Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Posted 29 May 2008 - 01:55 AM
It works for the one computer that had this issue.
It plays fast and loose (sort of) with the registry, so...
The usual disclaimers apply. Use at your own risk. Review the code before you use it. Modify it (even post your mods here) for your needs and/or peril. It may make things worse, including but not limited to corrupting beyond repair an otherwise working system.
Now to (hopefully) save at least 1 other person, a lot (and I mean A LOT) of typing and mousing around.
1st some background info on the problem this fixed for me.
I had an empty device manager after installing SP3 on a WinXP SP2 computer with a Symantec product installed.
Turns out serveral people had this problem. Including one "solution" to delete all those keys manually and voila... devices in device manager were back. (also back were "Safely remove" in the system tray, as well as the network card icons in properties of "My Network Places").
That was insane! (well the manually deleting them part).
To grasp the situation, I downloaded a most excellent Nirsoft utility to scan the registry and discovered over 5000 occurrences. That's a lot of manual deletions. All of them had some sort of enum and what not associated with them.
Well long story short, download regfind from here.
Get Autoit.
Create a folder C:\regfind (if you want to use the unmodified IExpress .SED file).
In that folder create "findit.au3" and paste the following:
; msgbox (0,"",$key)
; FileInstall ( "Regfind.exe", @SystemDir,1)
$txtfileN=@DesktopDir&"\foundit.txt"
Dim $i[1]
$findme='$%&'
$findme2='$%%&'
;$foundfile="found5.txt"
$cmdfileN=@DesktopDir&'\madereg.cmd'
FindReg($txtfileN)
$txtfile = FileOpen ($txtfileN,0)
If $txtfile = -1 Then
MsgBox(0, "Error", 'Unable to open file. Main txtfileN "'&$txtfileN&'"')
Exit
EndIf
;$cmdfile=FileOpen ($cmdfileN,2)
;If $cmdfile = -1 Then
; MsgBox(0, "Error", 'Unable to open file. Main cmdfileN "'&$cmdfileN&'"')
; Exit
;EndIf
$reges=0
While 1
$line = FileReadLine($txtfile)
If @error = -1 Then ExitLoop
$lineS = StringStripWS($line,1)
$lineN = NWS($line)
AddToAry($i, $lineS, $lineN)
if StringInStr($lineS, $findme) Then
; FileWriteLine($fileout,AryToStr($i,$lineN))
$regdelCMD='REG DELETE "'&AryToStr($i,$lineN)&'" /f'
RunWait($regdelCMD)
$reges+=1
; msgbox(0,"if",UBound($i)&' '&$lineN&' '&AryToStr($i,$lineN))
EndIf
; msgbox(0,NWS($line),"*"&$line&"*")
WEnd
FileClose($txtfile)
MsgBox(0,"Deleted Registries",$reges&' registry entries deleted')
;FileClose($cmdfile)
;MsgBox(0,"Finished searching Registry",'Run the command "'&$cmdfileN&'"')
Exit
Func AddToAry(ByRef $i, $lineS,$lineN)
while UBound($i)<=$lineN
AryUp($i)
WEnd
$i[$lineN]=$lineS
EndFunc
Func NWS($str)
$striped=StringStripWS($str,1)
$ws_count=StringLen($str)-StringLen($striped)
Return $ws_count
EndFunc
Func NextLine($file)
EndFunc
Func AryUp(ByRef $i)
ReDim $i[UBound($i)+1]
EndFunc
Func AryToStr($i, $lineN)
$sTmp=$i[0]
For $x = 1 to $lineN
$sTmp&='\'&$i[$x]
Next
; MsgBox (0,"arytostr",$sTmp)
Return $sTmp
EndFunc
Func FindReg($txtfileN)
$HKLM="HKEY_LOCAL_MACHINE"
$subkey="SYSTEM"
$key=$HKLM & "\" & $subkey
; $findme="$%&"
$cmdtmpN = 'regfind.cmd'
$dir2 = @SystemDir
; $outfile2=$dir2&'\'&$outfile
$outfile2=$txtfileN
$cmd2 = '"'&@WorkingDir&'\Regfind.exe" -i 1 -p "'&$key&'" -n "'&$findme2&'" > "'&$outfile2&'"'
; $cmd2 = '"'&$dir2&'\Regfind.exe" -i 1 -p "'&$key&'" -n "'&$findme&'" > "'&$outfile2&'"'
;MsgBox(0,"",$cmd2)
;$file1n = $dir2&'\regfind.cmd'
$cmdtmp = FileOpen($cmdtmpN,2)
If $cmdtmp = -1 Then
MsgBox(0, "Error", 'Unable to open file. FindReg cmdtmpN "'&$cmdtmpN&'"')
Exit
EndIf
FileWriteLine($cmdtmp,$cmd2)
FileClose($cmdtmp)
; RunWait($cmd2)
RunWait($cmdtmpN)
; msgbox(0,"","")
EndFunc
Compile it to an exe findit.exe
Extract Regfind.exe (Downloaded from link above)
Create "NortonXPSP3fixer.SED"
[Version] Class=IEXPRESS SEDVersion=3 [Options] PackagePurpose=InstallApp ShowInstallProgramWindow=0 HideExtractAnimation=0 UseLongFileName=1 InsideCompressed=0 CAB_FixedSize=0 CAB_ResvCodeSigning=0 RebootMode=N InstallPrompt=%InstallPrompt% DisplayLicense=%DisplayLicense% FinishMessage=%FinishMessage% TargetName=%TargetName% FriendlyName=%FriendlyName% AppLaunched=%AppLaunched% PostInstallCmd=%PostInstallCmd% AdminQuietInstCmd=%AdminQuietInstCmd% UserQuietInstCmd=%UserQuietInstCmd% SourceFiles=SourceFiles [Strings] InstallPrompt= DisplayLicense= FinishMessage= TargetName=C:\regfind\NortonXPSP3fixer.exe FriendlyName=Norton XP SP3 Fixer AppLaunched=findit.exe PostInstallCmd=<None> AdminQuietInstCmd= UserQuietInstCmd= FILE0="Regfind.exe" FILE1="findit.exe" [SourceFiles] SourceFiles0=C:\regfind\ [SourceFiles0] %FILE0%= %FILE1%=
and IExpress yourself an .exe!!!
I am purposely not uploading my .exe for two reasons (well three). One, I haven't ever used one of those megadownloader type sites to upload files (also I don't really want to use up my storage space on my account here
) and two... I have no idea how dangerous this is and don't want a cookie cutter disaster. I figure if you can do the above, you have slightly more skills that "enough to be dangerous". Third, it has no checks/error detection and no attempt to put "polish" into it has been made.Now to cover what my script does. It runs regfind.exe with the "-i 1" parameter. What that does is space out the key names by one. That also makes it handy to count spaces and use that count for an array element number in Autoit
.It creates a file on the desktop called "foundit.txt". (created with regfind called from the autotit script). Processes that text file, then deletes each registry key found with the offending cartoon swear characters.
I originally tried to have the script create a .cmd file with the "REG /DELETEs" to run (as a safety buffer) later, but it was too much of a pain to escape all the % and & and whatever other characters there were, plus some are escaped with % and others ^ and just wanted to get the computer fixed.
So boot in safe mode, and sign on as an administrator. Enjoy.
PS: Did I mention run it in SAFE MODE. The keys won't be gone if you don't.
Note: I've also encountered the $%&'()* keys (without the device loss) after SP3 update on other computers with Symantec products.
If you run it more than once, foundit.txt on the desktop will be a zero byte file. So copy it if your curious and want to run it more than once to make sure the "deleted registry key" count is zero.
Another Note: Why didn't I just use the Nirsoft util? For one, including ControlSet001, 2 etc it also included CurrentControlSet. Where the regfind.exe only included the numbered control sets (didn't want duplicate deletions). And two, that takes the fun out of learning how to parse the output of regfind.exe into some array structure that's useful.
This post has been edited by JoeMSFN: 29 May 2008 - 02:07 AM
Back to top
Hysterical! It looks something like this:
