Author Topic: [SOLVED]Vista Help Pls - Bad Install (and then some!)  (Read 31522 times)

0 Members and 1 Guest are viewing this topic.

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
[SOLVED]Vista Help Pls - Bad Install (and then some!)
« on: September 26, 2015, 06:30:55 pm »
I posted a new thread in Tweaking.comSoftware forum a few days ago with details of a UserProfile service problem.  When trying to run the latest Portable Windows Repair Tool, an "Invalid Picture" error resulted.  The latest main Repair tool also failed to install, with a blink. 

Today, I found some new clues that might help diagnose what the (blank) is going on and what changes should I attempt to rectify the situation. Any assistance would be appreciated.

While looking for something else, I came across two weird folder names  that I don't think should be there.  And in the folder, was a file (see below) containing xml data and a reference to <EXE NAME="Repair_Windows.exe". 

c:\windows\System32\%USERPROFILE%\Appdata\Local\Temp\{7e27814d-610e-4719-b04a-2d66121cfcc9}\appcompat.txt

In the c:\windows\System32\%USERPROFILE%\Appdata\Local\Temp\ folder, there are three other similar sub-folders with identical contents. That would probably be once for each of the four attempts at installing the non-Portable version. 

================

Here is a list of errors and warnings (From the Admin-view Event Log) that I'm getting at each PC startup or reboot:

The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

SL Token Store 'Initialize' failed with error hr=0x80070005.
Info: C:\Users\Default\AppData\Roaming\Microsoft\SoftwareLicensing\

The Software Licensing service failed to start. hr=0x80070005, [2, 7]

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

More details in the other thread. http://www.tweaking.com/forums/index.php/topic,3672.0.html After a week of searching the web for clues and suggestions, I'm still looking for a solution. If the restore disks/application would work, I would have gone that route three days ago.  Hooped in Vancouver. has been my new middle name this past week and I'm starting to hate the 'me' that's evolved.
« Last Edit: October 16, 2015, 04:55:56 pm by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #1 on: September 27, 2015, 03:56:15 am »
These commands are usually for when you get the install not genuine message but let's see if recreating the Licensing Store will do anything for one of the errors you are getting and then run a sfc /scannow to see what that reports.

Run a cmd prompt as an admin by going Start - type cmd then right click on cmd and select Run as administrator - accept the UAC then enter these cmds

net stop sppsvc
(wait until the service has stopped before entering the following lines)

CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

REN tokens.dat tokens.bar

net start sppsvc

slui.exe

After a couple of seconds the Windows Activation dialog will appear.

You may be asked to re-activate and/or re-enter your product key, or Activation may occur automatically.

If you are asked for your Key, use the one on the COA sticker on the machine's case

Reboot.

Run the cmd prompt again as an admin and enter sfc /scannow to see what that reports.

If it reports that it is unable to repair some files then enter -

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt

This will put an icon onto the Desktop which will open the CBS log in Notepad which you can then copy & paste into the reply box.

If it does report it is unable to repair some files then it would be prudent to also run a chkdsk /r from the elevated cmd prompt.

Not sure if you know where to read its full report, but you can view it in Event Viewer by going Start - type eventvwr and press enter.

When it has read the logs, expand Windows Logs then click on Application/Action/Find then type chkdsk or wininit into the Find box and press enter.

Cancel the Find box then read the report in the scrollable window and make a note if it is reporting any KBs in bad sectors.
« Last Edit: September 27, 2015, 03:59:24 am by Boggin »

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #2 on: September 28, 2015, 05:50:11 am »

Run a cmd prompt as an admin by going Start - type cmd then right click on cmd and select Run as administrator - accept the UAC then enter these cmds

net stop sppsvc
(wait until the service has stopped before entering the following lines)
//////// The specified service does not exist as an installed service   <----------Got this error message

Quote
CD %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform

I didn't find SoftwareProtectionPlatform folder, but did find SoftwareLicensing folder which contained the tokens.dat file.  HOWEVER when I tried to rename the file in that folder,

Quote
REN tokens.dat tokens.bar

//////// The process cannot access the file because it is being used by another process.  <-------------Got this error message

That's as far as I got.  I took the hint that you probably know exactly what you are talking about so I created a SoftwareProtectionPlatform folder and copied the tokens.dat file into it and rebooted.  I'll add details of what happened next after the reboot.

After the reboot, I was able to rename the tokens.dat file in the new folder I created. 

Quote
net start sppsvc

//////// The service name is invalid.   <----------Got this error message

I did try to rename the tokens.dat file in the SoftwareLicensing folder but got 'The process cannot access the file because it is being used by another process' error again.  I could not find any reference to either 'SoftwareLicensing' or 'SoftwareProtectionPlatform' in the registry as part of a location address.  ( I remember creating the 'SoftwareLicensing' folder in a couple of User folders when I was getting specific errors that suggested some app or service was looking for the directory to exist, but I do not remember creating a folder in the c:\windows\serviceprofiles folder.  But then again, who knows, as I do believe the medications we programmers and nerds use in Canada are at least 20% stronger than the ones used elsewhere. 

When going through the list of services yesterday, I found one by the name of stllssvr  (it was listed in all lowercase) but it was disabled. 
« Last Edit: September 28, 2015, 06:41:12 am by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #3 on: September 28, 2015, 08:47:23 am »
Those cmds worked for a Win 7 user when they were getting the not genuine message, but the files could be named differently in Vista.

Which version of Vista are you using ?

The net stop and start of sppsvc cmds worked for me in Win 7 and is listed in services.msc as SPP Notifications Service and is default set to Manual.

If that is missing then perhaps a sfc /scannow would replace it.

You may find this article of interest for the tokens.dat file and it has a Fixit to rename it.

https://support.microsoft.com/en-us/kb/978305

What do you get when you go Start - type activate windows and press enter ?

This is what I found for that stllssvr http://www.file.net/process/stllssvr.exe.html
« Last Edit: September 28, 2015, 09:17:02 am by Boggin »

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #4 on: September 28, 2015, 11:30:18 pm »
Thank you for the reply AND for the continued suggestions. 

During my all-nite vigil to get to the 'bottom' of this, I happened to look at the Environment for the systems and applications that were running after a reboot or cold system start.  Many of them have an invalid user name.  My PC's name is Larry-PC and my user name is (who-hoo) Larry.  The system at some time or other during this ordeal, has created a new c:\users\Larry-PC$ folder which is missing many of the needed folders and data sub-folders for programs that need them to run.  The environment (when I check with the SET command in a CMD box), shows the User name to be Larry, but the environment for many of the running apps and services shows a User name of Larry-PC$.   

In the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList contains six entries and none of them contain a user name of Larry-PC$.   The profileimagepath  entries match what I've found to be default (correct) entries, except at the time the environment is set up at system-start, the wrong user name is active.  It looks like a service is unable to pass on the desired settings to a crucial service that crashes when it can't find it's set up files and starts the whole chain of service malfunctions. 

The current definition of TEMP is TEMP=C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp as shown by the SET command even though I've defined it (hard coded in the Top box where you set System Properties Environment Variables) as c:\Users\Larry\Appdata\Local\Temp and in the bottom System Variables box it shows up as c:\Windows\Temp.   

For some of the running services and apps, the TEMP and TMP variables show up as c:\Windows\Servic~2\LocalS~1\AppData\Local\Temp. and the Username is "LOCAL SERVICE". 

The following gleaned from Process Explorer:

NVTRAY.EXE shows a Username of Larry, a Userprofile listed as C:\Users\Default and TEMP as C:\Windows\Temp. 
Mbamservice.exe shows a Username of LARRY-PC$ and a UserProfile of C:\USERS\LARRY.
DWM.EXE (Desktop Windows Manager) has a Username of Larry  and a UserProfile c:\Users\Default.
XAudio.exe shows a Username of Larry-PC$, Userprofile is c:\users\Larry-PC$, TEMP is c:\windows\temp, LocalAppData is c:\users\Larry-PC$\Appdata\Local and Appdata is c:\windows\temp, LocalAppData is c:\users\Karrt-PC$\Appdata\Roaming.

The more I dig, the more it looks like I've got some corrupted NTUSER.DAT files and that's the topic I'm researching before taking any further steps.  Based on one article I found online, I ended up copying tokens.dat from one SoftwareLicense folder to another and now Windows Vista is telling me that "This copy of Windows is not genuine.".  Guess again, oh great rich white father who drives us crazy with his operating systems that test our patience and drive us fruit-bat bonkers.  I'm hoping the 'genuine' incidence will be easier to fix once the rest of the jumbled corruption is taken care of.  I have hopes that soon, very soon, I'll be getting a substantial settlement from the Canadian tax man and that a new PC will be replacing my current 12 year old HP Pavilliion.   In the meantime, I am regularly making the plants and dust bunnies nervous with my outbursts of anguish.
« Last Edit: September 28, 2015, 11:38:51 pm by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #5 on: September 29, 2015, 12:48:43 am »
You could use that Fixit to rename the tokens.dat to see if that resolves the not genuine.

Have you done an antimalware scan with something like the free version of MBAM - as something has changed the username.

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #6 on: September 29, 2015, 05:22:12 am »
As you'll see from the stuff I'm posting today, MBam is currently installed.  There currently is no malware detected.  Currently. 

I've just finished a review of the currently running apps and services on my PC from the perspective of their perceived 'Environments'.  One of the most useful tools is Process Explorer.  If you are not using it now, you should be.  One of the most useful debugging tools I've come across in a long time. 

Apologies for the long post, but I thought I should document my woes.  If nothing else, it has taught me lessons I didn't want to learn.  If nothing else, this exercise has shown how easy it is to screw up the registry and to keep the HELL away from it at all costs.  It is nice to have picked up some useful knowledge along the way.  I hope the following assists someone else and perhaps will turn on some light bulbs and more hints as to what to do next.  Lots of data to sift through, I know.  If you take the plunge, thank you for your future insights. 

----------------------------------------------------------------

Here is a list of my defined system variables that the Explorer.exe beast passes on to applications that the user chooses to
start.  The variables that point to data locations provide these applications with places to dump temp data and also a place
for them to store ini and set up data to be retrieved whenever the app or service is called upon.  Watch for the USERDOMAIN
variable that points to classes of tasks and appropriate locations for these classes. 

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\USERS\LARRY\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LARRY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEPATH=c:\Users\LARRY
LOCALAPPDATA=C:\USERS\LARRY\AppData\LOCAL
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramData=C:\PROGRAMDATA
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=c:\USERS\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
TMP=C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
USERNAME=LARRY
USERPROFILE=C:\USERS\LARRY
windir=C:\Windows

==================================

Using Process Explorer, this is a look at the Environments of the Outer Shell of Windows Vista.

System Process
  said it had 4 Properties, but did not display them and errored when I tried to have Process Explorer move to other tabs.

Interrupts Process
  shows a blank window

smss Process

Path C:\Windows\System32
SystemDrive  C:
SystemRoot   C:\Windows

csrss.exe Process

ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
Path   C:\Windows\System32
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND   Pavilion
PLATFORM   HPD
PROCESSOR_ARCHITECTURE   x86
PROCESSOR_IDENTIFIER   x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL   15
PROCESSOR_REVISION   4302
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERNAME   LARRY
windir   C:\Windows

winlogon.exe

SystemDrive   C:
SystemRoot   C:\Windows
TEMP           C:\Windows\TEMP
TMP           C:\Windows\TEMP
USERNAME   LARRY
USERPROFILE   C:\Windows\system32\config\systemprofile

wininit

USERNAME Larry
USERPROFILE C:\Windows\system32\config\systemprofile
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
Path   C:\Windows\System32
ALLUSERSPROFILE   C:\ProgramData

services.exe

ALLUSERSPROFILE   C:\ProgramData
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
Path   C:\Windows\System32
ProgramData   C:\ProgramData
ProgramFiles   C:\Program Files
PUBLIC   C:\Users\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERNAME   LARRY
USERPROFILE   C:\Windows\system32\config\systemprofile
windir   C:\Windows

==========================================

That is the outer shell of Windows Vista, otherwise known as Gates's Folly Number 3.
A setting somewhere is hi-jacking TEMP and TMP Public variables that are being set and 'hard coded' by the user. Also, the
USERPROFILE SYSTEM variable is being set by a call to Systemprofile.  That's all well and good, just as long as it returns the
proper value to whatever process is asking for it. Jumping into another Window's level, here's a look at the Programs running
in Explorer.EXE

Explorer.Exe

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\USERS\LARRY\AppData\Roaming
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
HOMEPATH   c:\Users\LARRY
LOCALAPPDATA   C:\USERS\LARRY\AppData\LOCAL
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
PUBLIC   c:\USERS\Public
SESSIONNAME   Console
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   c:\Users\Larry\AppData\Local\Temp
TMP   c:\Users\Larry\AppData\Local\Temp
USERNAME   LARRY
USERPROFILE   C:\USERS\LARRY
windir   C:\Windows


HP Connections.exe

(same as Explorer.EXE, but adds)
bwrootdatapath   C:\Program Files\HP Connections\6811507\Users\Default\


firefox.exe

(same as Explorer.EXE, but adds)
MOZ_CRASHREPORTER_DATA_DIRECTORY   C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_EVENTS_DIRECTORY   C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\nsb978da.LrB\crashes\events
MOZ_CRASHREPORTER_RESTART_ARG_0   C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE   C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini


hpwuSchu2.exe
msseces.exe
hpsysdrv.exe
issch.exe
jusched.exe
ehtray.exe
CCleaner.exe
hpfohmr08.exe
hpotdd01.exe
notepad.exe
procexp.exe
kbd.exe


And not too surprisingly, the above EXE files, running 'inside' Explorer, all had identical Environments as Explorer.Exe

MSASCui.exe
This EXE runs piggy-back on Explorer and inherits it's Environment from Explorer.EXE as well and adds a few of it's own.

MpConfig_ProductAppDataPath   C:\ProgramData\Microsoft\Windows Defender
MpConfig_ProductCodeName   AntiSpyware
MpConfig_ProductPath   C:\Program Files\Windows Defender
MpConfig_ProductUserAppDataPath   C:\USERS\LARRY\AppData\Local\Microsoft\Windows Defender
MpConfig_ReportingGUID   0CA2C2EE-C5BE-4E71-8B03-B4603DF77DAB
mydocuments   C:\USERS\LARRY\Desktop


deluged.exe

Weirdly, this Torrent client has the same 4 environment variables addeded by Firefox, but otherwise it's environment
is identical to Explorer.exe. (worth exploring and testing the order of loading after a reboot.)

MOZ_CRASHREPORTER_DATA_DIRECTORY   C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_EVENTS_DIRECTORY   C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\nsb978da.LrB\crashes\events
MOZ_CRASHREPORTER_RESTART_ARG_0   C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE   C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini

And this explains why I'm able to call most executables and use computer functions like file copying, DVD burning, USB
support, Internet, etc. because Explorer is providing a safe work space.  It's when one of these applications uses system
calls that refer to another 'level' of Windows Vista, the Services.

=============================================================

Now the fun begins.  Services are really messed up on my HP Pavillion and some of them for quite some time so please do not
use the following as a guideline, because the memory variables at each level seems to be conflicting and that has to be
pointing to settings in an external ini or dat file which are scattered everywhere you look, at least you'll find them if you
turn 'Hidden and System' files ON in your Searches.  I'm hoping that by unravelling a bit of the mystery in words  and print,
I might come up a way out of my conumdrum as my 'NEW' PC may be months away, unless some rich benefactor feels compassion and raises above the ordinary and becomes a Prince or Princess in my life.   For the purposes of this document, I'm going to group them in much the way Explorer has set up an environment for applications to Inherit.  Danger Will Robinson.  Danger!  He who programs system calls outside it's Windows Vista 'layer'  Just a reminder that Services.exe is responsible for this layer of Windows Vista and that it inherits from Wininit.exe and from the outer shell. The main discrepancies that differ from the environment that Explorer.EXE provides include the following memory variables

TEMP  C:\Windows\TEMP
TMP  C:\Windows\TEMP
USERNAME  LARRY
USERPROFILE C:\Windows\system32\config\systemprofile

Get ready. It's going to be a BUMPY night.

svchost.exe [0 instance] - - where it all starts

Just a few words of scorn about this service that has heard every swear word directed at it in every language around the world
ever since some programmer decided this was the name that everyone would curse as long as a PC exists that still runs
XP,Vista,7,8,etc.  It's been called every male and female body part, some of them out of my mouth I'll admit. And it's not
surprising when you lift the hood into this world (at least on my HOOPED HP Pavillion 12 year old PC, sob sob)

svchost.exe [1 instance]

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
PATH   C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND   Pavilion
PLATFORM   HPD
PROCESSOR_ARCHITECTURE   x86
PROCESSOR_IDENTIFIER   x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL   15
PROCESSOR_REVISION   4302
ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
PUBLIC   c:\USERS\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$
windir   C:\Windows

At least this instance has same identifiers as the outer shell, such as the values for TMP, TMP, windir, OS, comspec, path,
systemDrive, etc. Where it differs in the USERNAME value that ends up creating (or requiring) access to files that need to
exist in different locations than if an application from within the Explorer.Exe layer would look and expect existence and
values.

This is the first instance of SvcHost.exe that we've opened and it calls ehmas.exe which surprisingly has the following
environment:

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\USERS\LARRY\AppData\Roaming
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
HOMEPATH   c:\Users\LARRY
LOCALAPPDATA   C:\USERS\LARRY\AppData\LOCAL
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND   Pavilion
PLATFORM   HPD
PROCESSOR_ARCHITECTURE   x86
PROCESSOR_IDENTIFIER   x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL   15
PROCESSOR_REVISION   4302
ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
PUBLIC   c:\USERS\Public
SESSIONNAME   Console
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   c:\Users\Larry\AppData\Local\Temp
TMP   c:\Users\Larry\AppData\Local\Temp
USERNAME   LARRY
USERPROFILE   C:\USERS\LARRY
windir   C:\Windows

This is a portion of the Media Center Media Status Application that is called into action by Explorer.EXE as required by the
User.  On my machine, it hasn't been called ever since I stopped using the old-style non-HD Video tuner. It might be handy
some day and I turned it on to show the interaction of the multiple layers.

The question: What would happen if this app would call other apps in other layers that have different values for key data
locations and file names and in conversing with the program entity in another layer, is only sent over the Token name and not
the Token value.  ie: sending over '%USERNAME%' rather than the current content of that variable.

svchost.exe [2 instance]

nvvsvc.exe
The next user environment is for an application service that is called directly by services.exe without the need of a 'host'
framework or extra layer.  It's working environment is identical to Services.EXE but it is running so the EXE it calls can
exist in both layers. Each layer has different values for USERNAME, TMP and TEMP

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
PUBLIC   c:\USERS\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$
windir   C:\Windows

nvxdsync.exe is the Nvidia User Experience Driver Component and is run directly by Services and therefore inherits that
environment. This exe calls another nVidia process nvTray which has different values for USERPROFILE and USERNAME which means different locations for data and files that are referenced by layer specific values.  Imagine if an application used one
service to find a location to write information to and then uses another Service applicaion that has other locations in mind
when those same referenced names are used. 

USERNAME      Larry
USERPROFILE   C:\Users\Default

And if the internal application would run a process and create a file, the outer process may not be able to find it if each
layer used it's own Inherited naming convention.


svchost.exe [3 instance] and is described as a Host service for Windows Services with references to a Network
Environment, different than either of the other two uses of SvcHost.exe so far.  I've removed the repeated variables that were
inherited from the outer layers of Windows Vista,  The values for TEMP and TMP are interesting and do not appear anywhere in
the registry.

APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local
ProgramData   C:\ProgramData
ProgramFiles   C:\Program Files
PUBLIC   C:\Users\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService


MsMpEng.Exe is another service called directly by Services.EXE.  It resembles the Environment that Services.Exe
provided the first three instances of SvcHost.exe and other directly called apps.

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
commonfiles   C:\Program Files\Common Files
CommonProgramFiles   C:\Program Files\Common Files
COMPUTERNAME   LARRY-PC
ComSpec   C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK   NO
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
NUMBER_OF_PROCESSORS   2
OnlineServices   Online Services
OS   Windows_NT
PATH   C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
progfiles   C:\Program Files
ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
PUBLIC   c:\USERS\Public
systemdir   C:\Windows\system32
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$
windir   C:\Windows

svchost.exe [4 instance] is another instance of this wonderful entity.  This time, however, the USERNAME and
USERPROFILE locations point to different folders.  And if you've noticed, the USERDOMAIN is same as . I've removed variables
from the outer shells such as comspec, COMPUTERNAME, etc.

APPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Local
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
ProgramData   C:\ProgramData
ProgramFiles   C:\Program Files
PUBLIC   C:\Users\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
USERDOMAIN   NT AUTHORITY
USERNAME   LOCAL SERVICE
USERPROFILE   C:\Windows\ServiceProfiles\LocalService
windir   C:\Windows

svchost.exe [5 instance] calls the Desktop Window Manager (DRM.EXE)

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
PATH   C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
ProgramData   C:\PROGRAMDATA
ProgramFiles   C:\Program Files
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$

DRM.EXE

USERNAME   LARRY
USERPROFILE   C:\Users\Default

Note that the USERNAME and USERPROFILE names will point int 'opposite' directions if any use of these token names are
referenced by services or programs from different layers. I guess DOMAINS might be a useful identifier to key in on for the
rest of this diatribe.


svchost [6 instance] labeled as the GPSvcGroup and it sit idle.

HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL

Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$
windir   C:\Windows


SLsvc.exe is the software licensing service and is called directly by Services.EXE and has a recognizable USERNAME and
USERPROFILE value.  The TEMP and TMP variables directing subscribing applications to a file location deep within the bowels of
c:\windows.

ALLUSERSPROFILE   C:\ProgramData
APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local

ProgramData   C:\ProgramData
ProgramFiles   C:\Program Files
PUBLIC   C:\Users\Public
SystemDrive   C:
SystemRoot   C:\Windows
TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService


svchost.exe [7 instance] is labeled as a 'local' service Host, just waiting to jump into action.

APPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Local

TEMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
USERDOMAIN   NT AUTHORITY
USERNAME   LOCAL SERVICE
USERPROFILE   C:\Windows\ServiceProfiles\LocalService



svchost.exe [8 instance] is labeled as a Network service host, in waiting

APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local
TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService


spoolv.exe is called the Spooler Sub-system that handles printing chores automatically for the user. This service is
called directly by Services.EXE and has an identical environment.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
PATH   C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT   .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


svchost.exe [9 instance] This instance is a non-Network related Host.

APPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Local

TEMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
USERDOMAIN   NT AUTHORITY
USERNAME   LOCAL SERVICE
USERPROFILE   C:\Windows\ServiceProfiles\LocalService

HPSupportSolutionsFramework is called by Services.EXE directly.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


LSSrvc.EXE is the Lightscribe printing service that burns labels directly on specially manufactured CD's and DVD's. I
ran out of such disks months ago, so this service sits and waits for me to replenish.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


mbamscheduler.exe is called directly by Services.Exe with the following environment variables.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


mbamservice.exe is a Host called directly by Services.Exe.  This service then calls mbam.exe which has a couple of
memory variable locations that resemble the environment found inside Explorer.exe.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
Path   C:\Windows\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


mbam.exe is called by the mbamservice.exe and has a different USERNAME and USERPROFILE than the calling host.

TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERNAME   LARRY
USERPROFILE   C:\Users\Default


MSCAm532,exe has the same environment as Services.Exe.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


NBService.EXE is called by Services.Exe as required and shares memory variables.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


daemonu.exe is part of the Nvidia Settings Update Manager and is called directly by Services.Exe

__COMPAT_LAYER   VistaSetUp
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERNAME   LARRY
USERPROFILE   C:\Users\Default



svchost.exe [10 instance] A network service Host in waiting.  I hope you're starting to see a pattern.

APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local
TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService


locator.exe is another direct call Service.


APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local

TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService
windir   C:\Windows
 
Svchost.exe [11 Instance] is labeled as a WerSvcGroup Service in waiting.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


SearchIndexer.Exe This is a Hosting service called by Services.Exe.  It calls SearchProtocolHost.Exe and
SearchFilterHost.Exe.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\Local

TEMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
TMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


SearchProtocolHost.Exe This service is called by SearchIndexer.Exe.  Notice the unique TEMP and TMP values match those
of the calling Service.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\Local

TEMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
TMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


SearchFilterHost.Exe One of two services called by SearchIndexer.Exe.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\Local
TEMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
TMP   C:\PROGRAMDATA\Microsoft\Search\Data\Temp\usgthrsvc
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$

The unique TEMP and TMP values are shared by these three services, all within the LARRY_HP domain


xAudio.Exe is probably the most missed service (it's broken...haven't heard a new tune in 10 days or more) on the
system and one that is called directly by Services.Exe

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL

TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


wmpnetwk.exe  A Windows Media Service called directly from Services.Exe.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


ehsched.exe A Windows Media Player Service called directly from Services.Exe

APPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\NetworkService\AppData\Local
TEMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\Windows\ServiceProfiles\NetworkService


ehrecvr.exe A Windows Media Player Service called directly from Services.Exe


APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$


PresentationFontCache.Exe is called directly from Services.Exe

APPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
LOCALAPPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Local
TEMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
USERDOMAIN   NT AUTHORITY
USERNAME   LOCAL SERVICE
USERPROFILE   C:\Windows\ServiceProfiles\LocalService


svchost.exe [12 instance] is labeled as a Local Service No Impersonation.

APPDATA   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming

TEMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
TMP   C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
USERDOMAIN   NT AUTHORITY
USERNAME   LOCAL SERVICE
USERPROFILE   C:\Windows\ServiceProfiles\LocalService


svchost.exe [13 instance] is labeled as the secsvcs service and is part of the Window's Defender service.

APPDATA   C:\USERS\LARRY-PC$\AppData\Roaming
HOMEPATH   c:\Users\LARRY-PC$
LOCALAPPDATA   C:\USERS\LARRY-PC$\AppData\LOCAL
MpConfig_ProductAppDataPath   C:\ProgramData\Microsoft\Windows Defender
MpConfig_ProductCodeName   AntiSpyware
MpConfig_ProductPath   c:\program files\windows defender
MpConfig_ProductUserAppDataPath   C:\USERS\LARRY-PC$\AppData\Local\Microsoft\Windows Defender
MpConfig_ReportingGUID   0CA2C2EE-C5BE-4E71-8B03-B4603DF77DAB
TEMP   C:\Windows\TEMP
TMP   C:\Windows\TEMP
USERDOMAIN   LARRY_HP
USERNAME   LARRY-PC$
USERPROFILE   C:\USERS\LARRY-PC$

That completes a list of environment variables for the various Services that ARE running currently on my gimped 12 year old HP
Pavillion PC that is on it's last leg.  I'm going to next try to cover the services that are not running for whatever reason.
For this purpose, I'll be referring to the various errors and warnings that appear in my Event logs that point to broken
services and bad system calls.  More on that next time.
« Last Edit: September 29, 2015, 05:56:49 am by RaveRocks, Reason: mini-edits »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #7 on: September 29, 2015, 08:39:01 am »
I use Process Explorer occasionally but more to check if I have any foreigners in the system.

This is done by clicking on Options and ensuring Verify Signatures is checked and then hover over VirusTotal.Com and check its box.

Anything under the Virus Total column with a highish value/50 in red should be treated as suspect.

It's probably the computer that is generating those usernames for whichever path is required, but I've never gone that deep or needed to or probably know how - so you'll probably know more about that than I do.

When you were talking about the restore disks/applications in your opening post, are they system images or actual recovery disks which are a copy of what is in the Recovery partition, because I think probably the best way to go with this would be a factory reset as you are unable to run the WR program.

If you had a Vista x32 SP2 install disk then you could have booted up with that to see if an offboot sfc /scannow would sort things.

I only have the SP2 Vista ISO for 64 bit, so it would be no good send you a couple of those.

There are Google links (can't remember where I got mine from) but for them to include SP2 are few and far between and you never know if you can trust them.

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #8 on: September 30, 2015, 04:12:23 am »
Reporting in.  And I made a huge discovery tonight.  A few months back (May), I ran malwarebytes and JRT.EXE after a run-in with some nasty adware that wouldn't disappear from FireFox.  I feel blessed.  Big Time!  JRT ran a Registry Backup before two scans.  I'm sure I will only need to reinstall any software that was installed after the date of the last RegBack.  There are no step by step instructions for running the CMD file in the folder.  I do believe I should run Windows Recovery Console, which I've also found a good copy of and then open a cmd window (as admin) and run the bat file from within the little black box.  I guess I'm a bit chicken to do it, after the past two weeks of near purgatory.  But here goes.  I'll report back.
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #9 on: September 30, 2015, 05:01:26 am »
if you use an infected restore/back up then you are going to get that nasty back.

In your opening post you discounted using your restore points - why was that ?

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #10 on: September 30, 2015, 08:40:51 pm »
What a day!  This is pure opera drama without the singing and orchestra.  Or maybe a Quentin Tarantino movie with an all cat, dog and monkey cast.  So last night about 3am, I discovered a complete install of Tweaking.com's Windows Repair tool AND IT WORKS.  It was in the C:\Temp directory . . . not where I'd expect to find it. It was there since September 15th, 2015.  I decided I was on the verge of needing toothpicks to keep my eyes open and left the repair attempts until after my daily three cups of coffee and breakfast (details on twitter, HA!).

Windows Vista is a cursed operating system and until mid-September, I had no clue as to why.  As soon as I can, I will abandon it for good.  Safe Mode, for example, does not include support for either a Serial Bus keyboard or a USB keyboard, so when I see the message "Press any key to continue" in a CMD window, I know I'm doomed.  I used the Administrator account for both of this afternoon's repair sessions, mostly because its account does not require a password at sign on.  After the repairs, when I log in to my normal passworded account, I am unable to use any of the Administrator tools, getting an error that 'The dependency service or group failed to start".  When I log in as Administrator, I can use the Admin tools.  Here is a list of errors (Administrative View) in order of their occurrence, after a cold (de-electrified) start and when logging in as Administrator.

-----------------------------------------------

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1083" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Application Information service depends on the User Profile Service service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Application Information service depends on the User Profile Service service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Application Information service depends on the User Profile Service service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Application Information service depends on the User Profile Service service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

---------------------------------

And that pair of errors repeated a few more times.

When logging in as Larry, I get a whole different set of errors which I'll get to later if important. (The majority of the errors include the line: "The executable program that this service is configured to run in does not implement the service." )  Firefox history and the cookies are gone. (No problem because I exported them and hopefully I'll be able to import them when things settle down.)

I looked through the logs that the Windows Repair Tool produces and found 'several' Access Denied occurrences.  I'm attaching 2 Rar files containing the two sets of logs, one for each repair session.  I was hoping to include the Admin Event logs for both of the repair sessions and for log in attempts after the repairs, but Miss Vista is being quite the <you choose> and most uncooperative. I'm not going to attempt any manual changes to the registry and I'll wait until a further study of the situation before I change my user settings. 

I do have the registry backup produced in June of this year by JRT.EXE and if all else fails, I'll go that dangerous route because getting all those ntuser.dat files in the right place and turning off the right services to be able to HAVE file access, is not going to be a task for a tired ex-programmer ex-dj who wishes he hadn't given up on recreational drugs years ago.
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #11 on: October 01, 2015, 12:52:06 am »
I don't seem to have anything on this laptop to open those rar files, so can't view them.

Have you tried creating a new admin user account as profiles can become corrupt.

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #12 on: October 01, 2015, 03:07:25 am »
After this afternoon's fixes, I noticed that, when logged in as Larry (me), I have two Downloads folders, two Documents folders as well as two folders each labeled Desktop, Music, Videos, and Pictures.  In each case, one is empty and one contains my old stuff.  The current profile for me points at the empty folder created at 9pm, about 4 hours after my last fix, so this must have happened when either I logged in. or when I ran sfc /scannow.  I scanned through the registry looking at the services that continued to fail and the services that they depend on and came away with no good new clues.  I've created boot log and logged on a couple of time in 'debug' mode and look forward to seeing their contents, but I need sleep so it'll have to wait until tomorrow.

=====edit01=====

I just remembered what process I ran at 9pm-ish last night.  We can blame "Windows Easy Transfer" for creating the new folders and restoring my data into the wrong place.  I couldn't run the utility under my regular logon (dependency service wasn't available) so I let Windows make the move while logged in as Administrator.  Today's task would seem to be finding out why Windows services load under one User and not another. 

=====edit02=====

I think I found the problem.  I found a blank entry in the WinLogin\GPExtensions list that points to Administrative Templates.  AND that starts up Userenv.dll which I do believe is the source of all my issues.

The GUID for the blank entry is 35378EAC-683F-11D2-A89A-00C04FBBCFA2.

I'm hoping someone out there knows how to create a reg file for me that will update the values as they should be for that logon task in Windows Vista. 

I'm not sure how to pull a value out of an old registry backup from a few months ago or if it's even possible. 

At least I see a twinkle of light at the end of this dark tunnel.



« Last Edit: October 02, 2015, 07:50:28 pm by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #13 on: October 08, 2015, 10:59:54 pm »
I am back from my 3 week programming insanity. I am now trying to catch up on all the threads since then and that is over 100+ threads for me to go threw. So i am scanning through them quickly.

In this case this is one long thread lol so I didnt read all of it. So how are things so far?

Shane

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #14 on: October 09, 2015, 01:01:46 am »

In this case this is one long thread lol so I didnt read all of it. So how are things so far?

Shane

Sorry about the length of the thread.  But thank you for this web site and your utility.  In a sea of scams, it was a blessing to find you and your band of merry troops.  While your utility didn't fix my PC, it did provide me with a road map  and an opportunity to learn.  So as much as it's been [blank] frustrating most of the time, this project of resurrecting my PC brought me back into the 'headspace' of application design and coding which I was lucky enough to do for a living for 20 years.  The sooner I can get out of this 'headspace', the better.  :thinking:

The short version: After trying to install your utility and failing, I tried installing the stand-alone which failed with the 'Invalid Picture' error.  A week later, I came across the installation of your application in c:\temp and ran it, twice, as suggested.   During the early stages of the resurrection process, I've installed malwarebytes, hijackthis, and Process Explorer, all of which have pumped out helpful reports. 

PC HP Pavillion model m8000n  Windows Vista Home Premium 32bit SP2

There is a restore partition but the F11 Recover utility doesn't recognize it.  I have the factory System Recovery disks but they come up with a 1012 error.  An Enhanced Back Up and Recovery utility (SP39296) also doesn't recognize the restore partition and ends with another error that accuses me of interrupting the creation of the recovery partition.  A side trip on the recovery drive led me to a few dozen hidden cmd files that look like the backbone to the recovery process.  I have yet to go down that path, but I think it was a good discovery nevertheless.

Now the current state of my pc.  The error I see upon login is that a Windows Service (User Profile) failed to start.

The majority of errors are 1083.  Here's a list from the admin view of a recent reboot.

--------------------------------------

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1083" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The Multimedia Class Scheduler service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The User Profile Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Themes service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The System Event Notification Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Extensible Authentication Protocol service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The Microsoft iSCSI Initiator Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Task Scheduler service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Server service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Computer Browser service depends on the Server service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

The Application Experience service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The LoadUserProfile call failed with the following error:
The RPC server is unavailable.

The Secondary Logon service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The executable program that this service is configured to run in does not implement the service.

The IP Helper service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Windows Media Center Extender Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

DCOM got error "1083" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

The Background Intelligent Transfer Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

The Remote Access Connection Manager service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

==note== the above error then repeats a few dozen times followed by

DCOM got error "1083" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

---------------------------------------------------

It's good to have you back and I'm sure hoping someone who lives in this world of Windows internals can help me make sense of this mucky mess.  It wouldn't be so bad if my audio was working.  Here's a sample of my work up on you-tube.  https://youtu.be/1yd4NQq2FXQ  Eurythmics - Love is a Stranger (not available in Germany).
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #15 on: October 09, 2015, 01:13:18 am »
When vista breaks, it breaks hard lol

A repair install is going to be a must, but not from those outdated recovery disks that will put everything back to the way it was when you got the computer, and would be horribly outdated.

Doing a proper repair install would be far better, not have any of the preinstalled crap on it and will let you keep your files. it is basically doing an upgrade to the same version

This is the guide to do it
http://www.vistax64.com/tutorials/88236-repair-install-vista.html

The draw back, you need a vista setup cd that has SP2 already on it. That isnt easy to find. I do have it the disk but obviously I cant post it or MS would have a fit lol

But there are ways of finding a good ISO to download (ISO is a cd image), but we will worry about that later.

First thing to do, if it hasnt been done already is to test some hardware to make sure it isnt the cause. Otherwise the repair install will go like crap or worse.

So if you havent yet we need to check the disk for bad sectors to make sure that isnt the problem.

Open a cmd.exe window as administrator if you can and put this in

chkdsk c: /r

The /r tells chkdsk to do a normal chkdsk and also a bad sector check, 5 stages total and will take a while!

Then when it is done you can find the results of it this way
http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html

Post the results for me so i can make sure it says 0KB in bad sectors at the bottom. Anything above 0 means its time for a new drive.

Then we need to test the ram (memory) to make sure that isnt what is causing the problem. There are multiple test programs out there, like mem test 4 but I have had it not report any problems on a system that only the windows memory test could find. So I like to use it instead. But ms removed it from their site but you can still find it :-)

http://www.majorgeeks.com/files/details/microsoft_windows_memory_diagnostic.html

That you will use to create an bootable cd with and then boot off the cd itself to run the test. You may need to make the cd on a more stable system of course.

Then if both the drive and memory are good then we will do the repair install. When we get to that point I will work with you to try and find a normal vista sp2 iso for you to download.

1 am for me so I may not reply till tomorrow or monday.

Shane

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #16 on: October 09, 2015, 02:36:22 am »
Here is the results of the chkdsk I performed last evening:

====NOTE: reformatted to make it easier to read====

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.                         
255808 file records processed.
562 large file records processed.
0 bad file records processed.
0 EA records processed.
159 reparse records processed.
311072 index entries processed.
0 unindexed files processed.
255808 security descriptors processed.
Cleaning up 14028 unused index entries from index $SII of file 0x9.
Cleaning up 14028 unused index entries from index $SDH of file 0x9.
Cleaning up 14028 unused security descriptors.
CHKDSK is compacting the security descriptor stream...
27633 data files processed.
CHKDSK is verifying Usn Journal...
34406680 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
255792 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
1454787 free clusters processed.
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

51199968 KB total disk space.
44912816 KB in 197102 files.
110292 KB in 27636 indexes.
0 KB in bad sectors.
357712 KB in use by the system.
65536 KB occupied by the log file.
5819148 KB available on disk.

4096 bytes in each allocation unit.
12799992 total allocation units on disk.
1454787 allocation units available on disk.

Internal Info:
40 e7 03 00 ec 6d 03 00 32 1e 06 00 00 00 00 00  @....m..2.......
32 02 00 00 9f 00 00 00 00 00 00 00 00 00 00 00  2...............
42 00 00 00 12 72 1c 77 f8 81 0d 00 f8 79 0d 00  B....r.w.....y..

I'll post the results of my memory test in a bit.

=== edit 01 ===

I ran both the standard and extended memory tests (2 passes each) and no errors were found.  As soon as I send this, I'm going to reboot and let the extended memory tests run overnight while my body sleeps and my brain resets. 

By the way, in my search for answers, I found another download from HP that looked like it could solve my F11 Recovery functionality, but it didn't perhaps because it was written for an HP laptop running a different version of Windows.  The cmd file didn't complain about any of that when run.  I'm attaching the cmd file and log file it created when I ran it a few times.   Other files in the package: HPRMF.dll, winre32.wim, winre664.wim and SP48415.cva. 
« Last Edit: October 10, 2015, 07:06:38 pm by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #17 on: October 10, 2015, 09:08:43 pm »
Hmmm hps the newer ones you have to hit esc first then it will pop up an alternative menu for you to recover with f11
Julian

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #18 on: October 13, 2015, 02:28:02 am »
Letting the memory test run for as long as possible is the best way to test it.

How did that go?

Shane

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #19 on: October 13, 2015, 09:04:36 am »
For a long while, when I used vista, the only program I used to maintain it was 360

many of the updates from MSFT put bugs in the vista systems now :(
force them to re-install to verify the license to only get a bad license report back after DAYS of TRYING to restore!

regards

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #20 on: October 14, 2015, 02:01:47 am »
To carry on from the other thread. 

I've downloaded the update (Portable) and ran the entire batch of repairs in safe mode after a cold start. The extra long file name error is happening in the WMI repair section and is pointing to a location:

c:\windows\system32\config\systemprofile\localsettings\Application Data with the "\Application Data" then repeated more than 5 times.  I was able to write down part of the file name (it flashed by in a few seconds) and the only one I could find on drive C: that resembled the name was temp1_ffjcext.zip file.  I could find no occurrence of that file name in the registry.  There was no mention of the file length error in the log files.

==== edit 01 ====

In Junction Link Magic, the junction c:\windows\system32\config\systemprofile\localsettings
has a destination of c:\windows\system32\config\systemprofile\AppData\Local

and the junction c:\windows\system32\config\systemprofile\AppData\Local\Application Data
has a destination of c:\windows\system32\config\systemprofile\AppData\Local


I also had Windows Repair fix the paths but there is still a repeat.  (I don't know if this is critical.)

Path=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

« Last Edit: October 14, 2015, 02:33:37 am by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: Vista Help Pls - Bad Install (and then some!)
« Reply #21 on: October 15, 2015, 02:46:20 pm »
Apologies but I'm breaking the standard forum rule about Thread bumping because I just had a major breakthrough.  From the few tweeks I've just made, I think I've found the source of the 1083 Error on my PC.  I don't think I've ever yelled as loud for joy as I did when I heard Windows sign-on music after a reboot.

It all depends on a responding entry for each applicable service that uses svchost, in the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost

As an example, if a service appears as svchost -k netsvcs in the imagepath(**), then that service name MUST appear in the netsvcs multi-string list in the right-hand pane.  Ditto for any of the other services that use svchost.

From the notes I've made in the past three weeks, most of the services that were malfunctioning are using svchost or depend on a service that does use svchost.  So far, I've restored my MMCSS, audio service, SENS, BITS, ShellHWDetection and Themes.  The rest of my afternoon will be spent adding the rest of the missing entries.  I'll report back with the results.

==== edit01 ====

(**) refers to imagepath in the appropriate entry at the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

==== edit02====

After adding the long list of missing items to the netsvcs entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost, all of the 1083 and 1068 errors have disappeared. 

I went through the entire list of svchost related services at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services and categorized them by the command line switch for svchost and then checked the appropriate lists at NT\CurrentVersion\SvcHost for missing or invalid entries. 

THREADORDER is being loaded with -k LocalSystem whereas the service appears in LocalService list.
MCX2Svc is being loaded with -k LocalServiceAndNoImpersonation whereas the service appears in the LocalService list.
RemoteRegistry appears in two lists regsvc and Local Service.

Profsvc is generating this error: "Windows cannot load classes registry file.  Detail- The system canot find the file specified."

The Readyboost service terminated with the following error.  The handle is invalid.

After my repairs, I've got my sound system back (very happy) but I know it's not totally fixed.  I'm going to set a restore point and run Windows Repair in safe mode.  More later.

==== edit03 ====

Windows Update has finally been able to run for I don't know how long.  45 security updates were installed successfully with an absolutely clean reboot.  The error log reveals a couple of left-over errors to deal with, but my major concerns have been resolved.  I'm still concerned that my Recovery drive is not being recognized by the software update from HP and that my recovery disks are still coming up with an error.

My theory is that some application attempted to install itself at the security level of netsvc and instead of adding their service to the list, they chopped the list down to a single entry - - theirs!  Or the application cherry picked names out of the list, disabling certain security features of Windows Vista by removing dependent services.  I've never ever been this deep into the registry as I have in the past month, so I know I didn't do it.  :artist:

When my tax refund comes through, you have been added to the list of companies and web sites that I want to contribute to. Being able to vent and spew my error logs helped.  Getting useful responses was a side blessing.  Thank you.



« Last Edit: October 15, 2015, 09:36:07 pm by RaveRocks »
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: [SOLVED]Vista Help Pls - Bad Install (and then some!)
« Reply #22 on: October 19, 2015, 01:23:35 am »
I hope someone can clarify the registry settings her refers too and;

make it easier to read; perhaps re-writing it so we can understands is a better option?

regards

Offline RaveRocks

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 37
  • Location: Vancouver, BC Canada
  • Karma: 0
    • View Profile
Re: [SOLVED]Vista Help Pls - Bad Install (and then some!)
« Reply #23 on: October 19, 2015, 03:13:54 am »
I have re-written my solution to the 1083 error in another forum http://www.tweaking.com/forums/index.php/topic,3777.0.html , including the list of services that are called by svchost and the various command lines that are possible.  Once you have a look at both areas of the registry that this solution points to, you'll see how both areas have to be in 100% agreement or services will not load at run time.  From my research on the net, the concept used in Vista to validate a service's network rights is the same in the three newer versions of Windows.  The only differences will be the newer services that each version of Windows introduces.  The list of services that I detail in the other thread is only valid for 32bit Windows Vista Home Premium SP2.  I came across a list of services in Vista SP1 at one of the Microsoft sites and there were an additional 10 or so services that didn't make it into SP2.
You'll find me on Twitter and You-Tube but never again on Facebook. My first computer was a $99 TI-994a. By the end of the first day, I was able to write and save the Oscar Myer Weiner song.  If only today's goals were so simple.