Re: Need help using system restore points

"Paul Randall" wrote

Replies inline

"Rock" wrote

"Paul Randall" wrote
Hi
I'm trying to make some changes to my sister's one-year old computer (preinstalled WXP SP2) and things have just gone from bad to worse.
1. I installed McAfee Internet Security Suite 2007 to replace the trial version of McAfee software that came preinstalled.
2. I uninstalled Microsoft Office 2003 trial version that came preinstalled and installed selected parts of Office 2000 that she wanted.
3. I installed a USB slide/filmstrip scanner which conflicts with the existing USB flatbed scanner resulting in both not working.
4. I installed a firewire PCI card, and replaced a DVD-RW that failed yesterday.

The system has slowed to a crawl - doing a shutdown/restart now takes a full 10 minutes.

I have lots of restore points to choose from:
May 1 - System Checkpoint
May 2 - System Checkpoint
May 3 - System Checkpoint
May 4 - System Checkpoint
May 6 - Software Distribution Service 2.0 (Is this what shows up for Windows Automatic Updates?)
May 10 - System Checkpoint (This may be the last restore point prior to installing McAfee, since it was purchased May 10)
May 11 - two instances of Software Distribution Service 2.0
May 12 - Software Distribution Service 2.0
May 13 - Six entries mostly associated with replacing Office 2003 trial with Office 2000 stuff, and installing the slide/filmstrip scanner.

Questions:
1) What is a good strategy for deciding which checkpoint to try first?
2) If I don't try the oldest checkpoint (May 1) first, is it likely to be deleted by the system as I try other checkpoints?
3) Is it a good idea to just start at the most recent and work backward until the system works better?
4) If I choose the May 4 restore point and like it, can I delete all the May 13 checkpoints as a way to regain free disk space so that my May 1 to May 4 restore points will be retained longer?
5) Is there some way to mark a known good restore point so it will be retained essentially forever?

Does anyone have any URLs to share on choosing and using restore points?

Paul, it's best to first uninstall any software and hardware (including removing drivers) that was added after the restore point you intend to go back to before doing the system restore. Otherwise that could lead to more inconsistencies. System restore does not monitor all files from a particular software installation, just certain monitored file types. Only using system restore without first uninstalling the software will remove the monitored files, but not the others.

I always thought Microsoft's help & support was leaving a lot out in the use of restore points. Perhaps leaving all those files that restore doesn't know about doesn't cause any harm but they sure do waste space.

In a lot of cases it doesn't (other than clutter), but then again it can impact a reinstall of the software. That's way when trying to undo the effects of a software install it's always better to uninstall it using Add/Remove programs or the uninstall routine provided by the software, and then do the System Restore. Don't just do the system restore.

For undoing driver updates use the driver rollback feature in device manager.

I have not manually done any driver updates - only installs. So hopefully just removing the hardware in device manager and then shutting down and removing the hardware should be all I need to do. I assume that the installation process put the actual driver files in some Windows subfolder where they will be dormant until I try to install the hardware again.

Yep that's how you do it.

If you have nothing else to go on, I suggest you start with the most recent changes and work your way back.

Note: restore points that relate to software distribution service are automatic restore points created by windows update prior to installing an update (or group of updates if more than one is done at a given session). It's best to first remove what updates you can through Add/Remove programs before using that particular restore point.

I'm not finding any clues as to what the automatic updates did. Where do you find that info? If I select a restore point listed as 9:41:02 am Software Distribution Service 2.0 and click Next, is it going to do the restore or will it list the things it will be restoring and give me a chance to remove the updates first? How can I do things in the proper order if Microsoft gives me no clues as to where I will have a chance to do my part, or figure out what my part is???

If the system can get to windows update, do a custom install, then click on the update history link in the left pane. That will tell you what updates were installed when. Note the KB article numbers for each. Correlate that with the dates of the System Restore points.

Once you know what's what first go to Add/Remove programs and uninstall the updates that were installed prior to each particular restore point, then do a system restore to that particular restore point.

Another place to look for udpate info is the compressed, hidden folders (shown in blue font) under C:\Windows that have the form $NtUninstallKBxxxxxx$. These are the uninstall folders for the updates with that KB #. Note the date/time the folders were created. This will help you to distinguish between restore points on the same day.

Personally I would not use McAfee or Norton for security products. They are resource heavy and can be problematic, either sooner or later. There are good alternatives that are much less resource heavy, and in some cases free. For AV there is Avast (my preference) and AVG, both free, or NOD32 and Kaspersky for paid versions.

I've tried AVG, but wan't happy with it. When it detected a problem, it wouldn't attempt to fix it until I paid for the software. Not exactly what I would call free. I appreciate your suggestions and will try them.

Not sure I understand this. I've not experienced AVG free asking for money to fix things. I know some other software does, such as certain registry cleaners. They give you the teaser promo.

On the free side I prefer Avast, it works for me, but I have an installation with AVG as well. Some folks swear by AVG, others claim it doesn't catch as much. It's what you are happy with. I think most all knowledgeable folks agree on NOD32 and Kaspersky. Kaspersky on the XP platform is rated as the top AV. No program protects you against zero day exploits.

For firewalls there is Sunbelt Software's Kerio Personal firewall (free and paid versions), and Comodo personal firewall.

For Anti-Spyware there is Windows Defender, Ad-Aware SE (new version coming soon), SpyBot S&D, and SpywareBlaster - all free. Another good program, I have heard but not tried, is AVG anti-spyware (formerly Ewido).

Note: when building a system, make one change at a time and test. Fix any problems that are found before adding more changes to the mix. I like to use a drive imaging program to image the system to an external hard drive. Image before making a significant change, make the change, test, if all is well, image, make the next change etc. In the long run it save you much headache.

I currently use Acronis True Image Home version 10 for this. You can put together a 320 GB external drive set up using a bare drive and an external drive enclosure for under $100 at places like Newegg.com. This is an excellent backup/recovery solution for the long term. Regularly image the system and keep several iterations of images. Restores can be done on a file, partition or drive basis. The initial image must be a full image, but subsequent images can be differential or incremental, saving much time and space. For example on one particular system, the full, compressed image including the system and all data drives consumes about 62GB and takes about 3 1/2 hours to do including a full verification. An incremental image after that, done on a daily basis takes less than 10 minute (without verification). The size depends on how many changes were made that day. Anywhere from 1/2 GB to 5 GB. When building a system, the size of the image will be much less, you aren't imaging data. Taking an hour or less to do the first full image, then 5 minutes or so to make an incremental image in between making changes is time well spent.

This is definitely the way to go. I do that with my new systems, like ghost an image of the hard drive before the system's first boot. I've reinstalled my Vista system at least 10 times so I could try things on a 'new out of the box' system. I didn't bring the hardware to do all that with my sister's system :-(

Oh too bad. It's so nice to have that.

No, you cannot delete selective restore points or save one forever. All restore points are chained together. If the chain is broken it won't work.

The maximum time for retention of restore points is 90 days but it is not functionally useful restoring back more than a week or two at the most. Too many restore points increases the chances of corruption in one of them which renders all of them useless. There are 3 ways to control restore points:

1. Turn off system restore. Then turn it back on. This will remove all restore points.
2. Use disk clean up. This will remove all but the latest restore point
3. Limit the size allocated to system restore. By default that's 12% of the drive. That's way too much on today's large drives. Cut it back to around 1GB or less so you keep at most two weeks of restore points.

Note: System restore is not a backup. It backs up the registry, system files and certain monitored files for apps, but it doesn't backup everything and does nothing for user data. It does not replace, and it is essential that one sets up and regularly uses a backup means. As I said before drive imaging to an external drive I an excellent solution to this.

System restore is useful but it is best used to undo a single change shortly after that change was made.

See MVP Bert Kinney's System Restore page for wealth of info on it, how to keep it healthy, and how to troubleshoot.
http://bertk.mvps.org/index.html

Note the server for this page seems to be down at the moment.

Thanks for the thorough answer.

You're welcome, good luck.

--
Rock [MS-MVP User/Shell]

.

Relevant Pages

  • Re: SP2 Very Very bad for me
    ... corruption, I can restore my complete system as it was on the last image, ... Hard drives ... I did do the following just prior to installing XP: ...
    (microsoft.public.windowsxp.general)
  • Re: Disaster Restore SBS2003
    ... I am trying to restore Small Business Server 2003 that had all the latest ... I tried installing from the ... updates, not application updates or service packs. ...
    (microsoft.public.windows.server.sbs)
  • Lost CD-ROM drive functionality . . !
    ... I found that installing the 837272 hotfix would affect ... >I've had to revert to using the RESTORE function sevral ... >drives back and running properly. ... >Windows cannot load the device driver for this hardware. ...
    (microsoft.public.windowsxp.hardware)
  • Re: restore?
    ... > We had to restore about a fortnight ago. ... > drives but *not* Information Store ... >> I've never had to restore since installing service pack 1 however I ... >> not the sp1 cd) and then use backup from there (previously i was making ...
    (microsoft.public.windows.server.sbs)
  • Re: Latest Summary of Information: Problem Still Not Solved
    ... The DVD and CD writer drives ... updates for Norton through Live Update though. ... I do have system restore on and there is one restore point loaded. ... > retail version to upgrade an OEM installation unless you buy the full ...
    (microsoft.public.windowsxp.help_and_support)
Loading