Lexington Computer Repair Blog

And now I’m getting the same error Stephan got:

Stop : c000021a {fatal system error }
The Windows subsytem system process terminated unexpectedly with a status of 0x c0000005 (0x77cee4B4 0x00daf350)
The system has been shut down.

@Nick

I love you!!!!!!!!!!

I got lucky! I had a week old backup that I was able to restore from. I had to use a Ubuntu live disc to dig it and move it to the right location! Thanks for all your help!

Thanks A ton trying to fix my pc since last 6 hours At last Fixed it

Hey I stumbled over this blog on my smartphone, after I got exact the same bluescreen and text. After reading all this I guess something critical of Windows is infected, or has been, after malwarebytes found it and I deleted it.

My Problem is: How do I get into the registry editor? I don
t have a Windows cd/dvd or ubuntu to start with.

Thanks beforehand

@Dominik
Ok im in ubuntu 11 right now, started it from DVD, but when i open the regedit through wine, the registry is almost empty.

In HKEY_LOCAL_MACHINE\System theres only the sub folders CurrentControlSet and MountedDevices, no ControlSet001 or ControlSet002

I have tried to import a actual registry but i dont now how in ubuntu (wine)
Does anyone know what i am doing wrong or how to import the right regstry file?

Thanks beforehand again

Thanks for this info. You saved me a ton of time.

Thanks for sharing! Really awesome!!!!!!

Thanks, solve my problem

You save my live !!!!
Thanks !!!

I am only seeing drive X . i know im in the wrong spot cos im seeing system file & system text. i go to cmd from repair tool and try diskpart to determine my drive and the option f “0″ was not shown. I may be supernoob for asking this but, I am running raid 0, does that dsqualify me from this solution? I cannot see why it would, but at this point im pretty “meh” and require sleep

Apologies for the poorly arranged post from earlier. Anywho, when I run list. disk i get…
list disk: “there are no fixed disks to show”
  
I ran list volume getting  ”there are no volumes”
and list partition as well getting ” there is no disk selected to list partitions.Select disk and try again”

I am not seeing anywhere to select a disk or I am simply ignorant as to how to do it =\
  As to the bit regarding my less than perfect sentence  , ” i go to cmd from repair tool and try diskpart to determine my drive and the option f “0″ was not shown” the “f” of  ’f”0″ ‘ was a typo and the “0″ portion of that was in reference to JonERotn post stating “ diskpart ‘diskpart will display header information and put you into the diskpart con
select disk 0
list volume…”
 I simply do not see any disk to choose from. So yes, It seems my recovery environment can’t see my Windows installation either.  oh, and as to why raid, this is strictly gaming pc, externally backedup important stuff etc, I just want to beat this damn issue as a matter of stubborn pride >< . Thanks for your help and this useful thread. Back to work =P 

Apologies for the poorly arranged post from earlier. Anywho, when I run list. disk i get…
list disk: “there are no fixed disks to show”
  
I ran list volume getting  ”there are no volumes”
and list partition as well getting ” there is no disk selected to list partitions.Select disk and try again”

I am not seeing anywhere to select a disk or I am simply ignorant as to how to do it =\
  As to the bit regarding my less than perfect sentence  , ” i go to cmd from repair tool and try diskpart to determine my drive and the option f “0″ was not shown” the “f” of  ’f”0″ ‘ was a typo and the “0″ portion of that was in reference to JonERotn post stating “ diskpart ‘diskpart will display header information and put you into the diskpart con
select disk 0
list volume…”
 I simply do not see any disk to choose from. So yes, It seems my recovery environment can’t see my Windows installation either.  oh, and as to why raid, this is strictly gaming pc, externally backedup important stuff etc, I just want to beat this damn issue as a matter of stubborn pride >< . Thanks for your help and this useful thread. Back to work =P 

Oh. My. God. You saved my life. THANK YOU

Same here… THANK YOU.

In my case it was TrendMicro that removed a simple BitCoin Miner.
Took me 6 hours to resolve this.
Thx again!

This solution worked great! THANK YOU!! For anyone having issues with editing the registry on a computer that doesn’t boot, just download the newest version of kaspersky rescue disk 10 boot cd (it’s free) which now includes a registry editor that will automatically connect to your offline registry.

@Nick
many thanks!!!!you save my computer’s life and me for saving money!!! many thanks again!!!

This worked for me. I used “Offline Registry Editor” to make the change.

6 hours in, I found this and it saved my expensive computer from being thrown into a lake. You sir, are my hero.

I love youuu! I was so close to reinstalling Windows. I’m no expert and couldn’t find the right file at first but then I followed instructions from “everettf” and my system works again!!! If you can’t see both ControlSet001 AND ControlSet002 under HKEY_LOCAL_MACHINE\SYSTEM be sure to follow instructions from “everettf”.

If the above instruction doesn’t work, try a simple registry restore.

rename the 5 registry (system, software, security, sam and default) file c:\windows\system32\config to .bak
then copy the 5 backup registry from c:\windows\system32\config\regback
answer yes when prompted to overwrite.
Reboot.

@Nick thank, you save me and my computer

I have this problem on my wife’s machine, and when I insert the Windows 7 CD, I chose command prompt and typed “regedit” and it brought up the registry editor.

The strings above are the way they should be. Am I missing an extra step? Something about loading hives, etc.? Is my registry editor ran from the command prompt from the Windows 7 CD displaying the correct registry to fix? Thanks!

@Nick

Amazing! I didn’t realize what the above post in italics meant when it referred to as the post on Jan 20th, because I didn’trealize that the site put me to the last page. THANK YOU for this invaluable information. YOU are AWESOME!

(Got PayPal? haha!)

Skyler

everytime i am in C: i type regedit, i follow all instructions, load hive, then i see double of all (example system, system-one is a text document the other is a file) btw i have AVG installed.

“To use System Restore, you must specify which Windows installation to restore.
Restart this computer, select an operating system, and then select System Restore”

how do i select OS. I have Win7. its an upgrade

You are a Godsend. My computer was going along fine – I thought – then I did the latest updates and it installed MSE and SP1, etc. MSE popped up with a message that I needed to reboot and POOF! That bloody, miserable error! I did a system restore thinking it had something to do with the SP and the machine started up fine again – then I tried reinstalling the updates and it had the same effect. Found this post, followed the steps (I used Hiren’s 15.1 Boot disk and the PE registry editor), corrected the problem and rebooted – started right up and configured the newly installed updates with no further issues. Thank you SOOOOO much!!! You just saved me countless hours of beating my system into submission!!

hi, i’m facing the same issue and I have the
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems (exists)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems (doesn’t exist). should I create it or leave it alone, my machine still won’t boot (stuck on BSOD)…. please help!
thanX in advance
zubi

Very helpful blog indeed I wish to thank the blog article and the author for an extremely useful article not only w.r.t the removal of the changed file but also tremendously helpful for becoming an advanced user of recovery console.

For what its worth I will add my experience as it was with a production test server, maybe it would be helpful for someone next time. I had a Windows 2008 R2 server SP1 with latest updates installed, inclusive of windows defender and MSE (Microsoft security essentials), no backup of our single drive existed before this darned BSOD appeared. As instructed here I followed the step by step procedure to remove the consrv.dll prior to doing this I had already used the recovery console to copy essential application files to a USB storage device, then proceeded by

1. loading the hive
2. removal of entries in ControlSet 001 and ControlSet 002
3. Unloading the hive

Booting was successful however the task was not done after a successful boot I manually searched for traces of consrv.dll and so forth which i did find in windows system 32 directory, and after removal of these traces a fresh full scan of the updated MSE (Microsoft security essentials) was performed, this fresh scan removed a couple of other trojans (which may be specific to my server). The point is that this whole process also works for a fully functional 64-bit production server.

I personally believe now that Windows has evolved to become a powerful OS for the SOHO and Medium sized enterprises with reference to Application and DB being hosted on the same machine, on this blog I have people not satisfied with the recovery options, recently I had the opportunity working with S.U.S.E Linux in a large enterprise and when it crashed despite trying methods such as Kernel repair and other block recovery methods it took a whole 2 days to eventually recover from backups, however with windows 2008R2 in production environments it does not corrupt with power outages and each time we have been able to recover from crashes at multiple sites and own sites with and without backups, credited is definitely due here. (see on sandbox servers we perform extreme measures such as cutting of power from live servers, crashing drives using recovery methods and so on despite what people argue about Windows today as an OS not other products has the fastest recovery rate and fault tolerance without support devices).

There are 2 things I would like to mention before I end my comment.

1. Even if this does not work, there is a method in debugging mode where you can recover by identifying what entry in the registry has been changed what you will need is a serial cable (for connecting two machines, also called laplink) preferably same OS on both machines and enter debugging mode of the working machine, you will be able to trace the exact registry entries that were changed and where and fix the problem

2. I forgot to mention what caused the error in my server in the first place, yesterday morning for no apparent reason the machine rebooted, I assumed that it was a low voltage dip which the UPS could not handle and hence reboot, however the real culprit was this consrv.dll file or virus, what I did later in the day was updated the server, install windows defender run scans and also install MSE, MSE identified the threat and cleaned 99.8% problem however on reboot this BSOD occured.

Thank you for your time, and to whoever reads this comment thank you for bearing with this somewhat long comment

regards to all riz

Just wanted to leave a note confirming this did in fact work for me. Thanks a trillion blue million!

Worked for me

Im using win7 64bit. I don’t have \windows\system32 but I have only \windows\system64 and I tried but it doesnt work as it should be the wrong folder!! what should I do!!! help mee plzzzzzz

@admin

Yeah, I think so. It should be virus and malware that hide system 32!!!!. Anyway if I have Ubuntu and I have other PC in Win 7 but 32bit, anything that I can do with these to help recovery??

Hi,
Now that I manually find winsrv.dll and copy it, naming the copy consrv.dll, I can go to the welcome screen but after that it will crash to blue screen again with other reason. What should I do? I still trying to edit the registry by your method but it seems that some virus hide the system32 folder in my C:OS drive!. I am so desperate now.

Or should I do like this; I have the non-genuine win7 64-bit CD installation with me. Should I install it in other partition and try to run malwarebyte to kill the viruses in my infected genuine C:drive? and then try to edit the registry again. What do you think?

Thanks a million.

You are awesome. You saved one of my clients machines. You are my hero !!!!

BTW, be sure to load the system registry file from the c:\windows\system32\config registry in windows 7 64 bit edition (in this particular case.) and name it something of your choice, then edit the keys in controlset1 and controlset2, then unload the hive, then reboot the machine.

I can’t load the hive because apparently “system” is already in use.

@admin

I’m not extremely tech savvy so excuse me if I misintepreted you’re comment. But I accessed /cmd via my windows disc and regedit ‘ed that way.

@admin

Apologies, I restart and it worked this time, I must have done something wrong. I have no consrv where winsrv should be however, so I’m looking into other problems, many thanks anyway.

Found a computer where this would not fix it. After digging around for several hours, I finally realized (with the hard drive in another machine) that the winsrv.dll file was dated more recently than the same file on another Win7 machine. I copied it from a working machine to the hard drive, and it has now booted up. Next step is to do some scanning and make sure there is no virus or rootkit still left behind…