[pseuclid]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000016

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{E87A81FB-FDCF-4B92-A20C-951710F82D7C}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
@=""

[Advertisements]

Hello,

I was asked to take over your thread.
So it seems like you can't perform systemrestore?
What happens if you click on the systemrestore-option ?
Does it open?
Can you check if next is present?
C:\WINDOWS\system32\Restore\rstrui.exe

Or, we can try to reinstall your systemrestore.
For that, we need your original XP cd.

Put the cd in your cdromdrive

- Go to Start > run.
Copy and paste next bold in the field:

rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf

- Click OK.

Let me know.

[miekiemoes]

Hello,

I was asked to take over your thread.
So it seems like you can't perform systemrestore?
What happens if you click on the systemrestore-option ?
Does it open?
Can you check if next is present?
C:\WINDOWS\system32\Restore\rstrui.exe

Or, we can try to reinstall your systemrestore.
For that, we need your original XP cd.

Put the cd in your cdromdrive

- Go to Start > run.
Copy and paste next bold in the field:

rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf

- Click OK.

Let me know.

[miekiemoes]

Edit, before you perform above steps, I want to be sure of something.

Go to start > run and copy and paste next:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemRestore"

click Ok
Look on your C:\ for look.txt. and copy and paste the contents in your next reply.
Don't worry if it isn't there.. just tell me afterwards.

[pseuclid]

I carried out the procedures in your first message before receiving your second. In response to your second message, attempting to run

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemRestore"

produced nothing. No response, no look.txt

Regarding your first message, the systemrestore option does appear on my computer but when I try to use it, I receive the following message, even though I am logged on as the administrator

You do not have sufficient security privileges to restore your system.

I inserted the Windows XP Professional CD in my CD-drive, and ran


rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf

The responsse was that "sr.sys" was needed.

I installed it from the CD onto the computer, restarted, and attempted again to run system-restore. But I received the same response about security privileges.

Thanks for the help. What should I do now?

[miekiemoes]

Ok; let's try this after you restored your missing or corrupted sr.sys:
We need to start that one again.

http://support.micro...B;EN-US;q302796

[pseuclid]

I checked to see if sy.sys was present. Search found it in three locations:

C:\I386
C:\WINDOWS\SYSTEM32\DRIVERS
C:\WINDOWS\LastGood\SYSTEM32\DRIVERS

I went to the website that you recommended are checked to see if System Restore was present and running. It is present and running, automatically on startup.

When I try to run it I get a message as if I were not the administrator--insufficient security privileges.

Thanks.

[miekiemoes]

Hmm, I'm getting out of ideas here.

Let's check another key if it exists:

Go to start > run and copy and paste:

regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore"

Search on your C:\ for look2.txt

[pseuclid]

Sorry, no luck. Is there some way I can edit security privileges?

[miekiemoes]

Yes, but we need to search first where it is set in the registry.

Let's try something..

Download Registry Search and doubleclick to start it.
Enter "SystemRestore" in the edit and click "Ok".
Notepad will be opened with text in it (the file will be saved in the program's folder as well). Post this text in your next reply.

[pseuclid]

Here is the result from Registry Search.


REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.4

; Results at 6/13/2005 1:30:57 PM for strings:
; 'systemrestore'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks]

[HKEY_USERS\S-1-5-21-955046455-1085806099-568186159-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="regedit /e C:\\look.txt \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\SystemRestore\"\\1"

[HKEY_USERS\S-1-5-21-955046455-1085806099-568186159-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="regedit /e C:\\look2.txt \"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore\"\\1"

; End Of The Log...

[miekiemoes]

Hmm, let's try another registry search tool, because I have already noticed that regsearch does overlook some keys sometimes.

Go to next site and download Registry Search Tool
http://www.billsway.com/vbspage/
(somewhere in the middle of that page)

It is same procedure as the tool you used before, so copy and paste SystemRestore in the field and let it search.

Also, perform a search for DisableSR

I hope this will reveal something

[pseuclid]

When I tried to run the latest Registry Seach, both looking for SystemRestore and DisableSR, I received a message from Norton AntiVirus warning me of a malicious script and recommending that I stop. Considering what got me into this mess to begin with, I stopped.

[miekiemoes]

No, allow it, norton always flags scripts as infected. Don't worry and just allow it

[pseuclid]

Here are the results. It may be an hour or two before I can return to work on this.
Thanks for the help.


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "SystemRestore" 6/13/2005 2:44:37 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks]

[HKEY_USERS\S-1-5-21-955046455-1085806099-568186159-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="regedit /e C:\\look.txt \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\SystemRestore\"\\1"

[HKEY_USERS\S-1-5-21-955046455-1085806099-568186159-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="regedit /e C:\\look2.txt \"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore\"\\1"



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "DisableSR" 6/13/2005 2:46:45 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

[miekiemoes]

No policies set...

After replacing your sr.sys again, did you perform this via start>run?:

rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf

I'm really out of ideas, nothing set in the registry though that prevents it..

Take a look at next threads: http://www.softwaret...ead.php?t=17333
http://www.footslog....TML/000290.html

There are several solutions and cases present.
Check them all.