Need help using system restore points

[Paul Randall]

Hi
I'm trying to make some changes to my sister's one-year old computer
(preinstalled WXP SP2) and things have just gone from bad to worse.
1. I installed McAfee Internet Security Suite 2007 to replace the trial
version of McAfee software that came preinstalled.
2. I uninstalled Microsoft Office 2003 trial version that came preinstalled
and installed selected parts of Office 2000 that she wanted.
3. I installed a USB slide/filmstrip scanner which conflicts with the
existing USB flatbed scanner resulting in both not working.
4. I installed a firewire PCI card, and replaced a DVD-RW that failed
yesterday.

The system has slowed to a crawl - doing a shutdown/restart now takes a full
10 minutes.

I have lots of restore points to choose from:
May 1 - System Checkpoint
May 2 - System Checkpoint
May 3 - System Checkpoint
May 4 - System Checkpoint
May 6 - Software Distribution Service 2.0 (Is this what shows up for Windows
Automatic Updates?)
May 10 - System Checkpoint (This may be the last restore point prior to
installing McAfee, since it was purchased May 10)
May 11 - two instances of Software Distribution Service 2.0
May 12 - Software Distribution Service 2.0
May 13 - Six entries mostly associated with replacing Office 2003 trial with
Office 2000 stuff, and installing the slide/filmstrip scanner.

Questions:
1) What is a good strategy for deciding which checkpoint to try first?
2) If I don't try the oldest checkpoint (May 1) first, is it likely to be
deleted by the system as I try other checkpoints?
3) Is it a good idea to just start at the most recent and work backward
until the system works better?
4) If I choose the May 4 restore point and like it, can I delete all the May
13 checkpoints as a way to regain free disk space so that my May 1 to May 4
restore points will be retained longer?
5) Is there some way to mark a known good restore point so it will be
retained essentially forever?

Does anyone have any URLs to share on choosing and using restore points?

Thanks for any suggestions.

-Paul Randall

 

[BillW50]

Hi
I'm trying to make some changes to my sister's one-year old computer
(preinstalled WXP SP2) and things have just gone from bad to worse.

Hi Paul!

1. I installed McAfee Internet Security Suite 2007 to replace the
trial version of McAfee software that came preinstalled.

Ouch! Both not so good!

[snip]

The system has slowed to a crawl - doing a shutdown/restart now takes
a full 10 minutes.

Ouch!

Make a checkpoint now, then it doesn't matter if an older checkpoint
doesn't work out well. As you can always bounce back to now. Also what
is better than System Restore is ERUNT (which is free). And if you do
so, something like BartPE (also free) and ERUNT will get you out of most
anything.

 

[Paul Randall]

Hi
I'm trying to make some changes to my sister's one-year old computer
(preinstalled WXP SP2) and things have just gone from bad to worse.

Hi Paul!

1. I installed McAfee Internet Security Suite 2007 to replace the
trial version of McAfee software that came preinstalled.

Ouch! Both not so good!

[snip]

The system has slowed to a crawl - doing a shutdown/restart now takes
a full 10 minutes.

Ouch!

Make a checkpoint now, then it doesn't matter if an older checkpoint
doesn't work out well. As you can always bounce back to now.

Are you saying that once I find and use a good restore point, to create a
restore point? I guess that will work, but I was hoping to save all the
older (more likely the best ones) ones until I have the system fixed. It
will be easy to tell if I have gotten a 'good' restore point, but more
difficult to tell if I have the optimum restore point.

Also what is better than System Restore is ERUNT (which is free). And if
you do so, something like BartPE (also free) and ERUNT will get you out of
most anything.

Thanks for the BartPE/ERUNT suggestion. I've used BartPE but had not heard
of ERUNT.

-Paul Randall

 

[Rock]

Hi
I'm trying to make some changes to my sister's one-year old computer
(preinstalled WXP SP2) and things have just gone from bad to worse.
1. I installed McAfee Internet Security Suite 2007 to replace the trial
version of McAfee software that came preinstalled.
2. I uninstalled Microsoft Office 2003 trial version that came
preinstalled and installed selected parts of Office 2000 that she wanted.
3. I installed a USB slide/filmstrip scanner which conflicts with the
existing USB flatbed scanner resulting in both not working.
4. I installed a firewire PCI card, and replaced a DVD-RW that failed
yesterday.

The system has slowed to a crawl - doing a shutdown/restart now takes a
full 10 minutes.

I have lots of restore points to choose from:
May 1 - System Checkpoint
May 2 - System Checkpoint
May 3 - System Checkpoint
May 4 - System Checkpoint
May 6 - Software Distribution Service 2.0 (Is this what shows up for
Windows Automatic Updates?)
May 10 - System Checkpoint (This may be the last restore point prior to
installing McAfee, since it was purchased May 10)
May 11 - two instances of Software Distribution Service 2.0
May 12 - Software Distribution Service 2.0
May 13 - Six entries mostly associated with replacing Office 2003 trial
with Office 2000 stuff, and installing the slide/filmstrip scanner.

Questions:
1) What is a good strategy for deciding which checkpoint to try first?
2) If I don't try the oldest checkpoint (May 1) first, is it likely to be
deleted by the system as I try other checkpoints?
3) Is it a good idea to just start at the most recent and work backward
until the system works better?
4) If I choose the May 4 restore point and like it, can I delete all the
May 13 checkpoints as a way to regain free disk space so that my May 1 to
May 4 restore points will be retained longer?
5) Is there some way to mark a known good restore point so it will be
retained essentially forever?

Does anyone have any URLs to share on choosing and using restore points?

Paul, it's best to first uninstall any software and hardware (including
removing drivers) that was added after the restore point you intend to go
back to before doing the system restore. Otherwise that could lead to more
inconsistencies. System restore does not monitor all files from a
particular software installation, just certain monitored file types. Only
using system restore without first uninstalling the software will remove the
monitored files, but not the others.

For undoing driver updates use the driver rollback feature in device
manager.

If you have nothing else to go on, I suggest you start with the most recent
changes and work your way back.

Note: restore points that relate to software distribution service are
automatic restore points created by windows update prior to installing an
update (or group of updates if more than one is done at a given session).
It's best to first remove what updates you can through Add/Remove programs
before using that particular restore point.

Personally I would not use McAfee or Norton for security products. They are
resource heavy and can be problematic, either sooner or later. There are
good alternatives that are much less resource heavy, and in some cases free.
For AV there is Avast (my preference) and AVG, both free, or NOD32 and
Kaspersky for paid versions.

For firewalls there is Sunbelt Software's Kerio Personal firewall (free and
paid versions), and Comodo personal firewall.

For Anti-Spyware there is Windows Defender, Ad-Aware SE (new version coming
soon), SpyBot S&D, and SpywareBlaster - all free. Another good program, I
have heard but not tried, is AVG anti-spyware (formerly Ewido).

Note: when building a system, make one change at a time and test. Fix any
problems that are found before adding more changes to the mix. I like to
use a drive imaging program to image the system to an external hard drive.
Image before making a significant change, make the change, test, if all is
well, image, make the next change etc. In the long run it save you much
headache.

I currently use Acronis True Image Home version 10 for this. You can put
together a 320 GB external drive set up using a bare drive and an external
drive enclosure for under $100 at places like Newegg.com. This is an
excellent backup/recovery solution for the long term. Regularly image the
system and keep several iterations of images. Restores can be done on a
file, partition or drive basis. The initial image must be a full image, but
subsequent images can be differential or incremental, saving much time and
space. For example on one particular system, the full, compressed image
including the system and all data drives consumes about 62GB and takes about
3 1/2 hours to do including a full verification. An incremental image after
that, done on a daily basis takes less than 10 minute (without
verification). The size depends on how many changes were made that day.
Anywhere from 1/2 GB to 5 GB. When building a system, the size of the image
will be much less, you aren't imaging data. Taking an hour or less to do
the first full image, then 5 minutes or so to make an incremental image in
between making changes is time well spent.

No, you cannot delete selective restore points or save one forever. All
restore points are chained together. If the chain is broken it won't work.

The maximum time for retention of restore points is 90 days but it is not
functionally useful restoring back more than a week or two at the most. Too
many restore points increases the chances of corruption in one of them which
renders all of them useless. There are 3 ways to control restore points:

1. Turn off system restore. Then turn it back on. This will remove all
restore points.
2. Use disk clean up. This will remove all but the latest restore point
3. Limit the size allocated to system restore. By default that's 12% of
the drive. That's way too much on today's large drives. Cut it back to
around 1GB or less so you keep at most two weeks of restore points.

Note: System restore is not a backup. It backs up the registry, system
files and certain monitored files for apps, but it doesn't backup everything
and does nothing for user data. It does not replace, and it is essential
that one sets up and regularly uses a backup means. As I said before drive
imaging to an external drive I an excellent solution to this.

System restore is useful but it is best used to undo a single change shortly
after that change was made.

See MVP Bert Kinney's System Restore page for wealth of info on it, how to
keep it healthy, and how to troubleshoot.
http://bertk.mvps.org/index.html

Note the server for this page seems to be down at the moment.

 

[BillW50]

Hi
I'm trying to make some changes to my sister's one-year old computer
(preinstalled WXP SP2) and things have just gone from bad to worse.

Hi Paul!

1. I installed McAfee Internet Security Suite 2007 to replace the
trial version of McAfee software that came preinstalled.

Ouch! Both not so good!

[snip]

The system has slowed to a crawl - doing a shutdown/restart now
takes a full 10 minutes.

Ouch!

Make a checkpoint now, then it doesn't matter if an older checkpoint
doesn't work out well. As you can always bounce back to now.

Are you saying that once I find and use a good restore point, to
create a restore point? I guess that will work, but I was hoping to
save all the older (more likely the best ones) ones until I have the
system fixed. It will be easy to tell if I have gotten a 'good'
restore point, but more difficult to tell if I have the optimum
restore point.

No not really. Restores points disappear depending on the amount of disk
space you want to use. Although if the best ones are resaved, that might
help. Because they are last.

Thanks for the BartPE/ERUNT suggestion. I've used BartPE but had not
heard of ERUNT.

Oh ERUNT can save your butt with PartPE. As even if it looks hopeless
because Windows won't even boot, BartPE and ERUNT will pull you out of
it.

 

[Paul Randall]

Paul, it's best to first uninstall any software and hardware (including
removing drivers) that was added after the restore point you intend to go
back to before doing the system restore. Otherwise that could lead to
more inconsistencies. System restore does not monitor all files from a
particular software installation, just certain monitored file types. Only
using system restore without first uninstalling the software will remove
the monitored files, but not the others.

I always thought Microsoft's help & support was leaving a lot out in the use
of restore points. Perhaps leaving all those files that restore doesn't
know about doesn't cause any harm but they sure do waste space.

For undoing driver updates use the driver rollback feature in device
manager.

I have not manually done any driver updates - only installs. So hopefully
just removing the hardware in device manager and then shutting down and
removing the hardware should be all I need to do. I assume that the
installation process put the actual driver files in some Windows subfolder
where they will be dormant until I try to install the hardware again.

If you have nothing else to go on, I suggest you start with the most
recent changes and work your way back.

Note: restore points that relate to software distribution service are
automatic restore points created by windows update prior to installing an
update (or group of updates if more than one is done at a given session).
It's best to first remove what updates you can through Add/Remove programs
before using that particular restore point.

I'm not finding any clues as to what the automatic updates did. Where do
you find that info? If I select a restore point listed as 9:41:02 am
Software Distribution Service 2.0 and click Next, is it going to do the
restore or will it list the things it will be restoring and give me a chance
to remove the updates first? How can I do things in the proper order if
Microsoft gives me no clues as to where I will have a chance to do my part,
or figure out what my part is???

Personally I would not use McAfee or Norton for security products. They
are resource heavy and can be problematic, either sooner or later. There
are good alternatives that are much less resource heavy, and in some cases
free. For AV there is Avast (my preference) and AVG, both free, or NOD32
and Kaspersky for paid versions.

I've tried AVG, but wan't happy with it. When it detected a problem, it
wouldn't attempt to fix it until I paid for the software. Not exactly what
I would call free. I appreciate your suggestions and will try them.

For firewalls there is Sunbelt Software's Kerio Personal firewall (free
and paid versions), and Comodo personal firewall.

For Anti-Spyware there is Windows Defender, Ad-Aware SE (new version
coming soon), SpyBot S&D, and SpywareBlaster - all free. Another good
program, I have heard but not tried, is AVG anti-spyware (formerly Ewido).

Note: when building a system, make one change at a time and test. Fix
any problems that are found before adding more changes to the mix. I like
to use a drive imaging program to image the system to an external hard
drive. Image before making a significant change, make the change, test, if
all is well, image, make the next change etc. In the long run it save you
much headache.

I currently use Acronis True Image Home version 10 for this. You can put
together a 320 GB external drive set up using a bare drive and an external
drive enclosure for under $100 at places like Newegg.com. This is an
excellent backup/recovery solution for the long term. Regularly image the
system and keep several iterations of images. Restores can be done on a
file, partition or drive basis. The initial image must be a full image,
but subsequent images can be differential or incremental, saving much time
and space. For example on one particular system, the full, compressed
image including the system and all data drives consumes about 62GB and
takes about 3 1/2 hours to do including a full verification. An
incremental image after that, done on a daily basis takes less than 10
minute (without verification). The size depends on how many changes were
made that day. Anywhere from 1/2 GB to 5 GB. When building a system, the
size of the image will be much less, you aren't imaging data. Taking an
hour or less to do the first full image, then 5 minutes or so to make an
incremental image in between making changes is time well spent.

This is definitely the way to go. I do that with my new systems, like ghost
an image of the hard drive before the system's first boot. I've reinstalled
my Vista system at least 10 times so I could try things on a 'new out of the
box' system. I didn't bring the hardware to do all that with my sister's
system :-(

No, you cannot delete selective restore points or save one forever. All
restore points are chained together. If the chain is broken it won't
work.

The maximum time for retention of restore points is 90 days but it is not
functionally useful restoring back more than a week or two at the most.
Too many restore points increases the chances of corruption in one of them
which renders all of them useless. There are 3 ways to control restore
points:

1. Turn off system restore. Then turn it back on. This will remove all
restore points.
2. Use disk clean up. This will remove all but the latest restore point
3. Limit the size allocated to system restore. By default that's 12% of
the drive. That's way too much on today's large drives. Cut it back to
around 1GB or less so you keep at most two weeks of restore points.

Note: System restore is not a backup. It backs up the registry, system
files and certain monitored files for apps, but it doesn't backup
everything and does nothing for user data. It does not replace, and it is
essential that one sets up and regularly uses a backup means. As I said
before drive imaging to an external drive I an excellent solution to this.

System restore is useful but it is best used to undo a single change
shortly after that change was made.

See MVP Bert Kinney's System Restore page for wealth of info on it, how to
keep it healthy, and how to troubleshoot.
http://bertk.mvps.org/index.html

Note the server for this page seems to be down at the moment.

Thanks for the thorough answer.
-Paul Randall

 

[BillW50]

[snip]

I've tried AVG, but wan't happy with it. When it detected a problem,
it wouldn't attempt to fix it until I paid for the software. Not
exactly what I would call free. I appreciate your suggestions and
will try them.

Wow! I must be in another Universe! Although I haven't got a virus since
the late 80's, AVG is far better than the other antivirus utilities like
Norton's, McAfee, and PC-cillin. All which I used and loved in the past.
So I wouldn't know. If you do get a virus, maybe you weren't running AVG
in the first place, you think?

[snip]

This is definitely the way to go. I do that with my new systems,
like ghost an image of the hard drive before the system's first boot.
I've reinstalled my Vista system at least 10 times so I could try
things on a 'new out of the box' system. I didn't bring the hardware
to do all that with my sister's system :-(

Ten times eh? I just do it once. Something must be wrong with me, eh?

 

[Paul Randall]

[snip]

I've tried AVG, but wan't happy with it. When it detected a problem,
it wouldn't attempt to fix it until I paid for the software. Not
exactly what I would call free. I appreciate your suggestions and
will try them.

Wow! I must be in another Universe! Although I haven't got a virus since
the late 80's, AVG is far better than the other antivirus utilities like
Norton's, McAfee, and PC-cillin. All which I used and loved in the past.
So I wouldn't know. If you do get a virus, maybe you weren't running AVG
in the first place, you think?

[snip]

This is definitely the way to go. I do that with my new systems,
like ghost an image of the hard drive before the system's first boot.
I've reinstalled my Vista system at least 10 times so I could try
things on a 'new out of the box' system. I didn't bring the hardware
to do all that with my sister's system :-(

Ten times eh? I just do it once. Something must be wrong with me, eh?

Well, for example, this cheapo Compaq desktop only allowed making one system
recovery CD/DVD set. It claimed that using the system recover CD/DVD set
could bring the system back to its 'out of the box' state -- it doesn't, but
comes close. Being the curious type, I wanted to see how it handled using
CDs vs DVDs vs DVD-DLs in the internal drive as well as using an external
USB drive. It produces a 10-CD set, 2-DVD set or a single DVD-DL. External
USB CD/DVD drive was only displayed as an available drive if the internal
drive had earlier been disabled. Can you think of some other way to find
out this kind of information without reloading the system to its 'out of the
box' state a bunch of times?

-Paul Randall

 

[Rock]

"Paul Randall" wrote
[snip]

I've tried AVG, but wan't happy with it. When it detected a problem,
it wouldn't attempt to fix it until I paid for the software. Not
exactly what I would call free. I appreciate your suggestions and
will try them.

Wow! I must be in another Universe! Although I haven't got a virus since
the late 80's, AVG is far better than the other antivirus utilities like
Norton's, McAfee, and PC-cillin. All which I used and loved in the past.
So I wouldn't know. If you do get a virus, maybe you weren't running AVG
in the first place, you think?

[snip]

This is definitely the way to go. I do that with my new systems,
like ghost an image of the hard drive before the system's first boot.
I've reinstalled my Vista system at least 10 times so I could try
things on a 'new out of the box' system. I didn't bring the hardware
to do all that with my sister's system :-(

Ten times eh? I just do it once. Something must be wrong with me, eh?

Ahh, the light finally dawns. ;-)

 

[Rock]

Replies inline

"Rock" wrote

I always thought Microsoft's help & support was leaving a lot out in the
use of restore points. Perhaps leaving all those files that restore
doesn't know about doesn't cause any harm but they sure do waste space.

In a lot of cases it doesn't (other than clutter), but then again it can
impact a reinstall of the software. That's way when trying to undo the
effects of a software install it's always better to uninstall it using
Add/Remove programs or the uninstall routine provided by the software, and
then do the System Restore. Don't just do the system restore.

I have not manually done any driver updates - only installs. So hopefully
just removing the hardware in device manager and then shutting down and
removing the hardware should be all I need to do. I assume that the
installation process put the actual driver files in some Windows subfolder
where they will be dormant until I try to install the hardware again.

Yep that's how you do it.

I'm not finding any clues as to what the automatic updates did. Where do
you find that info? If I select a restore point listed as 9:41:02 am
Software Distribution Service 2.0 and click Next, is it going to do the
restore or will it list the things it will be restoring and give me a
chance to remove the updates first? How can I do things in the proper
order if Microsoft gives me no clues as to where I will have a chance to
do my part, or figure out what my part is???

If the system can get to windows update, do a custom install, then click on
the update history link in the left pane. That will tell you what updates
were installed when. Note the KB article numbers for each. Correlate that
with the dates of the System Restore points.

Once you know what's what first go to Add/Remove programs and uninstall the
updates that were installed prior to each particular restore point, then do
a system restore to that particular restore point.

Another place to look for udpate info is the compressed, hidden folders
(shown in blue font) under C:\Windows that have the form
$NtUninstallKBxxxxxx$. These are the uninstall folders for the updates with
that KB #. Note the date/time the folders were created. This will help you
to distinguish between restore points on the same day.

I've tried AVG, but wan't happy with it. When it detected a problem, it
wouldn't attempt to fix it until I paid for the software. Not exactly
what I would call free. I appreciate your suggestions and will try them.

Not sure I understand this. I've not experienced AVG free asking for money
to fix things. I know some other software does, such as certain registry
cleaners. They give you the teaser promo.

On the free side I prefer Avast, it works for me, but I have an installation
with AVG as well. Some folks swear by AVG, others claim it doesn't catch as
much. It's what you are happy with. I think most all knowledgeable folks
agree on NOD32 and Kaspersky. Kaspersky on the XP platform is rated as the
top AV. No program protects you against zero day exploits.

This is definitely the way to go. I do that with my new systems, like
ghost an image of the hard drive before the system's first boot. I've
reinstalled my Vista system at least 10 times so I could try things on a
'new out of the box' system. I didn't bring the hardware to do all that
with my sister's system :-(

Oh too bad. It's so nice to have that.

Thanks for the thorough answer.

You're welcome, good luck.

 

[Paul Randall]

Its back up. I've got a question about it.

He says: Warning: When restoring a system from Safe Mode or from the Command
Prompt an Undo restore point will NOT be created! So if possible, create a
restore point before continuing to provide a way to reverse the process.

It seems to me that if you want to use the oldest restore point you run the
risk of destroying it if you create a new restore point. Is there any way
to know whether creating a new restore point will destroy the oldest one?
Also, what happens if you are restoring from the oldest restore point and
your restore points are using the maximum space allowed? Will the undo
restore point be created?

-Paul Randall

 

[Rock]

Its back up. I've got a question about it.

He says: Warning: When restoring a system from Safe Mode or from the
Command Prompt an Undo restore point will NOT be created! So if possible,
create a restore point before continuing to provide a way to reverse the
process.

It seems to me that if you want to use the oldest restore point you run
the risk of destroying it if you create a new restore point.

Yes, it's a FIFO setup. So it could happen.

Is there any way to know whether creating a new restore point will destroy
the oldest one?

I don't think there is any way to know for sure, however, maximum retention
time is 90 days, and default space allocation is 12% of the volume. You
could check to see how much space the System Volume Information folder is
using. This is where restore points are kept, and it's a super secret
hidden folder.

http://support.microsoft.com/kb/309531/en-us
How to gain access to the System Volume Information folder

Also, what happens if you are restoring from the oldest restore point and
your restore points are using the maximum space allowed? Will the undo
restore point be created?

I don't know, but I would guess not.

Frankly, if it were me, this would be the last thing I would be concerned
with.

 

[BillW50]

[snip]

Is there any way to know whether creating a new restore point will
destroy the oldest one?

I don't think there is any way to know for sure, however, maximum
retention time is 90 days, and default space allocation is 12% of the
volume. You could check to see how much space the System Volume
Information folder is using. This is where restore points are kept,
and it's a super secret hidden folder.

http://support.microsoft.com/kb/309531/en-us
How to gain access to the System Volume Information folder

[snip]

Gaining access to the folder through the above method and then deleting
the folders that you are sure you don't need to ever restore should work
okay, no?

 

[Rock]

in message
[snip]

Is there any way to know whether creating a new restore point will
destroy the oldest one?

I don't think there is any way to know for sure, however, maximum
retention time is 90 days, and default space allocation is 12% of the
volume. You could check to see how much space the System Volume
Information folder is using. This is where restore points are kept,
and it's a super secret hidden folder.

http://support.microsoft.com/kb/309531/en-us
How to gain access to the System Volume Information folder

[snip]

Gaining access to the folder through the above method and then deleting
the folders that you are sure you don't need to ever restore should work
okay, no?

No. Restore points are chained.

 

[BillW50]

No. Restore points are chained.

Oh okay, thanks!

 

[Rock]

"Rock" wrote

Oh okay, thanks!

YW.

 

[Bert Kinney]

Its back up. I've got a question about it.

He says: Warning: When restoring a system from Safe Mode or from the Command
Prompt an Undo restore point will NOT be created! So if possible, create a
restore point before continuing to provide a way to reverse the process.

It seems to me that if you want to use the oldest restore point you run the
risk of destroying it if you create a new restore point. Is there any way
to know whether creating a new restore point will destroy the oldest one?
Also, what happens if you are restoring from the oldest restore point and
your restore points are using the maximum space allowed? Will the undo
restore point be created?

Yes, if the maximum amount of space is reached, the automatic creation of a
undo restore point would delete to oldest restore point.

How old is the oldest restore point you want to use?


Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
Member: http://dts-l.org