• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
FirstTimer

accidentally deleted HKEY_USER .DEFAULT, S-1-5-18, S-1-5-19, S-1-5-19

7 posts in this topic

I received an error message: C:\Windows\system32\zonelabs\vsmon.exe stating that "Validation failed for C:\Windows\system32\VSINIT.dll. You are probably are missing a necessary root certificate.

Plus, accidentally deleted S-1-5-19, S-1-5-19 Classes, S-1-5-20 and S-1-5-20 Classes folders which incluced ZoneAlarm in the HKEY_USER.

Also that .DEFAULT and S-1-5-18 folders are blank (only Default REG_SZ) and the permissions are set to Guest with Special Permission (Allow Read Control) and the owner is Admin in the HKEY_USER

How do I restore the HKEY_USER folders plus ZoneAlarm and how do I restore the necessary root certificate so that I can re-install Zone Alarm Pro properly?

One more thing, does that mean all my data will be erased on the C:\ drive and I would have to manually recover/restore them plus applications?

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

After waiting about 5 min, everything works fine including shutdown and restart.

I also tried chkdsk - it stated that the HDD is clean.

URGENT

0

Share this post


Link to post
Share on other sites

System Restore to a point prior to your actions? ;)

0

Share this post


Link to post
Share on other sites

System Restore to a point prior to your actions? ;)

I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.

But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.

I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!

I always have to set it to IGNORE.

If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?

0

Share this post


Link to post
Share on other sites

System Restore to a point prior to your actions? ;)

I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.

But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.

I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!

I always have to set it to IGNORE.

If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?

I went to HKEY_USER and changed both .DEFAULT and S-1-5-18 from Guest to Admin

Then I enabled System restore & created today as Restore Point & then restore to an earlier operating state today.

Nothing changed. I still have to wait about 5 min for everything to load properly & be able to look at HDDs & go on to the Internet.

I bet I still would have problems installing Zone Alarm Pro.

So what is plan B (change of plans)?

I request step by step instructions without messing any further.

0

Share this post


Link to post
Share on other sites
Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

You can try create a new profile and transfer all data from old profile to a new one.

0

Share this post


Link to post
Share on other sites
Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.
You can try create a new profile and transfer all data from old profile to a new one.

s-1-5-18: NT AUTHORITY\SYSTEM (???)

s-1-5-19: NT AUTHORITY\LOCAL SERVICE (folder LocalService\NTUSER.DAT?)

s-1-5-20: NT AUTHORITY\NETWORK SERVICE (folder NetworkService\NTUSER.DAT?)

So... suggestion probably won't fix missing items.

Try to get the stuff from the "backup" and start over. Don't know if contents of Windows\Repair would help or not...

0

Share this post


Link to post
Share on other sites
So... suggestion probably won't fix missing items.

I had similar problems few months ago, this solution fixed my problem, so you must try it first.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.