, be it on a running or an unbootable system), I fail to see what SR will still be good for. You might as well consider the final step.
0
 
nobusCommented:
testing the disk takes a couple of hours at most - and its never bad to know it's status; then you can write that line of thought off..
0
 
bstaudAuthor Commented:
Chkdisk reports a clean disk. Search does not find change.log files. Turning SR off and on cleared the restore files, and now it has been choking in different places, always on some zero-length file.
Although I probably am going to give up on System Restore, the problem is still peculiar to this machine, and not the ten others around it that also run it by default.  SR appears to have a problem with (some) zero-length files. That in turn suggests setting up DiskCleanup, to run on a schedule, to clear out assorted temp files regularly. Feels like Whack-a-Mole.
0
 
torimarCommented:
There are two more things you could try:

1.) - Check the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup
Does the value "Temporary Files" exist, and does it contain the data "%TEMP%\* /s"? If not, create a new char value of type REG_MULTI_SZ and fill it with that data, i.e.:
%TEMP%\* /s

2.) - Create a folder called \temp outside of your local user profile, i.e. c:\temp or on another partition, d:\temp
- Right-click My Computer > Properties > Advanced > Environment variables
- Make both the user variable TEMP and the system variables TEMP and TMP point to that new directory.
- Reboot and verify.





By default, temporary files should not be backed up by System Restore, but the local user profile should be
0
 
torimarCommented:
Please ignore my last sentence, it was left over from another draft.
0
 
nobusCommented:
chkdsk is NOT a disk diag - it tests the file structure only
0
 
bstaudAuthor Commented:
Seagate's low-level test utility found no problems with the hard disk. And sfc /scnnow reported no errors, so I presume System Restore is in its original form. The registry key suggested by torimar is there already.

At this point, the course of action is to turn off System Restore, install the suggested EruNT and wait for some other Windows feature behavior to force a complete reformat/reinstall/replace.
0
 
nobusCommented:
ok fine -i assume you ran the long test.
i assume also malware is out of the question?
if not run these :
     Spybot :        http://www.download.com/3000-8022-10122137.html
http://www.malwarebytes.org/mbam.php                         MBAM
http://download.bleepingcomputer.com/sUBs/ComboFix.exe            Combofix
http://www.spychecker.com/program/hijackthis.html                                       download
http://www.hijackthis.de/index.php?langselect=english              check the log
0
 
bstaudAuthor Commented:
OK Ruled out hard disk via long test lowlevel. Ruled out malware (...) by three tools. Registry FilesNotToBackUp includes Temp.No problems from sfc /scannow. Turning off System Restore and giving up.
0
 
bstaudAuthor Commented:
Good and plausible things to try, though none of them worked. Problem not solved. Gave up.
0
 
nobusCommented:
tx for the feedback..
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 5
  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now