delete a key then recovery automatic

longying · Feb 28, 2007

in regedt32.exe,I delete a key ,then the deleted key recovery automatic,i
delete it repeat ,it revovery automatic ...
how can this happen ? how can i delete it ?

John John · Feb 28, 2007

longying said:
in regedt32.exe,I delete a key ,then the deleted key recovery automatic,i
delete it repeat ,it revovery automatic ...
how can this happen ? how can i delete it ?

What is the name of the key? How does it "automatically recover"?
Immediately when you delete it, while still in Regedt32? When you
restart Regedt32? When you reboot the computer? What, if any, message
do you get when you delete the key? My guess is that the key reappers
because of something in your run keys, or something that runs and
recreates the key when the pc reboots.

John

longying · Mar 1, 2007

I export the key from regedit:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gqtilo67]
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,
00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,67,00,71,00,74,00,69,00,6c,00,6f,\
00,36,00,37,00,2e,00,73,00,79,00,73,00,00,00
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"DisplayName"="gqtilo67"
"Group"="System Bus Extender"
"Start"=dword:00000000

the "automatically recover " means when I delete it, it recover Immediately
it seems that the key can not be deleted.
is there any tip can set some key in registry can not be changed?

John John · Mar 1, 2007

longying said:
I export the key from regedit:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gqtilo67]
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,
00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,67,00,71,00,74,00,69,00,6c,00,6f,\
00,36,00,37,00,2e,00,73,00,79,00,73,00,00,00
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"DisplayName"="gqtilo67"
"Group"="System Bus Extender"
"Start"=dword:00000000

the "automatically recover " means when I delete it, it recover Immediately
it seems that the key can not be deleted.
is there any tip can set some key in registry can not be changed?

Hmmmm...... Whatever gqtilo67 is it seems to be a well garded secret!
That it's in the "System Bus Extender" group makes me wonder if it
should be removed or disabled. Did you try removing the key in Safe
Mode? There is a driver associated with it that is started, try finding
it and see if it can be shut down before you try to delete the key.

Or you can set the "Start"=dword:00000000 value to 4 (disabled) and
reboot the computer and see if it can then be deleted. Be careful! Not
really knowing what this thing is, disabling the service may prevent the
computer from booting! As it is now it's started as a boot startup type
device/service. If the computer refuses to boot remember to try Last
Known Good Configuration and keep your Windows 2000 cd handy, you might
need to use the Recovery Console if it needs to be restarted again.

John

longying · Mar 3, 2007

I can not set the "Start"=dword:00000000 value to 4 (disabled),
after i set the value, it recover Immediately

"There is a driver associated with it that is started,try finding it and
see if it can be shut down "
I can not find the driver,how can i find it ?

Dave Patrick · Mar 3, 2007

This tool may help.

http://www.microsoft.com/technet/sysinternals/information/BootTimeRegistryActivity.mspx

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

John John · Mar 3, 2007

In addition to Dave's suggestion you can also try using the Recovery
Console's DISABLE command.

Description of the Windows 2000 Recovery Console
http://support.microsoft.com/kb/229716/

Did you run a complete virus and spyware/malware scan on the computer?
Services with names that yeild no results on internet searches are often
associated with virus or malware.

John

Jordan · Apr 11, 2007

I have run into spyware that causes this problem. I usually change the
permission on the key so that no-one has access to the data in the key.

I had a case where no program could get rid of this type of spyware and it
would always rewrite itself into the "Run" key and spawn 3 versions of
itself to continually monitor the registry and memory. I denied all access
to the Run key, rebooted, deleted the virus files, and then restored the Run
key security by taking ownership of the key.

Dave Patrick said:
This tool may help.

http://www.microsoft.com/technet/sysinternals/information/BootTimeRegistryActivity.mspx

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

longying said:

I can not set the "Start"=dword:00000000 value to 4 (disabled),
after i set the value, it recover Immediately

"There is a driver associated with it that is started,try finding it and
see if it can be shut down "
I can not find the driver,how can i find it ?

Click to expand...

Delete Key on Spanish Keyboard	4	May 25, 2018
Trying to remove corrupt registry key	1	Nov 8, 2005
Panasonic cf-29 boot from CD	0	Jun 13, 2021
How to Tattoo PB Imedia 1804	0	Jun 13, 2010
MS Access problem	0	Aug 11, 2018
Set up Automatic Unattended Security Updates on Ubuntu 18.04 or Mint or any Debian.	6	Mar 11, 2019
Displaying zeros in cells	2	Sep 9, 2021
Word Removing unwanted "lines" within a MS Word 10 table	1	May 30, 2018

delete a key then recovery automatic

longying

John John

longying

John John

longying

Dave Patrick

John John

Jordan

Ask a Question

Similar Threads