Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

accidentally deleted HKEY_USER .DEFAULT, S-1-5-18, S-1-5-19, S-1-5-19

- - - - -

  • Please log in to reply
6 replies to this topic

#1
FirstTimer

FirstTimer
  • Member
  • 3 posts
  • Joined 21-February 10
  • OS:XP Pro x86
  • Country: Country Flag
I received an error message: C:\Windows\system32\zonelabs\vsmon.exe stating that "Validation failed for C:\Windows\system32\VSINIT.dll. You are probably are missing a necessary root certificate.
Plus, accidentally deleted S-1-5-19, S-1-5-19 Classes, S-1-5-20 and S-1-5-20 Classes folders which incluced ZoneAlarm in the HKEY_USER.

Also that .DEFAULT and S-1-5-18 folders are blank (only Default REG_SZ) and the permissions are set to Guest with Special Permission (Allow Read Control) and the owner is Admin in the HKEY_USER

How do I restore the HKEY_USER folders plus ZoneAlarm and how do I restore the necessary root certificate so that I can re-install Zone Alarm Pro properly?

One more thing, does that mean all my data will be erased on the C:\ drive and I would have to manually recover/restore them plus applications?

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.
After waiting about 5 min, everything works fine including shutdown and restart.
I also tried chkdsk - it stated that the HDD is clean.

URGENT


How to remove advertisement from MSFN

#2
nitroshift

nitroshift

    Beware of programmers with screwdrivers!

  • Super Moderator
  • 2,907 posts
  • Joined 29-November 05
  • OS:Windows 8.1 x64
  • Country: Country Flag
System Restore to a point prior to your actions? ;)

Please read the rules, folks!


#3
FirstTimer

FirstTimer
  • Member
  • 3 posts
  • Joined 21-February 10
  • OS:XP Pro x86
  • Country: Country Flag

System Restore to a point prior to your actions? ;)


I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.
But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.
I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!
I always have to set it to IGNORE.
If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?

#4
FirstTimer

FirstTimer
  • Member
  • 3 posts
  • Joined 21-February 10
  • OS:XP Pro x86
  • Country: Country Flag


System Restore to a point prior to your actions? ;)


I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.
But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.
I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!
I always have to set it to IGNORE.
If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?


I went to HKEY_USER and changed both .DEFAULT and S-1-5-18 from Guest to Admin

Then I enabled System restore & created today as Restore Point & then restore to an earlier operating state today.

Nothing changed. I still have to wait about 5 min for everything to load properly & be able to look at HDDs & go on to the Internet.
I bet I still would have problems installing Zone Alarm Pro.


So what is plan B (change of plans)?

I request step by step instructions without messing any further.

#5
tech4niq

tech4niq
  • Member
  • 5 posts
  • Joined 21-February 10
  • OS:XP Pro x86
  • Country: Country Flag

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

You can try create a new profile and transfer all data from old profile to a new one.

#6
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,310 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

You can try create a new profile and transfer all data from old profile to a new one.

s-1-5-18: NT AUTHORITY\SYSTEM (???)
s-1-5-19: NT AUTHORITY\LOCAL SERVICE (folder LocalService\NTUSER.DAT?)
s-1-5-20: NT AUTHORITY\NETWORK SERVICE (folder NetworkService\NTUSER.DAT?)

So... suggestion probably won't fix missing items.

Try to get the stuff from the "backup" and start over. Don't know if contents of Windows\Repair would help or not...

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#7
tech4niq

tech4niq
  • Member
  • 5 posts
  • Joined 21-February 10
  • OS:XP Pro x86
  • Country: Country Flag

So... suggestion probably won't fix missing items.

I had similar problems few months ago, this solution fixed my problem, so you must try it first.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users