If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
System Restore Keeping Only One Restore Point
Danno
How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
Ads |
#17
|
|||
|
|||
System Restore Keeping Only One Restore Point
Hi Gerry,
It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#18
|
|||
|
|||
System Restore Keeping Only One Restore Point
Those two *extremely large* (600+MB) system restore points sound suspicious,
just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#19
|
|||
|
|||
System Restore Keeping Only One Restore Point
Hi Bill in Co.,
Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? Secondly, since I've found those files, would I be asking for trouble to delete them manually? My guess is yes, so obviously I wouldn't do that (even if I got the green light from experts. I'd just get rid of them using SR itself). It's more a case of just wanting to know if that would be OK, or would that completely screw up the registry. I wouldn't be tempted to do it... it's just that I'm on a learning curve here. Those files are hidden for a reason, and I'm guessing it's to keep monkeys like me from playing with them. But ultimately, I'd like to know what's in those files to make them so big. Dan "Bill in Co." wrote in message ... Those two *extremely large* (600+MB) system restore points sound suspicious, just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#20
|
|||
|
|||
System Restore Keeping Only One Restore Point
Danno wrote:
Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? Either something bad happened during the creation of those restore points (like some other task was running, that screwed it up, in process), OR (and this I think is a long shot - it was that large because of some HUGE amount of registry and file changes that were made since the previous restore point, and it needed that amount of disk space (but I really doubt this possibility). Well, those are the two possible explanations that come to mind for me, anyways. Secondly, since I've found those files, would I be asking for trouble to delete them manually? My guess is yes, so obviously I wouldn't do that (even if I got the green light from experts. I'd just get rid of them using SR itself). Do it that way (not manually). Your hunch is right - let System Restore remove them properly (like by the way I mentioned previously), and it will do the necessary housekeeping for System Restore and its bookmarking. Don't do it manually. It's more a case of just wanting to know if that would be OK, or would that completely screw up the registry. I wouldn't be tempted to do it... it's just that I'm on a learning curve here. Those files are hidden for a reason, and I'm guessing it's to keep monkeys like me from playing with them. As I said, I would NOT do it manually. Yes, there is a chance it could work, but I sure wound NOT bank on it! (I think that could and probably would present problems for using the existing restore points that are left) But ultimately, I'd like to know what's in those files to make them so big. Outside of what I mentioned, I don't know. I suppose you could check the date-time stamps of those two bogus system restore points, and then search around on your hard drive for any suspicious file or folder activity around those dates (like the date stamps on files or folders that had changed somewhere around those dates), to see if something suspicious shows up. Kind of a long shot, however. Dan "Bill in Co." wrote in message ... Those two *extremely large* (600+MB) system restore points sound suspicious, just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#21
|
|||
|
|||
System Restore Keeping Only One Restore Point
I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size). And in the other huge SR file, I found 212 .RDB files and they were all the same size, also at 2.84 Mb each. I've been searching on the net to find out what .RDB files are and to be quite honest, I'm none the wiser. Anyway, I assume this wasn't supposed to happen? I wonder if it will happen again, next time the system automatically creates a restore point. By that I mean, next time the system creates a restore point automatically and not as a result of my causing it by downloading something... for example. Can anybody tell me what an .RDB file is and why System Restore included them in those two huge restore point files... both on the same day? Just as an added point of interest, any defrag analysis I do always shows SR as the most fragmented files on my computer. Is this normal? In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with this. Dan "Bill in Co." wrote in message ... Danno wrote: Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? Either something bad happened during the creation of those restore points (like some other task was running, that screwed it up, in process), OR (and this I think is a long shot - it was that large because of some HUGE amount of registry and file changes that were made since the previous restore point, and it needed that amount of disk space (but I really doubt this possibility). Well, those are the two possible explanations that come to mind for me, anyways. Secondly, since I've found those files, would I be asking for trouble to delete them manually? My guess is yes, so obviously I wouldn't do that (even if I got the green light from experts. I'd just get rid of them using SR itself). Do it that way (not manually). Your hunch is right - let System Restore remove them properly (like by the way I mentioned previously), and it will do the necessary housekeeping for System Restore and its bookmarking. Don't do it manually. It's more a case of just wanting to know if that would be OK, or would that completely screw up the registry. I wouldn't be tempted to do it... it's just that I'm on a learning curve here. Those files are hidden for a reason, and I'm guessing it's to keep monkeys like me from playing with them. As I said, I would NOT do it manually. Yes, there is a chance it could work, but I sure wound NOT bank on it! (I think that could and probably would present problems for using the existing restore points that are left) But ultimately, I'd like to know what's in those files to make them so big. Outside of what I mentioned, I don't know. I suppose you could check the date-time stamps of those two bogus system restore points, and then search around on your hard drive for any suspicious file or folder activity around those dates (like the date stamps on files or folders that had changed somewhere around those dates), to see if something suspicious shows up. Kind of a long shot, however. Dan "Bill in Co." wrote in message ... Those two *extremely large* (600+MB) system restore points sound suspicious, just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#22
|
|||
|
|||
System Restore Keeping Only One Restore Point
On Sat, 24 May 2008 16:09:10 GMT, Danno wrote:
Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck Danno, Prior flushing the System Restore cache download and execute David Lipman's Multi-AV as suggested in my previous post. After you completed the av scans with all 4 scanning tools in safe mode, reboot, in normal mode flush System Restore cache and reboot again. Good luck. |
#23
|
|||
|
|||
System Restore Keeping Only One Restore Point
On Sat, 24 May 2008 09:14:09 -0300, Vincent wrote:
Kayman wrote: http://www.microsoft.com/technet/tec...l/default.aspx "Outbound protection is security theaterˇXitˇ¦s a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." snipped childish over-emotive and misinformed rant Go to... http://www.sunbelt-software.com/Home...onal-Firewall/ ....and follow all the hype created by Sunbelt's *Marketing Department*. Quote:
Windows Personal Firewall Analysis http://www.matousec.com/projects/win...ewalls-ratings ....a more realistic view which obviously was drafted by the head of Sunbelt's *Operations Department*. Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall 2007-08-07: Here is the response we have received from this vendor: Quote:
This is pretty eye-opening as well: Firewall LeakTesting. Excerpts: Leo Laporte: "So the leaktest is kind of pointless." Steve Gibson: "Well,yes,... Leo: "So are you saying that there's no point in doing a leaktest anymore?" Steve: "Well, it's why I have not taken the trouble to update mine, because you..." Leo: "You can't test enough". Steve: "Well, yeah. Leo: "Right. Very interesting stuff. I guess that - my sense is, if you can't test for leaks, a software-based firewall is kind of essentially worthless." Read and/or listen to the entire conversation and be "educated" http://www.grc.com/sn/SN-105.htm Have a wonderful day, Vincent. |
#24
|
|||
|
|||
System Restore Keeping Only One Restore Point
Danno wrote:
I opened those enormous SR restore point files and in one of them I found 190 .RDB files, each being 2.84Mb (all the same size). And in the other huge SR file, I found 212 .RDB files and they were all the same size, also at 2.84 Mb each. I've been searching on the net to find out what .RDB files are and to be quite honest, I'm none the wiser. Perhaps just for registry database (RDB) (wild guess)? What are the extensions on the other (normal) ones? Are they similar? Anyway, I assume this wasn't supposed to happen? I wonder if it will happen again, next time the system automatically creates a restore point. By that I mean, next time the system creates a restore point automatically and not as a result of my causing it by downloading something... for example. System Restore will normally create a checkpoint if you don't (and don't install anything to force one), typically in 24 hours, or so. So if you really want to know, just use your computer as normal, turn if off at night, turn it back on the next day, use it, off again that night, and see if one has been created by then. Can anybody tell me what an .RDB file is and why System Restore included them in those two huge restore point files... both on the same day? Just as an added point of interest, any defrag analysis I do always shows SR as the most fragmented files on my computer. Is this normal? I believe I recall seeing something similar, so I expect that is within the norm. Keep in mind it's around 60 MB, which uses a significant amount of clusters and sectors, so it's not all that surprising. In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with this. Dan "Bill in Co." wrote in message ... Danno wrote: Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? Either something bad happened during the creation of those restore points (like some other task was running, that screwed it up, in process), OR (and this I think is a long shot - it was that large because of some HUGE amount of registry and file changes that were made since the previous restore point, and it needed that amount of disk space (but I really doubt this possibility). Well, those are the two possible explanations that come to mind for me, anyways. Secondly, since I've found those files, would I be asking for trouble to delete them manually? My guess is yes, so obviously I wouldn't do that (even if I got the green light from experts. I'd just get rid of them using SR itself). Do it that way (not manually). Your hunch is right - let System Restore remove them properly (like by the way I mentioned previously), and it will do the necessary housekeeping for System Restore and its bookmarking. Don't do it manually. It's more a case of just wanting to know if that would be OK, or would that completely screw up the registry. I wouldn't be tempted to do it... it's just that I'm on a learning curve here. Those files are hidden for a reason, and I'm guessing it's to keep monkeys like me from playing with them. As I said, I would NOT do it manually. Yes, there is a chance it could work, but I sure wound NOT bank on it! (I think that could and probably would present problems for using the existing restore points that are left) But ultimately, I'd like to know what's in those files to make them so big. Outside of what I mentioned, I don't know. I suppose you could check the date-time stamps of those two bogus system restore points, and then search around on your hard drive for any suspicious file or folder activity around those dates (like the date stamps on files or folders that had changed somewhere around those dates), to see if something suspicious shows up. Kind of a long shot, however. Dan "Bill in Co." wrote in message ... Those two *extremely large* (600+MB) system restore points sound suspicious, just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...g/issues/2007/ 06/VistaFirewall/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#25
|
|||
|
|||
System Restore Keeping Only One Restore Point
Good question! The other two SR points which seem to be a normal size also
contain .RDB files. One of those normal SR points contains a single .RDB file and the other normal SR point contains 3 .RDB files. All 4 of them are the same size at 2.84Mb each.... same size as the 400 .RDB files in the two enormous folders. "Bill in Co." wrote in message ... Danno wrote: I opened those enormous SR restore point files and in one of them I found 190 .RDB files, each being 2.84Mb (all the same size). And in the other huge SR file, I found 212 .RDB files and they were all the same size, also at 2.84 Mb each. I've been searching on the net to find out what .RDB files are and to be quite honest, I'm none the wiser. Perhaps just for registry database (RDB) (wild guess)? What are the extensions on the other (normal) ones? Are they similar? Anyway, I assume this wasn't supposed to happen? I wonder if it will happen again, next time the system automatically creates a restore point. By that I mean, next time the system creates a restore point automatically and not as a result of my causing it by downloading something... for example. System Restore will normally create a checkpoint if you don't (and don't install anything to force one), typically in 24 hours, or so. So if you really want to know, just use your computer as normal, turn if off at night, turn it back on the next day, use it, off again that night, and see if one has been created by then. Can anybody tell me what an .RDB file is and why System Restore included them in those two huge restore point files... both on the same day? Just as an added point of interest, any defrag analysis I do always shows SR as the most fragmented files on my computer. Is this normal? I believe I recall seeing something similar, so I expect that is within the norm. Keep in mind it's around 60 MB, which uses a significant amount of clusters and sectors, so it's not all that surprising. In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with this. Dan "Bill in Co." wrote in message ... Danno wrote: Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? Either something bad happened during the creation of those restore points (like some other task was running, that screwed it up, in process), OR (and this I think is a long shot - it was that large because of some HUGE amount of registry and file changes that were made since the previous restore point, and it needed that amount of disk space (but I really doubt this possibility). Well, those are the two possible explanations that come to mind for me, anyways. Secondly, since I've found those files, would I be asking for trouble to delete them manually? My guess is yes, so obviously I wouldn't do that (even if I got the green light from experts. I'd just get rid of them using SR itself). Do it that way (not manually). Your hunch is right - let System Restore remove them properly (like by the way I mentioned previously), and it will do the necessary housekeeping for System Restore and its bookmarking. Don't do it manually. It's more a case of just wanting to know if that would be OK, or would that completely screw up the registry. I wouldn't be tempted to do it... it's just that I'm on a learning curve here. Those files are hidden for a reason, and I'm guessing it's to keep monkeys like me from playing with them. As I said, I would NOT do it manually. Yes, there is a chance it could work, but I sure wound NOT bank on it! (I think that could and probably would present problems for using the existing restore points that are left) But ultimately, I'd like to know what's in those files to make them so big. Outside of what I mentioned, I don't know. I suppose you could check the date-time stamps of those two bogus system restore points, and then search around on your hard drive for any suspicious file or folder activity around those dates (like the date stamps on files or folders that had changed somewhere around those dates), to see if something suspicious shows up. Kind of a long shot, however. Dan "Bill in Co." wrote in message ... Those two *extremely large* (600+MB) system restore points sound suspicious, just as you said. Why not clear them all out (by temporarily turning off System Restore), and then turn System Resore back on again (and create a good one) to start afresh? And 3% should be adequate space, and would be, with good restore points (which are normally like 60 MB each - NOT 600+ MB). Danno wrote: Hi Gerry, It's not really a matter of "how many restore points I'm keeping". It's more a case of my trying to keep more than just ONE restore point. At this moment, there are 4 restore points from yesterday, and that's it. None of those were created automatically by the system. As I mentioned, the event viewer is not actually cataloging any " errors" about system restore, but here are two examples of reports (not tagged as an "error") that are addressing what I'm experiencing: Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: SRService Event Category: None Event ID: 108 Date: 5/22/2008 Time: 4:41:13 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has resumed monitoring due to space freed on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. For now, I've disabled ZoneAlarm and have increased the allocated disc space for SR to the maximum. As I mentioned before, I would have hoped that 3% or 1075 MB would have been plenty of space, but apparently not. Anyway, if the problem is corrected, I'd think I've probably narrowed it down to those two suspects. I'll consider the problem corrected if, two weeks from now, I can still see an available restore point that was recorded yesterday. At your suggestion, I found the folders that hold the 4 volumes of SR points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and 567Mb. My lord, two of those are way too big. What could be the reason for that? That would explain why 1075Mb isn't enough space to store very many SR points... if they're going to be that huge. Thanks again for your interest. Dan "Gerry" wrote in message ... Danno How many restore points are you keeping? How large are individual restore points? You should not need an allocation so large! Can you please post a copy of the Event Viewer Information Report you refer to. A tip for posting copies of Error Reports! Run Event Viewer and double click on the error you want to copy. In the window, which appears is a button resembling two pages. Click the button and close Event Viewer.Now start your message (email) and do a paste into the body of the message. Make sure this is the first paste after exiting from Event Viewer. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Danno wrote: Thanks Kayman, Of all the links and suggestions you offered, one of them might be surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a surprise to me at the result. On Kelly's Korner, I found the category discussing missing SR points, specifically this: - Check the event logs to investigate System Restore service errors: 1. Click Start, click Control Panel, and then click "Performance and Maintenance". 2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System. 3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem. I followed the advice and lo and behold, there were descriptions of events that happened with SR. None of the events actually showed up as "errors", but none-the-less they described that SR was "suspending" and then "resuming" due to lack of space allocated and then more space being re-allocated. I was convinced that 3% or 1076MB would be plenty of space, but apparently not. If I'm not mistaken though, even when I accidentally had 12% allocated, SR was still only allowing one restore point. So I've now allocated 10% of disc space or 3700MB to see what happens. That is an outrageously huge amount of space to allow, but I have to do it for now. I'll let you know. Thanks again! Danno "Kayman" wrote in message ... On Sat, 24 May 2008 01:23:55 GMT, Danno wrote: snip for brevity Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the built in Windows firewall... just to test if ZA is involved in any way with my dilemma. Very, very sensible approach; IMO, ZA is not worth having. I'd uninstall the entire ZA suite for good and ask for a refund. If uninstalling via the Add/Remove program does not work satisfactory then go to: http://zonealarm.donhoover.net/uninstall.html Revo Uninstaller http://www.revouninstaller.com/ can also be of assistance Consider the following: For the average homeuser, the Windows Firewall in XP does a fantastic job at its core mission and is really all you need if you have an 'real-time' anti-virus program, [another firewall on your router or] other edge protection like SeconfigXP and practise safe-hex. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored. Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs and Services under the Exception tab. Read through: Understanding Windows Firewall. http://www.microsoft.com/windowsxp/u...2_wfintro.mspx Using Windows Firewall. http://www.microsoft.com/windowsxp/u...nfirewall.mspx Exploring the windows Firewall. http://www.microsoft.com/technet/tec...g/issues/2007/ 06/VistaFirewall/default.aspx "Outbound protection is security theater-it's a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security." In conjunction with WinXP Firewall use: Seconfig XP 1.0 http://seconfig.sytes.net/ (http://www.softpedia.com/progDownloa...oad-39707.html) Seconfig XP is able configure Windows not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139 and 445 (the most exploited Windows networking weak point) closed.) Real-time AV applications - for viral malware. Do not utilize more than one (1) real-time anti-virus scanning engine! Disable the e-mail scanning function during installation (Custom Installation on some AV apps.) as it provides no additional protection. Avira AntiVir® Personal - FREE Antivirus http://www.free-av.com/ You may wish to consider removing the 'AntiVir Nagscreen' http://www.elitekiller.com/files/dis...ntivir_nag.htm or Free antivirus - avast! 4 Home Edition It includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology. http://www.avast.com/eng/avast_4_home.html (Choose Custom Installation and under Resident Protection, uncheck: Internet Mail and Outlook/Exchange.) or AVG Anti-Virus Free Edition http://free.grisoft.com/ (Choose custom install and untick the email scanner plugin.) Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail http://thundercloud.net/infoave/tuto...ning/index.htm On-demand AV applications. (add them to your arsenal and use them as a "second opinion" av scanner). David H. Lipman's MULTI_AV Tool http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe http://www.pctipp.ch/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/...irus-for-free/ Additional Instructions: http://pcdid.com/Multi_AV.htm and/or BitDefender10 Free Edition http://www.bitdefender.com/PRODUCT-1...e-Edition.html A-S applications - for non-viral malware. The effectiveness of an individual A-S scanners can be wide-ranging and oftentimes a collection of scanners is best. There isn't one software that cleans and immunizes you against everything. That's why you need multiple products to do the job i.e. overlap their coverage - one may catch what another may miss, (grab'em all). SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html and Ad-Aware 2007 - Free http://www.lavasoftusa.com/products/ad_aware_free.php http://www.download.com/3000-2144-10045910.html and Spybot Search & Destroy - Free http://www.safer-networking.org/en/download/index.html and Windows Defender - Free http://www.microsoft.com/athome/secu...e/default.mspx WD monitors the start-registry and hooks registers/files to prevent spyware and worms to install to the OS. Interesting reading: http://www.pcworld.com/article/id,136195/article.html "...Windows Defender did excel in behavior-based protection, which detects changes to key areas of the system without having to know anything about the actual threat." This may solve your original problem: System Restore for Windows XP http://www.kellys-korner-xp.com/xp_restore.htm And routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html Hundreds Click on 'Click Here to Get Infected' Ad http://www.eweek.com/article2/0,1895,2132447,00.asp Good luck |
#26
|
|||
|
|||
System Restore Keeping Only One Restore Point
"Danno" wrote in message
news:jF0_j.291776$pM4.35271@pd7urf1no... Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? I believe it happens whenever a new service pack is installed. |
#27
|
|||
|
|||
System Restore Keeping Only One Restore Point
Daave wrote:
"Danno" wrote in message news:jF0_j.291776$pM4.35271@pd7urf1no... Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? I believe it happens whenever a new service pack is installed. OR some huge program, possibly like Office, for example. Actually, in retrospect, perhaps it's not out of fhe question, after installs of very large programs. So maybe he did that (installed either a SP or Office, or whatever) |
#28
|
|||
|
|||
System Restore Keeping Only One Restore Point
"Bill in Co." wrote in message
... Daave wrote: "Danno" wrote in message news:jF0_j.291776$pM4.35271@pd7urf1no... Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? I believe it happens whenever a new service pack is installed. OR some huge program, possibly like Office, for example. Actually, in retrospect, perhaps it's not out of fhe question, after installs of very large programs. So maybe he did that (installed either a SP or Office, or whatever) It's not out of the question whatsoever; I'm sure that's what happened. However, one thing *does* puzzle me, from the original post: I've turned off System Restore, re-booted... then turned on System Restore and re-booted again. But it's still the same. Shouldn't this have taken care of the (presumably older) huge restore points? And Danno, regarding your two largest restore points (627 MB and 567 MB), what are their dates? Can you manually move them to another location (in the event you don't want to delete them right away)? |
#29
|
|||
|
|||
System Restore Keeping Only One Restore Point
All 4 restore points that I've discussed here are all from the same date....
yesterday. I have not installed anything large at all in the recent past. So those huge restore points are not old ones, they are from only yesterday. I can manually move them I suppose, but do I dare? Do you mean place them on the desktop for now, or something like that? Do I dare... or should I just let SR take care of them in due course? "Daave" wrote in message ... "Bill in Co." wrote in message ... Daave wrote: "Danno" wrote in message news:jF0_j.291776$pM4.35271@pd7urf1no... Hi Bill in Co., Yeah, those two huge SR files are ginormous. I'm really interested in two things he First, what in hell would cause SR to store files that big? I believe it happens whenever a new service pack is installed. OR some huge program, possibly like Office, for example. Actually, in retrospect, perhaps it's not out of fhe question, after installs of very large programs. So maybe he did that (installed either a SP or Office, or whatever) It's not out of the question whatsoever; I'm sure that's what happened. However, one thing *does* puzzle me, from the original post: I've turned off System Restore, re-booted... then turned on System Restore and re-booted again. But it's still the same. Shouldn't this have taken care of the (presumably older) huge restore points? And Danno, regarding your two largest restore points (627 MB and 567 MB), what are their dates? Can you manually move them to another location (in the event you don't want to delete them right away)? |
#30
|
|||
|
|||
System Restore Keeping Only One Restore Point
"Danno" wrote in message
news:x1%Zj.163103$Cj7.93855@pd7urf2no... Event Type: Information Event Source: SRService Event Category: None Event ID: 107 Date: 5/22/2008 Time: 3:37:36 AM User: N/A Computer: DANS-COMPUTER Description: The System Restore service has been suspended because there is not enough disk space available on the drive \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will automatically resume service once at least 200 MB of free disk space is available on the system drive. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Something's not adding up! In another post, you said you had 25 GB of free space on your hard drive! So why does System Restore think you have less than 1 GB?! Also, have a look at this page: http://bertk.mvps.org/html/drivedisable.html How many available drives do you have? (Look in the System Restore tab of System Properties.) Gerry asked earlier if there was another drive you were using SR (inadvertently) on. Let's be clear on that issue! If nothing else works, perhaps you should reinstall System Resto http://bertk.mvps.org/html/reinstall.html |
Thread Tools | |
Display Modes | |
|
|