System Restore - cause of failure?

G

Guest

Recently I installed Norton Internet Security 2005 and ran into some problems.

I decided to run System Restore to return to a point before the
installation. Sadly, System Restore failed. I ran the System Restore
diagnosis tool and looked at the logs files.

I found the following messages:
.. . . .
3346,3396,1370482, Create, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf,
C:\System Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP492\A0379873.rbf,
3347,3397,1370482, SetACL, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3348,3398,1370482, Attrib, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3349,3399,1370481, Delete, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3350,3400,1370480, Attrib, Ignored, 2, C:\Config.Msi\964cb0.rbf, ,
3351,3401,1370479, Rename, Fail, 1168, C:\Program Files\Common
Files\Symantec Shared\IDS\IdsInst.exe, C:\Config.Msi\964cb0.rbf,
3352, , , START UNDO
3353, 0,1378263, Create, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, C:\System Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385300.exe,
3354, 1,1378263, SetACL, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3355, 2,1378263, Attrib, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3356, 3,1378262, Delete, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3357, 4,1378261, Create, OK, 0, C:\WINDOWS\Installer\964cb1.msi, C:\System
Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385299.msi,
3358, 5,1378261, SetACL, OK, 0, C:\WINDOWS\Installer\964cb1.msi, ,
3359, 6,1378261, Attrib, OK, 0, C:\WINDOWS\Installer\964cb1.msi, ,
.. . . .

Which suggest to me that SR found a problem with the file IdsInst.exe.
But can anyone tell me what the problem actually was.?

many thanks
 
B

Bert Kinney

Hi Simon,

I suspect Norton is up to it's old tricks, going places it should not
and messing up Windows functions.

Go to Start - Run and type eventvwr.msc and press enter.

Click the Source tab to sort by name, look for "sr" and "srservice."

Double-click each of these services and post the description, EventID
and Source of the events pertaining to the IdsInst.exe file.
 
G

Guest

Bert,
As requested, here is the Event Viewer info:
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 28/04/2005
Time: 22:29:51
User: N/A
Computer: SDS01
Description:
A restoration to "after NAV uninstall" restore point failed. No changes
have been made to the system.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

- so all it says to me is that System Restore did not run to completion
- the link to MS did not reveal anything useful.
 
B

Bert Kinney

Hi Simon,

To troubleshoot, completely uninstall Norton Internet Security 2005.
This will include going to the Symantec web site and downloading there
uninstall utility and running it.

At this point reboot the system and test System Restore by trying to
do a restore.
If this fails, create a restore point and try restoring to it.

Here are some more tips on System Restore failures.
System Restore Failures to restore
http://home.earthlink.net/~mvp_bert/html/body_srfail.html

Please post back with the results.
 
G

Guest

Bert, hi there,

Sorry for the delay.
1 I created a new System Restore point, then installed another piece of
software.
2 I could successfully restore to that Restore point.

3 I uninstalled NIS 2005.
4 I could still restore to Restore points created after the NIS2005 install.
5 I could not restore to the Restore point created immediately before the
NIS install

So it looks to me that System rRestore itself is working OK.

I would still like to know what the meaning of the error in the System
Restore Log means so that I can get Symantec to investigate.

many thanks
Simon
 
B

Bert Kinney

You mentioned in an earlier post that you ran the SR diagnostic tool.
Where you referring to srdiag.exe?
 
G

Guest

bert,
yep - i ran srdiag.exe.
It ran for over 18 minutes at about 100% cpu with no progress messages.
At the end it produced a .cab file (accessible with WinRAR) and I looked
though the various files to see what I could see.

HTH
 
B

Bert Kinney

Hi Simon,

Yes it does take some time to run.

You may want to send the log and text files to Symantec.

Would you send me the SR-EventLogs.TXT so I can take a look?

Send to (e-mail address removed) Remove the NS.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Desktop, explorer, iexpore won't start 4
System Restore will not complete a Restore. 3
Some file on this volume could not be defragmented 17
Files that cannot be Defragmented 5
Once in a while, winlogon.exe will hog CPU and makes my Windows unresponsive. 5
Error loading C:\windows\system32\gzmrotate.dll- specified module not found 3
Howzit!!! :) 2
How to really get rid of RECYCLER and "System volume Information" folders? (Not only turn off featur 12

Top