Win2k boot issue. plz help. strange call..

[OliverP]

Ok, I just recently upgraded my main workstation to win2k, and each time i boot, a window comes up saying:

Unable to locate \Device\Harddisk2\DR4 blah blah..

and gives the choice to cancel,retry,continue.

my question: IS THERE ANY WAY to trace the startup processes to determine which app/system process is calling this random location?!?! it's annoying as hell. I've already searched the registry and all system files and cant find it there.

ps: my apps sometimes close instantly and randomly... lol.. ok, i know thats not normal.

 

[OliverP]

Well, ok, i went to Event viewer and the following appear in my system log constantly.. some are the forementioned boot messages:

Warning
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Warning
An error was detected on device \Device\Harddisk0\DR0 during a paging operation.

Error
The device, \Device\Scsi\viadsk2, did not respond within the timeout period.

hmmmmmm... strange.. I have the RAID controller turned off, so the dozens of scsi errors are strange. This is probably a case where I can rename certain dll or vxd files... hmmmmm.. any ideas???

Any forensic ideas? items I can also check out to get more specific info?

----
The Scsi one looks like:

Event Type: Warning
Event Source: viadsk
Event Category: None
Event ID: 53
Date: 2/17/2001
Time: 2:56:59 PM
User: N/A
Computer: NEO
Description:
A pending interrupt was detected on device \Device\Scsi\viadsk2 during a timeout operation. A large number of these warnings may indicate that the system is not correctly receiving or processing interrupts from the device.
Data:
0000: 00 00 00 00 01 00 56 00 ......V.
0008: 00 00 00 00 35 00 04 80 ....5..?
0010: 15 02 00 00 03 01 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

--------
and the boot "Warning" looks like:

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 2/16/2001
Time: 12:06:26 AM
User: N/A
Computer: NEO
Description:
An error was detected on device \Device\Harddisk0\DR0 during a paging operation.
Data:
0000: 04 00 22 00 01 00 72 00 .."...r.
0008: 00 00 00 00 33 00 04 80 ....3..?
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 2a 00 00 00 ....*...
0038: 00 0e 00 00 00 00 00 00 ........
0040: 2a 00 02 af 34 82 00 00 *..¯4?..
0048: 08 00 ..
-----------


HELLLLLLP! lol.. my event system log is FULL of these!!!??

Any forensic ideas? items I can also check out to get more specific info?

 

[Andrew99]

Seems like the system think it has a SCSI device when it does not...
And the other error... Paging issue? wouldn't that be related to virtual memory? Why else would it be paging to that drive...

I know this doesn't provide a solution, but it might help jar one loose.