Fss.exe is an excellent program, can't sing its praises enough. That being said, it can be a bit tricky to get the issues fixed once you've identified them. This post is two things - The first is a description of how I take the information provided by FSS and manage to fix machines without a corresponding uninfected machine of the same flavor of windows. The second is a request for the developer to add in some features to make this process easier.
For anyone who's unfamiliar, the app is available at http://download.bleepingcomputer.com/farbar/FSS.exe
This can identify missing registry keys needed for internet connectivity, firewall, or system restore, and it also checks the MD5's of the associated files in system32 and system32/drivers.
If you've identified missing keys, you're going to need copies of the right keys. I've found someone else who compiled a zip for each type of windows covered. http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
While this has all the keys, you may need to edit permissions, in particular on the legacy keys, to be able to use the reg file.
If FSS identifies the firewall's turned off, just turn it back on using regedit (change the 0 to a 1 at the location in the fss.txt)
Next we get to the sys, dll, and exe files that get md5 checked. These are all available in windows CD's in compressed files which can be opened with 7zip. For windows XP these are available on the CD at i368/drivers.cab and for windows vista and 7 they're in sources/install.wim. If there are multiple flavors of a vista or 7 on the disk, read the xml file at the root of the wim, you can find out which version of vista or 7 corresponds to which numbered directory.
On occasion I've had machines where i replaced the files with incorrect md5s from the disk like this and FSS still said the md5's were incorrect - not sure what the cause of this is, but at least I know the file replaced is no longer a rootkit component. (most common reason i've had to use FSS is cleaning up after a rootkit infection.)
Now we get to the 2nd part, the feature request. I know there is an export service and find files feature, but these seem clunky. When I've got a good machine(or possibly just clean disk), i just want to grab everything it's got wholesale so i can build a repository of solutions. Can we get something which, when all registry keys are correct and all md5's match that can simply grab a copy of all the keys and files and dump them into a directory wherever FSS is run from which is labled with x32 or x64, the base type of windows, and the specific flavor of that base. (i.e. x32 windows 7 home premium). Even better, I don't think it's illegal to distribute the reg keys needed, so just grab the ones I linked above and bundle them in. The files on the other hand would be illegal - but making a script that would grab them off working installs or even the the CD's shouldn't be (working installs are trivial, for the cd's target the cab or wim on the disk, use 7z to open, grab the appropriate files and md5 check them). (just like windows xp PE's which allow you to construct a PE from the XP disks aren't illegal, but releasing them already built is)
Finally, relating to the legacy keys, is there a way outside of permissions in regedit to alter the registry permissions, it would be handy to have something which can allow you to enter the legacy keys then revert to normal permissions on them once you've added the appropriate entries.