System Restore service not available

I would recommend you to run sfc /scannow from the command prompt. Just make sure you have the WIndows CD with you before you run that.

Go to Start, Control Panel, Administrative Tools, Services.  Click the "Standard" tab at the bottom.  See if the System Restore service is present, as below:


SystemRestore1.png

The first idea I have for you

Right click the "C:\WINDOWS\inf\sr.inf" (or where ever your windows are installed) select "install" This will fix your System restore.  You will be prompted for files, so you will probably need your XP install disk if the files are not on the drive.

... ah, I was going to continue that thought, but hit the wrong button:

If the service is not shown at all, then there is a severe registry problem.

If the service is shown, then right-click on it and investigate the Properties pages.  They should appear as below:




Note that the System Restore service depends on the RPC service.  If RPC is disabled, System Restore will not start.

Also investigate the system error logs to see if any apropos messages are showing up.

@DrKlahn.

OP says it is there, but won't start.  Error 2 System can not find the file specified

I'm thinking there would have been a message re RPC not started if your theory were true.

This could be caused by permissions (or Malware), but wanted to have her try reinstalling SR first to make sure all the components were present in the system and properly registered.

Good idea about the system error logs.

@Jennefer

Re system error logs

View the event logs to investigate System Restore service errors
To do this, follow these steps:

   1. Click Start, click Run, type eventvwr.msc /s in the Open box, and then press Enter.
   2. Click the System category.
   3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then evaluate the event description for any indication of the cause of the problem.

Well I'm not sure what happened but I'll try this again. If it's in there twice, sorry:  

The sfc scannow I did run with my install cd and it completed with no messages.
I restarted the machine, still no src.

I cannot find any file on my system called sr.inf - I looked carefully.

I did go to the services area and System Restore Service is listed, you'll see this in the screenshot I'll add to this. Also, the service upon which it depends, rpc is running.

Note that when there this time I clicked to restart that service again, but this time, instead of the error 2 it was originally giving, it says a slightly different error. See the screenshot for the error detail.  That's a bit weird.

newmsg.bmp

Also, all entries I could find in the system events logs regarding that service simply said that the service stopped for unknown reasons. These were listed as svshost events, not specifically under the service name.

to Jim-R:  Well I was wrong about that file sr.inf - I apparently had my search settings set to skip hidden files.
Yes it was there, in Windows\Inf.
I right-clicked on it, and used my install cd to install it, it asked me to restart the computer, which I did.
The service is still not there. This is FRUSTRATING !

The sr.inf should be in the Windows directory.  The file may have been deleted by malware, but it is supposed to be there.  There should also be a hidden folder named "System Volume Information" which you will not see unless you have set the option under Tools->Folder Options in Windows Explorer.  The "inf" extension is not allowed to be uploaded, but if you change the file extension on the attachment from TXT to INF you will have re-created your own INF file.  The contents of the following code box is what is inside the txt file so you know what you are getting.  Put this file in the Windows folder.

In Windows Explorer using the "Tools->Folder Options menu, select the "View" tab and make sure you have the "Hide extensions for known file types" UNchecked, so you know the file extension will be dot INF and not dot INF dot TXT.

sr.txt

 

[version]
Signature="$CHICAGO$"
SetupClass=BASE
LayoutFile=layout.inf

[DefaultInstall]
CopyFiles=SRFlt_files,SRSvc_files,SR_files
AddReg=SRFlt_addreg,SRSvc_addreg,SR_addreg
ProfileItems=SRProfile
RegisterDlls=SR_register
DelReg=SRSvc_delreg

[DefaultInstall.Services]
AddService=sr,,SRFlt_service,SRFlt_event
AddService=srservice,,SRSvc_service,SRSvc_event

[Uninstall]
DelFiles=SRFlt_files,SRSvc_files,SR_files,SRWmi_files
DelReg=SRFlt_delreg,SRSvc_delreg,SR_delreg
UnregisterDlls=SR_register

[Uninstall.Services]
DelService=sr
DelService=srservice

[DestinationDirs]
SRFlt_files=12
SRSvc_files=11
SR_files=11,Restore

[SRFlt_files]
sr.sys,,,0x10000

[SRSvc_files]
srclient.dll,,,0x10000
srsvc.dll,,,0x10000
srrstr.dll,,,0x10000

[SRSvc_files.Security]
"D:P(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)"

[SR_files]
filelist.xml,,,0x10000
rstrui.exe,,,0x10000
srframe.mmf,,,0x10000
srdiag.exe,,,0x10000

[SR_files.Security]
"D:P(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)"

[SRProfile]
Name=%SR_UI_Link_Name%
CmdLine=11,restore,rstrui.exe
SubDir=%SR_UI_Link_SubDir%
InfoTip="@%systemroot%\system32\restore\rstrui.exe,-2078"
DisplayResource="%systemroot%\system32\restore\rstrui.exe",2048


[SRFlt_service]
DisplayName    = %SR_Filter_Name%
ServiceType    = 2    
StartType      = 0    
ErrorControl   = 1    
ServiceBinary  = %12%\sr.sys
LoadOrderGroup = "FSFilter System Recovery"

[SRSvc_service]
DisplayName    = %SR_Service_Name%
Description    = %SR_Service_Desc%
ServiceType    = 0x20  
StartType      = 2     
ErrorControl   = 1     
ServiceBinary  = %11%\svchost.exe -k netsvcs
Dependencies   = "RpcSs"

[SRSvc_event]
AddReg=SRSvc_event_addreg
DelReg=SRSvc_event_delreg

[SRFlt_event]
AddReg=SRFlt_event_addreg
DelReg=SRFlt_event_delreg

[SRFlt_addreg]
HKLM,"system\currentcontrolset\services\SR\Parameters","FirstRun",0x10001,1
HKLM,"system\currentcontrolset\services\SR\Parameters","DontBackup",0x10001,0



HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys","",0x00000000,"FSFilter System Recovery"
HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys","",0x00000000,"FSFilter System Recovery"

[SRSvc_addreg]
HKLM,"SYSTEM\CurrentControlSet\Services\SRService\Parameters","ServiceDll",0x00020000,"%11%\srsvc.dll"



HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService","",0x00000000,"Service"
HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService","",0x00000000,"Service"

[SR_addreg]
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SystemRestore","DisableSR",0x10001,0
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SystemRestore","CreateFirstRunRp",0x10001,0
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg","DiskPercent",0x10001,12
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Run","SRFirstRun",,"rundll32 srclient.dll,CreateFirstRunRp"

[SRSvc_event_addreg]
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SRService","EventMessageFile",0x00020000,"%11%\srsvc.dll"
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SRService","TypesSupported",0x00010001,7

[SRFlt_event_addreg]
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SR","EventMessageFile",0x00020000,"%11%\IoLogMsg.dll;%12%\sr.sys"
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SR","TypesSupported",0x00010001,7

[SRFlt_delreg]
HKLM,"system\currentcontrolset\services\SR\Parameters","MachineGuid"
HKLM,"system\currentcontrolset\services\SR\Parameters","Disabled"
HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys"
HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys"

[SRSvc_delreg]
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SvcHost","SRGroup"




HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService"
HKLM,"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\FilesToSnapshot"

[SR_delreg]
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SystemRestore"

[SRSvc_event_delreg]
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\Application\SRService"
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SRService","EventMessageFile"
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SRService","TypesSupported"

[SRFlt_event_delreg]
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SR","EventMessageFile"
HKLM,"SYSTEM\CurrentControlSet\Services\EventLog\System\SR","TypesSupported"

[SR_register]
11,,srclient.dll,1

[Strings]
SR_Filter_Name  = "System Restore Filter Driver"

SR_Service_Name = "System Restore Service"
SR_Service_Desc = "Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties"

SR_UI_Link_Name    = "System Restore"
SR_UI_Link_SubDir  = "Accessories\System Tools"

Select allOpen in new window

The next step would be to perform a Window repair installation.

Personally, when I have come to that stage, I reinstall Windows instead.  My own experience is that "repaired" systems are never quite right.

Ok, I missed your post while I was making mine.

When you say the service is still not there, are we talking the existence of it in the "Services" dialog listings, or just that it still won't start?

My next suggestion was for you to check some policy setting to make sure a policy wasn't over riding, but the reinstall of SR should have taken care of that.

My next suggestion will be for you to attempt to run the service from a command prompt in Safe Mode, but you will likely have to re-install SR AGAIN, but only allow restart in Safe Mode (to prevent the installation from being re-sabotaged).  If this allows SR to run, you likely have Malware that is causing your issue and should re classify your tagging of your question to the AntiVirus category where our most excellent AntiVirus experts who watch this category can help you.

Oops, I guess you'll need that procedure.

Boot in safe mode and run the System Restore tool
To boot in safe mode follow these steps:

   1. Restart the computer. Immediately after the screen goes blank for the first time, or after the BIOS post ends, start taping the F8 key repeatedly. The Windows Advanced Options menu appears.

      If the menu does not appear, restart the computer and try again.
   2. Select Safe Mode, and then press ENTER. As files load they will scroll down the screen.

      Note Safe mode uses a minimal set of device drivers and services to start Windows. The default Microsoft VGA driver is used for display at 640 X480 resolution and in 16 colors.
   3. Log on to the Administrator account. If a password was never set, leave the password blank and press ENTER or click the green arrow.
   4. Click No in the safe mode information screen to start System Restore.
   5. Select Restore my computer to an earlier time, and then click Next to proceed to select a date with restore points available.
   6. Click Next to begin restoring the system to a previous state.

To Jim-R
By "still not there" I meant that it still won't start.
It does still show up in the list of services.
I did take the inf file you posted and renamed it .inf, and put it into the
specified directories.

When I restarted the system, I got "system restore" available on my start menu\programs\accessories\system tools, which wasn't there before.
When I clicked on it, it said (something to the effect of) The system cannot protect your computer. Please restart and run System Restore again.
And upon doing that, still no help.
Again, I went to Services and tried to restart the service, to no avail.

To DrKlahn: I know what you're saying about a sysem repair, but to me it would make more sense to wait until I have to do a system restore and cannot, THEN I'd have to try either an os reinstall or at least a system repair. At this time, though, it's not preventing me from normal operations on this machine.

The ServiceDLL for the SRService is C:\WINDOWS\system32\srsvc.dll

Is this file present?

Also....

Start>run>cmd

type the following please....

set path

Post the output please....

Finally....

System Restore as a built in diagnostics.... If the following file is present, double click it.

C:\windows\system32\restore\srdiag.exe

It will create a %COMPUTERNAME% .CAB file. Double click it, and extract (just highlight and drag to your desktop)the .txt files at the bottom, that are named SR-FileList.LOG and SR-Reg.LOG. Attach them here please....

To JohnB:
The srsvc.dll file is there.
The set path result will appear below.
My \system32\restore folder does have that srdiag.exe file, but when
tried to run it, nothing happened - or I should say, I didn't find the
resulting .cab file from it.  Tried re-running it from the command prompt,
still didn't see any resulting diagnostic output.  Perhaps I'm doing something wrong there.
setpath.bmp

I have procmon (process monitor) already, got it from Nirsoft utilities.
Same one ?

I was finally able to get that to run.

When I created the filter to include process name=mmc.exe, it filtered ALL events.

Also, there was nothing labeled "Services" anywhere the output or the options.

(The link you included for that utility (procmon.exe) didn't work, so I went to Microsoft Sysinternals site and downloaded it from there.)

Ignore that last comment; I misunderstood your telling me to go to services again. You meant that while the pcomon.exe was running, you wanted me to try to restart the service so it would monitor whatever went wrong when I did that.
Sorry,  I'll try that again.

You got it.... Go to services and start it while it is monitoring....

Done.  I have an output file (I opted for the .pml filetype).
I compressed it to a .zip folder. However, E.E. gives me an error message
when I try to upload that. It says that the file type within the folder is not an allowed one, so it won't uplaod the .zip folder.

The size of the UNzipped .pml log file is 5.3 mb, whereas the zipped vers.
is around 1.2 mb.

I also created the logfile as a .csv file, which without compression is slightly over 2 mb.

I can upload that unzipped .csv file, or if you know how to get around E.E.'s objection to that .zip folder/file deal, I can try that another way.

I'll stand by to hear what you suggest.
I APPRECIATE ALL YOUR HELP VERY MUCH !

Just rename it to .txt, and upload the .PML file...

LprocmonLogfilePML.txt

Cant DL it..... Can you please upload again?

Don't think that will be necessary, BECAUSE, I just for the heck of it tried to start system restore service, and it WORKED.  
I did a test restore and it worked perfectly.

I don't know when that came back, but I have to presume that because I've been working with you for the past several days, it was something you had me do somewhere along the line.

So I am going to award to you the points, with a big THANK YOU.
Attaching a snapshot of the now WORKING restore !
restoredrestore.bmp

Can't precisely say what it was that fixed the problem, but I know it was one of the fixes this expert suggested.