Sys Restore keeps restore upon boot



pminer1844
07-10-2005, 12:28 AM
System retore always gives me the "System Restored to <date>" on every boot up.

I thought it might be caused by my ZeroSpyWare, but I have uninstalled it
competely, and it still keeps happening.

I also disabled sys Restore and re-enabled it and that was no help.

I dumped my sys restore reg keys below.

Any help s appreciated:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
@=""


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:0000000


--
Thanks,

Paul Miner
Irving, TX

Doug Knox MS-MVP
07-10-2005, 12:28 AM
Hi Paul,

My system does not have these two values:

"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

Since you've exported the key, you might try deleting these values and rebooting. You can always reimport the REG file you saved.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"pminer1844" <riverwind@earthling.net> wrote in message news:6CB8D62F-396D-417A-8D95-39A0B0388EDA@microsoft.com...
> System retore always gives me the "System Restored to <date>" on every boot up.
>
> I thought it might be caused by my ZeroSpyWare, but I have uninstalled it
> competely, and it still keeps happening.
>
> I also disabled sys Restore and re-enabled it and that was no help.
>
> I dumped my sys restore reg keys below.
>
> Any help s appreciated:
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore]
> "DisableSR"=dword:00000000
> "CreateFirstRunRp"=dword:00000001
> "DSMin"=dword:000000c8
> "DSMax"=dword:00000190
> "RPSessionInterval"=dword:00000000
> "RPGlobalInterval"=dword:00015180
> "RPLifeInterval"=dword:0076a700
> "CompressionBurst"=dword:0000003c
> "TimerInterval"=dword:00000078
> "DiskPercent"=dword:0000000c
> "ThawInterval"=dword:00000384
> "RestoreDiskSpaceError"=dword:00000000
> "RestoreStatus"=dword:00000001
> "RestoreSafeModeStatus"=dword:00000000
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore\Cfg]
> "DiskPercent"=dword:0000000c
> "MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
> @=""
>
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
> "Type"=dword:00000002
> "Start"=dword:00000000
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
> 00,00,00
> "DisplayName"="System Restore Filter Driver"
> "Group"="FSFilter System Recovery"
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
> "FirstRun"=dword:00000000
> "DontBackup"=dword:00000000
> "MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
> "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
> 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
> "0"="Root\\LEGACY_SR\\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:0000000
>
>
> --
> Thanks,
>
> Paul Miner
> Irving, TX

Bert Kinney
07-10-2005, 12:29 AM
Hi,

I'm curious to see what's starting up. Run Doug's Startup Tracker,
click on View Log and attach it here so we can take a look.

Windows XP Startup Programs Tracker
http://www.dougknox.com/xp/utils/xp_starttrack.htm

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/

pminer1844 wrote:
> System retore always gives me the "System Restored to
> <date>" on every boot up.
>
> I thought it might be caused by my ZeroSpyWare, but I
> have uninstalled it competely, and it still keeps
> happening.
>
> I also disabled sys Restore and re-enabled it and that
> was no help.
>
> I dumped my sys restore reg keys below.
>
> Any help s appreciated:
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore]
> "DisableSR"=dword:00000000
> "CreateFirstRunRp"=dword:00000001
> "DSMin"=dword:000000c8
> "DSMax"=dword:00000190
> "RPSessionInterval"=dword:00000000
> "RPGlobalInterval"=dword:00015180
> "RPLifeInterval"=dword:0076a700
> "CompressionBurst"=dword:0000003c
> "TimerInterval"=dword:00000078
> "DiskPercent"=dword:0000000c
> "ThawInterval"=dword:00000384
> "RestoreDiskSpaceError"=dword:00000000
> "RestoreStatus"=dword:00000001
> "RestoreSafeModeStatus"=dword:00000000
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore\Cfg]
> "DiskPercent"=dword:0000000c
> "MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
> @=""
>
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
> "Type"=dword:00000002
> "Start"=dword:00000000
> "ErrorControl"=dword:00000001
> "Tag"=dword:00000004
> "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
>
> 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
> 00,00,00
> "DisplayName"="System Restore Filter Driver"
> "Group"="FSFilter System Recovery"
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
> "FirstRun"=dword:00000000
> "DontBackup"=dword:00000000
> "MachineGuid"="{EEF84697-6736-4397-BC02-2C9522B52F41}"
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
> "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
>
> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
>
> 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
>
> 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>
> 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
>
> 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
> 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
> "0"="Root\\LEGACY_SR\\0000"
> "Count"=dword:00000001
> "NextInstance"=dword:0000000


Sys Restore keeps restore upon boot