Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screened because I deleted a registry file and a nasty virus.


  • Please log in to reply
14 replies to this topic

#1 ProwdPapa

ProwdPapa

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 29 November 2012 - 05:15 AM

Hello everyone I'm new to the board and I apologize for not having the time to read through all of the beginning tutorials and scanning to see if this has already been addressed on the site. I've learned more about computers in the last eight hours then I could ever imagine. I have a Lenovo T420 running Windows 7 enterprise service pack two. My computer won't boot up in windows regular mode or safemode. I believe I deleted a registry file and that blue screened my computer. My computer has windows bit locker Drive encryption in which I am an administrator and have the key. I have until tomorrow to get my expense reports submitted for the last three weeks so that I can get reimbursed and my computer picked a doozy of a time to get a virus. Specifically the Mal/Iframe-AH that I thought was quarantined. I believe it is this virus that has: Redirected Google, mirrored other websites, taken over all Internet downloads from Firefox and Internet Explorer, told me Skitch needed an update, and I downloaded a SCARY version of Skitch, and fakes the virus protection scan when I ran it. I went into the registry and deleted a file that basically blue screened my computer. I'm at a point now where I can get to the command prompt however I believe the startup repair from bitlocker is overriding my boot up disk. I did change the boot order from advice from a Lenovo rep over the phone but I still haven't seen the start up menu for the Microsoft, I believe, system sweeper boot disk. My tools are my iPhone4s, that I'm typing on right now, my friend's old Mac computer, a Windows boot up disk system sweep and internet. I've been working on this all day and I have finally, I believe, stumbled upon the place where I can get a solution. I'll be waiting on hand for any and all help and provide the best feedback I can.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 30 November 2012 - 10:52 AM

Do you remember what file you deleted, which started the blue screening?

#3 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 November 2012 - 01:43 PM

i'm sorry...I don't. If I find the article I was referring to when it happened, I'll let you know.

#4 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 November 2012 - 01:48 PM

If we knew, would it be a huge increase in the recovery odds?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 30 November 2012 - 02:07 PM

It would definitely help. Also can you tell me what the bluescreen says or post a photo of the screen please.

#6 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 November 2012 - 02:33 PM

STOP: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0x00000000 (0x00100a20).
The system has been shut down.

#7 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 November 2012 - 03:59 PM

I this bad?

#8 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 November 2012 - 09:58 PM

You created this website?!!!! You're the man! This website is amazing!

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 01 December 2012 - 11:04 AM

STOP: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0x00000000 (0x00100a20).
The system has been shut down.


Sorry for the delay in getting back to you. Came down with a bad cold and havn't been on as much.

When you say you can get to a command prompt, is that by booting in safe mode with command prompt? Or by using the Windows 7 Recovery environment?

If you can get to the Safe mode command prompt, you can try running sfc and let is scan your computer for corrupt system files.

If you are in the recovery environment you can use the following command to check for corrupt files and to repair them.

sfc /scannow /offbootdir=X:\ /offwindir=X:\windows

Please change the X to the driver letter associated with your C:\ drive in the recovery environment. For example, if D: is the drive letter associated with your C: drive, then you would enter:

sfc /scannow /offbootdir=d:\ /offwindir=d:\windows

Also, have you tried booting with last known good configuration?

#10 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 December 2012 - 06:09 AM

I want to thank you again for your help! Ok...a lot here I'm trying to digest. I'll try these suggestions. In the meantime, I'm dealing with entering a long BitLocker Drive Encryption Recovery Key everytime I want to access the C: drive. Is there a way I can disable BitLocker temporarily while I'm trying to fix the computer? Again, I have the key given to me by my IT Dept and I'm the administrator for the computer, so I should be able to right? It seems this would be a ton easier with that off.

#11 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 December 2012 - 07:50 PM

Here's what I've tried:

1. Tapping F8 at startup to get to Advanced Boot Options>Put in BitLocker key successfully to get to menu>Safe Mode with Command Prompt>
STOP: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0x00000000 (0x00100a20).
The system has been shut down.

2. Tapping F8 at startup to get to Advanced Boot Options>Put in BitLocker key successfully to get to menu>Last know good configuration>
STOP: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0x00000000 (0x00100a20).
The system has been shut down.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 02 December 2012 - 09:24 PM

Yes, you can use the manage-bde –off C:\ command if you are in safe mode command prompt. This will disable bitlocker on the drive. More info about the manage-bde command can be found here:

http://technet.microsoft.com/en-us/library/dd875513%28v=ws.10%29.aspx

Personally, I would advise you to backup your data and reinstall. Trying to fix the machine like this when we have no idea what was deleted is not going to be an easy, if possible, task.

#13 ProwdPapa

ProwdPapa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 03 December 2012 - 02:46 AM

Do you have any advice for the best way to extract my data? Are there tools that work best or process that works best?

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 03 December 2012 - 09:13 AM

Have you tried running System Restore from the Safe Mode Command Prompt? This would allow you to restore your registry back to a state from before this issue occurred.

Simply start the computer to the command prompt and type the rstrui.exe command into the window. This will open system restore where you can possible restore back to an earlier state.

First, though, before doing anything else on this computer, I would try and backup the data. Disable bitlocker on your c drive, boot into the Windows 7 recovery command prompt and insert a USB drive. Then copy your data to the external drive.

You can use the copy or xcopy commands to copy your data.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 03 December 2012 - 09:31 AM

Updated my previous answer :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users