Registry trouble

Status
Not open for further replies.
C

Colt45ws

Joined
Aug 15, 2006
Messages
10,060
Location
Central Washington
So I have a friend's Win8 laptop here that had some malware on it. I was able to clean it up with Malwarebytes and Hitmanpro, then I installed avast and uninstalled the expired Norton IS.
Then I went on to Windows updates and found it couldnt because the services were not running.
The services were straight gone from the list. So far Ive successfully recovered "Background Intelligent Transfer Service", "Windows Update", "Security Center", and "Windows Firewall". Ive done this by exporting the related registry keys from another machine, importing that into it, then doing a `sc create` to bring the entry back.
That is until the "Base Filtering Engine" service. Its the last service its missing, I think. Trying to do the import gives me an access denied error. So I went and Tried to manually add the BFE key to HKEY_LOCAL_MACHINE/System/CurrentControlSet/services, but I get an 'Access Denied' doing that too. I suspect it may be a ghost or some remnant of the original key preventing me from readding it.
Any ideas?
 
Clean install. If he can't/didn't backup, too bad. User error no matter how you slice it. In the end he will thank you for doing the clean install.
 
I would do a clean install - especially if it's the install it came from the factory with. Never had good luck with store bought computers unless I wiped clean and reinstalled.
 
Originally Posted By: OVERKILL
Sounds like the permissions on that key were modified. You CAN change them back.

Also, a quick google found the following for Windows 7:

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Might be worth trying, as well as this FixIt:

http://support.microsoft.com/mats/windows_firewall_diagnostic/

Yeah, that's essentially what Im trying to do is install the missing registry entries, the problem is that access is denied when I try to install it. When I try to manually add the BFE Key entry into the registry I get an access denied as well, but since there is no key currently, I have nothing to change permissions on.
 
Originally Posted By: Colt45ws
Originally Posted By: OVERKILL
Sounds like the permissions on that key were modified. You CAN change them back.

Also, a quick google found the following for Windows 7:

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Might be worth trying, as well as this FixIt:

http://support.microsoft.com/mats/windows_firewall_diagnostic/

Yeah, that's essentially what Im trying to do is install the missing registry entries, the problem is that access is denied when I try to install it. When I try to manually add the BFE Key entry into the registry I get an access denied as well, but since there is no key currently, I have nothing to change permissions on.


Try the Fixit and see if it fixes the permissions on the parent key, which is where the issue would be.
 
Originally Posted By: OVERKILL
Originally Posted By: Colt45ws
Originally Posted By: OVERKILL
Sounds like the permissions on that key were modified. You CAN change them back.

Also, a quick google found the following for Windows 7:

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Might be worth trying, as well as this FixIt:

http://support.microsoft.com/mats/windows_firewall_diagnostic/

Yeah, that's essentially what Im trying to do is install the missing registry entries, the problem is that access is denied when I try to install it. When I try to manually add the BFE Key entry into the registry I get an access denied as well, but since there is no key currently, I have nothing to change permissions on.


Try the Fixit and see if it fixes the permissions on the parent key, which is where the issue would be.


Not available for this OS. Win 8. Suck.
 
Originally Posted By: Colt45ws
Originally Posted By: OVERKILL
Originally Posted By: Colt45ws
Originally Posted By: OVERKILL
Sounds like the permissions on that key were modified. You CAN change them back.

Also, a quick google found the following for Windows 7:

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Might be worth trying, as well as this FixIt:

http://support.microsoft.com/mats/windows_firewall_diagnostic/

Yeah, that's essentially what Im trying to do is install the missing registry entries, the problem is that access is denied when I try to install it. When I try to manually add the BFE Key entry into the registry I get an access denied as well, but since there is no key currently, I have nothing to change permissions on.


Try the Fixit and see if it fixes the permissions on the parent key, which is where the issue would be.


Not available for this OS. Win 8. Suck.


OK, then check the permissions on the parent key and compare them to the working computer. I'm betting they are different. Make them match and you should be golden.
 
They're the same. I don't think its an actual permissions error. I just tried to create it using psexec to run regedit in the SYSTEM account and it was a no go.
I still think there is a left over corrupted BFE key that isn't showing up in regedit.
 
Im so close though. I have everything running, just this one thing. I tried pulling the drive and putting it in the USB adapter on my main machine so I could get direct access to the hive, but that was a no go.
The Hard drive keeps resetting. Must be locked to the machine. Irritating. Now I have to see if I can get a Linux boot disk to run on this.
Probably not.
Im dropping it for now; sleep time now.
 
Last edited:
Stupid question:

Can you use System Restore to go back to a date before the infection and hopefully end up with a workable registry?
 
Originally Posted By: dparm
Cut your losses and reinstall the OS. Fixing these kinds of problems can be a nightmare.


+1000...every time I screw around with corrupted registry issues I end up formatting off the whole mess and starting from zero. This is mostly on my kid's computers (just did a win7 least weekend). So I bought them all Carbonite and set it to do a full backup once a week at night. So they are at leats never one week off all of their data. Then I do a complete scrub and restore. Doing all of the windows updates is a PITA but it is what it is.
 
Originally Posted By: OVERKILL
Stupid question:

Can you use System Restore to go back to a date before the infection and hopefully end up with a workable registry?


LOL, only if you have been going to church twice a week for the last 5 years.
lol.gif
 
Originally Posted By: Doog
Originally Posted By: OVERKILL
Stupid question:

Can you use System Restore to go back to a date before the infection and hopefully end up with a workable registry?


LOL, only if you have been going to church twice a week for the last 5 years.
lol.gif



Meh, there's been the odd time I've had it actually work. It is worth a shot at this point to try before he goes through the trouble of a wipe and reload.
 
You could try system file checker to restore lost/missing/corrupted system files. It has worked for me in the past.

Get a command prompt: type Cmd in the run box, type in sfc /scannow in the dos window and let it run. It doesn't take long and you get a log of files repaired.
 
Status
Not open for further replies.

Similar threads

F
W10 still activates just fine on dell oem. But why?
Replies
13
Views
914
camrydriver111
OVERKILL
Free VPN apps turn Android phones into proxies
Replies
18
Views
740
Lawnman23
wings&wheels
Creative Solutions, or How to Get into a Car with a Bit of Sausage
Replies
8
Views
491
SammyChevelleTypeS3
redhat
Dealership Chain won't do Anything if over 10yr/200k
2 3 4
Replies
70
Views
2K
redhat
Finklejag
My parents Hyundai was stolen last night
3 4 5
Replies
92
Views
6K
Triple_Se7en
Back
Top