Jump to content

Unable to Turn On System Restore, WinXP


LennyB

Recommended Posts

OK, you guys helped me with a Virus problem, maybe you can help with this one also!

When I select System Restore in System Properties, and deselect the option to "Turn Off System Restore on all drives", then select Apply, I get a popup window titled "System Restore", with the message: "System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

Restarting doesn't help.

Link to post
Share on other sites

Please go to start and click on Run and type services.msc once the services management console comes up look for a service called System Restore Service, and make sure it is set to Automatic under startup type and that it's status says Started. If it does not, right click it and click properties and use the drop down to select Automatic startup type and click the button that says start. If this doesn't help, let me know and I'll see what we can figure out.

Link to post
Share on other sites

It was not started, and was on Automatic.

When I selected Start, I got a popup error with: "The System Restore Service on local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service."

Link to post
Share on other sites

Alright, let's try this then, please copy the following text into notepad and save the file as restorefix.bat. When saving it, be sure to use the drop down that says Save as type, and select All files. Once it's saved double click it, it should reenable the system restore service.

@echo off

setlocal

set key=HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore

set disableconfig=DisableConfig

set disablesr=DisableSR

:Enable

swreg add %key% /v %disableconfig% /t REG_DWORD /d 0 > NUL

swreg add %key% /v %disablesr% /t REG_DWORD /d 0 > NUL

:eof

Link to post
Share on other sites

Ran the bat file, nothing changed.

Rebooted, still no change.

When I selected Start, I got the popup error with: "The System Restore Service on local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service."

Link to post
Share on other sites

OK, time to go a little deeper. Try this one, do the same as the last fix except save it as a .reg file instead of .bat. Reboot when you're done and see if it worked. If not, let me know and I'll continue to help you figure it out.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig"=dword:00000000

"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]

"Type"=dword:00000002

"Start"=dword:00000000

"ErrorControl"=dword:00000001

"Tag"=dword:00000004

"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\

00,00,00

"DisplayName"="System Restore Filter Driver"

"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]

"FirstRun"=dword:00000000

"DontBackup"=dword:00000000

"MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\

00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]

"0"="Root\\LEGACY_SR\\0000"

"Count"=dword:00000001

"NextInstance"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig"=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]

Link to post
Share on other sites

That seemed to work!

When I did a start, Run, services.msc, it was still not started, when I selected Start I got the same error message as before.

Then I tried System Restore from Start-All Programs-Accesories-System Tools-System Restore, I was able to Start it OK! It all seems to be working, I will try creating a Restore Point and later Restoring to it to confirm.

Thanks, you guys are batting a thousand!

Link to post
Share on other sites

  • 2 weeks later...
Excellent, I'm glad to be of service. Good luck and safe surfing.

I have a similar problem. However, when I try to start the System Restore service I get an error 5: access denied message. I've tried the two fixes that sorted out LennyB's problem, but they haven't worked. Can you help?

Best wishes

tholland

Link to post
Share on other sites

Greetings and welcome. I'll do my best to help you out, please download dial-a-fix from here: http://djlizard.net.nyud.net:8080/software...-v0.60.0.24.zip Please save it to your desktop and unzip it to a folder there. Run Dial-a-fix.exe and click on the Policies button on the bottom. When the window pops up showing restrictive policies, please click on the Remove button on the bottom left. If any restrictive policies were present and fixed, please reboot your computer and try running system restore again. Please let me know if that fixed it.

Link to post
Share on other sites

Thanks exile360 for your time and trouble. I've run the download, which has produced the message @out of 142 detected policies (1704 queries), no restrictive policies were found"; when I unchecked the hide disabled policies box I got a list of six.

The only change I have made to my system is to set up a new log-in account.

Best wishes

tholland

Link to post
Share on other sites

Alright, go to start and click on Run, now in the run box type this exactly as written (you can copy and paste it if you like):

rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf

then press enter, this will reinstall system restore. When it finishes please make note of any error messages if there are any and then reboot and try to turn system restore on once more. Please let me know how it goes.

Link to post
Share on other sites

Alright, go to start and click on Run, now in the run box type this exactly as written (you can copy and paste it if you like):

rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf

then press enter, this will reinstall system restore. When it finishes please make note of any error messages if there are any and then reboot and try to turn system restore on once more. Please let me know how it goes.

Thanks again Exile360. I have copied, pasted and run this line. When I did so igot the mesage "The file 'sr.sys' on WINDOWS XP Home Edition Service Pack 3 CD is needed. Type the path where the file is located and then click ok" The automatic system was looking in folder C:\WINDOWS\Inf\i386. This file copy didn't work when I clicked OK with that path. I found the i386 folder in my WINDOWS directory and used that instead. I then got a number of processing messages, each of which wa salong the lines of "Source C:\WINDOWS\i386\sr.sy_ Target C:\WINDOWS\System32\drivers\sr.sys The target file exists and is newer than the source. Overwrite newer file? I got similar messages with srclient.dl_, srsvc.dl_, srrstr.dl_ and rstrui.ex_. In each case I elected not to overwrite the target because I didn't know what might happen. When I rebooted the system I checked the services monitor and discovered that system restore has now started. However, I cannot access it. When I click on ...system tools\system restore nothing happens.

I got a couple of error messages when I rebooted: "rundll32.exe - this application failed to start because framedyn.dll was not found. Reinstalling the application may fix this problem." and "error loading srclient.dll; the specified module could not be found."

Any further help would be much appreciated.

Best wishes

tholland

Link to post
Share on other sites

Yeah, the command I gave you was to reinstall the System Restore service. It sounds like you may have some system files that got corrupted. Please open a command window by going to Start and clicking on Run, type cmd and press enter.

This will bring up a dos window, then please type the following in the dos window:

sfc /scannow

then press enter. Let me know how it goes.

Link to post
Share on other sites

Yeah, the command I gave you was to reinstall the System Restore service. It sounds like you may have some system files that got corrupted. Please open a command window by going to Start and clicking on Run, type cmd and press enter.

This will bring up a dos window, then please type the following in the dos window:

sfc /scannow

then press enter. Let me know how it goes.

I think we have a problem, Exile360!

I ran the scan and got this Windows File Protection message: "Files that are required for windows to run properly must be copied to the DLL cache.

Insert your Windows XP Home Edition CD ROM now"

Sadly, I do not have a WIndows XP Home Edition CD ROM; my machine came pre-installed.

Is there anything else that can be done?

Best wishes

tholland

Link to post
Share on other sites

No worries, we're not out of options yet. Look at your C drive and see if there is a folder there called i386, if so then please have a look at this how-to article on getting SFC to look in the right place instead of looking for your cd: http://www.malwarebytes.org/forums/index.php?showtopic=4571

I've read the article and with its help have succeeded in getting scannow to run OK. But (!), I still get the rundll.exe and srclient error messages after the desktop screen has come up. I think something must have changed either when I ran the dial-a-fix program or after reinstalling system restore (rundll.exe worked ok then) ; any ideas?

Best wishes

tholland

PS The good news is; system restore now works - thanks for that.

Link to post
Share on other sites

Hello again tholland. I'm glad System Restore is working for you again. I believe your other issues may be related to the wbem folder. Please have a look at this article from Microsoft: http://support.microsoft.com/?kbid=319114 Post back here and let me know how it goes, thanks.

:) Thanks again, exile360, the rundll.exe error seems to have gone away! I greatly appreciate your patient support.

Best wishes

tholland

Link to post
Share on other sites

  • 4 weeks later...

Hi there ,

When I click on System Restore , it gives me an error message of "This application has failed to start because framedyn.dll was not found. Re-installing the application may fix this problem."

If anyone can give me any suggestions , they will be much appreciated.

Thanks.

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

It may have been disabled by Malware. Please follow the instructions here first and see if it's able to help. If you still need assistance then please post a new log in HJT or update the status on this post.

Please read and follow the instructions provided here: I'm infected - What do I do now?

Someone will be happy to assist you further with cleaning your system if required

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

  • 1 year later...

Had bad virus attack today from RogueAntivirus EX today. Wiped out my anitvirus and disabled several programs including Malware. I lost my system restore as well and tried everything you said and it doesn't work. I also cannot find notepad. That is one issue. I cannot reinstall Malware, it keeps trying to do a search to find it. I was able to install antivirus and other protections from my cable company but want to add malware as well. One thing at a time. What other options are there for me to install system restore through NotePad.? How do I locate this in order to verify if it will work for me or not. After that, I need to find out how to fix my other virus attack related issues. Thanks

Link to post
Share on other sites

  • Root Admin

We do not work on Malware removal here in this forum. Please follow the directions below and someone will assist you with full removal and cleanup.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.