Windows MCE STOP c000021a error
Running Windows MCE 2005 (I think it's 2005) with SP3 on a HP system. Today I had some malware I was trying to delete. I was running CCleaner, Dr. Web cure it. I also noticed a file in my c:\ drive named services.exe and a couple of batch files that deleted it and themselves. They looked suspicious so I renamed them. (this was in the c:\ drive, not c:\windows\system32) I had some trojan named vrt7/11/12/a/b. I read some info that it corrupts the process to rename itself.
Anyway, after running scans (Ad-aware & Dr. Web found & deleted some stuff) I renamed winlogon.exe and copied over another one from a laptop runnin XP.
I rebooted and got the BSOD with a c000021a error with a status of c0000005 (only found that out by disabling auto reboot upon error)
Safe mode will still work. Used it to put back the orig winlogon.exe and deleted the one I copied over from the laptop.
Didn't help any. So now I'm stuck. Any help to resolve this is greatly appreciated.
Anyway, after running scans (Ad-aware & Dr. Web found & deleted some stuff) I renamed winlogon.exe and copied over another one from a laptop runnin XP.
I rebooted and got the BSOD with a c000021a error with a status of c0000005 (only found that out by disabling auto reboot upon error)
Safe mode will still work. Used it to put back the orig winlogon.exe and deleted the one I copied over from the laptop.
Didn't help any. So now I'm stuck. Any help to resolve this is greatly appreciated.
0
Comments
http://icrontic.com/articles/fix-the-0x0000008e-bsod-once-and-for-all
One of the 1st things that says is that you need installation disks - not recovery CD's. My HP system is 2 years old or so and came with no disks - although I was able to make my own recovery disks.
My HP PC has a D: partition with the O/S on it. I used it to just restore winlogin.exe. That got me past the BSOD, but then it complained about services.exe. So I restored that file. Now the BSOD was replaced with an empty black screen.
I tried doing a non-destructive restore of Windows from the Recovery Console option on my HP PC (which overwrites the O/S files, but not any other directories). Initially I thought it worked, but during the process of downloading updates & restarting the PC, I suddenly got back into the situation where the login screen changed on me (went from the screen where you can click on the various user accounts to the dialog box). Once I logged in, no icons appeared. I had to bring up task manager & click on 'New Task' and type in 'windows' to get going. I then ran Dr. Web cure-it and it found all those trojans again. I also saw that 'reader_s' was suddenly in the My Documents folder.
So I decided to use the Recovery Console option to do a destructive wipe the C: drive and reinstall the O/S. I've gone thru the process again of downloading Windows Updates from the MS site and the HP site. So far everything seems clean. Now I have to restore my saved files from the external hard drive.
Troubleshooting sucks. It's far easier to back up your files and reformat the PC.
A user could go on for days or months and never ever fix their installation of Windows, but a reformat ("destructive restore") will make everything right as rain in < 3 hours.
I have to second this.
Back up often.
Even if you don't have a catastrophic system failure, a full system reformat every so often does wonders to restore performance to a system suffering from "windows rot".
When you have a fundamental meltdown as described, sometimes you can troubleshoot it till your face turns blue, the only real solution is to reinstall windows from scratch. I had a battle with a friends laptop last week, I spent hours trying to figure out the source of the problem, and ultimately I did and repaired it. Honestly, if it were my machine, I would have just reformatted.
Thank God I had an external drive that I regularly backed up my data/photos/email/etc & apps that were installed via a download rather than a disk. Plus a text file that contained serial numbers for software etc so I can reinstall them.
It's just a pain to go through all the windows updates needed from a system whose O/S is 2 years old or so, then the reinstalls and restoring of saved data.... 'course if I wiped the disk from the start I'd be back to fully operational by now. Live & learn.
I agree about the misery of the update process. Microsoft should let you download a full up to date .iso and burn it with a valid product key. Lets hope they will move to a more progressive re installation process in the near future.
I've already had 2 major problems with infinite loop reboots after installing Windows updates. One after the upgrade to SP2. I booted to the recovery console and did a chkdsk \R thinking that maybe something got corrupted on the disk. After that ran, & fixed problems, I was able to successfully log in. Then I upgraded to SP3 and still seemed OK. Then I suddenly had 40 more updates to install. After that I was back to the reboots. A Chkdsk didn't help any this time. I found some info about issueing a 'disable intelppm' from the command prompt. So far so good, but I'm almost afraid every time I click an icon. My son keeps telling me to buy a Mac.....
If your fed up with windows, and your not concerned about direct X gaming, or select other windows only applications and API's, you realy should try Linux Ubuntu. Its free, its realy awesome for a general purpose OS, and the freeware thats available for it now is realy impressive. Its very windows like, without all the headaches.
http://www.ubuntu.com/products/whatisubuntu/810features/
thanks, I'll look into it. So far the removal of SP3 is keeping the system stable. But IE 8 doesn't work right - as the uninstall of SP3 mentioned.
But the 'Add/Remove programs' from Control Panel lists IE8 without a button to click on to remove it. I've downloaded but haven't installed it yet.
Does anyone know how to rollback IE8 to IE7 if Add/Remove programs doesn't show a 'Remove' button?
You should immediately start by testing your memory (with memtest) and your hard disk (with long/full scans using Hitachi DFT or SeaTools for DOS).
I'm considering it now as the wife just called to say that it took several login attempts before she got in.
I know about memtest. Are the disk test programs downloadable? I don't remember the brand of hard disk I have - have to wait until I get home.
Sorry for the dumb question(s), but the 1st 3 lines look like they're burning seperate CD's for each one of those apps, or do I just downloade those programs and use that ISO Recorder in the guide to make a single CD image with those 3 programs on it?
Is the CD image a boot CD? Can I just download those programs and run them from safe mode?
Not to further embarrass myself, but is the Seatools program only for Seagate disks and likewise for the other?
thanks to both of you - will hopefully get to it tonight, but since I have my son's H.S. grad party tomorrow it mayhave to wait until later.
I have a Seagate drive, I ran the long test for seatools w/o any problems reported. I ran Memtest for 2 hours w/o any problems being reported. How long should it run?
After running those tests, it took about 4 tries to successfully reboot the PC (last night). This morning it started up on the 1st try, but the login screen reverted back to the dialog box. Ad-Aware now reports that I have the vrt32 trojan again and also found something called ld08.exe - which an internet search says is malware. I have no idea how they got back. Unless the saved versions of zonealarm & ad-aware are infected or the windows/hp update process is doing it to me somehow.. Tried to download tha Avast anti-virus program, but I can't connect to www.avast.com (at least right now)
Will probably try another destructive recovery later and only do Windows updates first, then download zonealarm/adaware from their websites
Anyway I used the program to clean up, then I installed Zone Alarm. Did all the windows updates, including SP3 & IE8, and everything's been ok today.
So far so good...