System Restore folder using enormous amount of memory

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a 40GB internal hard drive using Windows XP Home. The System Restore
folder on the C drive is using up approximately 20GB. The settings indicate
that it should use 6%, or about 2400 MB. How do I reclaim all this memory
and prevent this from happening again?
 
You can delete all restore points except for the most recent by running
Accessories > System Tools > Disk Cleanup > Select the drive > More Options
 
Thanks for the suggestion, but unfortunately it didn't work. Any other ideas?

Some other info that may help:
Looking at the properties of the _RESTORE folder, it says 19.7 GB (20.7 on
disk), containing 63,968 files on 5 folders. I have the folder view set to
show hidden files and folders, but I only see 4 files in the folder,
totalling 64 KB.
 
Dan M79892 said ...
Thanks for the suggestion, but unfortunately it didn't work. Any other ideas?

Some other info that may help:
Looking at the properties of the _RESTORE folder, it says 19.7 GB (20.7 on
disk), containing 63,968 files on 5 folders. I have the folder view set to
show hidden files and folders, but I only see 4 files in the folder,
totalling 64 KB.
Click to expand...
I had exactly the same problem a few months ago when I noticed that I
only had about 10GB left of my 80GB disk and yet there were few restore
points or files. Turning off system restore solved the problem and
handed back the space. however, when I switched Restore on again I
started to lose disk space at a rate of about 0.7GB every time I re-
booted, yet there were no extra restore points. No-one on this forum or
on my PC provider's very helpful help desk could help me I'm afraid and
I've just left System Restore switched off for the past few months - not
good, I know, but at least it resolves this immediate problem.

So if someone else can resolve this I, too, will be delighted. One
suggestion was that I had somehow had a rootkit of some kind installed
on my PC which might have been eating up disk space, but this turned out
to be not the case after investigation.
 
Go the System Restore and move the allocation slider down to a more
reasonable value, perhaps 800 Meg ->1.2 Gigabytes. System Restore
isn't really a viable undo option beyond a week or so. Lowering the slider
(allocation) should push off the older points and reduce the size of the
folder. If that doesn't work your only option is to turn it off (SR) reboot
check size and then re-enable it to start fresh.
 
R. McCarty said ...
Go the System Restore and move the allocation slider down to a more
reasonable value, perhaps 800 Meg ->1.2 Gigabytes. System Restore
isn't really a viable undo option beyond a week or so. Lowering the slider
(allocation) should push off the older points and reduce the size of the
folder. If that doesn't work your only option is to turn it off (SR) reboot
check size and then re-enable it to start fresh.
Click to expand...

I really hope that helps the OP - for me, it did not help and no matter
what I have done, regular as clockwork, system restore adds what is
probably the size you suggest each time I boot the system! So that's
why I have given up on system restore - and I don't waht to have to
rebuild my PC which nowe seems to be the only optio. Interesting if
other people are having the same problem, though - more chance of
someone finding out what it's all about, I guess.
 
To disable it and remove the content, Use Services.Msc and set the
System Restore service to disabled. Boot to Safe Mode, Right Click
the System Volume Information Folder, Click Properties, Security,
Add Administrator and grant Administrator Full Privileges. Reboot
back to normal mode and purge the contents of SVI.
 
R. McCarty said ...
To disable it and remove the content, Use Services.Msc and set the
System Restore service to disabled. Boot to Safe Mode, Right Click
the System Volume Information Folder, Click Properties, Security,
Add Administrator and grant Administrator Full Privileges. Reboot
back to normal mode and purge the contents of SVI.
Click to expand...
I shall try that. thanks.
 
Wilf said ...
R. McCarty said ...
I shall try that. thanks.
Click to expand...
Did it and then switched SR back on and also created a manual restore
point - there are therefore two restore points.
This is what happened subsequently:
Properties of C: says 29.8GB used
Rebooted
C: has now used 30.6GB. Properties of SVI shows it's used 882MB
Rebooted
C: has now used 31.4GB. SVI has used 1.61GB

looking in SVI, there is one sub-directory _restore{2C64a etc. }
Within _restore, there are two subdirectories, RP2 and RP3.

The contents of RP2 do not change from boot to boot.
The contents of RP3 keep getting added to on each reboot - not its
subdirectories snapshot, repository and FS, but files keep getting added
directly to RP3 as follows - about 12 or 13 files with the largest being
A0000034.sys and similarly named which is 785,348KB. Each reboot,
another set of files is added, with another Axxxxxx.sys file of around
780MB.
 
The module naming sounds suspiciously like Malware. Coders seem to
use incremental numbering schemes. I'm guessing, but it seems to me
that your PC has Virus/Trojan/Malware attempting to replicate from the
SR point folders. I would download SysInternals FileMon program &
monitor it for a while and create a manual Restore Point.
 
R. McCarty said ...
The module naming sounds suspiciously like Malware. Coders seem to
use incremental numbering schemes. I'm guessing, but it seems to me
that your PC has Virus/Trojan/Malware attempting to replicate from the
SR point folders. I would download SysInternals FileMon program &
monitor it for a while and create a manual Restore Point.
Click to expand...
thanks, have downloaded filemon - but what am I looking for in its log
and why create another manual restore point?
 
R. McCarty said ...
The module naming sounds suspiciously like Malware. Coders seem to
use incremental numbering schemes. I'm guessing, but it seems to me
that your PC has Virus/Trojan/Malware attempting to replicate from the
SR point folders. I would download SysInternals FileMon program &
monitor it for a while and create a manual Restore Point.
Click to expand...
ok, downloaded filemon. created a new restore point - I notice that the
inncremental files are now being added to the new RP4 directory - i.e.
the latest restore point (I assume). What should I be looking for in
the filemon log, though?
 
FileMon will show the ownership process that creates or accesses
a file. The intent was to see if SR was adding the .Sys module or a
another "Rogue" process was doing it. In other words, Filemon will
create a running log - by doing a manual Restore Point you can go
back through the Filemon log and locate the creation of this 800
megabyte file and the process that created it. Use the Right edge
Scroll bar to review the log file.
 
R. McCarty said ...
FileMon will show the ownership process that creates or accesses
a file. The intent was to see if SR was adding the .Sys module or a
another "Rogue" process was doing it. In other words, Filemon will
create a running log - by doing a manual Restore Point you can go
back through the Filemon log and locate the creation of this 800
megabyte file and the process that created it. Use the Right edge
Scroll bar to review the log file.
Click to expand...
understood ... but ... the changes seem to happen either on closedown or
on startup at which time filemon won't be running. Unless you can tell
me how I can have filemon running at those times - I can obviously keep
filemon running as I close down but of course it will get stiopped at
some point and its log gets lost if I haven't savwed it (v large log to
say the least!!).
 
R. McCarty said ...
OK, I was under the impression that a manual Restore Point would
also create your .Sys file. If it only occurs at Power states then Filemon
won't be a great help. At this point I would probably run all of the
on-line tools below:

(Turn Off System Restore, while running these in the following order)
http://www.pandasoftware.com/produc...5D4-4DA2-B310-B1DBEC2971F2}&NRCACHEHINT=Guest
http://www.webroot.com/services/spyaudit_03.htm
http://www.trendmicro.com/spyware-scan/
Click to expand...
alright, thanks - I have run most of these plus spybot, adaware,
microsoft antispyware. Haven't run webroot, though. Will try all in
your suggested order.
 
Hi Wilf,

Stop System Restore from monitoring all drives/partitions other than the
one Windows is installed on.

Disable SR and then enable it. If the SVI folder grows to the previous
large sized use Windows Explorer in Details view and look for any large
files or folders. Post the name(s) of the largest here so we can take a
look.

Also, when you open the SVI folder do you see a file by the name
catalog.wci ? And if so what is it's size.


--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
 
Bert Kinney said ...
Hi Wilf,

Stop System Restore from monitoring all drives/partitions other than the
one Windows is installed on.

Disable SR and then enable it. If the SVI folder grows to the previous
large sized use Windows Explorer in Details view and look for any large
files or folders. Post the name(s) of the largest here so we can take a
look.

Also, when you open the SVI folder do you see a file by the name
catalog.wci ? And if so what is it's size.
Click to expand...
Hi Bert. I re-started restore and confined it to c: only. Before
booting, there was a RP1 directory under _restore. This had a few files
in it and directories snapshot/repositories/fs. All not very large.

After reboot, the subdirectories are as were but RP1 now has about a
dozen more files in it mostly of the form A000000x.yyy where x is a
digit or digits and yyy is sys or ini or RDB etc. Other files include
restorepointsize
rp.log
change.log
change.log.1
A0000001.RDB (2811KB)
A0000012.RDB (also 2811KB)


Most of the the A-----.ini files contain this text

"
[.ShellClassInfo]
[email protected],-21774
"

But one ini file contains a whole lot more - it's long and I have
reproduced below this message.

The largest file is A0000006.sys which is 785,348KB.

If I reboot I'll get a whole set more of similar files with another file
of the form A-----.sys at around the same 785MB.

There is no catalog.wci

My PC is a HP t660-uk with 512MB memory and Win XP Home SP2.





=======
Contents of A0000010.ini

[{034B1CC0_3FE2_11d4_B45E_0001023A704C}]
= "{E5E45C60-4832-11d4-9733-444553540001}"

[{E5E45C60-4832-11d4-9733-444553540001}]
= "{E5E45C61_4832_11d4_9733_444553540001}"
= "{E5E45C62_4832_11d4_9733_444553540001}"
= "{E5E45C63_4832_11d4_9733_444553540001}"
= "{E5E45C64_4832_11d4_9733_444553540001}"
= "{E5E45C65_4832_11d4_9733_444553540001}"
= "{E5E45C66_4832_11d4_9733_444553540001}"
= "{E5E45C67_4832_11d4_9733_444553540001}"
= "{E5E45C68_4832_11d4_9733_444553540001}"
= "{E5E45C69_4832_11d4_9733_444553540001}"
= "{E5E45C70_4832_11d4_9733_444553540001}"

[{E5E45C61_4832_11d4_9733_444553540001}]
PATH = "led.dll"
OUT1 = "{E5E45C62_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C65_4832_11d4_9733_444553540001},IN_3"
CONF = "{LED_CONF}"

[{E5E45C62_4832_11d4_9733_444553540001}]
PATH = "USB.dll"
OUT1 = "{E5E45C64_4832_11d4_9733_444553540001},IN_1"

[{E5E45C63_4832_11d4_9733_444553540001}]
PATH = "ps2.dll"
OUT1 = "{E5E45C64_4832_11d4_9733_444553540001},IN_1"

[{E5E45C64_4832_11d4_9733_444553540001}]
PATH = "msg.dll"
OUT1 = "{E5E45C65_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"

[{E5E45C65_4832_11d4_9733_444553540001}]
PATH = "osd.dll"
OUT1 = "{E5E45C66_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C66_4832_11d4_9733_444553540001},IN_3"
CONF = "{OSD_CONF}"

[{E5E45C66_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C67_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C67_4832_11d4_9733_444553540001},IN_3"
PATH = "sct.dll"

[{E5E45C67_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C68_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"
OUT3 = "{E5E45C68_4832_11d4_9733_444553540001},IN_3"
PATH = "onl.dll"
CONF = "{ONL_CONF}"

[{E5E45C68_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C69_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"
OUT3 = "{E5E45C69_4832_11d4_9733_444553540001},IN_3"
PATH = "aol.dll"
CONF = "{AOL_CONF}"

[{E5E45C69_4832_11d4_9733_444553540001}]
PATH = "url.dll"

[{E5E45C70_4832_11d4_9733_444553540001}]
PATH = "cfg.dll"
OUT3 = "{E5E45C61_4832_11d4_9733_444553540001},IN_3"

[{LED_CONF}]
HiPower = "0"
Generic = "1"
OnLine = "0"
Interval = "1000"
Delay = "10000"

[{OSD_CONF}]
DISP = "1"
Size = "48"
= "FONT_SIZE"
Font = ""
= "FONT_LOCAL"
Color = "15915206"
ELAPSE = "1000"

[FONT_LOCAL]
Font = "Arial"

[{ONL_CONF}]
OverRide = "0"
Installed = "1"

[{AOL_CONF}]
OverRide = "0"
Installed = "0"

[ButtonIDs]
1 = "System_Power_Down"
2 = "System_Sleep"
3 = "System_Wake"
4 = "Scan_Next_Track"
5 = "Scan_Prev_Track"
6 = "Stop"
7 = "Eject"
8 = "Play_Pause"
9 = "Volume"
10 = "Consumer_Mute"
11 = "Led_Online"
12 = "Led_Generic"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance_Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "Hp"
27 = "Shortcut_Shortcut1"
28 = "Shortcut_Shortcut2"
29 = "Shortcut_Help"
30 = "Extra_1"
31 = "Extra_2"
32 = "Extra_3"
33 = "Extra_4"
34 = "Extra_5"
35 = "Feature_Power"
36 = "Shortcut_Shortcut"
37 = "Music"
38 = "Shortcut_Pictures"
39 = "G2_Internet"
40 = "G2_Search"
41 = "G2_Help"
42 = "G1_Suspend"
43 = "G1_Internet"
44 = "G1_Information"
45 = "O3_Help"
46 = "O3_Shortcut1"
47 = "O3_Shortcut2"
48 = "O3_Shortcut3"
49 = "O3_Search"
50 = "O3_Internet"
51 = "O3_E-Mail"
52 = "Switch_User"
53 = "Eject2"
54 = "Record"
55 = "Video"
64 = "MSG KBD BL SD"
65 = "MSG MOUSE BL SD"
73 = "Replace Battery"
74 = "Battery Dead"
75 = "Remind me later"
76 = "Dialog OK"
77 = "Dialog Help"

[Version]
HP = "0"
Shopping = "0"
Entertainment = "0"
Sports = "0"
Finance = "0"
Finance_Weather = "0"
Connect = "0"
Search = "0"
People = "0"
Chat = "0"
E-Mail = "0Z"

[Static]
HP = "c:\HP\KBD\static\EN\hp.htm"
Shopping = "c:\HP\KBD\static\EN\shopping.htm"
Sports = "c:\HP\KBD\static\EN\sports.htm"
Entertainment = "c:\HP\KBD\static\EN\entertainment.htm"
Finance = "c:\HP\KBD\static\EN\finance.htm"
Finance_Weather = "c:\HP\KBD\static\EN\finance.htm"
Connect = "c:\HP\KBD\static\EN\connect.htm"
Search = "c:\HP\KBD\static\EN\search.htm"
People = "c:\HP\KBD\static\EN\people.htm"
Chat = "c:\HP\KBD\static\EN\chat.htm"
E-Mail = "c:\HP\KBD\static\EN\EMail.htm"

[Prefix]
HP = "http://pavilion.buttonredirect.hp.com/2.0/h-p"
Shopping = "http://pavilion.buttonredirect.hp.com/2.0/shopping"
Sports = "http://pavilion.buttonredirect.hp.com/2.0/sports"
Entertainment = "http://pavilion.buttonredirect.hp.com/entertainment"
Finance = "http://pavilion.buttonredirect.hp.com/2.0/finance"
Finance_Weather = "http://pavilion.buttonredirect.hp.com/2.0/finance"
Connect = "http://pavilion.buttonredirect.hp.com/2.0/connect"
Search = "http://pavilion.buttonredirect.hp.com/2.0/search"
People = "http://pavilion.buttonredirect.hp.com/people"
Chat = "http://pavilion.buttonredirect.hp.com/2.0/chat"
E-Mail = "http://pavilion.buttonredirect.hp.com/2.0/email"

[CurrentKey]
HP = "HP|/uhttp://www.hp.com"
Shopping = "Shopping|/sshopping"
Sports = "Sports|/ssports"
Entertainment = "Entertainment|/uhttp://www.hp.com"
Finance = "Finance|/uhttp://www.hp.com"
Finance_Weather = "Finance|/sfinance"
Connect = "Connect|/swelcome"
Search = "Search|/uhttp://www.hp.com"
People = "People|/uhttp://www.hp.com"
Chat = "Chat|/uhttp://www.yahoo.com"
E-Mail = "AOL E-Mail|/uhttp://mail.yahoo.co.uk"

[CurrentUrl]
HP = "HP|http://www.hp.com"
Shopping = "Shopping|http://www.yahoo.com/p/hp/us/?
http://shopping.yahoo.com"
Sports = "Sports|http://www.espn.com"
Entertainment = "Entertainment|http://www.hp.com"
Finance = "Finance|http://www.hp.com"
Finance_Weather = "Finance|http://www.money.com"
Connect = "Connect|http://www.yahoo.com/p/hp/us/?http://hp.my.yahoo.com"
Search = "Search|http://www.hp.com"
Chat = "Chat|http://www.hp.com"
People = "People|http://www.hp.com"
E-Mail = "E-Mail|https://edit.europe.yahoo.com/config/login?.partner=bt-
1&.intl=uk&.src=&.done=http://bt.yahoo.com/?"

[CurrentSct]
FIND = "Find file or folder"
PRINT = "Print Document"
FAX = "Fax Document"
SHORTCUT_HELP = "Help|c:\windows\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -
mode c:\windows\pchealth\helpctr/vendors/cn=hewlett-
packard,l=cupertino,s=ca,c=us/hp/misc/hscfullscreen.xml -url
hcp://services/centers/homepage"
SHORTCUT_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
SHORTCUT_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_SHORTCUT = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
MUSIC = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_PICTURES = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_HELP = "Help"
O3_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
O3_SHORTCUT3 = "Notepad|c:\windows\notepad.exe"
SWITCH_USER = "Switch User|"
RECORD = "Record|%PROGRAMFILES%\Sonic RecordNow!\RecordNow.exe"
VIDEO = "Video|%PROGRAMFILES%\Movie Maker\moviemk.exe"

[ButtonNames]
1 = "SYSTEM POWER DOWN"
2 = "SYSTEM SLEEP"
3 = "SYSTEM WAKE"
4 = "Scan Next Track"
5 = "Scan Prev Track"
6 = "Stop"
7 = "Eject"
8 = "Play/Pause"
9 = "Volume"
10 = "Mute"
11 = "MSG LED ONLINE"
12 = "MSG LED GENERIC"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance\Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "HP"
27 = "Shortcut 1"
28 = "Shortcut 2"
29 = "Help"
30 = "EXTRA 1"
31 = "EXTRA 2"
32 = "EXTRA 3"
33 = "EXTRA 4"
34 = "EXTRA 5"
35 = "FEATURE POWER"
36 = "Shortcut"
37 = "Music"
38 = "Photo"
39 = "Internet"
40 = "Search"
41 = "Help"
42 = "G1 SUSPEND"
43 = "Internet"
44 = "Information"
45 = "Help"
46 = "Shortcut 1"
47 = "Shortcut 2"
48 = "Shortcut3"
49 = "Search"
50 = "Internet"
51 = "E-Mail"
52 = "Switch User"
53 = "Eject 2"
54 = "Record"
55 = "Video"
64 = "MSG KBD BL SD"
65 = "MSG MOUSE BL SD"
73 = "Replace Battery"
74 = "Battery Dead"
75 = "Remind me later"
76 = "Dialog OK"
77 = "Dialog Help"

[ButtonType]
1 = "0"
2 = "0"
3 = "0"
4 = "1"
5 = "1"
6 = "1"
7 = "1"
8 = "1"
9 = "1"
10 = "1"
11 = "0"
12 = "0"
13 = "2|3"
14 = "2"
15 = "2|3"
16 = "2"
17 = "2|3"
18 = "2|3"
19 = "2|3"
20 = "2"
21 = "2|3"
22 = "2|3"
23 = "4"
24 = "1"
25 = "4"
26 = "1"
27 = "4"
28 = "4"
29 = "4"
30 = "1"
31 = "1"
32 = "1"
33 = "1"
34 = "0"
35 = "0"
36 = "4"
37 = "4"
38 = "4"
39 = "2"
40 = "2"
41 = "2"
42 = "0"
43 = "2"
44 = "2"
45 = "4"
46 = "4"
47 = "4"
48 = "4"
49 = "2"
50 = "2"
51 = "2"
52 = "4"
53 = "1"
54 = "4"
55 = "4"
64 = "1"
65 = "1"
73 = "1"
74 = "1"
75 = "1"
76 = "1"
77 = "1"

[ButtonLable]
= "OSD_MESSAGE"

[OSD_MESSAGE]
0 = "MSG_NONE"
1 = "MSG_SYSTEM_POWER_DOWN"
2 = "MSG_SYSTEM_SLEEP"
3 = "MSG_SYSTEM_WAKE"
4 = "Scan Next Track"
5 = "Scan Prev Track"
6 = "Stop"
7 = "Eject"
8 = "Play/Pause"
9 = "Volume"
10 = "Mute"
11 = "MSG_LED_ONLINE"
12 = "MSG_LED_GENERIC"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance/Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People/News"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "HP"
27 = "HP Image Zone Plus"
28 = "iTunes"
29 = "Help"
30 = "MSG_EXTRA_1"
31 = "Replace your wireless mouse battery!"
32 = "Replace your wireless keyboard battery!"
33 = "MSG_EXTRA_4"
34 = "MSG_EXTRA_5"
35 = "MSG_FEATURE_POWER"
36 = "HP Image Zone Plus"
37 = "iTunes"
38 = "HP Image Zone Plus"
39 = "Internet"
40 = "Search"
41 = "Help"
42 = "MSG_G1_SUSPEND"
43 = "Internet"
44 = "Information"
45 = "Help"
46 = "HP Image Zone Plus"
47 = "iTunes"
48 = "Shortcut 3"
49 = "Search"
50 = "Internet"
51 = "E-Mail"
52 = "Switch-User"
53 = "Eject"
54 = "Record"
55 = "Video"
64 = "The wireless mouse will no longer operate. Replace the battery
now!"
65 = "The wireless keyboard will no longer operate. Replace the battery
now!"
73 = "Replace battery"
74 = "Battery dead"
75 = "Remind me later"
76 = "OK"
77 = "Help"

[MuteValue]
ON = "On"
OFF = "Off"

[{76442100-93BF-11d4-986D-0010B575F315}]
OSD = "{OSD_CONF}"
LED = "{LED_CONF}"
ONL = "{ONL_CONF}"
AOL = "{AOL_CONF}"

[DefaultSct]
FIND = "Find file or folder"
PRINT = "Print Document"
FAX = "Fax Document"
SHORTCUT_HELP = "Help|c:\windows\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -
mode c:\windows\pchealth\helpctr/vendors/cn=hewlett-
packard,l=cupertino,s=ca,c=us/hp/misc/hscfullscreen.xml -url
hcp://services/centers/homepage"
SHORTCUT_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
SHORTCUT_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_SHORTCUT = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
MUSIC = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_PICTURES = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_HELP = "Help"
O3_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
O3_SHORTCUT3 = "Notepad|c:\windows\notepad.exe"
SWITCH_USER = "Switch User"
RECORD = "Record|%PROGRAMFILES%\Sonic RecordNow!\RecordNow.exe"
VIDEO = "Video|%PROGRAMFILES%\Movie Maker\moviemk.exe"

[DefaultUrl]
HP = "HP|http://www.hp.com"
Shopping = "Shopping|http://www.yahoo.com/p/hp/us/?
http://shopping.yahoo.com"
Sports = "Sports|http://www.espn.com"
Entertainment = "Entertainment|http://www.hp.com"
Finance = "Finance|http://www.hp.com"
Finance_Weather = "Finance|http://www.money.com"
Connect = "Connect|http://www.yahoo.com/p/hp/us/?http://hp.my.yahoo.com"
Search = "Search|http://www.hp.com"
Chat = "Chat|http://www.hp.com"
People = "People|http://www.hp.com"
E-Mail = "E-Mail|http://www.hp.com"

[DefaultKey]
HP = "HP|/uhttp://www.hp.com"
Shopping = "Shopping|/sshopping"
Sports = "Sports|/ssports"
Entertainment = "Entertainment|/uhttp://www.hp.com"
Finance = "Finance|/uhttp://www.hp.com"
Finance_Weather = "Finance|/sfinance"
Connect = "Connect|/swelcome"
Search = "Search|/uhttp://www.hp.com"
People = "People|/uhttp://www.hp.com"
Chat = "Chat|/uhttp://www.yahoo.com"
E-Mail = "E-Mail|/uhttp://www.hp.com"

[ButtonCap]
0 = "254"
1 = "183"
2 = "110"
3 = "36"
4 = "104"
5 = "0"
6 = "240"
7 = "0"

[E-MailUrl]
Url0 = "Launching Email|http://mail.yahoo.co.uk"

[E-MailKey]
Key0 = "Launching Email|/uhttp://mail.yahoo.co.uk"

===============
 
Bert Kinney said ...
Hi Wilf,

Stop System Restore from monitoring all drives/partitions other than the
one Windows is installed on.

Disable SR and then enable it. If the SVI folder grows to the previous
large sized use Windows Explorer in Details view and look for any large
files or folders. Post the name(s) of the largest here so we can take a
look.

Also, when you open the SVI folder do you see a file by the name
catalog.wci ? And if so what is it's size.
Click to expand...
Thought I'd posted this but I can't see it on the newsgroup so trying
again ...

Hi Bert. I re-started restore and confined it to c: only. Before
booting, there was a RP1 directory under _restore. This had a few files
in it and directories snapshot/repositories/fs. All not very large.

After reboot, the subdirectories are as were but RP1 now has about a
dozen more files in it mostly of the form A000000x.yyy where x is a
digit or digits and yyy is sys or ini or RDB etc. Other files include
restorepointsize
rp.log
change.log
change.log.1
A0000001.RDB (2811KB)
A0000012.RDB (also 2811KB)


Most of the the A-----.ini files contain this text

"
[.ShellClassInfo]
[email protected],-21774
"

But one ini file contains a whole lot more - it's long and I have
reproduced below this message.

The largest file is A0000006.sys which is 785,348KB.

If I reboot I'll get a whole set more of similar files with another file
of the form A-----.sys at around the same 785MB.

There is no catalog.wci

My PC is a HP t660-uk with 512MB memory and Win XP Home SP2.





=======
Contents of A0000010.ini

[{034B1CC0_3FE2_11d4_B45E_0001023A704C}]
= "{E5E45C60-4832-11d4-9733-444553540001}"

[{E5E45C60-4832-11d4-9733-444553540001}]
= "{E5E45C61_4832_11d4_9733_444553540001}"
= "{E5E45C62_4832_11d4_9733_444553540001}"
= "{E5E45C63_4832_11d4_9733_444553540001}"
= "{E5E45C64_4832_11d4_9733_444553540001}"
= "{E5E45C65_4832_11d4_9733_444553540001}"
= "{E5E45C66_4832_11d4_9733_444553540001}"
= "{E5E45C67_4832_11d4_9733_444553540001}"
= "{E5E45C68_4832_11d4_9733_444553540001}"
= "{E5E45C69_4832_11d4_9733_444553540001}"
= "{E5E45C70_4832_11d4_9733_444553540001}"

[{E5E45C61_4832_11d4_9733_444553540001}]
PATH = "led.dll"
OUT1 = "{E5E45C62_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C65_4832_11d4_9733_444553540001},IN_3"
CONF = "{LED_CONF}"

[{E5E45C62_4832_11d4_9733_444553540001}]
PATH = "USB.dll"
OUT1 = "{E5E45C64_4832_11d4_9733_444553540001},IN_1"

[{E5E45C63_4832_11d4_9733_444553540001}]
PATH = "ps2.dll"
OUT1 = "{E5E45C64_4832_11d4_9733_444553540001},IN_1"

[{E5E45C64_4832_11d4_9733_444553540001}]
PATH = "msg.dll"
OUT1 = "{E5E45C65_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"

[{E5E45C65_4832_11d4_9733_444553540001}]
PATH = "osd.dll"
OUT1 = "{E5E45C66_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C66_4832_11d4_9733_444553540001},IN_3"
CONF = "{OSD_CONF}"

[{E5E45C66_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C67_4832_11d4_9733_444553540001},IN_1"
OUT3 = "{E5E45C67_4832_11d4_9733_444553540001},IN_3"
PATH = "sct.dll"

[{E5E45C67_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C68_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"
OUT3 = "{E5E45C68_4832_11d4_9733_444553540001},IN_3"
PATH = "onl.dll"
CONF = "{ONL_CONF}"

[{E5E45C68_4832_11d4_9733_444553540001}]
OUT1 = "{E5E45C69_4832_11d4_9733_444553540001},IN_1"
OUT2 = "{E5E45C70_4832_11d4_9733_444553540001},IN_2"
OUT3 = "{E5E45C69_4832_11d4_9733_444553540001},IN_3"
PATH = "aol.dll"
CONF = "{AOL_CONF}"

[{E5E45C69_4832_11d4_9733_444553540001}]
PATH = "url.dll"

[{E5E45C70_4832_11d4_9733_444553540001}]
PATH = "cfg.dll"
OUT3 = "{E5E45C61_4832_11d4_9733_444553540001},IN_3"

[{LED_CONF}]
HiPower = "0"
Generic = "1"
OnLine = "0"
Interval = "1000"
Delay = "10000"

[{OSD_CONF}]
DISP = "1"
Size = "48"
= "FONT_SIZE"
Font = ""
= "FONT_LOCAL"
Color = "15915206"
ELAPSE = "1000"

[FONT_LOCAL]
Font = "Arial"

[{ONL_CONF}]
OverRide = "0"
Installed = "1"

[{AOL_CONF}]
OverRide = "0"
Installed = "0"

[ButtonIDs]
1 = "System_Power_Down"
2 = "System_Sleep"
3 = "System_Wake"
4 = "Scan_Next_Track"
5 = "Scan_Prev_Track"
6 = "Stop"
7 = "Eject"
8 = "Play_Pause"
9 = "Volume"
10 = "Consumer_Mute"
11 = "Led_Online"
12 = "Led_Generic"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance_Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "Hp"
27 = "Shortcut_Shortcut1"
28 = "Shortcut_Shortcut2"
29 = "Shortcut_Help"
30 = "Extra_1"
31 = "Extra_2"
32 = "Extra_3"
33 = "Extra_4"
34 = "Extra_5"
35 = "Feature_Power"
36 = "Shortcut_Shortcut"
37 = "Music"
38 = "Shortcut_Pictures"
39 = "G2_Internet"
40 = "G2_Search"
41 = "G2_Help"
42 = "G1_Suspend"
43 = "G1_Internet"
44 = "G1_Information"
45 = "O3_Help"
46 = "O3_Shortcut1"
47 = "O3_Shortcut2"
48 = "O3_Shortcut3"
49 = "O3_Search"
50 = "O3_Internet"
51 = "O3_E-Mail"
52 = "Switch_User"
53 = "Eject2"
54 = "Record"
55 = "Video"
64 = "MSG KBD BL SD"
65 = "MSG MOUSE BL SD"
73 = "Replace Battery"
74 = "Battery Dead"
75 = "Remind me later"
76 = "Dialog OK"
77 = "Dialog Help"

[Version]
HP = "0"
Shopping = "0"
Entertainment = "0"
Sports = "0"
Finance = "0"
Finance_Weather = "0"
Connect = "0"
Search = "0"
People = "0"
Chat = "0"
E-Mail = "0Z"

[Static]
HP = "c:\HP\KBD\static\EN\hp.htm"
Shopping = "c:\HP\KBD\static\EN\shopping.htm"
Sports = "c:\HP\KBD\static\EN\sports.htm"
Entertainment = "c:\HP\KBD\static\EN\entertainment.htm"
Finance = "c:\HP\KBD\static\EN\finance.htm"
Finance_Weather = "c:\HP\KBD\static\EN\finance.htm"
Connect = "c:\HP\KBD\static\EN\connect.htm"
Search = "c:\HP\KBD\static\EN\search.htm"
People = "c:\HP\KBD\static\EN\people.htm"
Chat = "c:\HP\KBD\static\EN\chat.htm"
E-Mail = "c:\HP\KBD\static\EN\EMail.htm"

[Prefix]
HP = "http://pavilion.buttonredirect.hp.com/2.0/h-p"
Shopping = "http://pavilion.buttonredirect.hp.com/2.0/shopping"
Sports = "http://pavilion.buttonredirect.hp.com/2.0/sports"
Entertainment = "http://pavilion.buttonredirect.hp.com/entertainment"
Finance = "http://pavilion.buttonredirect.hp.com/2.0/finance"
Finance_Weather = "http://pavilion.buttonredirect.hp.com/2.0/finance"
Connect = "http://pavilion.buttonredirect.hp.com/2.0/connect"
Search = "http://pavilion.buttonredirect.hp.com/2.0/search"
People = "http://pavilion.buttonredirect.hp.com/people"
Chat = "http://pavilion.buttonredirect.hp.com/2.0/chat"
E-Mail = "http://pavilion.buttonredirect.hp.com/2.0/email"

[CurrentKey]
HP = "HP|/uhttp://www.hp.com"
Shopping = "Shopping|/sshopping"
Sports = "Sports|/ssports"
Entertainment = "Entertainment|/uhttp://www.hp.com"
Finance = "Finance|/uhttp://www.hp.com"
Finance_Weather = "Finance|/sfinance"
Connect = "Connect|/swelcome"
Search = "Search|/uhttp://www.hp.com"
People = "People|/uhttp://www.hp.com"
Chat = "Chat|/uhttp://www.yahoo.com"
E-Mail = "AOL E-Mail|/uhttp://mail.yahoo.co.uk"

[CurrentUrl]
HP = "HP|http://www.hp.com"
Shopping = "Shopping|http://www.yahoo.com/p/hp/us/?
http://shopping.yahoo.com"
Sports = "Sports|http://www.espn.com"
Entertainment = "Entertainment|http://www.hp.com"
Finance = "Finance|http://www.hp.com"
Finance_Weather = "Finance|http://www.money.com"
Connect = "Connect|http://www.yahoo.com/p/hp/us/?http://hp.my.yahoo.com"
Search = "Search|http://www.hp.com"
Chat = "Chat|http://www.hp.com"
People = "People|http://www.hp.com"
E-Mail = "E-Mail|https://edit.europe.yahoo.com/config/login?.partner=bt-
1&.intl=uk&.src=&.done=http://bt.yahoo.com/?"

[CurrentSct]
FIND = "Find file or folder"
PRINT = "Print Document"
FAX = "Fax Document"
SHORTCUT_HELP = "Help|c:\windows\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -
mode c:\windows\pchealth\helpctr/vendors/cn=hewlett-
packard,l=cupertino,s=ca,c=us/hp/misc/hscfullscreen.xml -url
hcp://services/centers/homepage"
SHORTCUT_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
SHORTCUT_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_SHORTCUT = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
MUSIC = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_PICTURES = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_HELP = "Help"
O3_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
O3_SHORTCUT3 = "Notepad|c:\windows\notepad.exe"
SWITCH_USER = "Switch User|"
RECORD = "Record|%PROGRAMFILES%\Sonic RecordNow!\RecordNow.exe"
VIDEO = "Video|%PROGRAMFILES%\Movie Maker\moviemk.exe"

[ButtonNames]
1 = "SYSTEM POWER DOWN"
2 = "SYSTEM SLEEP"
3 = "SYSTEM WAKE"
4 = "Scan Next Track"
5 = "Scan Prev Track"
6 = "Stop"
7 = "Eject"
8 = "Play/Pause"
9 = "Volume"
10 = "Mute"
11 = "MSG LED ONLINE"
12 = "MSG LED GENERIC"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance\Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "HP"
27 = "Shortcut 1"
28 = "Shortcut 2"
29 = "Help"
30 = "EXTRA 1"
31 = "EXTRA 2"
32 = "EXTRA 3"
33 = "EXTRA 4"
34 = "EXTRA 5"
35 = "FEATURE POWER"
36 = "Shortcut"
37 = "Music"
38 = "Photo"
39 = "Internet"
40 = "Search"
41 = "Help"
42 = "G1 SUSPEND"
43 = "Internet"
44 = "Information"
45 = "Help"
46 = "Shortcut 1"
47 = "Shortcut 2"
48 = "Shortcut3"
49 = "Search"
50 = "Internet"
51 = "E-Mail"
52 = "Switch User"
53 = "Eject 2"
54 = "Record"
55 = "Video"
64 = "MSG KBD BL SD"
65 = "MSG MOUSE BL SD"
73 = "Replace Battery"
74 = "Battery Dead"
75 = "Remind me later"
76 = "Dialog OK"
77 = "Dialog Help"

[ButtonType]
1 = "0"
2 = "0"
3 = "0"
4 = "1"
5 = "1"
6 = "1"
7 = "1"
8 = "1"
9 = "1"
10 = "1"
11 = "0"
12 = "0"
13 = "2|3"
14 = "2"
15 = "2|3"
16 = "2"
17 = "2|3"
18 = "2|3"
19 = "2|3"
20 = "2"
21 = "2|3"
22 = "2|3"
23 = "4"
24 = "1"
25 = "4"
26 = "1"
27 = "4"
28 = "4"
29 = "4"
30 = "1"
31 = "1"
32 = "1"
33 = "1"
34 = "0"
35 = "0"
36 = "4"
37 = "4"
38 = "4"
39 = "2"
40 = "2"
41 = "2"
42 = "0"
43 = "2"
44 = "2"
45 = "4"
46 = "4"
47 = "4"
48 = "4"
49 = "2"
50 = "2"
51 = "2"
52 = "4"
53 = "1"
54 = "4"
55 = "4"
64 = "1"
65 = "1"
73 = "1"
74 = "1"
75 = "1"
76 = "1"
77 = "1"

[ButtonLable]
= "OSD_MESSAGE"

[OSD_MESSAGE]
0 = "MSG_NONE"
1 = "MSG_SYSTEM_POWER_DOWN"
2 = "MSG_SYSTEM_SLEEP"
3 = "MSG_SYSTEM_WAKE"
4 = "Scan Next Track"
5 = "Scan Prev Track"
6 = "Stop"
7 = "Eject"
8 = "Play/Pause"
9 = "Volume"
10 = "Mute"
11 = "MSG_LED_ONLINE"
12 = "MSG_LED_GENERIC"
13 = "Shopping"
14 = "Entertainment"
15 = "Sports"
16 = "Finance/Weather"
17 = "Finance"
18 = "Connect"
19 = "Search"
20 = "People/News"
21 = "Chat"
22 = "E-Mail"
23 = "Find"
24 = "Print"
25 = "Fax"
26 = "HP"
27 = "HP Image Zone Plus"
28 = "iTunes"
29 = "Help"
30 = "MSG_EXTRA_1"
31 = "Replace your wireless mouse battery!"
32 = "Replace your wireless keyboard battery!"
33 = "MSG_EXTRA_4"
34 = "MSG_EXTRA_5"
35 = "MSG_FEATURE_POWER"
36 = "HP Image Zone Plus"
37 = "iTunes"
38 = "HP Image Zone Plus"
39 = "Internet"
40 = "Search"
41 = "Help"
42 = "MSG_G1_SUSPEND"
43 = "Internet"
44 = "Information"
45 = "Help"
46 = "HP Image Zone Plus"
47 = "iTunes"
48 = "Shortcut 3"
49 = "Search"
50 = "Internet"
51 = "E-Mail"
52 = "Switch-User"
53 = "Eject"
54 = "Record"
55 = "Video"
64 = "The wireless mouse will no longer operate. Replace the battery
now!"
65 = "The wireless keyboard will no longer operate. Replace the battery
now!"
73 = "Replace battery"
74 = "Battery dead"
75 = "Remind me later"
76 = "OK"
77 = "Help"

[MuteValue]
ON = "On"
OFF = "Off"

[{76442100-93BF-11d4-986D-0010B575F315}]
OSD = "{OSD_CONF}"
LED = "{LED_CONF}"
ONL = "{ONL_CONF}"
AOL = "{AOL_CONF}"

[DefaultSct]
FIND = "Find file or folder"
PRINT = "Print Document"
FAX = "Fax Document"
SHORTCUT_HELP = "Help|c:\windows\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -
mode c:\windows\pchealth\helpctr/vendors/cn=hewlett-
packard,l=cupertino,s=ca,c=us/hp/misc/hscfullscreen.xml -url
hcp://services/centers/homepage"
SHORTCUT_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
SHORTCUT_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_SHORTCUT = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
MUSIC = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
SHORTCUT_PICTURES = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_HELP = "Help"
O3_SHORTCUT1 = "HP Image Zone Plus|C:\HP\KBD\CreateVF.EXE /HPIZ"
O3_SHORTCUT2 = "iTunes|%PROGRAMFILES%\iTunes\iTunes.exe"
O3_SHORTCUT3 = "Notepad|c:\windows\notepad.exe"
SWITCH_USER = "Switch User"
RECORD = "Record|%PROGRAMFILES%\Sonic RecordNow!\RecordNow.exe"
VIDEO = "Video|%PROGRAMFILES%\Movie Maker\moviemk.exe"

[DefaultUrl]
HP = "HP|http://www.hp.com"
Shopping = "Shopping|http://www.yahoo.com/p/hp/us/?
http://shopping.yahoo.com"
Sports = "Sports|http://www.espn.com"
Entertainment = "Entertainment|http://www.hp.com"
Finance = "Finance|http://www.hp.com"
Finance_Weather = "Finance|http://www.money.com"
Connect = "Connect|http://www.yahoo.com/p/hp/us/?http://hp.my.yahoo.com"
Search = "Search|http://www.hp.com"
Chat = "Chat|http://www.hp.com"
People = "People|http://www.hp.com"
E-Mail = "E-Mail|http://www.hp.com"

[DefaultKey]
HP = "HP|/uhttp://www.hp.com"
Shopping = "Shopping|/sshopping"
Sports = "Sports|/ssports"
Entertainment = "Entertainment|/uhttp://www.hp.com"
Finance = "Finance|/uhttp://www.hp.com"
Finance_Weather = "Finance|/sfinance"
Connect = "Connect|/swelcome"
Search = "Search|/uhttp://www.hp.com"
People = "People|/uhttp://www.hp.com"
Chat = "Chat|/uhttp://www.yahoo.com"
E-Mail = "E-Mail|/uhttp://www.hp.com"

[ButtonCap]
0 = "254"
1 = "183"
2 = "110"
3 = "36"
4 = "104"
5 = "0"
6 = "240"
7 = "0"

[E-MailUrl]
Url0 = "Launching Email|http://mail.yahoo.co.uk"

[E-MailKey]
Key0 = "Launching Email|/uhttp://mail.yahoo.co.uk"

===============
 
Wilf said ...
R. McCarty said ...
alright, thanks - I have run most of these plus spybot, adaware,
microsoft antispyware. Haven't run webroot, though. Will try all in
your suggested order.
Click to expand...
ran all of these. nothing discovered except a registry key for
grokster.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Added memory but only 30% of available memory ever used 4
System Restore 16
System Restore has packed up 12
Really LONG System Restore Times on Two Computers 64
8KB in bad sectors in hard drive 4 months old. 24
Current Disk Size of System Restore? 4
System Restore 1
Full System Backup (bfk) Restore Advice. 10

Back
Top