Re: System Restore folder using enormous amount of memory

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

OK, I was under the impression that a manual Restore Point would
also create your .Sys file. If it only occurs at Power states then Filemon
won't be a great help. At this point I would probably run all of the
on-line tools below:

(Turn Off System Restore, while running these in the following order)
http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan%2f&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest
http://www.webroot.com/services/spyaudit_03.htm
http://www.trendmicro.com/spyware-scan/

"Wilf" <wilf.wilf@xxxxxxxxxxxxxxx> wrote in message
news:dnhom0$ljf$3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> R. McCarty said ...
>> FileMon will show the ownership process that creates or accesses
>> a file. The intent was to see if SR was adding the .Sys module or a
>> another "Rogue" process was doing it. In other words, Filemon will
>> create a running log - by doing a manual Restore Point you can go
>> back through the Filemon log and locate the creation of this 800
>> megabyte file and the process that created it. Use the Right edge
>> Scroll bar to review the log file.
>>
> understood ... but ... the changes seem to happen either on closedown or
> on startup at which time filemon won't be running. Unless you can tell
> me how I can have filemon running at those times - I can obviously keep
> filemon running as I close down but of course it will get stiopped at
> some point and its log gets lost if I haven't savwed it (v large log to
> say the least!!).
> --
> Wilf


.

Relevant Pages

  • Re: System Restore folder using enormous amount of memory
    ... FileMon will show the ownership process that creates or accesses ... The intent was to see if SR was adding the .Sys module or a ... back through the Filemon log and locate the creation of this 800 ... >> monitor it for a while and create a manual Restore Point. ...
    (microsoft.public.windowsxp.general)
  • Re: System Restore folder using enormous amount of memory
    ... The intent was to see if SR was adding the .Sys module or a ... In other words, Filemon will ... on startup at which time filemon won't be running. ... me how I can have filemon running at those times - I can obviously keep ...
    (microsoft.public.windowsxp.general)