Jump to content



Photo
win7

  • Please log in to reply
5 replies to this topic

#1 Pr3fix

Pr3fix

    Neowinian

  • Joined: 15-February 12

Posted 15 February 2012 - 20:32

Hello!
I am having trouble merging some keys into my registry in Windows 7 Professional, 64bit. I am given the error,

"Cannot import [my registry key]: Not all data was successfully written to the registry. Some keys are open by the system or other processes."


Background: The reason I need these keys is long and complicated, but it basically boils down to my Base Filtering Engine service (BFE) is corrupt. It won't start, and when I try and get it to start I am given an error of "An object with this GUID or LUID already exists". Because BFE wont start, many other important services (such as windows firewall and VPN/IP related ones) can't start either as they are dependant on BFE.

I am in the process of trying multiple avenues to fix this problem, as reformatting is NOT an option.

I found this post via google, in which the poster was kind enough to provide some valid registry keys for BFE and other core security processes. HOWEVER, when I try and merge any of them into my registry, I get the aforementioned error. I am the only user on the PC and the profile is an administrator profile.

I did attempt to do it in safe mode, as well, to no avail. Exact same error is given in safemode.

If ANYONE can help me out on either of these issues (the registry issue, or fixing BFE in general), I would be so, so so so so appreciative. I have been fighting with this issue for weeks, scoured many forum threads, and still can't seem to get it all working.

Thank you :)


#2 OP Pr3fix

Pr3fix

    Neowinian

  • Joined: 15-February 12

Posted 16 February 2012 - 17:18

I don't normally do this as I know it's against forum etiquette, but I've perused through these boards and I know they're full of extremely knowledgeable people -- probably more knowledgeable than any other online community. Don't leave me hanging, guys!

#3 DigitalSnow

DigitalSnow

    Neowinian

  • Joined: 07-December 04
  • Location: United States of America

Posted 16 February 2012 - 17:27

My first quick and dirty suggestion would be to start killing off programs and services until the reg key is editable.

Another idea would be to get Process Monitor by SysInternals and attempt to see what process exactly has that registry key locked.

Those are just my quick recommendations.

Another suggestion would be to open the reg files and attempt to do everything manually using regedit.

Do you know which reg entry specifically is locked?

Edited by DigitalSnow, 16 February 2012 - 17:30.


#4 OP Pr3fix

Pr3fix

    Neowinian

  • Joined: 15-February 12

Posted 16 February 2012 - 17:44

My first quick and dirty suggestion would be to start killing off programs and services until the reg key is editable.

Another idea would be to get Process Monitor by SysInternals and attempt to see what process exactly has that registry key locked.

Those are just my quick recommendations.

Another suggestion would be to open the reg files and attempt to do everything manually using regedit.

Do you know which reg entry specifically is locked?


Hi DigitalSnow, thanks so much for the reply!

I have not tried killing off the processes, however I did try adding the reg keys while booted in safe mode (and came across the same issues as in normal mode). wouldn't this essentially be the same thing, as safe mode runs only the essential processes, or would killing them off manually in normal mode work better?

I will check out Process Monitor, thanks for the link!! :)

Yes, there are several which are locked. Surprisingly, the registry file for BFE merges perfectly fine, however the reg files for mpssvc and sdrsvc give me the "key open by system or other processes" error.

Thanks again for the response. Greatly appreciated.







EDIT: Just to make it a tad clearer, here are the contents of the registry files that I am trying to merge into my registry.

BFE.reg (merges properly):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,66,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"

MPSSVC.reg (does NOT merge):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00

SDRSVC.reg (does NOT merge):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC]
"DisplayName"="@%SystemRoot%\\system32\\sdrsvc.dll,-107"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,53,00,44,00,52,00,53,00,56,00,43,00,00,00
"Start"=dword:00000003
"Type"=dword:00000010
"Description"="@%SystemRoot%\\system32\\sdrsvc.dll,-102"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ObjectName"="localSystem"
"ServiceSidType"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  53,00,44,00,52,00,53,00,56,00,43,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Enum]
"0"="Root\\LEGACY_SDRSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


#5 DigitalSnow

DigitalSnow

    Neowinian

  • Joined: 07-December 04
  • Location: United States of America

Posted 16 February 2012 - 18:17

Hi DigitalSnow, thanks so much for the reply!

I have not tried killing off the processes, however I did try adding the reg keys while booted in safe mode (and came across the same issues as in normal mode). wouldn't this essentially be the same thing, as safe mode runs only the essential processes, or would killing them off manually in normal mode work better?

I will check out Process Monitor, thanks for the link!! :)

Yes, there are several which are locked. Surprisingly, the registry file for BFE merges perfectly fine, however the reg files for mpssvc and sdrsvc give me the "key open by system or other processes" error.

Thanks again for the response. Greatly appreciated.


Safe mode while is great, still runs many processes that are not necessary for your desired fix. For example only: it could be the explorer process that is using the registry key needed; explorer can be killed while you apply the fix.

I am not sure how comfortable you are just killing off processes, but it is sometimes necessary. To restart say explorer or a process once it has been killed, in Windows Task Manager, click File > New Task (Run) and type in the name of the process that you want started (explorer.exe).

Disclaimer: There is always a risk of data corruption when killing a running process.

I would really recommend trying to enter in the values manually. (Yes it is tedious)
1. Open/run the RegEdit application
2. Open the .reg files in a text editor
3. Navigate to the target key in RegEdit
4. Double click on the key to edit it
5. Enter the value listed in the .reg file.
6. Repeat for each key.


Also on a side note, have you tried the bat file (Repair.bat) that Farstrider suggested and the Farbar Service Scanner from the other thread?

#6 Lee G.

Lee G.

    Neowinian Senior

  • Joined: 28-October 04
  • Location: London, UK
  • OS: Windows 8.1

Posted 18 February 2012 - 13:04

Pr3fix,

I had the same problem, and I've just fixed it by changing the permissions of the registry key I wanted to change. I gave Administrators full control of the key, and I was then able to merge the keys from the registry file.

Posted Image

I hope this will work for you. I also tried killing the relevant processes and services, and also trying to merge the key in safe mode, and they didn't work.