System Restore Keeping Only One Restore Point

**Gerry** · May 24th 08, 06:25 PM posted to microsoft.public.windowsxp.help_and_support

Danno

How many restore points are you keeping? How large are individual
restore points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Danno** · May 24th 08, 09:38 PM posted to microsoft.public.windowsxp.help_and_support

Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At this
moment, there are 4 restore points from yesterday, and that's it. None of
those were created automatically by the system. As I mentioned, the event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc space
for SR to the maximum. As I mentioned before, I would have hoped that 3% or
1075 MB would have been plenty of space, but apparently not. Anyway, if the
problem is corrected, I'd think I've probably narrowed it down to those two
suspects. I'll consider the problem corrected if, two weeks from now, I can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason for
that? That would explain why 1075Mb isn't enough space to store very many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Bill in Co.** · May 24th 08, 11:11 PM posted to microsoft.public.windowsxp.help_and_support

Those two *extremely large* (600+MB) system restore points sound suspicious,
just as you said. Why not clear them all out (by temporarily turning off
System Restore), and then turn System Resore back on again (and create a
good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None of
those were created automatically by the system. As I mentioned, the event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Danno** · May 24th 08, 11:29 PM posted to microsoft.public.windowsxp.help_and_support

Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in two
things he

First, what in hell would cause SR to store files that big?

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them using
SR itself). It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to do
it... it's just that I'm on a learning curve here. Those files are hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

But ultimately, I'd like to know what's in those files to make them so big.

Dan

"Bill in Co." wrote in message
...
Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Bill in Co.** · May 24th 08, 11:58 PM posted to microsoft.public.windowsxp.help_and_support

Danno wrote:
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in two
things he

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR (and
this I think is a long shot - it was that large because of some HUGE amount
of registry and file changes that were made since the previous restore
point, and it needed that amount of disk space (but I really doubt this
possibility). Well, those are the two possible explanations that come to
mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System Restore
remove them properly (like by the way I mentioned previously), and it will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to
do
it... it's just that I'm on a learning curve here. Those files are hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and probably
would present problems for using the existing restore points that are left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check the
date-time stamps of those two bogus system restore points, and then search
around on your hard drive for any suspicious file or folder activity around
those dates (like the date stamps on files or folders that had changed
somewhere around those dates), to see if something suspicious shows up.
Kind of a long shot, however.

Dan

"Bill in Co." wrote in message
...
Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Danno** · May 25th 08, 01:40 AM posted to microsoft.public.windowsxp.help_and_support

I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Anyway, I assume this wasn't supposed to happen? I wonder if it will happen
again, next time the system automatically creates a restore point. By that
I mean, next time the system creates a restore point automatically and not
as a result of my causing it by downloading something... for example.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just as
an added point of interest, any defrag analysis I do always shows SR as the
most fragmented files on my computer. Is this normal?

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with
this.

Dan

"Bill in Co." wrote in message
...
Danno wrote:
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things he

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System Restore
remove them properly (like by the way I mentioned previously), and it will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders that
had changed somewhere around those dates), to see if something suspicious
shows up. Kind of a long shot, however.

Dan

"Bill in Co." wrote in message
...
Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Kayman[_6_]** · May 25th 08, 01:50 AM posted to microsoft.public.windowsxp.help_and_support

On Sat, 24 May 2008 16:09:10 GMT, Danno wrote:

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a
surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management, double-click Event
Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate the
event description for any indication of the cause of the problem.

I followed the advice and lo and behold, there were descriptions of events
that happened with SR. None of the events actually showed up as "errors",
but none-the-less they described that SR was "suspending" and then
"resuming" due to lack of space allocated and then more space being
re-allocated. I was convinced that 3% or 1076MB would be plenty of space,
but apparently not. If I'm not mistaken though, even when I accidentally
had 12% allocated, SR was still only allowing one restore point.

So I've now allocated 10% of disc space or 3700MB to see what happens. That
is an outrageously huge amount of space to allow, but I have to do it for
now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way
with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work satisfactory then
go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater-it's a gimmick that only gives
the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

Danno,
Prior flushing the System Restore cache download and execute David Lipman's
Multi-AV as suggested in my previous post.
After you completed the av scans with all 4 scanning tools in safe mode,
reboot, in normal mode flush System Restore cache and reboot again.
Good luck.

**Kayman[_6_]** · May 25th 08, 02:02 AM posted to microsoft.public.windowsxp.help_and_support

On Sat, 24 May 2008 09:14:09 -0300, Vincent wrote:

Kayman wrote:

http://www.microsoft.com/technet/tec...l/default.aspx
"Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

snipped childish over-emotive and misinformed rant

Go to...
http://www.sunbelt-software.com/Home...onal-Firewall/

....and follow all the hype created by Sunbelt's *Marketing Department*.

Quote:

Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.

Then read in...
Windows Personal Firewall Analysis
http://www.matousec.com/projects/win...ewalls-ratings

....a more realistic view which obviously was drafted by the head of
Sunbelt's *Operations Department*.

Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

2007-08-07: Here is the response we have received from this vendor:

Quote:

Sunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.

However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.

The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.

Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.

Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.

This (realistic) admission couldn't be more refreshing!

This is pretty eye-opening as well:

Firewall LeakTesting.
Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."

Read and/or listen to the entire conversation and be "educated"

http://www.grc.com/sn/SN-105.htm

Have a wonderful day, Vincent.

**Bill in Co.** · May 25th 08, 02:22 AM posted to microsoft.public.windowsxp.help_and_support

Danno wrote:
I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all
the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Perhaps just for registry database (RDB) (wild guess)?
What are the extensions on the other (normal) ones? Are they similar?

Anyway, I assume this wasn't supposed to happen? I wonder if it will
happen
again, next time the system automatically creates a restore point. By
that
I mean, next time the system creates a restore point automatically and not
as a result of my causing it by downloading something... for example.

System Restore will normally create a checkpoint if you don't (and don't
install anything to force one), typically in 24 hours, or so. So if you
really want to know, just use your computer as normal, turn if off at night,
turn it back on the next day, use it, off again that night, and see if one
has been created by then.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just
as
an added point of interest, any defrag analysis I do always shows SR as
the
most fragmented files on my computer. Is this normal?

I believe I recall seeing something similar, so I expect that is within the
norm. Keep in mind it's around 60 MB, which uses a significant amount of
clusters and sectors, so it's not all that surprising.

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do
with
this.

Dan

"Bill in Co." wrote in message
...
Danno wrote:
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things he

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really
doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System
Restore
remove them properly (like by the way I mentioned previously), and it
will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted
to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and
probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders
that
had changed somewhere around those dates), to see if something suspicious
shows up. Kind of a long shot, however.

Dan

"Bill in Co." wrote in message
...
Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it.
None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space
is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed
on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to
those
two
suspects. I'll consider the problem corrected if, two weeks from now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and
double
click on the error you want to copy. In the window, which appears is
a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR
points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the
problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is
involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it
doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...g/issues/2007/
06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as
transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Danno** · May 25th 08, 02:36 AM posted to microsoft.public.windowsxp.help_and_support

Good question! The other two SR points which seem to be a normal size also
contain .RDB files. One of those normal
SR points contains a single .RDB file and the other normal SR point contains
3 .RDB files. All 4 of them are the same size at 2.84Mb each.... same size
as the 400 .RDB files in the two enormous folders.

"Bill in Co." wrote in message
...
Danno wrote:
I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all
the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Perhaps just for registry database (RDB) (wild guess)?
What are the extensions on the other (normal) ones? Are they similar?

Anyway, I assume this wasn't supposed to happen? I wonder if it will
happen
again, next time the system automatically creates a restore point. By
that
I mean, next time the system creates a restore point automatically and
not
as a result of my causing it by downloading something... for example.

System Restore will normally create a checkpoint if you don't (and don't
install anything to force one), typically in 24 hours, or so. So if
you really want to know, just use your computer as normal, turn if off at
night, turn it back on the next day, use it, off again that night, and see
if one has been created by then.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just
as
an added point of interest, any defrag analysis I do always shows SR as
the
most fragmented files on my computer. Is this normal?

I believe I recall seeing something similar, so I expect that is within
the norm. Keep in mind it's around 60 MB, which uses a significant amount
of clusters and sectors, so it's not all that surprising.

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do
with
this.

Dan

"Bill in Co." wrote in message
...
Danno wrote:
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things he

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore
points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some
HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really
doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble
to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System
Restore
remove them properly (like by the way I mentioned previously), and it
will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted
to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from
playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and
probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders
that
had changed somewhere around those dates), to see if something
suspicious
shows up. Kind of a long shot, however.

Dan

"Bill in Co." wrote in message
...
Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore
points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point.
At
this
moment, there are 4 restore points from yesterday, and that's it.
None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore
will
automatically resume service once at least 200 MB of free disk space
is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed
on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated
disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to
those
two
suspects. I'll consider the problem corrected if, two weeks from
now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

"Gerry" wrote in message
...
Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report
you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and
double
click on the error you want to copy. In the window, which appears is
a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body
of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR
points,
specifically this:

- Check the event logs to investigate System Restore service
errors:

1. Click Start, click Control Panel, and then click "Performance
and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the
problem.

I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed
up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow,
but
I have to do it for now.

I'll let you know. Thanks again!

Danno

"Kayman" wrote in message
...
On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

snip for brevity

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is
involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if
you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it
doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/u...nfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/tec...g/issues/2007/
06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownloa...oad-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as
transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no
additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/dis...ntivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tuto...ning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be
wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/secu...e/default.mspx
WD monitors the start-registry and hooks registers/files to
prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

**Daave** · May 25th 08, 03:35 AM posted to microsoft.public.windowsxp.help_and_support

"Danno" wrote in message
news:jF0_j.291776$pM4.35271@pd7urf1no...
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two things he

First, what in hell would cause SR to store files that big?

I believe it happens whenever a new service pack is installed.

**Bill in Co.** · May 25th 08, 05:26 AM posted to microsoft.public.windowsxp.help_and_support

Daave wrote:
"Danno" wrote in message
news:jF0_j.291776$pM4.35271@pd7urf1no...
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two things he

First, what in hell would cause SR to store files that big?

I believe it happens whenever a new service pack is installed.

OR some huge program, possibly like Office, for example.

Actually, in retrospect, perhaps it's not out of fhe question, after
installs of very large programs. So maybe he did that (installed either
a SP or Office, or whatever)

**Daave** · May 25th 08, 06:16 AM posted to microsoft.public.windowsxp.help_and_support

"Bill in Co." wrote in message
...
Daave wrote:
"Danno" wrote in message
news:jF0_j.291776$pM4.35271@pd7urf1no...
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested
in
two things he

First, what in hell would cause SR to store files that big?

I believe it happens whenever a new service pack is installed.

OR some huge program, possibly like Office, for example.

Actually, in retrospect, perhaps it's not out of fhe question, after
installs of very large programs. So maybe he did that (installed
either a SP or Office, or whatever)

It's not out of the question whatsoever; I'm sure that's what happened.

However, one thing *does* puzzle me, from the original post:

I've turned off System Restore, re-booted... then turned on
System Restore and re-booted again. But it's still the same.

Shouldn't this have taken care of the (presumably older) huge restore
points?

And Danno, regarding your two largest restore points (627 MB and 567
MB), what are their dates? Can you manually move them to another
location (in the event you don't want to delete them right away)?

**Danno** · May 25th 08, 06:25 AM posted to microsoft.public.windowsxp.help_and_support

All 4 restore points that I've discussed here are all from the same date....
yesterday. I have not installed anything large at all in the recent past.
So those huge restore points are not old ones, they are from only yesterday.

I can manually move them I suppose, but do I dare? Do you mean place them
on the desktop for now, or something like that? Do I dare... or should I
just let SR take care of them in due course?

"Daave" wrote in message
...
"Bill in Co." wrote in message
...
Daave wrote:
"Danno" wrote in message
news:jF0_j.291776$pM4.35271@pd7urf1no...
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two things he

First, what in hell would cause SR to store files that big?

I believe it happens whenever a new service pack is installed.

OR some huge program, possibly like Office, for example.

Actually, in retrospect, perhaps it's not out of fhe question, after
installs of very large programs. So maybe he did that (installed
either a SP or Office, or whatever)

It's not out of the question whatsoever; I'm sure that's what happened.

However, one thing *does* puzzle me, from the original post:

I've turned off System Restore, re-booted... then turned on
System Restore and re-booted again. But it's still the same.

Shouldn't this have taken care of the (presumably older) huge restore
points?

And Danno, regarding your two largest restore points (627 MB and 567 MB),
what are their dates? Can you manually move them to another location (in
the event you don't want to delete them right away)?

**Daave** · May 25th 08, 06:38 AM posted to microsoft.public.windowsxp.help_and_support

"Danno" wrote in message
news:x1%Zj.163103$Cj7.93855@pd7urf2no...

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space
is available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Something's not adding up!

In another post, you said you had 25 GB of free space on your hard
drive! So why does System Restore think you have less than 1 GB?!

Also, have a look at this page:

http://bertk.mvps.org/html/drivedisable.html

How many available drives do you have? (Look in the System Restore tab
of System Properties.) Gerry asked earlier if there was another drive
you were using SR (inadvertently) on. Let's be clear on that issue!

If nothing else works, perhaps you should reinstall System Resto

http://bertk.mvps.org/html/reinstall.html

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode