Author Topic: Reg File for corrupt (empty) Registry Key (Read 29782 times)

RaveRocks · « **on:** October 02, 2015, 09:21:06 pm »

I think I found what ails my PC. I found a blank entry in Winlogon\GPExtensions list. And from the online research the entry that's blank has the GUID that should run the Administrative Templates that start the user services and group policies via userenv.dll

I'm running Windows Vista Home Premium 32bit. Could someone running the same version please extract the contents of that key for me and post the results so that I can populate the key?

The GUID I'm needing is: 35378EAC-683F-11D2-A89A-00C04FBBCFA2 (that's the only blank one)

The full location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\

By the way, I've checked a couple of old backup's made by JRT back in April and May of this year and the value of that key was blank way back then. I remember I needed to get jiggy with some nasty malware around that time. Life's lessons are tedious at best.

=====edit01======
I've been searching for an online reg file solution the past few hours and the thought occurred that others are having similar errors and that this is more than likely caused by malware of some sort. In almost every case that I've come across, services in the GPExtensions stack have not been deleted but more often all of the subfolders/attributes have been deleted.

I'm not sure if the Windows Repair tool checks this 'Run Once at StartUp' command list for blanked out or invalid entries because this is a clever way of killing a bunch of security services while leaving other services running that the malware needs. It's actually quite silly that Windows has no built in fall-back procedure if one of it's key systems isn't where it's supposed to be. A cascade of errors can be caused by one blanked out registry entry. In the old DOS world, if you wanted to mess with the operating system at the level we're talking about, you'd have to mess with assembler or compiled code. Gates has given us a system full of back doors and loop holes. By exposing the registry, Windows makes all of us vulnerable to having our high-speed internet connections used by nefarious nerds of various ages. Now I ask you, how much code would it take to ensure such key systems are running and available?

While I'm asking questions that I don't expect answers to, I was looking at the logs and noticed one system (MCIupdate) that was running twice a minute, with the obligatory log entry each time. The spooler service is sending one error a second to a log file. It's pointing at a registry address that does not exist. I found the only existence of that particular location in an xml file. I renamed it to *.old, only to have it appear again a few seconds later. Now that's good management of resources. It's absolutely no wonder that svchost is eating up such a huge volume of cpu clicks. With the help of Process Explorer, I've had more of a look at the innards of Windows Vista than I really wanted, but the closer I look, the quicker I want to dump it.

Boggin · « **Reply #1 on:** October 03, 2015, 02:11:43 am »

Well, there's no guarantee that upgrading to Win 10 would resolve that missing key.

Do you think that key could be the same in Vista 64 bit ?

The reason I ask is because I have a Vista x64 SP2 ISO from which I could send you a couple of disks.

RaveRocks · « **Reply #2 on:** October 03, 2015, 03:27:39 am »

Thank you for the offer, but I have a couple of friends with computers and I'm going to bring a USB stick with me when I visit them this weekend. Hopefully by Sunday I'll have the fix I need. Perhaps some kind soul still running Vista SP2 32bit can take a couple of minutes to export the key to a reg file for me.

Again, thank you very much for the offer, but I'd hate to put you to that level of trouble over what amounts to less than 1K worth of data.

Boggin · « **Reply #3 on:** October 03, 2015, 04:42:57 am »

It wouldn't be a problem - I've already sent Win 7 ISOs to people for repair purposes.

RaveRocks · « **Reply #4 on:** October 03, 2015, 05:54:00 am »

I found this in the hklm.txt file that gets installed with Windows Repair. Except for the GUID, it's all solid insoluble goop to me, but methinks one of your utilities might make some sense of it.

"machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAIAR(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)"t
That's in the hklm text file it looks like something manageacl uses to set registry permissions.

Boggin · « **Reply #5 on:** October 03, 2015, 07:59:12 am »

I hope that query was directed to Shane

RaveRocks · « **Reply #6 on:** October 03, 2015, 09:30:54 pm »

Today's search has brought me to the following information about the registry object I'm wanting to rebuild.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:01088622
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000

lists the data structure that I need to implement. I've tried to use regedit to add the data fields but I'm getting an "Error writing to the Registry". Suggestions please.

====edit01====

I got past the Permissions barrier and was able to make the additions to the entry and guess what, it didn't make a tinker's cuss of difference. What I'm wondering if Windows innards ask for and replace data by name or number. If by number, I may be screwed. I entered them in the order displayed in my message above, however regedit is now displaying them in alphabetical order. Did I mess something up ?

Boggin · « **Reply #7 on:** October 04, 2015, 03:04:50 am »

You don't appear to have run a sfc /scannow or chkdsk /r to see what they report.

Download the 32 bit ISO from http://getintopc.com/softwares/operating-systems/windows-vista-home-basic-download-iso-32-bit-64-bit/ and then use https://www.microsoft.com/en-us/download/windows-usb-dvd-download-tool to create a bootable Vista x32 SP2 install disk.

If sfc /scannow reports that it cannot repair some files, then you can boot up with the disk and perform an offboot sfc /scannow but you can view the CBS log by entering -

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt

This will put an icon onto the Desktop which will open the CBS log in Notepad.

This is for an offboot sfc /scannow in Win 7, but I would think it would be similar in Vista http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

When booting up with the install disk, instead of the splash screen as is shown in the tutorial, it may first take you to an inverse window with the top item - Windows Set up (EMS Enabled)

If that is the case, then just press enter and it will take you on from there.

I think the only other alternative would be a factory reset.

RaveRocks · « **Reply #8 on:** October 04, 2015, 03:24:52 am »

Yes I did run the entire batch of repairs from beginning to end - - twice. I've run sfc /scannow at least daily and it comes up clean. I ran chkdsk tonight as well and it also had no errors. I am less than a half inch away from a Factory Reset. I am less than 6 inches away from throwing the entire computer off the balcony. I bought a 1 TB external hard drive less than two weeks before all hell broke loose and 99% of my important data has been off the main hard drive for the past 20 days. I've prepared all the install files for my key applications and I no longer fear the inevitable. I guess I was hoping for a miracle and instead I'll have to settle for a tootsie roll.

Boggin · « **Reply #9 on:** October 04, 2015, 08:59:47 am »

As you have everything backed up safe then it would probably be best to go that half inch - otherwise you'll end up with grey or no hair and ulcers

RaveRocks · « **Reply #10 on:** October 05, 2015, 03:46:14 pm »

Monday afternoon blues have set in. I downloaded the HP Vista Install Disks as suggested, burned them and when run I get the message: "This PC is not supported by the System Recover Discs. You will not be able to continue to recover this system with these discs." Minor setback. Also, I can't get out of Safe Mode. It seems the registry that regedit is having me view and edit is NOT the registry that the system is using.

Side comment. The expression "L00py" when applied to the human brain, describes the mental state we often get into when tackling a problem or bad memory, a sad loss or other PTSD like experience. It's the inability to stop thinking about something. It's the loop-tape repetitive thought that just won't go away. Computer programmers often get into that state of mind. It's one of the reasons I forced myself to quit the profession. The past few weeks have been that kind of L00py experience for my brain. (It's funny my spell-checker isn't catching the spelling of loopy with the embedded zeros, hehe.) And I'm waiting to get out of this conundrum so I can get back to the relaxed brain of a semi-retired person.

When I quit my career as a coder, I tried to clear my long-term memory of all the rules I had embedded there. I'm here to report that the knowledge is still there after 15 years of trying to forget. I guess we should be thankful there is no regedit for the brain.

scarsxp · « **Reply #11 on:** October 05, 2015, 04:40:04 pm »

Quote from: RaveRocks on October 05, 2015, 03:46:14 pm

Monday afternoon blues have set in. I downloaded the HP Vista Install Disks as suggested, burned them and when run I get the message: "This PC is not supported by the System Recover Discs. You will not be able to continue to recover this system with these discs." Minor setback. Also, I can't get out of Safe Mode. It seems the registry that regedit is having me view and edit is NOT the registry that the system is using.

Side comment. The expression "L00py" when applied to the human brain, describes the mental state we often get into when tackling a problem or bad memory, a sad loss or other PTSD like experience. It's the inability to stop thinking about something. It's the loop-tape repetitive thought that just won't go away. Computer programmers often get into that state of mind. It's one of the reasons I forced myself to quit the profession. The past few weeks have been that kind of L00py experience for my brain. (It's funny my spell-checker isn't catching the spelling of loopy with the embedded zeros, hehe.) And I'm waiting to get out of this conundrum so I can get back to the relaxed brain of a semi-retired person.

When I quit my career as a coder, I tried to clear my long-term memory of all the rules I had embedded there. I'm here to report that the knowledge is still there after 15 years of trying to forget. I guess we should be thankful there is no regedit for the brain.

Well, what you could do is boot up your OS as a secondary hard drive. Using "hirens boot cd" as a mini xp.

Go into "C:\Windows\System32\config"
back up your current "SOFTWARE" file. To some where.

Then replace "SOFTWARE" with an older backup. Although you said your older back ups were missing the keys?

But what you could do is just for fun, is reinstall windows vista 32bit on other drive on the same computer with the same setup. And take that SOFTWARE file from a fresh install and replace it with your current OS (But not before you make a backup). Just to see what happens. If something goes wrong, you can always revert to the back up.

RaveRocks · « **Reply #12 on:** October 05, 2015, 09:36:49 pm »

Ok, the latest twist. Ready? I get a link from HP Support to buy a disk set for my exact model - - price tag $27.00, which is not the problem. The only payment methods are an HP gift card number or PayPal. Not just any gift card, but one I have to buy from I don't know who or use PayPal. For me to send via PayPal will require me to open a US$fund account at my bank and then open a PayPal account and link them to my new bank account.

Another HP twisted tale to add. I do have the original Repair disks for this machine, but every time I attempt to use them, I get a 1012 error, to which I am told to update the firmware for my DVD burner, which happens to be another HP product. HP's website details how to find out the current firmware version, but their screen shots and menu choices are for Windows 7 and don't work on Vista. I go search online and find the test program to find out my current firmware version, etc. and then search the HP site for firmware updates and get a 'nothing found' error.

I'm sure I'll never get another HP product after this ordeal and I'm very amazed they can't provide a download solution for a 9 year old operating system.

Speaking of Microsoft, I tried to join their tech forum only to get a form to fill out, listing the last three people I sent emails to and the last three people I spoke to on the telephone. I was too amazed to respond.

Boggin · « **Reply #13 on:** October 05, 2015, 11:32:50 pm »

You wouldn't be able to repair or custom install with the downloaded ISO disk unless you had a valid retail key with yours being an OEM install.

However, you would be able to extract the file you are looking for.

http://www.vistax64.com/tutorials/261616-extract-files-vista-installation-dvd.html

As a workaround to the disk drive firmware problem, perhaps buying an external disk player would be feasible.

I'm not sure if going into Device Manager, right clicking on the CD/DVD drive and selecting Update Driver Software would get you the firmware, but a disk player requiring a firmware update to function sounds crazy.

RaveRocks · « **Reply #14 on:** October 06, 2015, 02:09:43 am »

The set of ISO's I downloaded were for HP Vista Home Premium 64 bit with the description on the website suggesting that the disks probably would work for 32 bit installations as well.

And my DVD burner is an external model HP Dvd-Writer 1270e. Windows Vista doesn't have screens that display the firmware of the burner.

Boggin · « **Reply #15 on:** October 06, 2015, 02:37:54 am »

Oh, thought the DVD drive was built in.

As it is an external drive then you would need to go to the device's support site for any updates.

You can't use a 64 bit ISO on a 32 bit system or vice - versa so you'll need to download the 32 bit ISO for your system.

If you booted up with the 64 bit disk, Windows would tell you that you couldn't use it.

RaveRocks · « **Reply #16 on:** October 06, 2015, 05:02:32 pm »

Quote from: Boggin on October 06, 2015, 02:37:54 am

You can't use a 64 bit ISO on a 32 bit system or vice - versa so you'll need to download the 32 bit ISO for your system.

There is no download available for the 32 bit system ISO's. HP has two options: either buy the disk set or download an upgrade module that updates the installed recovery system on drive D:. I've tried option number 2 and it doesn't detect the recovery files already installed there and the application has the nerve to accuse me of interrupting the creation of a recovery partition. Pretty lame programming if you ask me.

This may be repeat information, but I already have original System Recovery disks (HP5013-8477 & HP5013-8478) which result in a 1012 Error. HP support says to update the DVD writer firmware to get rid of that error, except there is no update that I can find.

I'm not sure who is responsible for the ads that appear on your site, but I'm looking at one now for www.driverupdate.net which is reported to be another one of those scam sites.

=== edit01 ===

I just saw that same ad while at another site. In this ongoing ordeal, I have learned to look for site reviews before allowing any site to have access to my machine. Scammers are numerous.

Boggin · « **Reply #17 on:** October 07, 2015, 01:33:32 am »

I'm in the process now of downloading and saving the 32 bit ISO from the link I had posted - it says it will take about 54mins so will get back later to see if the Windows program can create a bootable disk from it.

Did you go to the external disk drive support site to see if they had any updates ?

Should the machine be detecting problems with an internal CD/DVD player, then go into Device Manager, right click on the drive and select Uninstall and without rebooting, see if the recovery disk will work then in the external drive.

I use AdblockPlus in IE because my ISP's home page and e-mail is crapped out with adverts which slows up their availability to do anything with them, but Shane has no control over which adverts appear on this website.

Boggin · « **Reply #18 on:** October 07, 2015, 04:28:26 am »

UPDATE - For some reason the Windows Burner Tool doesn't recognise the 32 bit ISO as an ISO and yet I have been able to create a bootable disk with the 64 bit one - albeit a little while ago.

It's in excess of 2GB so it looks to be about the right size to include the bits required to make it an ISO, but as MS have been issuing Desist orders for Win 7, wonder if this has also been affected, although with a Desist order the file download link probably would no longer have worked.

Puzzled about this.

Did you try uninstalling the internal DVD drive to see if the recovery disk would work in the external one ?

RaveRocks · « **Reply #19 on:** October 08, 2015, 01:02:20 pm »

The internal DVD drive became unusable a couple of years ago and I removed it from the PC.

I will try the uninstall of the external drive and see if that works.

In a message yesterday on the HP support site, I found out that HP has absolutely no support people monitoring or responding to problems. The only people who do respond are volunteers. That's a bit short sighted, in my opinion. That means FOR SURE no more HP products will ever get purchased again for any of my systems.

Boggin · « **Reply #20 on:** October 08, 2015, 01:51:17 pm »

I've noticed that HP have a pretty decent online Diagnostic setup for desktops and laptops, but someone to speak to for the more obscure problems would have helped.

I wonder if the computer still thinks you have the internal disk drive installed - is there anything in Device Manager ?

Also wondering if removing the Upper and Lower Filters with the external drive disconnected would stop the error message ?

https://support.microsoft.com/en-us/kb/929461

RaveRocks · « **Reply #21 on:** October 08, 2015, 08:36:13 pm »

I checked out that registry key and there was no upper and lower filter entries as the article suggested. And if there is a firmware update for my DVD Burner, HP is doing a damn good job of hiding it.

Shane · « **Reply #22 on:** October 09, 2015, 12:18:33 am »

Quote

I found this in the hklm.txt file that gets installed with Windows Repair. Except for the GUID, it's all solid insoluble goop to me, but methinks one of your utilities might make some sense of it.

"machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAIAR(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)"t
That's in the hklm text file it looks like something manageacl uses to set registry permissions.

That doesnt install the key, that is simply the permission information for the manageacl program to apply. It only applies the permissions it does add or change any registry key data or info

I have been gone for the last 3 weeks programming like mad and just got back to the forums, I have gone through over 100+ threads and so forgive me for not reading every post in this thread as it is a little long.

What is the current situation? How are things? Also in the first post, did you confirm if that fixed you up? i am always open to any info that i can safely automate and add to the repairs

Shane

Boggin · « **Reply #23 on:** October 09, 2015, 12:27:43 am »

Quote from: RaveRocks on October 08, 2015, 08:36:13 pm

I checked out that registry key and there was no upper and lower filter entries as the article suggested. And if there is a firmware update for my DVD Burner, HP is doing a damn good job of hiding it.

If it is a non-HP external disk drive then HP wouldn't have any updates for it.

What is the make and model of the disk drive ?

RaveRocks · « **Reply #24 on:** October 09, 2015, 04:59:22 am »

My DVD burner is an external model HP Dvd-Writer 1270e. I've got boot order set to Floppy, DVD, Hard=drive.