 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Performance and Maintainance / February 2007System Restore: All Restore Points gone and no new ones made
For the past few days, I've been struggling with the installation (replacement) of a TV Tuner card in my PC. Actually installation was a breeze, but getting all programs to work with it wasn't that easy. I installed/reinstalled Orb, AC3Filter, IRXpress (IrDA driver) en a few other applications. Today I uninstalled everything related to the IrDA driver but that somehow left a background program that can't be uninstalled. So I decided to restore from a Restore Point. I actually do that a lot since System Checkpoints are made automatically daily and I'm always able to go back days, weeks and sometimes months. But when I started System Restore, I saw there were no restore points prior to two days ago. There were three on the day before yesterday (one "System Checkpoint", the others were made by apps I installed), two yesterday (one "System Checkpoint" and one I made myself) and none for today. My computer has been ON and idle most of the day and it has been setup to make a Restore Point every 24 hours. And even though it has been more than 24 hours after the last Restore Point, it didn't create a new one. I still hasn't. The only thing I did yesterday was delete all files from the C:\Documents and Settings\<MyUserName>\Local Settings\Temp folder, and I started in Safe Mode a few days ago (can't remember exactly when). And of course, I've been installing/reinstalling all kinds of apps and drivers. Here's a checklist: - Both Task Scheduler and the System Restore services are enabled and running. - System Restore has been set up to monitor C: (43Gb free) and F: (4Gb free). - Most of the time my PC idles at 2%-3% CPU usage. - There are NO errors or warnings pertaining "sr" or "srservice" in the System Event Viewer. - My system date is correct - I did not run a Disk Cleanup - Disk space usage on both drives have been set to 12% - I don't have Zone Alarm running, nor any Norton apps Ok, I really have no idea if no Restore Points have been made in the past 3 months (I can't really remember when the last time was I did a System Restore, but I'm pretty sure it was less than 3 months ago) or if all Restore Points were deleted. But in any case, what could have caused this? (PS: I have read http://bertk.mvps.org/index.html) Thanks, Hi, Well it certainly looks like you have done your homework! Lets generate a system restore Cab file using the following procedure: 1. Click Start, click Run. 2. Type or paste the following: "%windir%\system32\restore\srdiag.exe" (without the quotation marks) and either press Enter or click OK. 3. A CMD window will open while the Srdiag.exe runs. The CMD session will automatically close when complete, and the .CAB file will be created as desired in your 'Windows\system32\restore' directory. Please be patient as this could take several minutes. These are the files to look for. The SP-RP.log will show all restore point and when they were created which should tell you if restore points were created in the last several months. Sr-reg.txt: Contains the System Restore registry settings Rstrlog.txt: Contains the restore log file for the last completed restore Drivetable.txt: Contains the status of each drive Fifo.log: Contains the FIFO (first in – first out) restore points if there are any Rp.log or SP-RP.log: Contains the list of restore points. Name/type/time. SR-chglog.log: Contains the change log of file operations on each drive for all restore points SR-filelist.log: contains a list of all the files that were collected by Srdiag Regards, Bert Kinney MS-MVP Shell/User http://bertk.mvps.org Member: http://dts-l.org > For the past few days, I've been struggling with the installation > (replacement) of a TV Tuner card in my PC. Actually installation was a [quoted text clipped - 44 lines] > > Thanks, Hi Bert, Thank you for your answer! > Sr-reg.txt: Contains the System Restore registry settings My (untrained) eye didn't see anything out of the ordinary. Automatic System Restore is enabled and its interval is set to 24 hours. Maybe there's something in there that explains why it isn't making any System Checkpoints anymore (it hasn't created one in over 48 hours now) so if you think it's necessary, I can post the contents here (with some things snipped of which I suspect I shouldn't post on the internet). > Rstrlog.txt: Contains the restore log file for the last completed restore Nothing strange there. > Drivetable.txt: Contains the status of each drive Looks normal. > Fifo.log: Contains the FIFO (first in – first out) restore points if > there are any Wow. That explains where all my restore points before Feb 22 went. Apparantly *something* deleted *all* restore points on both drives. Here's how the fifo.log file looks (summarized): 02/21/07-23:43:15 : Fifoed RP101 on drive C:\ 02/21/07-23:43:16 : Fifoed RP102 on drive C:\ 02/21/07-23:43:16 : Fifoed RP103 on drive C:\ . . . 02/21/07-23:43:49 : Fifoed RP188 on drive C:\ 02/21/07-23:43:50 : Fifoed RP189 on drive C:\ 02/21/07-23:43:50 : Fifoed RP190 on drive C:\ 02/21/07-23:43:50 : Fifoed RP101 on drive F:\ 02/21/07-23:43:50 : Fifoed RP102 on drive F:\ 02/21/07-23:43:50 : Fifoed RP103 on drive F:\ . . . 02/21/07-23:43:52 : Fifoed RP187 on drive F:\ 02/21/07-23:43:52 : Fifoed RP188 on drive F:\ 02/21/07-23:43:52 : Fifoed RP190 on drive F:\ In less than 40 seconds, 173 restore points where deleted. I have no clue who or what did that (or why for that matter). > Rp.log or SP-RP.log: Contains the list of restore points. Name/type/time. They just show the 10 or so that are available. Nothing ordinary. > SR-chglog.log: Contains the change log of file operations on each drive > for all restore points That just shows operations for RP191 and up. > SR-filelist.log: contains a list of all the files that were collected by > Srdiag Don't see anything strange there. Then again, I wouldn't know how "anything strange" would look like in this file. :) Anyway, Apparently something deleted all my restore points. Is there any way I can find out what it was? Also, what should I look for in troubleshooting why no automatic restore points are being made? Thanks again, > Regards, > Bert Kinney MS-MVP Shell/User [quoted text clipped - 50 lines] >> >> Thanks, Normally the SR and SRService event logs give a hint on why the restore points were deleted. You may want to look all the event logs created at the time the 173 RP were deleted for a clue. I would suggest setting System Restore to only monitor the partition Windows is installed on. You have most likely seen these pages, but they focus on the problem at hand. Troubleshooting steps to take when System Restore fails to create an automatic restore point: http://bertk.mvps.org/html/srauto.html Troubleshooting missing restore points: http://bertk.mvps.org/html/missingrps.html Regards, Bert Kinney MS-MVP Shell/User http://bertk.mvps.org Member: http://dts-l.org > Hi Bert, > [quoted text clipped - 121 lines] >>> >>> Thanks, > Normally the SR and SRService event logs give a hint on why the restore > points were deleted. You may want to look all the event logs created at > the time the 173 RP were deleted for a clue. I had already checked the Event Viewer and all its logs and thought it was very suspicious there were *no* events for that particular date and time. The restore points were deleted at 02/21/07-23:43. Here are the lines from my log files around that time: Application: Information 21-2-2007 23:30:39 btwdins None 0 Error 22-2-2007 3:29:31 None 0 Security: Empty System: Warning 21-2-2007 22:57:56 disk None 51 Information 22-2-2007 3:30:51 eventlog None 6006 Internet Explorer: Empty WinCE Log: Information 21-2-2007 23:30:39 btwdins None 0 Error 22-2-2007 3:29:31 None 0 What becomes apparent is that there are *no* log entries between 23:30 and 3:30. Of course, gaps in the logs files are not uncommon - if there's nothing to log, then there's nothing to log. But it's at least very strange that the SR service is deleting restore points without a mention in the log files as to why... > I would suggest setting System Restore to only monitor the partition > Windows is installed on. Good advice and I have stopped monitoring the second drive. > You have most likely seen these pages, but they focus on the problem at > hand. [quoted text clipped - 4 lines] > Troubleshooting missing restore points: > http://bertk.mvps.org/html/missingrps.html Yes, I had read those pages already and they didn't provide a clue why the restore points have been deleted or why it fails to create new ones. As for the latter, I was wondering what Windows considers "idle" state. My CPU "idles" at 4%-5%. But that's something that hasn't changed recently. It's always been like that. Thanks, > Regards, > Bert Kinney MS-MVP Shell/User > http://bertk.mvps.org > Member: http://dts-l.org Well it may be time to perform a clean boot to troubleshoot further. How to perform a clean boot in Windows XP http://support.microsoft.com/kb/310353 How to perform advanced clean-boot troubleshooting in Windows XP http://support.microsoft.com/kb/316434 How to troubleshoot by using the System Configuration utility in Windows XP http://support.microsoft.com/kb/310560 Regards, Bert Kinney MS-MVP Shell/User http://bertk.mvps.org Member: http://dts-l.org >> Normally the SR and SRService event logs give a hint on why the >> restore points were deleted. You may want to look all the event logs [quoted text clipped - 57 lines] >> http://bertk.mvps.org >> Member: http://dts-l.org |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.