accidentally deleted HKEY_USER .DEFAULT, S-1-5-18, S-1-5-19, S-1-5-19

[FirstTimer]

I received an error message: C:\Windows\system32\zonelabs\vsmon.exe stating that "Validation failed for C:\Windows\system32\VSINIT.dll. You are probably are missing a necessary root certificate.

Plus, accidentally deleted S-1-5-19, S-1-5-19 Classes, S-1-5-20 and S-1-5-20 Classes folders which incluced ZoneAlarm in the HKEY_USER.

Also that .DEFAULT and S-1-5-18 folders are blank (only Default REG_SZ) and the permissions are set to Guest with Special Permission (Allow Read Control) and the owner is Admin in the HKEY_USER

How do I restore the HKEY_USER folders plus ZoneAlarm and how do I restore the necessary root certificate so that I can re-install Zone Alarm Pro properly?

One more thing, does that mean all my data will be erased on the C:\ drive and I would have to manually recover/restore them plus applications?

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

After waiting about 5 min, everything works fine including shutdown and restart.

I also tried chkdsk - it stated that the HDD is clean.

URGENT

[nitroshift]

System Restore to a point prior to your actions?

[FirstTimer]

System Restore to a point prior to your actions?

I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.

But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.

I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!

I always have to set it to IGNORE.

If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?

[FirstTimer]

System Restore to a point prior to your actions?

I forgot to mention earlier that I temporary disabled system restore due to security concerns plus I disabled Simple folder shares due to security concerns.

But, in HKEY_USER, I left S-1-5-21 and S-1-5-21 Classes intact.

I was thinking, is it possible to get the stuff back by going back to either .DEFAULT or S-1-5-18 and exchange Guest with Admin.

But then, what else can I add in and which folders do I need to attach to them and how to do it properly and correctly without messing up the registries?

I also previously installed System recovery to the C:\ drive using combofix

I caution that using combofix is OK, but whatever registries I edited with be put back in default automatically. I would have to manually search these registries again and re-edit them to my liking.

I also caution that using Malwarebytes is also OK, but it will always give me a warning that using Registry Editor is a virus, but its not!

I always have to set it to IGNORE.

If I set it to DELETE, I can still use Registry Editor and the registries will be left intact even if I modified them to my liking beforehand.

Since I have system recovery at my disposal, is there a way to just ONLY recover/restore .DEFAULT , S-1-5-18, S-1-5-19, S-1-5-19 Classes, S-1-20 & S-1-20 Classes and recover the necessary folders including Microsoft and ZoneAlarm and leaving everything else intact without wiping and reload the C:\ drive and without reloading all the applications, licenses etc.?

I went to HKEY_USER and changed both .DEFAULT and S-1-5-18 from Guest to Admin

Then I enabled System restore & created today as Restore Point & then restore to an earlier operating state today.

Nothing changed. I still have to wait about 5 min for everything to load properly & be able to look at HDDs & go on to the Internet.

I bet I still would have problems installing Zone Alarm Pro.

So what is plan B (change of plans)?

I request step by step instructions without messing any further.

[tech4niq]

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

You can try create a new profile and transfer all data from old profile to a new one.

[submix8c]

Besides, every time I boot my PC, the startup are slow. I have to wait 5min to see and use network connection and be able to see and use my HDDs.

You can try create a new profile and transfer all data from old profile to a new one.

s-1-5-18: NT AUTHORITY\SYSTEM (???)

s-1-5-19: NT AUTHORITY\LOCAL SERVICE (folder LocalService\NTUSER.DAT?)

s-1-5-20: NT AUTHORITY\NETWORK SERVICE (folder NetworkService\NTUSER.DAT?)

So... suggestion probably won't fix missing items.

Try to get the stuff from the "backup" and start over. Don't know if contents of Windows\Repair would help or not...

[tech4niq]

So... suggestion probably won't fix missing items.

I had similar problems few months ago, this solution fixed my problem, so you must try it first.