System Restore Keeping Only One Restore Point

[Danno]

Hello,

I have the system restore turned on. The space I've allowed for storage is
3% or 1075 MB.

But System Restore is only keeping one restore point. When it creates
another automatically, it deletes the previous restore point, so
basically, it's of no value right now. If I create a restore point
manually, the previous restore point is kept.... at least right now I have
two restore points from today, because I just created one. But when SR
creates a new restore point automatically, all previous SR points will be
deleted.

I've turned off System Restore, re-booted... then turned on System Restore
and re-booted again. But it's still the same.

I'd sure appreciate any tips on this issue.

Thanks in advance,
Danno

 

[Daave]

Hello,

I have the system restore turned on. The space I've allowed for
storage is 3% or 1075 MB.

But System Restore is only keeping one restore point. When it creates
another automatically, it deletes the previous restore point, so
basically, it's of no value right now. If I create a restore point
manually, the previous restore point is kept.... at least right now I
have two restore points from today, because I just created one. But
when SR creates a new restore point automatically, all previous SR
points will be deleted.

I've turned off System Restore, re-booted... then turned on System
Restore and re-booted again. But it's still the same.

I'd sure appreciate any tips on this issue.

How much free space is on your drive? Assuming it's at least 30%, how
about increasing your SR storage size to 10% to see what happens? BTW,
turning off System Restore will delete restore points!

 

[Danno]

Thanks for the input Dave. My hard drive has 25 gig available out of 40. I
knew that turning off SR would delete all but the last restore point, but
since I only had one restore point.... nothing to lose. I'll try it by
increasing the amount of space available once more, but I doubt that will
work because even when I'd allocated 12% space (default) rather than 3%
(which should be plenty), the same thing was happening.

Danno

 

[Gerry]

Danno

Your original disk space setting for System Restore was OK and unlikely
to be the cause of the problem. Turning off System Restore removes all
restore points. Using the System Restore option on the More Options tab
of Disk CleanUp removes all except the latest restore point.

What are your anti-virus and anti-spyware arrangements? Also what
firewall are you using? These can interfere with System Restore.

http://bertk.mvps.org/html/srauto.html

http://bertk.mvps.org/html/healthy.html


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Danno]

Thanks Gerry,

When I use Disk CleanUp, (which is seldom because I use CCleaner instead), I
don't click the option to "remove all but the last restore point".

I have ZoneAlarm as the anti-spyware and anti-virus software, as well as
ZoneAlarm's firewall.

I also have AVG installed, but I don't let it run while ZoneAlarm is active.
I only fire up AVG once in a while but I disable ZoneAlarm before I do that.

I also have Spybot and AdAware, but they don't run in the background as far
as I can tell. I only start them up once in a while as well.

I also have jv16powertools, but I only use that on its safest mode to clean
the registry once in a while.

Danno

 

[Gerry]

Danno

What version of Zone Alarm do you have? There were problems with version
6.5.

What drives do you have System Restore set to monitor? Do you have an
external or removable drive?

You cannot cCleaner to remove unwanted restore points. In other ways
cCleaner does a more thorough job than Disk CleanUp.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Danno]

Hey Gerry,

The version of ZoneAlarm is 7.0.743.000

SR only monitors my internal C: drive. I didn't know it could monitor any
other drive! I a new external DVD burner which is run by Nero. Is that
what you were asking?

I've only used cCleaner to clean up my disc because it seems pretty thorough
as you mentioned, but I never had any intentions of using it, nor any other
method... to delete restore points. I didn't mind a dozen or more restore
points in the past. It's just that now, when the computer is creating a new
restore point and deletes the previous one(s). As of this moment, there are
3 restore points because I created 2 new ones today. I wanted to test if
the system will delete those as well, when it sets a new restore point
(probably sometime in the wee hours of tonight).

Thanks again for your interest.

Danno

 

[Danno]

Dang... it did it again!

Yesterday there was one restore point which had been created automatically
by the system. That was the only restore point available. So I created two
new restore points throughout the day, to see if the SR would delete all but
the last restore point once again. Today, I updated a driver and at that
point in time, SR created a restore point, and when it did that.... it
deleted the last restore point which had been created automatically, and
deleted one of my two test restore points. The net result today is that
there are two restore points only.... one of my own points and an automatic
restore point created when I updated the driver.

I'd sure appreciate any other suggestions or input.

Thanks again...
Danno

 

[Unknown]

This happened to me once because a granddaughter downloaded and installed a
program after being told not to download anything.
My approach to this is to clean out the startup folder. (start--
run --msconfig---and remove all checks in start up.
Let the system load only Microsoft programs such as OE IE etc. Then add one
or two programs back till you find the offending program.
The offending program (in my case) was doing this to prevent uninstalling
it.
My granddaughter will never use my system again.

 

[Daave]

This happened to me once because a granddaughter downloaded and
installed a program after being told not to download anything.
My approach to this is to clean out the startup folder. (start--
run --msconfig---and remove all checks in start up.
Let the system load only Microsoft programs such as OE IE etc. Then
add one or two programs back till you find the offending program.
The offending program (in my case) was doing this to prevent
uninstalling it.

What was the name of the program?

 

[Gerry]

Danno

You should not be using a registry cleaner. I would dump jv16powertools.

ZoneAlarm 7.0.743.000 is the Freeware Firewall. What version is your
anti-spyware?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Danno]

ZoneAlarm version 7.0.743.000 may be the Freeware Firewall, but that's the
version I got when I paid good money for it (about 6 weeks ago). The entire
list of versions that came with ZA's suite are as follows:

ZoneAlarm Security Suite version:7.0.473.000
TrueVector version:7.0.473.000
Driver version:7.0.473.000
Anti-virus engine version:3
Anti-virus SDK version:5.0.1.85
Anti-virus signature DAT file version:951551049
Anti-spyware engine version:5.0.189.0
Anti-spyware signature DAT file version:01.200805.3945
AntiSpam version:5.0.6.8903

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way with
my dilemma.

p.s.: when you get time, get your butt over here to western Canada for a
visit

 

[Kayman]

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work satisfactory then
go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Vincent]

http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

Tripe written by an ex-Microsoft puppet who was in charge of security
when the Microsoft firewall was designed. Of course he wouldn't admit
that his brain child lacked useful features so in true Microsoft fashion
he insisted that he was right and that he knew what was best for the
customers, but that isn't new at Microsoft where it's corporate culture
to tell the customers to shut up because Microsoft knows what is best
for everybody. Of course, the chief of security in charge of designing
the firewall that lacked features wanted by the customers had to educate
the customers by telling them that they were dumb to ask for outbound
filtering and the way to prove his point was to embark on a mission to
discredit all firewalls except his beloved creation. To paraphrase one
MVP: "In its firewall Microsoft designed a shirt with no sleeves and
when the customers told Microsoft they wanted sleeves Microsoft embarked
on a mission to convince customers they didn't want or need sleeves."

Meanwhile, customers who knew that egress filtering was not necessarily
meant to strictly or only be a security measure against malware were
left a bit bemused by this new mantra at Microsoft. Customers who
understood the importance of data protection and who understood the
benefits of controlling which applications should be permitted to send
traffic outside the network were told not to concern themselves with the
security of their data, Microsoft had it all under control, there was no
need at all to know which applications were sending data outside the
network and there was even less need to stop any applications from
sending data outside the network. Of course this suited Microsoft the
most, without anyone knowing what was going on Microsoft could ensure
that they could have more of their brain children like WGA, Media
Player, DRM and what not spy on the customers and send data to outside
entities without anyone knowing what was going on, or at least without
anyone without egress detection knowing what was going on.

Although egress filtering should be applied at the perimeter of the
network by way of routers and firewall appliances, detection and
filtering applications at a software (personal) firewall can nonetheless
be a very useful tool and a very useful part of your network or computer
security. Those who know better and who know the place and importance
of egress detection and egress filtering take appropriate measures to
protect their data and their networks, the others, knowingly or not,
listen to and propagate tripe from Microsoft and its puppets. No
network administrator worth his salt would neglect the security risks
posed by egress traffic, SOHO and home computer users would be well
advised to do the same.

Egress Filtering FAQ
http://www.sans.org/reading_room/whitepapers/firewalls/1059.php

Firewall Best Practices - Egress Traffic Filtering
http://hhi.corecom.com/egresstrafficfiltering.htm

Vincent

 

[Danno]

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a
surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management, double-click Event
Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate the
event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of events
that happened with SR. None of the events actually showed up as "errors",
but none-the-less they described that SR was "suspending" and then
"resuming" due to lack of space allocated and then more space being
re-allocated. I was convinced that 3% or 1076MB would be plenty of space,
but apparently not. If I'm not mistaken though, even when I accidentally
had 12% allocated, SR was still only allowing one restore point.

So I've now allocated 10% of disc space or 3700MB to see what happens. That
is an outrageously huge amount of space to allow, but I have to do it for
now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way
with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work satisfactory then
go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only gives
the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Gerry]

Danno

How many restore points are you keeping? How large are individual
restore points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Danno]

Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At this
moment, there are 4 restore points from yesterday, and that's it. None of
those were created automatically by the system. As I mentioned, the event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc space
for SR to the maximum. As I mentioned before, I would have hoped that 3% or
1075 MB would have been plenty of space, but apparently not. Anyway, if the
problem is corrected, I'd think I've probably narrowed it down to those two
suspects. I'll consider the problem corrected if, two weeks from now, I can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason for
that? That would explain why 1075Mb isn't enough space to store very many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Bill in Co.]

Those two *extremely large* (600+MB) system restore points sound suspicious,
just as you said. Why not clear them all out (by temporarily turning off
System Restore), and then turn System Resore back on again (and create a
good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None of
those were created automatically by the system. As I mentioned, the event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Danno]

Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in two
things here:

First, what in hell would cause SR to store files that big?

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them using
SR itself). It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to do
it... it's just that I'm on a learning curve here. Those files are hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

But ultimately, I'd like to know what's in those files to make them so big.

Dan

Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Bill in Co.]

Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in two
things here:

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR (and
this I think is a long shot - it was that large because of some HUGE amount
of registry and file changes that were made since the previous restore
point, and it needed that amount of disk space (but I really doubt this
possibility). Well, those are the two possible explanations that come to
mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System Restore
remove them properly (like by the way I mentioned previously), and it will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to
do
it... it's just that I'm on a learning curve here. Those files are hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and probably
would present problems for using the existing restore points that are left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check the
date-time stamps of those two bogus system restore points, and then search
around on your hard drive for any suspicious file or folder activity around
those dates (like the date stamps on files or folders that had changed
somewhere around those dates), to see if something suspicious shows up.
Kind of a long shot, however.

Dan

Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Hi Gerry,

It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that 3%
or
1075 MB would have been plenty of space, but apparently not. Anyway, if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now, I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck