Site and content now available for sale - $1950 Contact Us
Includes 80,000+ pages content, Windows app, database, admin, graphics, and more.
spacer spacer spacer
application solutions
exception solutions
Exceptions & Crashes
  fatal BSoD errors Fatal BSoD Errors
  fatal startup Fatal Startup
internet solutions
Windows 8 solutions
Windows 8
Windows 7 solutions
Windows 7
vista solutions
Windows Vista
xp solutions
Windows XP
  annoyances Annoyances
index to publishers
Index to Publishers
file lookup
File lookup
  entertainment Entertainment

Using System Restore on XP/2003


The following topics are available:

Also available is Using System Restore on Windows 8+, 7, Vista or 2008

  What does System Restore Do?  

Windows makes periodic restore points that saves the registry files. You can recovery a system with one of these restore points. It can often correct a host of problems including:

  • Repair a damaged or corrupted Registry
  • Remove an application that failed during install/uninstall and screwed up something else
  • Inactivation of some viruses, malware, spyware and a few rootkits

You success depends on being able to find a restore point that was made BEFORE the damage or problem was created. It's quite helpful if you have a good idea when the problems began or when some major event caused the problems.

One of Restore-points failings is it only retains the latest 8 restore points, and every install and uninstall uses up another restore point. You may find that the restore points do not go back far enough in time to help solve your problem.

Keep in mind that anything that was installed, updated or changed after the point of the restore point you plan to use will be lost, and these installs and updates will need to be reapplied. Your data should not be affected, although having a good backup of your important data is always wise!

  The Simple System Restore  

Windows makes it easy to return to the last working checkpoint, what it calls the Last Known Good Configuration. This is used when some event causes Windows to fail to boot up. Often Windows will detect this and on the next boot provide access to the Advanced Options menu.

If Windows can boot up, then this option will not solve any problems, since the "Last Known Good Configuration" will have already saved the problems you're encountering.

To get to this screen manually, during the boot up process (and well before you see any Windows logos) press and hold F8 until a menu appears. In some cases the Please select an operating system to start menu appears. If so, select your operating system and press F8 again. The goal is to get to the Advanced Options Menu.

Windows Server 2003, XP and 2000:


Windows Advanced Options Menu
Please select an option:

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable VGA mode
Last known Good Configuration (your most recent settings that worked)
Directory Services Restore Mode (Windows domain controllers only)
Debugging Mode
Disable automatic restart on system failure

  Start Windows Normally    
Return to OS Choices Menu

Use the up and down arrow keys to move the highlight to your choice.


Use the up arrow key to highlight the option Last Known Good Configuration and press Enter. This will load the checkpoint before the last event. If this fails to correct the problem, then you'll need to use an older Restore point as described below.

Do NOT use Directory Services Restore Mode - this is for IT professionals and it starts running Windows Domain Controller with Active Directory. It does not run a System Restore.

With some OEM pre-installs of Windows, you may get another choice in the list, Windows Recovery Environment (not shown above). If this option is available, and you select it, you will get a new menu to select the recovery tool. You can select System Restore to choose from the last eight restore points.

  System Restore from a running Windows XP/2003  

Log onto Windows as the Administrator.

Click on Start, and select the Accessories folder, then System Tools, and finally System Restore.

The System Restore dialog appears:

System Restore start

Choose Restore my computer to any earlier time and press Next.

System Restore selection

Here it shows a calendar. The bold dates indicate when one or more restore points were made. You can also use the left/right arrows "<" and ">" at the top of the calendar box to move to other months. Keep in mind that System Restore only saves about 8-12 Restore Points (also called Checkpoints).

Find a date that precedes the start of the problems or a date before some known actions such as a specific installation that went bad. In some cases there may be more than one restore point for a specific date. If so, they will be listed in the left box. Highlight the desired restore point.

Click on Next. A final confirmation dialog appears:

System Restore confirm

Before continuing, be sure all applications are closed as the Restore will force a reboot. Select Next to start the restoration. The restoration will begin and the system will reboot when it's complete.

It may take 10 minutes or more, so be patient and don't power down or reset the PC while the restoration is occurring. After the reboot and logging on again as Administrator, Windows will confirm the restore completed successfully.

If you don't like the results of the restoration, you can return to System Restore and choose a different restore point.

  Recovery Console and System Restore from Windows XP boot CD  

Ideally, you'll have a retail version of the Windows XP CD. Many PC manufacturers fail to include this CD when an OEM version of Windows is installed to save a few cents. If you don't have a Windows installation CD, you'll need to get one from your computer manufacturer. If you're lucky they may have installed a copy of System Restore on the hard disk. If you do not have the bootable CD, see the section above The Fast and Easy System Restore.


Use the following steps to get to the Recovery Console from the boot CD:

Insert the DVD and boot from it. You'll get a black and white screen:


Press any key to boot from CD....


If this doesn't appear, it may be the DVD is not a Windows bootable CD. Assuming you get this message, press a key (spacebar or anything else). If you don't press any key within about 5 seconds, it will boot from the hard disk.

Continuing to boot from the CD you'll see a blue screen.


Windows Setup


The bottom white line will show the various drivers being loaded as setup starts up. This takes 2-3 minutes. When complete the first options screen appears.


Windows Setup

Welcome to Setup.

This portion of the Setup program prepares Microsoft(R)
Windows(R) XP to run on your computer.

* To set up Windows XP now, press ENTER.

* To repair a Windows XP installation using
  Recovery Console, press R.

* To quit Setup without installing Windows XP, press F3.

  ENTER=Continue    R=Repair    F3=Quit  

To start the Recovery Console, press R. This drops you a black and White screen. If you have more than one installation, the different installs will appear.


Microsoft Windows XP(TM) Recovery Console

The Recovery Console provides system repair and recovery functionality/

Type EXIT to quit the Recovery Console and restart the computer.


Which Windows installation would you like to log onto
(To cancel press ENTER)? _


Type 1, and press Enter to select the first installation (most users will only have one installation). You will then be asked for the Administrator Password.


Which Windows installation would you like to log onto
(To cancel press ENTER)? 1
Type the Administrator Password: _


Enter the password and press Enter. If you never set one, it will be blank, so just press Enter. If accepted, you'll be dropped to a prompt, where you can view and access files using standard DOS commands.




Type help, then Enter to see a list of valid commands. The command shell lets you fix a number of issues, although there is no nice GUI to walk you through it.

From this point, we'll assume you know to press Enter after each command. All commands, directories and filenames are not case sensitive. Don't forget to include the spaces exactly as shown. Options include:

Validate and Fix the File System

This runs the check disk program to detect and attempt to repair problems on one partition. For example, to repair the C: drive:

  1. At the prompt type chkdsk  c:  /r

Repair the Boot Process

Typically this is used if Windows doesn't start at all and you can't get to the safe mode menu. You might also replace the Master Boot Record (MBR) and/or the boot sector if you suspect a virus infection.

New MBR - Insert a new generic MBR without changing the partition table.

  • At the prompt, type: fixmbr

New Boot Sector - Insert a new Windows compatible boot sector.

  1. At the prompt, type: fixboot

  2. It will confirm the target partition is C (for at least 99.99% of installations). Type Y

Fix a Damaged or Missing File

If a file is damaged, corrupted or missing, you can often copy the file from the CD. Ideally the CD should be the SAME service pack version as what you have already installed (and updated). Using mixed versions can cause other problems and instabilities.

For example, if your CD appears as drive E, and you want to replace ntldr and (two critical files for the start of Windows):

  1. At the prompt, type copy e:\i386\ntldr  c:\

  2. It will ask if you want to overwrite, so type Y

  3. At the prompt, type copy e:\i386\  c:\

  4. It will ask if you want to overwrite, so type Y

Most files on the CD are stored in a compressed format. For example, the file HAL.DLL (which is stored in the c:\Windows\System32 directory) was corrupted and needs to be replaced. You will find the file on the CD under \i386\HAL.DL_ instead of the name you expect. The last letter has been changed to an underscore to signify the file is compressed. Take the following steps to get and expand this file:

  1. At the prompt, type expand e:\i386\hal.dl_  c:\windows\system32

  2. It will ask if you want to overwrite, so type Y

Backup Registry and Load the Registry from Original Installation

If you suspect the registry is damaged, this is a slick way to get running again when other options have failed. Once Windows is running using this trick, you can restore a different restore point from within Windows. First we'll save the current registry so you could always return things the way the were.

  1. Change the directory to Windows by typing cd :\windows

  2. Create a new directory by typing mkdir regtmp

  3. Change to the directory where the registry resides by typing cd system32\config

  4. Copy these files using the commands in bold:

    • C:\WINDOWS\SYSTEM32\CONFIG>copy  default  c:\windows\regtmp\default.bak
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  sam  c:\windows\regtmp\sam.bak
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  security  c:\windows\regtmp\security.bak
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  software  c:\windows\regtmp\software.bak
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  system  c:\windows\regtmp\system.bak

  5. Now we'll reset the registry used when XP was first installed. Copy the following files in bold:

    • C:\WINDOWS\SYSTEM32\CONFIG>copy  c:\windows\repair\default  default
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  c:\windows\repair\sam  sam
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  c:\windows\repair\security  security
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  c:\windows\repair\software  software
    • C:\WINDOWS\SYSTEM32\CONFIG>copy  c:\windows\repair\system  system

Now you can exit to reboot and work off the original registry. If the system still fails to run, then there is other more serious problems to deal with.

Manually Restore Registry via a Restore Point

In this technique, you will restore a registry (restore point) from a previously saved restore point.

  1. At the prompt, type cd \"system volume information"\_resto~1

    The prompt should change to c:\SYSTEM VOLUME INFORMATION\_RESTO~1>

  2. Type dir to see a list of the restore points.

    You will see a number of directories that start with RP followed by a number. For example RP123 indicates the 123rd restore point made since first installed. Only the last 12 or so restore points are retained.

    The date of the directory indicates when the restore point was saved. You'll want to pick a date prior to the problem event, such as before an installation that you suspect caused the problem. You do not want to pick the newest restore point, since that has saved the very last problematic registry.

  3. With the restore point identified, you need to change to that directory, and the snapshot directory under it. Let's assume you decided on SP110, so you would type:

    cd sp110\snapshot

  4. The prompt gets rather long, but it would look like:


  5. Now you'll copy the five files that comprise the registry:

      copy  _registry_user_.default  c:\windows\system32\config\default
      copy  _registry_machine_sam  c:\windows\system32\config\Sam
      copy  _registry_machine_security  c:\windows\system32\config\Security
      copy  _registry_machine_software  c:\windows\system32\config\Software
      copy  _registry_machine_system  c:\windows\system32\config\System

  6. Now you can exit to reboot and run Windows using this registry restoration. Keep in mind that any installation or updates made after the date of the restore point will be lost (which might be a good thing)!

To Exit Recovery Console and Reboot

  1. At the prompt, type Exit

  2. The system will reboot.
  Notes for 64-bit Environments  
  These instructions address all 32-bit XP and Server 2003 environments. If you are using XP 64-bit edition, some operations may be slightly different, such as using the amd64 directory instead of i386 directory names.  
  A Better Recovery Alternative  

If you installed Avanquest's SystemSuite or Fix-It Utilities, both products include Recovery Commander, which is installed and activated by default.

Recovery Commander provides an easier-to-use more advanced recovery process than Windows System Restore, dealing with a far wider range of problems. Key features include:

  • Automatic periodic saves of critical system information
  • Recovery from failures such as:
    • Corrupt or damaged registry
    • Damaged boot record
    • Missing system files
    • BOOT.INI and BCD (Vista) configuration errors
    • Works with all Windows file systems (including NTFS)
  • Fixes Windows when it can’t start
  • Automatically creates checkpoints for new program installations

The recovery process is very easy. It can be run from within Windows, or by booting from the SystemSuite or Fix-It installation CD. Below is the first screen from the boot CD to select Recovery Commander as well as other rescue features.

Recovery Commander Start

Recovery Commander also provides the option to make an undo checkpoint before doing a restoration, so it is easy to try different checkpoints without risk.