Fixed it! The aforementioned article is correct. I downloaded the RegDelNull program mentioned in the article (http://technet.microsoft.com/en-us/sysinternals/bb897448.aspx) and ran it on hkcr, hkcu, hklm, hku, and hkcc (short for HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, and HKEY_CURRENT_CONFIG), respectively. It deleted a bunch of keys. Rerunning the program you posted earlier revealed no keys with embedded nulls in their names, and ensurepip now works.
I have no idea how these keys got there. For all I know they are the result of malware. I think it would be worthwhile changing the Python code to detect nulls and perhaps issue a warning that directs people to this article or something like it. -- https://mail.python.org/mailman/listinfo/python-list
