Win XP error c000021a

Posted on 2010-09-22
Last Modified: 2012-06-27
Hi All,

Backstory:  EU gets spy/malware, runs some legit antivir, computer freezes.
Hard reboot results in BSOD:
STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with status of
0x0000005 (0x00000000 0x00000000)
The System has been shut down

BSOD occurs when trying to boot XP in normal, safe mode, last know good config, etc.
Note that i cannot do a clean reinstall as there are some documents in  offline files cache (CSC) that the user considers to be of utmost importance.

XP Repair will not work, as this Lenovo laptop has been factory downgraded from Vista to XP and booting from a Windows XP CD results in another, unrelated, BSOD.

I can boot off of [Admin Edit] and access the HDD, registry, etc if need be.

So all this boils down to: how to get rid of the BSOD w/o reformatting the HDD?

Alternatively, whats the best way to access and retrieve offline documents  that are stuck in the CSC cache?

TIA for any help.

Question by:wolfgordon
  • 3
  • 3
  • 3
  • +3
LVL 22

Expert Comment

ID: 33737043
Remove the hard drive and scan it as a slave in another machine. Save the scan log to post here.

You could probably grab those files as well that way

Author Comment

ID: 33737094
I did scan it as a slave - no malware found. something tells me that when the EU scanned it originally, the antivir killed the vir but also damaged some other legit file.

the offline mode files (CSC) are hidden in a folder in the bowels of windows directory and are not easily retrievable.

Accepted Solution

Timothy McCartney earned 250 total points
ID: 33737202
Check the SATA settings in the bios. They're probably set to AHCI. Change it to "Compatible" or "IDE" or something along those lines then try running your XP cd again to do your repair installation.

Alternately, you can find SATA drivers to load manually from the manufacturer's website (Press F6 during the initial loading of the XP setup to manually install drivers)
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

LVL 66

Expert Comment

ID: 33737707
Might suggest extracting all of the files in the Client Side Cache on this dead system....

Get another XP system, and rename the current C:\Windows\CSC directory to CSC-Old, and drop the retrieved CSC folder to the working machine, and try the following....

Features and functions in version 1.1 of the Client-Side Caching ...

Direct downloads of csccmd.exe here....

The command is as follows....

csccmd.exe /extract /target:C:\ExtractedFiles /recurse
(or to only get Offline Modified files.....)
csccmd.exe /extract /target:C:\ExtractedFiles /recurse

(files are brought out to the c:\ExtractedFiles directory....

LVL 66

Assisted Solution

johnb6767 earned 250 total points
ID: 33737757
Also, have you tried mounting the reg hives, and looking at the main keys, like the Winlogon key, or the Shell values? Looked for rogue services as well?

Can also check the offline system's main "viral target" target files for a possible compromise....Check versions and file sizes against a known good OS....


And I would recommend using knoppix/UBCD/Slaved drive instead of the above "Rhymes with Siren's" CD, as thats not allowed to be referenced in this site.....

If any of this needs clarification, simply ask.....

Author Comment

ID: 33737847
Hi guys, thanks for all the hints.

tracerfett, thanks for the info, that allowed me to run the XP repair. The repair failed half way, and the supposed fix from MS ( didnt work either.

So I guess i will cut my losses and try extracting the CSC stuff as per johnb's suggestions tomorrow.

I will let all know how that goes tomorrow mid day.

thanks again


ps. john, why is "Rhymes with Siren's" banished from this site? i happen to find it very useful and saved it my a$$ plenty  times.

Expert Comment

by:Timothy McCartney
ID: 33738057
Have you tried the "fixboot" and "fixmbr" commands from the repair console using the XP disk?

Also, possibly a "chkdsk /r" ?
LVL 66

Expert Comment

ID: 33739777
"ps. john, why is "Rhymes with Siren's" banished from this site? i happen to find it very useful and saved it my a$$ plenty  times."

Because it is distributed freely among the internet, with apps that require licensing...... Actually surprised the mods havent removed the reference yet.....Just want you to be aware for future postings....

Expert Comment

ID: 33758861

I have two machines with the exact same problem. Both are laptops and run XP Pro. They are not related in anyway. It started as a fake av. The user reboots and gets this message.

Here is what I have tried

Based on the BSOD screen i looked up C000021A and based on what I found I looked into user-mode problems.

Restore the Registry from the Repair file...Nothing
Ran the drive as slave and tossed every scanner I could at it. Nothing came up.
SFC /Scannow did not find a problem
I compared the winlogon section of the registry Windowsnt/CurrentVersion/Winlogon and it was the same as a working machine.
System Restore didn't fixit
replaced userinit.exe and winlogon.exe
Chkdsk didn't work
Fix boot and fix mbr didn't work

I am just about out of ideas.

Expert Comment

ID: 33759026

I was about to give up for the night and then I found the  solution!!! This worked for both of my laptops!

I renamed the four files in the C:\Windows\System32 folder: winlogon.exe, gdi32.dll, msvcrt.dll, and comctl32.dll to .old. Then I copied the a known to be good XP to the broken machine.

I first rebooted and goet a new stop code 0X0000024. Before looking it up I tried safe mode with command prompt. This worked. I then navigated to Explorer.exe and it fired up. I did a reboot and up restarting the machine was working.

I did the same thing on the other computer and it worked perfectly. Hope this helps someone else.

Expert Comment

ID: 33774079
After getting in via SafeMode I ran the secedit command to reset the permissions. I then had to run Combo Fix again. This solved the problem for both laptops. It should work for others.

Author Closing Comment

ID: 33774672
thanks guys for your help. i was able to fix this Friday night, sorry for late post. I finally managed to run the repair to the end using an OEM cd. Since i used both John's and tracer's suggestions., i will split the points between both parties.



Expert Comment

ID: 34336027
Thank You ComputerCrews
Copying winlogon.exe, gdi32.dll, msvcrt.dll, and comctl32.dll fixed it.  I also included explorer.exe.   Explorer.exe & Winlogon.exe were both missing.  I booted with a WinPE CD the inserted a USB pen drive.  

I knew it could be fixed without reloading WindowsXP.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question