Zdenek,

Great!  All that remains is to remove the file LASTSCAN.INI from the scope
of Win Me's state manager.  The instructions that follow on how to do this
might seem long but should solve the problem and once done it will be much
easier to then remove any other files or folders from the scope.  I am
ASSuming in what follows that you know how to work from DOS, if not please
post back any specific queries you might have and I will try and help.

a) System Restore monitors and will thus restore (and remove if newer)
files with some 550 odd different extensions however it totally ignores
changes to the contents of certain folders including My Documents (and any
sub folders), and the Temporary and Temporary Internet Files objects
wherever located or however named and certain specified files such as
McAfee's aviconsol.ini.

Have a look at the file FileList.xml in the windows\system\restore folder
with Notepad and you will see the list of monitored file extensions in the
section <EXTENSIONS> <Include> and the list of ignored files and folders
in the sections <FILES> <Exclude> and <DIRECTORIES> <Exclude>

b) We therefore need to exclude the file
C:\Program files\Trend Micro\Internet Security\LASTSCAN.INI
from the state manager's scope.

c)  Two points to note before we move on.  1) FileList.xml is protected
from amendment by Win Me's System File Protection, and, b) Win Me's state
manager doesn't actually use FileList.xml but rather the file vxdmon.dat
and vxdmon.cfg which are located in the _RESTORE folder on the drive
containing the windows folder.

d) The trick here is that FileList.xml contains a reference to itself in
the SFP section and thus cannot be replaced whilst Win Me is running
without Win Me's System File Protection immediately restoring the
original.  So make a copy of FileList.xml in your Windows\system\restore
folder and name it FileList.new.  Now, using Notepad (or your preferred
plain text/hex editor), open FileList.new and a) delete the reference to
itself (Line: 829), and b) add the line
<REC>%ProgramFiles%\Trend Micro\Internet Security\LASTSCAN.INI </REC>
immediately after the line
<REC>%ProgramFiles%\MCAFEE\AVCONSOL.INI</REC>

Now disable System Restore using the GUI (System | Performance | File
System | Troubleshooting and check "Disable System Restore") and
immediately reboot the system but instead of rebooting back into Win Me
boot to DOS from a floppy.  Browse to the Windows\System\Restore folder
and rename FileList.xml to FileList.old and FileList.new to FileList.xml.
Remove the floppy and reboot back into Win Me, re-enable System Restore
and again immediately reboot.  The SFP & SR control file vxdmon.dat will
now be rebuilt using the modified FileList.xml and the file C:\Program
files\Trend Micro\Internet Security\LASTSCAN.INI removed from the state
manager's scope.

e) Note that now you have removed the reference to itself in FileList.xml
this means that in future this file can be edited as required without SFP
butting in and rearing its ugly head <g>.  Therefore changes to
FileList.xml can now be implemented by simply resetting SR so as to
incorporate the changes into a newly built vxdmon.dat without the need to
rename files from DOS.  Also, if you get the syntax wrong in FileList.xml,
statemgr.exe (or is it stmgr.exe - I forget which) will balk when building
vxdmon.dat on booting the system and quit and sulk until you correct the
error in FileList.xml.

In conclusion if you feel the need for further help feel free to contact
me on mikem@mvps.org (rather than the address that follows my sig.).

Best of luck and I hope that enough of what I have written makes sense.