locked
Help! Remnant of getPlusHelper Service prevents backups RRS feed

  • Question

  • I seem to have created a problem on my Laptop - Vista 32.

    History: a couple of weeks ago while wandering through forums I came across an entry about - GetPlusHelper - and realized it's not needed (and was a possible security risk too) so I followed the directions and eliminated it. So - well and good I thought. Who needs an archaic online Adobe Updater..

    Problem: About halfway through a complete backup (using: Backup & Restore) to an USB external HD - the backups now fail with an error. "The request could not be performed because of an I/O device error. (0x8007045D)." During a file/folder backup (also: backup & restore) the same error occurs about 1/3 the way through).

    Diagnostic: The 'getPlusHelper' service still shows as a Service in task Manager (stopped - Group N/A). In msconfig.exe there's no entry for the service, registry cleaners I've used (ASC4 - CCleaner) haven't picked it up either. In Services although listed as 'Local System' it's not showing up 'Description - Status - or Startup Type' and attempting to look at properties there just brings up a 'File Not Found' error.

    More Checks: CHKDSK reported no errors. SFC /scannow; returned "Windows Resource Protection found corrupt files but was unable to fix some of them. (how do you analyse CBS.log?). Tasklist /svc; doesn't list      it. Will soon try also: Resource monitor - Process Explorer - & anything else I can think of..

    Recommendations: Please suggest methods if you know any possible solutions to this problem.

    So next step: Perhaps rename existing backups to attempt new FULL backup (likely won't work). Perhaps exclude something from a file/folder backup to skip the error? (might work). Try other registry tools? (Any ideas) Use some CMD to eliminate invalid services - tho individually if possible :).

    See below for Event Viewer screenshot as there's other info there..


    So TIA, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Sunday, August 7, 2011 5:07 PM

All replies

  • Hi again,

    Update: Searched through the Registry using RegEdit. Found several sections referring to getPlusHelper so backed up Registry and starting culling them. Managed to eliminate all but the ones still locked by the system. (3 items) referred to under the same title 'LEGACY_GETPLUSHELPER' - After reboot backed up the Registry again.

    Result: The Services didn't appear this time in Task Manager or Services.msc; But I'm still unable to delete the 3 entries from the registry. So I'll try again in Safe Mode later - sleep first. :)

    Backups: Still fail with the same error btw. SFC Reports still unable to fix corrupt file(s).


    In Safe Mode: Unable still to delete these registry keys below.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)

    But now LEGACY_GETPLUSHELPER appears in Lastkey of regedit too at:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
    HKEY_USERS\S-1-5-21-1041376716-3660686474-137551627-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

    Exiting Regedit on a different LastKey removed it from the USER - LastKey entries. So a Tip for future reference! Don't exit Regedit on a Dodgy Key. :)

    Anyways - Still trying to fix. Have to check CBS.Log too I'd think.


    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 8, 2011 5:24 AM
  • Hi, still not fixed yet..

    I'm now wiping FREE space on the Root HD C:\ (using CCleaner). This wipes free space in the MFT, and on C:\ generally. But of course, this'll take some ~2+ hours though..

    Looking next into how to analyse CBS.log - might have to do this manually if I can't find a way to automate the process. Finding the actual "corrupt" file(s) will certainly enable other steps.

    pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 8, 2011 9:16 AM
  • Hi, here's some good info..

    This link from the TechNet Library helps with 'Understanding Failures and Logfiles'

    http://technet.microsoft.com/en-us/library/ee851579(WS.10).aspx


    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    • Edited by pkn2011 Monday, August 8, 2011 10:14 AM Link not html..
    Monday, August 8, 2011 10:12 AM
  • Hi, sorry about the rawness of this data. But it shows 4 files corrupt/missing apparently - at this point I'm not sure if this is related to the getPlus problem - but am still analysing. I'm thinking from within RegEdit I can set Permissions - this might let me delete the keys. I'll try that soon too. Can someone point me in the direction of these files below. My software came pre-installed. Windows Vista business 32bit.  Now, look out! here comes an extract from CBS.log  :)

     

    2011-08-09 00:29:21, Info                  CSI    000001dd [SR] Verify complete
    2011-08-09 00:29:21, Info                  CSI    000001de [SR] Repairing 4 components
    2011-08-09 00:29:21, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
    2011-08-09 00:29:21, Info                  CSI    000001e0 [SR] Cannot repair member file [l:30{15}]"msiexec.exe.mui" of Microsoft-Windows-Installer-Executable.Resources, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e1 [SR] Cannot repair member file [l:22{11}]"msiexec.exe" of Microsoft-Windows-Installer-Executable, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e2 [SR] Cannot repair member file [l:20{10}]"panmap.dll" of Microsoft-Windows-panmap, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e3 [SR] Cannot repair member file [l:22{11}]"msiexec.exe" of Microsoft-Windows-Installer-Executable, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e4 [SR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"
    2011-08-09 00:29:21, Info                  CSI    000001e5 [SR] Cannot repair member file [l:30{15}]"msiexec.exe.mui" of Microsoft-Windows-Installer-Executable.Resources, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e6 [SR] This component was referenced by [l:164{82}]"Package_16_for_KB948465~31bf3856ad364e35~x86~en-US~6.0.1.18005.948465-22_en-us_GDR"
    2011-08-09 00:29:21, Info                  CSI    000001e7 [SR] Cannot repair member file [l:20{10}]"panmap.dll" of Microsoft-Windows-panmap, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2011-08-09 00:29:21, Info                  CSI    000001e8 [SR] This component was referenced by [ml:38{19},l:36{18}]"Windows Foundation"
    2011-08-09 00:29:21, Info                  CSI    000001e9 [SR] Repairing corrupted file [ml:520{260},l:82{41}]"\??\C:\Windows\System32\LogFiles\Firewall"\[l:20{10}]"mpssvc.dat" from store
    2011-08-09 00:29:21, Info                  CSI    000001ea Repair results created:
    POQ 93 starts:
         0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\f85a4290d755cc012f2700005c1bc81a._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
        1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\181a4590d755cc01302700005c1bc81a.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
        2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\585c5490d755cc01312700005c1bc81a.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
        3: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\88425790d755cc01322700005c1bc81a.$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms"
        4: Hard Link File: Source = [l:226{113}]"\SystemRoot\WinSxS\x86_networking-mpssvc-svc-dir_31bf3856ad364e35_6.0.6000.16531_none_69dcb6a77f86c3ef\mpssvc.dat", Destination = [l:104{52}]"\??\C:\Windows\System32\LogFiles\Firewall\mpssvc.dat"

    POQ 93 ends.

    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 8, 2011 3:12 PM
  • Hi, I thought. "I'm thinking from within RegEdit I can set Permissions - this might let me delete the keys."

     

    But I've tried this and can't seem to set permissions for the 3 remaining Keys:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GETPLUSHELPER\0000 (and subkeys)

     

    Any ideas? pkn


    I can set permissions as low as the ControlSets - but for enum and anything below that I'm denied..
    Tuesday, August 9, 2011 7:19 AM
  • Nope - Seems I'm going to have to rebuild. The more I try to fix this, the worse it seems to get. I've corrupted my user profile now I think. So I'm just going to copy everything off directly as backups are broken. And do the big reformat - and then rebuild from the bottom up.

    That'll fix some long-standing problems too, some partly broken McAfee security software that's been unfixable for a long time, this recent getPLUS problem, and assorted leftovers from years of computing on the same system. yay!

    I'll re-install from my original Vista32 disks - rather than going Win7, but I've also time to rethink this plan yet. :)

    Anyways, no point stressing about it - just have to get in and fix it I suppose..

    Cheers, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    • Marked as answer by pkn2011 Saturday, August 13, 2011 2:54 PM
    Thursday, August 11, 2011 11:41 PM
  • Hi, my plan - "So I'm just going to copy everything off directly as backups are broken. And do the big reformat - and then rebuild from the bottom up."

     

    Phew. Only just managed to copy off (nearly) everything before the laptop went down - bsod- battery fail most likely, will wait for a new battery to arrive before I can do much else. The corrupted profile didn't allow me to restore to a previous point to access hidden files so my 'Vault' was still trapped - temporarily - until I restored it from previous backups using the 64bit, recent data perhaps lost tho - I'll check my online backups for a newer version of it soon, might be lucky. Either way I won't be able to access its contents until I can get the Vaults program up and running again.  

    Anyways, don't worry- be happy. :)

    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Saturday, August 13, 2011 2:54 PM
  • Hi,

    Thank you for your time and effort sharing all the information and troubleshootings. Hope the new battery will work without any issues.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, August 17, 2011 6:00 AM
    Moderator
  • Hi Magon, you wrote. "Hope the new battery will work without any issues."

    Well yes the new battery is good, extra power - it sticks out the back of the laptop a bit now though. :)

    My error checking disk reports the Fan speed is wrong - which I suspected as it has gotten noisy recently, the HD appears OK. No bad blocks, but the BSOD says it's now an Unmountable volume. So I'll take it in for a checkup on the fan and get the tech to reformat my HD and install the OS disks for me I think.

    The recent backup trouble seems to have destroyed the backup image - so I can't recover it, and likely I wouldn't want to either, as then the GetPlus and partly broken McAfee, and broken Messenger (pre 2011 version) will all return. It'll be better & quicker to rebuild it!

    All data is secure, except maybe the vault content might need some updating - eg. some invoices and some Accounts entries. But these I can re-input without too much trouble. And rebuild my personalized folder setup etc. So all in all it should be "as new" before long hopefully.. I've had the same install going for almost 3 years now so it's had a good run really. About time it got a refresh.

    Thank you. pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Thursday, August 18, 2011 2:17 PM
  • hi all, I've delayed this plan somewhat " And do the big reformat - and then rebuild from the bottom up" so I can see if I can fix the broken profile problem. Best way to learn more about my OS this way I think - and really I can't make it worse now. :)

    I've been using a recovery disk, and managed to get into the HD, and registry to edit the ProfileList. But the problem continues. It got to the point of entering the password at my usual login - but then went back to say user profile could not be loaded. So there must be more to it. Posts in other threads refer to NTuser.DAT - so I'll add this to the next attempt. Hopefully I can get in a bit further soon..

    Here's a link to fixing the broken user profile for anyone interested..

    http://support.microsoft.com/kb/947215

    And this is the link to the recovery disk I've been using:

    http://techblissonline.com/vista-recovery-disc-download-and-create-to-recover-windows-vista-32-bit-x86-and-64-bit-x64-editions/

    This program ImgBurn works well if you don't have a burner:

    http://www.imgburn.com/index.php?act=download

     

    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Sunday, August 21, 2011 7:17 AM
  • Right. So "Posts in other threads refer to NTuser.DAT - so I'll add this to the next attempt."

     

    Using the recovery disk - and running 'CHKDSK C: /F' from the command prompt available there - found 5 unindexed files this time. Rebooting again got me to the Login prompt - and I was able to access the Hd on the Laptop over the LAN now from this Win7 64bit.

    Doing this let me access the C:users\Peter folder remotely which revealed a 'NTuser.Dat.bak' - now renamed as 'NTuser.dat' - logging onto the Laptop as per usual got me in to my "normal" desktop this time. Although it's messed up as I've not reconnected the other monitor as yet.

    Sure - it's still got the getPlusHelper problem, the partly broken McAfee and broken Messenger etc, not to mention umpteen old program installs that have also left their remnants around, but I've certainly educated myself in re: to fixing the Desktop now at least. So I'll try opening the vault next and securing the data therein too!

    We're still heading towards a reformat though most likely. But without worrying about breaking it - perhaps I CAN fix it. Won't know until I try. :)

    Oh what fun. <g>, pkn


    So I've managed to open the Vault and the data therein is now secured too. So that's certainly a bonus! :)
    Sunday, August 21, 2011 8:40 AM
  • Well, after spending hours rebuilding the desktop, I tried to reboot and found myself in exactly the same position as before. Needing to use the recovery disc to log on. again " 'CHKDSK C: /F' from the command prompt available there - found 5 unindexed files"

    To be safe again I copied the NTuser.dat (et al) over to the Win7 64bit via the LAN. And I think this'll become a regular event. And for all systems too! For starters - being a locked file it doesn't seem to be in ANY of the file backups, so you need to copy it before you log-in!

    BUT - this time logging onto the desktop it was as I'd left it. Both monitors. All widgets and gadgets. So without too much further delay I cleaned off a few more things - and launched ASC4 - now recently upgraded. This found lots of the usual problems; registry, junk, privacy, etc, and it also managed to fix the .NET updates that I've been previously battling to install, either auto through Windows Update. or manually on the web. So Windows should be up to date again now I'd think, might even risk turning update checking back on again this time..

    During scanning ASC4 also scheduled a chkdsk on reboot: the previous 1007 large files went down to 894;  900,000+ indexed entries fell to 300,000 odd; and the 5 unindexed files were now at 0! amazing..  So now I'm sitting at the login prompt just waiting for the disk activity to ebb. So hopefully I can log in without incident now, and then get back to trying to clean up the system even further. FX'd. :)

    BTW if I turn OFF UAC - can I then edit/delete at all levels of the registry? If not - how else?

    Regards, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 22, 2011 1:30 AM
  • Since mentioning, " So hopefully I can log in without incident now"

    Indeed this was the case. And now running a FULL scan with Windows Defender - some 3+ hours in so far..

     

    While waiting - and wandering through the TechNet Library I've come upon this link:

    http://technet.microsoft.com/en-us/library/cc742472(WS.10).aspx

    which refers to use of the Secedit command. And although it looks somewhat complicated seems to enable full control of security settings for Vista (and Win7 also) - therein; the following: 'Syntax'

    secedit/import/dbFileName.sdb/cfgFileName.inf [/overwrite] [/areasArea1 Area2 ...] [/logFileName] [/quiet]

    I note in particular: /areas -  which includes among a few others:

    REGKEYS

     -  Includes Registry Permissions

    So now just to look into how to use it effectively. (Though turning OFF UAC might still work. Not sure yet.)

     

    Also during Analysis over the past weeks. I've spotted at least one problem file - in particular 'Changes.DAT' ~507Mb (for MOBK) being backed up just prior to when the backups appear to have failed. I've deleted it (new file only 8kb+) So I'll retry the backups again soon, perhaps getPlusHelper isn't the real cause of them failing after all..

     

    chow4now. pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 22, 2011 5:46 AM
  • Hi again, previously. "but for enum and anything below that I'm denied.."

     

    Well the latest reboot, resulted in the same problem. Needing to go to the recovery disk. This time though it lists my Operating system - Windows Vista. and gets the HD size as 238Gb. so that's another step forward I guess.

    Successful tests include: System disk. Metadata test. Target OS. Volume Check. Boot Manager. Boot log. Event log. Internal state. Boot status. Setup state. And Registry hives test.

    Diagnosis finds 1 Root cause for failed restart. Registry is Corrupt. And then, rolled back successfully.

    Possibly the getPlusHelper still causing problems? Not sure without more info though..

    So 'Finish to restart' - gets me back to the login prompt okay..

    Maybe next time it'll restart normally?

    Cheers, pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Monday, August 22, 2011 10:19 PM
  • Update: Last 2 restarts have loaded now right to the Login prompt. So perhaps time to try a full backup. pkn


    If my post was helpful - give it a Vote. If it helps solve your problem - propose it as Answer. ;-)
    Tuesday, August 23, 2011 1:37 AM
  • Seems like it's a few steps forward - and then it's suddenly back to the Recovery disc..

    So I definitely need to figure out how to fix the registry properly. :/

    oh well, at least it's useable part of the time anyways.. :)

     


    Wiki Discussion forum: http://social.technet.microsoft.com/Forums/en-US/tnwiki/threads
    Thursday, September 15, 2011 6:37 AM
  • Well, due to an accumulation of errors as previously detailed incl a partly corrupted registry, really the only way to clean up fully is by reformatting - then reinstall. As all data is secure rebuilding shouldn't be too dramatic. Much better than needing to fall back on the recovery disc fairly frequently.

    Probably a quick format would have saved a lot of time - as a full format has taken some 30 hours already, tho it's 97% completed now. :)

    I'll probably be able to snap a few more pics for Wiki articles I've been working on with a renewed Vista setup too. Having it so 'non-standard' wasn't really conducive to snapping representative pics..

    Anyways, a few other chores to do yet..

    Regards, pkn


    Wiki Discussion forum: http://social.technet.microsoft.com/Forums/en-US/tnwiki/threads
    Saturday, September 17, 2011 5:30 AM