cannot merge reg keys, "some are open by the system or other processes&

[Pr3fix]

Hello!

I am having trouble merging some keys into my registry in Windows 7 Professional, 64bit. I am given the error,

  Quote

"Cannot import [my registry key]: Not all data was successfully written to the registry. Some keys are open by the system or other processes."

Background: The reason I need these keys is long and complicated, but it basically boils down to my Base Filtering Engine service (BFE) is corrupt. It won't start, and when I try and get it to start I am given an error of "An object with this GUID or LUID already exists". Because BFE wont start, many other important services (such as windows firewall and VPN/IP related ones) can't start either as they are dependant on BFE.

I am in the process of trying multiple avenues to fix this problem, as reformatting is NOT an option.

I found this post via google, in which the poster was kind enough to provide some valid registry keys for BFE and other core security processes. HOWEVER, when I try and merge any of them into my registry, I get the aforementioned error. I am the only user on the PC and the profile is an administrator profile.

I did attempt to do it in safe mode, as well, to no avail. Exact same error is given in safemode.

If ANYONE can help me out on either of these issues (the registry issue, or fixing BFE in general), I would be so, so so so so appreciative. I have been fighting with this issue for weeks, scoured many forum threads, and still can't seem to get it all working.

Thank you :)

[Pr3fix]

I don't normally do this as I know it's against forum etiquette, but I've perused through these boards and I know they're full of extremely knowledgeable people -- probably more knowledgeable than any other online community. Don't leave me hanging, guys!

[DigitalSnow]

My first quick and dirty suggestion would be to start killing off programs and services until the reg key is editable.

Another idea would be to get Process Monitor by SysInternals and attempt to see what process exactly has that registry key locked.

Those are just my quick recommendations.

Another suggestion would be to open the reg files and attempt to do everything manually using regedit.

Do you know which reg entry specifically is locked?

[Pr3fix]

  On 16/02/2012 at 17:27, DigitalSnow said:

My first quick and dirty suggestion would be to start killing off programs and services until the reg key is editable.

Another idea would be to get Process Monitor by SysInternals and attempt to see what process exactly has that registry key locked.

Those are just my quick recommendations.

Another suggestion would be to open the reg files and attempt to do everything manually using regedit.

Do you know which reg entry specifically is locked?

Hi DigitalSnow, thanks so much for the reply!

I have not tried killing off the processes, however I did try adding the reg keys while booted in safe mode (and came across the same issues as in normal mode). wouldn't this essentially be the same thing, as safe mode runs only the essential processes, or would killing them off manually in normal mode work better?

I will check out Process Monitor, thanks for the link!! :)

Yes, there are several which are locked. Surprisingly, the registry file for BFE merges perfectly fine, however the reg files for mpssvc and sdrsvc give me the "key open by system or other processes" error.

Thanks again for the response. Greatly appreciated.

EDIT: Just to make it a tad clearer, here are the contents of the registry files that I am trying to merge into my registry.

BFE.reg (merges properly):

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,66,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"
[/CODE]

[b]MPSSVC.reg (does NOT merge):[/b]

[CODE]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
[/CODE]

[b]SDRSVC.reg (does NOT merge):[/b]

[CODE]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC]
"DisplayName"="@%SystemRoot%\\system32\\sdrsvc.dll,-107"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,53,00,44,00,52,00,53,00,56,00,43,00,00,00
"Start"=dword:00000003
"Type"=dword:00000010
"Description"="@%SystemRoot%\\system32\\sdrsvc.dll,-102"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ObjectName"="localSystem"
"ServiceSidType"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
53,00,44,00,52,00,53,00,56,00,43,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Enum]
"0"="Root\\LEGACY_SDRSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[/CODE]

[DigitalSnow]

  On 16/02/2012 at 17:44, Pr3fix said:

Hi DigitalSnow, thanks so much for the reply!

I have not tried killing off the processes, however I did try adding the reg keys while booted in safe mode (and came across the same issues as in normal mode). wouldn't this essentially be the same thing, as safe mode runs only the essential processes, or would killing them off manually in normal mode work better?

I will check out Process Monitor, thanks for the link!! :)

Yes, there are several which are locked. Surprisingly, the registry file for BFE merges perfectly fine, however the reg files for mpssvc and sdrsvc give me the "key open by system or other processes" error.

Thanks again for the response. Greatly appreciated.

Safe mode while is great, still runs many processes that are not necessary for your desired fix. For example only: it could be the explorer process that is using the registry key needed; explorer can be killed while you apply the fix.

I am not sure how comfortable you are just killing off processes, but it is sometimes necessary. To restart say explorer or a process once it has been killed, in Windows Task Manager, click File > New Task (Run) and type in the name of the process that you want started (explorer.exe).

Disclaimer: There is always a risk of data corruption when killing a running process.

I would really recommend trying to enter in the values manually. (Yes it is tedious)

1. Open/run the RegEdit application

2. Open the .reg files in a text editor

3. Navigate to the target key in RegEdit

4. Double click on the key to edit it

5. Enter the value listed in the .reg file.

6. Repeat for each key.

Also on a side note, have you tried the bat file (Repair.bat) that Farstrider suggested and the Farbar Service Scanner from the other thread?

[Lee G. Veteran]

Pr3fix,

I had the same problem, and I've just fixed it by changing the permissions of the registry key I wanted to change. I gave Administrators full control of the key, and I was then able to merge the keys from the registry file.

I hope this will work for you. I also tried killing the relevant processes and services, and also trying to merge the key in safe mode, and they didn't work.