Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - RaveRocks

Pages: [1] 2
1
I have re-written my solution to the 1083 error in another forum http://www.tweaking.com/forums/index.php/topic,3777.0.html , including the list of services that are called by svchost and the various command lines that are possible.  Once you have a look at both areas of the registry that this solution points to, you'll see how both areas have to be in 100% agreement or services will not load at run time.  From my research on the net, the concept used in Vista to validate a service's network rights is the same in the three newer versions of Windows.  The only differences will be the newer services that each version of Windows introduces.  The list of services that I detail in the other thread is only valid for 32bit Windows Vista Home Premium SP2.  I came across a list of services in Vista SP1 at one of the Microsoft sites and there were an additional 10 or so services that didn't make it into SP2.

2
Apologies but I'm breaking the standard forum rule about Thread bumping because I just had a major breakthrough.  From the few tweeks I've just made, I think I've found the source of the 1083 Error on my PC.  I don't think I've ever yelled as loud for joy as I did when I heard Windows sign-on music after a reboot.

It all depends on a responding entry for each applicable service that uses svchost, in the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost

As an example, if a service appears as svchost -k netsvcs in the imagepath(**), then that service name MUST appear in the netsvcs multi-string list in the right-hand pane.  Ditto for any of the other services that use svchost.

From the notes I've made in the past three weeks, most of the services that were malfunctioning are using svchost or depend on a service that does use svchost.  So far, I've restored my MMCSS, audio service, SENS, BITS, ShellHWDetection and Themes.  The rest of my afternoon will be spent adding the rest of the missing entries.  I'll report back with the results.

==== edit01 ====

(**) refers to imagepath in the appropriate entry at the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

==== edit02====

After adding the long list of missing items to the netsvcs entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost, all of the 1083 and 1068 errors have disappeared. 

I went through the entire list of svchost related services at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services and categorized them by the command line switch for svchost and then checked the appropriate lists at NT\CurrentVersion\SvcHost for missing or invalid entries. 

THREADORDER is being loaded with -k LocalSystem whereas the service appears in LocalService list.
MCX2Svc is being loaded with -k LocalServiceAndNoImpersonation whereas the service appears in the LocalService list.
RemoteRegistry appears in two lists regsvc and Local Service.

Profsvc is generating this error: "Windows cannot load classes registry file.  Detail- The system canot find the file specified."

The Readyboost service terminated with the following error.  The handle is invalid.

After my repairs, I've got my sound system back (very happy) but I know it's not totally fixed.  I'm going to set a restore point and run Windows Repair in safe mode.  More later.

==== edit03 ====

Windows Update has finally been able to run for I don't know how long.  45 security updates were installed successfully with an absolutely clean reboot.  The error log reveals a couple of left-over errors to deal with, but my major concerns have been resolved.  I'm still concerned that my Recovery drive is not being recognized by the software update from HP and that my recovery disks are still coming up with an error.

My theory is that some application attempted to install itself at the security level of netsvc and instead of adding their service to the list, they chopped the list down to a single entry - - theirs!  Or the application cherry picked names out of the list, disabling certain security features of Windows Vista by removing dependent services.  I've never ever been this deep into the registry as I have in the past month, so I know I didn't do it.  :artist:

When my tax refund comes through, you have been added to the list of companies and web sites that I want to contribute to. Being able to vent and spew my error logs helped.  Getting useful responses was a side blessing.  Thank you.




3
To carry on from the other thread. 

I've downloaded the update (Portable) and ran the entire batch of repairs in safe mode after a cold start. The extra long file name error is happening in the WMI repair section and is pointing to a location:

c:\windows\system32\config\systemprofile\localsettings\Application Data with the "\Application Data" then repeated more than 5 times.  I was able to write down part of the file name (it flashed by in a few seconds) and the only one I could find on drive C: that resembled the name was temp1_ffjcext.zip file.  I could find no occurrence of that file name in the registry.  There was no mention of the file length error in the log files.

==== edit 01 ====

In Junction Link Magic, the junction c:\windows\system32\config\systemprofile\localsettings
has a destination of c:\windows\system32\config\systemprofile\AppData\Local

and the junction c:\windows\system32\config\systemprofile\AppData\Local\Application Data
has a destination of c:\windows\system32\config\systemprofile\AppData\Local


I also had Windows Repair fix the paths but there is still a repeat.  (I don't know if this is critical.)

Path=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem


4
Tweaking.com Support & Help / Re: Trouble Installing Update (WRT)
« on: October 13, 2015, 12:56:31 pm »
Agreed to keeping everything in one thread. I'll mentally lock this thread.

I had the same thoughts about junction points causing the looping but I saw no mention of junctions in the pre-scan.  I'll be running a second full scan in about an hour and I'll post the results in the 'other' thread.

5
Tweaking.com Support & Help / Trouble Installing Update (WRT)
« on: October 12, 2015, 03:08:54 pm »
I've downloaded the newly posted update today and attempted to install it.  Except for a brief cursor change to show a short spurt of activity, nothing happened. I've done a search for any files with the word 'tweaking' and found no new files added today except for the tweaking.com_windows_repair_aio_setup.exe file.

I'm not sure how to proceed.

---- edit 01 ----

I downloaded the portable version, unzipped and ran the full sequence in safe mode.  Rebooted and much the same errors appeared (User Profile Service not available and still no sound system).  While the repairs were running I noticed some strange errors because of extra extra extra long file paths, so I want to have a look at the log files to see if I can see what was happening.  More later tonight.

---- edit 02 ----

I've scoured the log files and couldn't find any mention of the error I was seeing during processing. The file location I saw briefly onscreen had Appdata and Roaming repeated multiple times.  I wish I could remember what repair section was running at the time.  I'll pay closer attention during the second pass.

6
General Computer Support / Re: Stuck in Safe Mode
« on: October 10, 2015, 07:29:00 pm »
Hi, Rave rocks.
                           Which command restored to you to normal?
                                       If that is given, then the other users would look in to .
                                             were your problems solved. if so, kindly , select modify in your opening thread and add "Solved"  to the left of the query. were the commands used in running the windows or from cd?.

I used msconfig.exe; under the Boot tab, I removed the checkmark from 'Safe Boot' .  On the General Tab, I usually would choose 'Normal Setup' unless I'm in fix mode.

7
Someone has 121 missing cats AND a corrupt mum ? Think of the cat food you're not having to buy.

8
General Computer Support / Re: Stuck in Safe Mode
« on: October 10, 2015, 06:53:51 pm »
Thank you for the 'killsafemode' command line instructions.

During my 'The Truth About Vista' month, I've filled a notebook of scribbling oldschool handwritten clues, commands, registry locations, log names, good web sites, bad web sites, etc. and I've learned more than my semi-retired brain wanted to let into long term memory.  It seems that writing something down on paper, especially if you're stressed or on edge, helps the brain analyze the data and store more of it in long term memory.  Reading it from paper or screen gets it into short term memory, but writing it down sends the brain's storage system a ping that what's happening is possibly important.  Trouble is I have a pop & rock trivia memory bank that covers the late 50's to the late 80's because of my 8 years in radio and 8 years as a disco nightclub dj/entertainer, followed by a 20+ years of business app design and development at the time of Lotus 123, Clipper, FoxPro and Visual Foxpro, SQL, all that in my long term memory bank.  Plus all the mental baggage you pick up using operating systems, browsers, Chat apps.  I've often wondered how much storage space we have up there.  We must have a built in memory disposal system, but it's amazing how a little refresher reading will bring a whole bunch of forgotten knowledge to the foreground.

And I saw a FIRST for me yesterday.  After one reboot from safe mode (640x480), the screen returned to the normal settings (1650 x 1050) but with the safe-mode indicators at the top and bottom of the screen.  And in  that mode, I had full keyboard access.  I mention that because when in normal safe mode (640x480), the keyboard is non-responsive.  The Num-Lock, Caps-Lock, Scroll-Lock lights respond to the keyboard, but all character keys do not get sent to Windows.  And that means no password entries and you can't respond to 'Press Any Key' to continue.

(Yes I do ramble)

9
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 10, 2015, 06:06:44 am »
A sidenote to uninstalling a DVD burner within a gimped Windows Vista system (at least in MY gimped Windows Vista system).  Nero 9 (it came with the burner) stopped working after a recent reboot, coming up with an "Invalid Parameter" error when attempting to burn any DVD.  My burner is 'Lightscribe' compatible and when the background system automatically reinstalled the drivers for the burner after the aforementioned reboot, the subsystem missed linking in the appropriate Lightscribe plug-in for Nero.  The fix was to re-install Nero.  I did not have to uninstall Nero as Nero's install program recognized the re-install as a repair and quickly offered the plug-n and no more "Invalid Parameter" error message from Nero.  (This did not fix the 1012 error from the Recovery disks.)

10
Yes, I've done both the chkdsk and Memcheck as suggested in the other thread.

For the sake of everyone's sanity, perhaps we should only update information in the two threads in the Computer Help Forum and let this one fall all the way down the thread list. 

11
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 09, 2015, 11:29:18 am »
The first link I'd already seen and yelled (typed very hard on the keyboard) at HP for screen shots and menu choices that were not applicable to Windows Vista.  I had to find a third party tool to find out the burner's current firmware version.  The results showed only HH which is also the first two characters of the supposed available upgrade which I cannot find. (I did find a post that the firmware had to be updated so the burner would work properly with Windows 8.)  The burn4free link gets an instant red flag from my security software and when I over-rode the warnings and went further into the links at the site to try to start the offered firmware update, more intense red flags appeared so it does look like burn4free is another scam to be avoided.  Too bad.

And since the other link you provided has a long standing cuss word embedded (XP), I left that until last.  Vista is the newest addition to my cuss list and I've been using it often and loud.  I live a mile or two from the US-Canada border and I'm sure some of the more colorful shouts from my roof-top balcony have been heard in Redmond Washington.  It's no wonder so many Americans need stress and ED pills.  It's all the fault of Bill Gates.

12
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 09, 2015, 04:59:22 am »
My DVD burner is an external model HP Dvd-Writer 1270e.  I've got boot order set to Floppy, DVD, Hard=drive. 

13
Here is the results of the chkdsk I performed last evening:

====NOTE: reformatted to make it easier to read====

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.                         
255808 file records processed.
562 large file records processed.
0 bad file records processed.
0 EA records processed.
159 reparse records processed.
311072 index entries processed.
0 unindexed files processed.
255808 security descriptors processed.
Cleaning up 14028 unused index entries from index $SII of file 0x9.
Cleaning up 14028 unused index entries from index $SDH of file 0x9.
Cleaning up 14028 unused security descriptors.
CHKDSK is compacting the security descriptor stream...
27633 data files processed.
CHKDSK is verifying Usn Journal...
34406680 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
255792 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
1454787 free clusters processed.
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

51199968 KB total disk space.
44912816 KB in 197102 files.
110292 KB in 27636 indexes.
0 KB in bad sectors.
357712 KB in use by the system.
65536 KB occupied by the log file.
5819148 KB available on disk.

4096 bytes in each allocation unit.
12799992 total allocation units on disk.
1454787 allocation units available on disk.

Internal Info:
40 e7 03 00 ec 6d 03 00 32 1e 06 00 00 00 00 00  @....m..2.......
32 02 00 00 9f 00 00 00 00 00 00 00 00 00 00 00  2...............
42 00 00 00 12 72 1c 77 f8 81 0d 00 f8 79 0d 00  B....r.w.....y..

I'll post the results of my memory test in a bit.

=== edit 01 ===

I ran both the standard and extended memory tests (2 passes each) and no errors were found.  As soon as I send this, I'm going to reboot and let the extended memory tests run overnight while my body sleeps and my brain resets. 

By the way, in my search for answers, I found another download from HP that looked like it could solve my F11 Recovery functionality, but it didn't perhaps because it was written for an HP laptop running a different version of Windows.  The cmd file didn't complain about any of that when run.  I'm attaching the cmd file and log file it created when I ran it a few times.   Other files in the package: HPRMF.dll, winre32.wim, winre664.wim and SP48415.cva. 

14

In this case this is one long thread lol so I didnt read all of it. So how are things so far?

Shane

Sorry about the length of the thread.  But thank you for this web site and your utility.  In a sea of scams, it was a blessing to find you and your band of merry troops.  While your utility didn't fix my PC, it did provide me with a road map  and an opportunity to learn.  So as much as it's been [blank] frustrating most of the time, this project of resurrecting my PC brought me back into the 'headspace' of application design and coding which I was lucky enough to do for a living for 20 years.  The sooner I can get out of this 'headspace', the better.  :thinking:

The short version: After trying to install your utility and failing, I tried installing the stand-alone which failed with the 'Invalid Picture' error.  A week later, I came across the installation of your application in c:\temp and ran it, twice, as suggested.   During the early stages of the resurrection process, I've installed malwarebytes, hijackthis, and Process Explorer, all of which have pumped out helpful reports. 

PC HP Pavillion model m8000n  Windows Vista Home Premium 32bit SP2

There is a restore partition but the F11 Recover utility doesn't recognize it.  I have the factory System Recovery disks but they come up with a 1012 error.  An Enhanced Back Up and Recovery utility (SP39296) also doesn't recognize the restore partition and ends with another error that accuses me of interrupting the creation of the recovery partition.  A side trip on the recovery drive led me to a few dozen hidden cmd files that look like the backbone to the recovery process.  I have yet to go down that path, but I think it was a good discovery nevertheless.

Now the current state of my pc.  The error I see upon login is that a Windows Service (User Profile) failed to start.

The majority of errors are 1083.  Here's a list from the admin view of a recent reboot.

--------------------------------------

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1083" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The Multimedia Class Scheduler service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Themes service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The System Event Notification Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Extensible Authentication Protocol service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The Microsoft iSCSI Initiator Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Task Scheduler service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Server service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Computer Browser service depends on the Server service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

The Application Experience service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The LoadUserProfile call failed with the following error:
The RPC server is unavailable.

The Secondary Logon service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The IP Helper service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Media Center Extender Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

DCOM got error "1083" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

The Background Intelligent Transfer Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Remote Access Connection Manager service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

==note== the above error then repeats a few dozen times followed by

DCOM got error "1083" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

---------------------------------------------------

It's good to have you back and I'm sure hoping someone who lives in this world of Windows internals can help me make sense of this mucky mess.  It wouldn't be so bad if my audio was working.  Here's a sample of my work up on you-tube.  https://youtu.be/1yd4NQq2FXQ  Eurythmics - Love is a Stranger (not available in Germany).

15
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 08, 2015, 08:36:13 pm »
I checked out that registry key and there was no upper and lower filter entries as the article suggested.  And if there is a firmware update for my DVD Burner, HP is doing a damn good job of hiding it.

16
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 08, 2015, 01:02:20 pm »
The internal DVD drive became unusable a couple of years ago and I removed it from the PC. 

I will try the uninstall of the external drive and see if that works. 

In a message yesterday on the HP support site, I found out that HP has absolutely no support people monitoring or responding to problems.  The only people who do respond are volunteers.  That's a bit short sighted, in my opinion.  That means FOR SURE no more HP products will ever get purchased again for any of my systems.

17
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 06, 2015, 05:02:32 pm »

You can't use a 64 bit ISO on a 32 bit system or vice - versa so you'll need to download the 32 bit ISO for your system.


There is no download available for the 32 bit system ISO's.  HP has two options: either buy the disk set or download an upgrade module that updates the installed recovery system on drive D:.  I've tried option number 2 and it doesn't detect the recovery files already installed there and the application has the nerve to accuse me of interrupting the creation of a recovery partition.  Pretty lame programming if you ask me.

This may be repeat information, but I already have original System Recovery disks (HP5013-8477 & HP5013-8478) which result in a 1012 Error.  HP support says to update the DVD writer firmware to get rid of that error, except there is no update that I can find.

I'm not sure who is responsible for the ads that appear on your site, but I'm looking at one now for www.driverupdate.net which is reported to be another one of those scam sites. 

=== edit01 ===

I just saw that same ad while at another site.  In this ongoing ordeal, I have learned to look for site reviews before allowing any site to have access to my machine.  Scammers are numerous.

18
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 06, 2015, 02:09:43 am »
The set of ISO's I downloaded were for HP Vista Home Premium 64 bit with the description on the website suggesting that the disks probably would work for 32 bit installations as well. 

And my DVD burner is an external model HP Dvd-Writer 1270e.  Windows Vista doesn't have screens that display the firmware of the burner.

19
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 05, 2015, 09:36:49 pm »
Ok, the latest twist.  Ready? I get a link from HP Support to buy a disk set for my exact model - - price tag $27.00, which is not the problem.  The only payment methods are an HP gift card number or PayPal.  Not just any gift card, but one I have to buy from I don't know who or use PayPal.  For me to send via PayPal will require me to open a US$fund account at my bank and then open a PayPal account and link them to my new bank account.

Another HP twisted tale to add.  I do have the original Repair disks for this machine, but every time I attempt to use them, I get a 1012 error, to which I am told to update the firmware for my DVD burner, which happens to be another HP product.  HP's website details how to find out the current firmware version, but their screen shots and menu choices are for Windows 7 and don't work on Vista.  I go search online and find the test program to find out my current firmware version, etc. and then search the HP site for firmware updates and get a 'nothing found' error.

I'm sure I'll never get another HP product after this ordeal and I'm very amazed they can't provide a download solution for a 9 year old operating system.

Speaking of Microsoft, I tried to join their tech forum only to get a form to fill out, listing the last three people I sent emails to and the last three people I spoke to on the telephone.  I was too amazed to respond.

20
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 05, 2015, 03:46:14 pm »
Monday afternoon blues have set in.  I downloaded the HP Vista Install Disks as suggested, burned them and when run I get the message: "This PC is not supported by the System Recover Discs.  You will not be able to continue to recover this system with these discs."  Minor setback.  Also, I can't get out of Safe Mode.  It seems the registry that regedit is having me view and edit is NOT the registry that the system is using.

Side comment.  The expression "L00py" when applied to the human brain, describes the mental state we often get into when tackling a problem or bad memory, a sad loss or other PTSD like experience.  It's the inability to stop thinking about something.  It's the loop-tape repetitive thought that just won't go away.  Computer programmers often get into that state of mind.  It's one of the reasons I forced myself to quit the profession.  The past few weeks have been that kind of L00py experience for my brain. (It's funny my spell-checker isn't catching the spelling of loopy with the embedded zeros, hehe.) And I'm waiting to get out of this conundrum so I can get back to the relaxed brain of a semi-retired person. 

When I quit my career as a coder, I tried to clear my long-term memory of all the rules I had embedded there.  I'm here to report that the knowledge is still there after 15 years of trying to forget.  I guess we should be thankful there is no regedit for the brain.

21
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 04, 2015, 03:24:52 am »
Yes I did run the entire batch of repairs from beginning to end - - twice.  I've run sfc /scannow at least daily and it comes up clean.  I ran chkdsk tonight as well and it also had no errors.  I am less than a half inch away from a Factory Reset.  I am less than 6 inches away from throwing the entire computer off the balcony.  I bought a 1 TB external hard drive less than two weeks before all hell broke loose and 99% of my important data has been off the main hard drive for the past 20 days.  I've prepared all the install files for my key applications and I no longer fear the inevitable.  I guess I was hoping for a miracle and instead I'll have to settle for a tootsie roll.

22
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 03, 2015, 09:30:54 pm »
Today's search has brought me to the following information about the registry object I'm wanting to rebuild.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:01088622
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000

lists the data structure that I need to implement.  I've tried to use regedit to add the data fields but I'm getting an "Error writing to the Registry".  Suggestions please.

====edit01====

I got past the Permissions barrier and was able to make the additions to the entry and guess what, it didn't make a tinker's cuss of difference.  What I'm wondering if Windows innards ask for and replace data by name or number.  If by number, I may be screwed.  I entered them in the order displayed in my message above, however regedit is now displaying them in alphabetical order.  Did I mess something up ?


23
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 03, 2015, 05:54:00 am »
I found this in the hklm.txt file that gets installed with Windows Repair.  Except for the GUID, it's all solid insoluble goop to me, but methinks one of your utilities might make some sense of it.

"machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAIAR(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)"t
That's in the hklm text file it looks like something manageacl uses to set registry permissions.

24
General Computer Support / Re: Reg File for corrupt (empty) Registry Key
« on: October 03, 2015, 03:27:39 am »
Thank you for the offer, but I have a couple of friends with computers and I'm going to bring a USB stick with me when I visit them this weekend.  Hopefully by Sunday I'll have the fix I need.   Perhaps some kind soul still running Vista SP2 32bit can take a couple of minutes to export the key to a reg file for me.

Again, thank you very much for the offer, but I'd hate to put you to that level of trouble over what amounts to less than 1K worth of data.

25
General Computer Support / Reg File for corrupt (empty) Registry Key
« on: October 02, 2015, 09:21:06 pm »
I think I found what ails my PC.  I found a blank entry in Winlogon\GPExtensions list.  And from the online research the entry that's blank has the GUID that should run the Administrative Templates that start the user services and group policies via userenv.dll

I'm running Windows Vista Home Premium 32bit.    Could someone running the same version please extract the contents of that key for me and post the results so that I can populate the key?

The GUID I'm needing is:  35378EAC-683F-11D2-A89A-00C04FBBCFA2    (that's the only blank one)

The full location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\

By the way, I've checked a couple of old backup's made by JRT back in April and May of this year and the value of that key was blank way back then.  I remember I needed to get jiggy with some nasty malware around that time.  Life's lessons are tedious at best.

=====edit01======
I've been searching for an online reg file solution the past few hours and the thought occurred that others are having similar errors and that this is more than likely caused by malware of some sort.  In almost every case that I've come across, services in the GPExtensions stack have not been deleted but more often all of the subfolders/attributes have been deleted. 

I'm not sure if the Windows Repair tool checks this 'Run Once at StartUp' command list for blanked out or invalid entries because this is a clever way of killing a bunch of security services while leaving other services running that the malware needs.  It's actually quite silly that Windows has no built in fall-back procedure if one of it's key systems isn't where it's supposed to be. A cascade of errors can be caused by one blanked out registry entry.  In the old DOS world, if you wanted to mess with the operating system at the level we're talking about, you'd have to mess with assembler or compiled code.  Gates has given us a system full of back doors and loop holes.  By exposing the registry, Windows makes all of us vulnerable to having our high-speed internet connections used by nefarious nerds of various ages.  Now I ask you, how much code would it take to ensure such key systems are running and available? 

While I'm asking questions that I don't expect answers to, I was looking at the logs and noticed one system (MCIupdate) that was running twice a minute, with the obligatory log entry each time.  The spooler service is sending one error a second to a log file.  It's pointing at a registry address that does not exist.  I found the only existence of that particular location in an xml file.  I renamed it to *.old, only to have it appear again a few seconds later.  Now that's good management of resources.  It's absolutely no wonder that svchost is eating up such a huge volume of cpu clicks.  With the help of Process Explorer, I've had more of a look at the innards of Windows Vista than I really wanted, but the closer I look, the quicker I want to dump it.

Pages: [1] 2