Win XP error c000021a

Posted on 2010-09-22
Medium Priority
Last Modified: 2012-06-27
Hi All,

Backstory:  EU gets spy/malware, runs some legit antivir, computer freezes.
Hard reboot results in BSOD:
STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with status of
0x0000005 (0x00000000 0x00000000)
The System has been shut down

BSOD occurs when trying to boot XP in normal, safe mode, last know good config, etc.
Note that i cannot do a clean reinstall as there are some documents in  offline files cache (CSC) that the user considers to be of utmost importance.

XP Repair will not work, as this Lenovo laptop has been factory downgraded from Vista to XP and booting from a Windows XP CD results in another, unrelated, BSOD.

I can boot off of [Admin Edit] and access the HDD, registry, etc if need be.

So all this boils down to: how to get rid of the BSOD w/o reformatting the HDD?

Alternatively, whats the best way to access and retrieve offline documents  that are stuck in the CSC cache?

TIA for any help.

Question by:wolfgordon
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +3
LVL 22

Expert Comment

ID: 33737043
Remove the hard drive and scan it as a slave in another machine. Save the scan log to post here.

You could probably grab those files as well that way

Author Comment

ID: 33737094
I did scan it as a slave - no malware found. something tells me that when the EU scanned it originally, the antivir killed the vir but also damaged some other legit file.

the offline mode files (CSC) are hidden in a folder in the bowels of windows directory and are not easily retrievable.

Accepted Solution

Timothy McCartney earned 1000 total points
ID: 33737202
Check the SATA settings in the bios. They're probably set to AHCI. Change it to "Compatible" or "IDE" or something along those lines then try running your XP cd again to do your repair installation.

Alternately, you can find SATA drivers to load manually from the manufacturer's website (Press F6 during the initial loading of the XP setup to manually install drivers)
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

LVL 66

Expert Comment

ID: 33737707
Might suggest extracting all of the files in the Client Side Cache on this dead system....

Get another XP system, and rename the current C:\Windows\CSC directory to CSC-Old, and drop the retrieved CSC folder to the working machine, and try the following....

Features and functions in version 1.1 of the Client-Side Caching ...

Direct downloads of csccmd.exe here....

The command is as follows....

csccmd.exe /extract /target:C:\ExtractedFiles /recurse
(or to only get Offline Modified files.....)
csccmd.exe /extract /target:C:\ExtractedFiles /recurse

(files are brought out to the c:\ExtractedFiles directory....

LVL 66

Assisted Solution

johnb6767 earned 1000 total points
ID: 33737757
Also, have you tried mounting the reg hives, and looking at the main keys, like the Winlogon key, or the Shell values? Looked for rogue services as well?

Can also check the offline system's main "viral target" target files for a possible compromise....Check versions and file sizes against a known good OS....


And I would recommend using knoppix/UBCD/Slaved drive instead of the above "Rhymes with Siren's" CD, as thats not allowed to be referenced in this site.....

If any of this needs clarification, simply ask.....

Author Comment

ID: 33737847
Hi guys, thanks for all the hints.

tracerfett, thanks for the info, that allowed me to run the XP repair. The repair failed half way, and the supposed fix from MS (http://support.microsoft.com/kb/823303) didnt work either.

So I guess i will cut my losses and try extracting the CSC stuff as per johnb's suggestions tomorrow.

I will let all know how that goes tomorrow mid day.

thanks again


ps. john, why is "Rhymes with Siren's" banished from this site? i happen to find it very useful and saved it my a$$ plenty  times.

Expert Comment

by:Timothy McCartney
ID: 33738057
Have you tried the "fixboot" and "fixmbr" commands from the repair console using the XP disk?

Also, possibly a "chkdsk /r" ?
LVL 66

Expert Comment

ID: 33739777
"ps. john, why is "Rhymes with Siren's" banished from this site? i happen to find it very useful and saved it my a$$ plenty  times."

Because it is distributed freely among the internet, with apps that require licensing...... Actually surprised the mods havent removed the reference yet.....Just want you to be aware for future postings....

Expert Comment

ID: 33758861

I have two machines with the exact same problem. Both are laptops and run XP Pro. They are not related in anyway. It started as a fake av. The user reboots and gets this message.

Here is what I have tried

Based on the BSOD screen i looked up C000021A and based on what I found I looked into user-mode problems.

Restore the Registry from the Repair file...Nothing
Ran the drive as slave and tossed every scanner I could at it. Nothing came up.
SFC /Scannow did not find a problem
I compared the winlogon section of the registry Windowsnt/CurrentVersion/Winlogon and it was the same as a working machine.
System Restore didn't fixit
replaced userinit.exe and winlogon.exe
Chkdsk didn't work
Fix boot and fix mbr didn't work

I am just about out of ideas.

Expert Comment

ID: 33759026

I was about to give up for the night and then I found the  solution!!! This worked for both of my laptops!

I renamed the four files in the C:\Windows\System32 folder: winlogon.exe, gdi32.dll, msvcrt.dll, and comctl32.dll to .old. Then I copied the a known to be good XP to the broken machine.

I first rebooted and goet a new stop code 0X0000024. Before looking it up I tried safe mode with command prompt. This worked. I then navigated to Explorer.exe and it fired up. I did a reboot and up restarting the machine was working.

I did the same thing on the other computer and it worked perfectly. Hope this helps someone else.

Expert Comment

ID: 33774079
After getting in via SafeMode I ran the secedit command to reset the permissions. I then had to run Combo Fix again. This solved the problem for both laptops. It should work for others.

Author Closing Comment

ID: 33774672
thanks guys for your help. i was able to fix this Friday night, sorry for late post. I finally managed to run the repair to the end using an OEM cd. Since i used both John's and tracer's suggestions., i will split the points between both parties.



Expert Comment

ID: 34336027
Thank You ComputerCrews
Copying winlogon.exe, gdi32.dll, msvcrt.dll, and comctl32.dll fixed it.  I also included explorer.exe.   Explorer.exe & Winlogon.exe were both missing.  I booted with a WinPE CD the inserted a USB pen drive.  

I knew it could be fixed without reloading WindowsXP.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question