Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD - AT STARTUP (0xc000021a)


  • Please log in to reply
95 replies to this topic

#31 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 27 December 2016 - 06:19 PM

Results:

 

 

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-12-27 18:04:28.674
Microsoft Windows 10 Build 14393 - amd64
Using .zip script file at C:\Users\Steve\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\RfxVmt.sys
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\Synth3dVsc.sys
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.14393.0_en-us_a429d0a47f7d26d2\tunnel.sys.mui
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.14393.0_en-us_d5a856fcc5a6bb7f\SensorsCx.dll.mui
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.14393.0_none_a284b97287a9fdb2\IddCx.dll
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.14393.0_none_6f6c0355154e118d\IndirectKmd.sys
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.14393.0_none_78970b952b812ef0\iaLPSS2i_GPIO2.sys
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_iai2c.inf_31bf3856ad364e35_10.0.14393.0_none_e95fc20279b35dca\iai2c.sys
Successfully took permissions for file or folder C:\WINDOWS\WinSxS\amd64_iagpio.inf_31bf3856ad364e35_10.0.14393.0_none_3b254129d7d109ab\iagpio.sys

Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\RfxVmt.sys to C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\RfxVmt.sys.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\Synth3dVsc.sys to C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\Synth3dVsc.sys.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.14393.0_en-us_a429d0a47f7d26d2\tunnel.sys.mui to C:\WINDOWS\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.14393.0_en-us_a429d0a47f7d26d2\tunnel.sys.mui.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.14393.0_en-us_d5a856fcc5a6bb7f\SensorsCx.dll.mui to C:\WINDOWS\WinSxS\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.14393.0_en-us_d5a856fcc5a6bb7f\SensorsCx.dll.mui.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.14393.0_none_a284b97287a9fdb2\IddCx.dll to C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.14393.0_none_a284b97287a9fdb2\IddCx.dll.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.14393.0_none_6f6c0355154e118d\IndirectKmd.sys to C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.14393.0_none_6f6c0355154e118d\IndirectKmd.sys.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.14393.0_none_78970b952b812ef0\iaLPSS2i_GPIO2.sys to C:\WINDOWS\WinSxS\amd64_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.14393.0_none_78970b952b812ef0\iaLPSS2i_GPIO2.sys.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_iai2c.inf_31bf3856ad364e35_10.0.14393.0_none_e95fc20279b35dca\iai2c.sys to C:\WINDOWS\WinSxS\amd64_iai2c.inf_31bf3856ad364e35_10.0.14393.0_none_e95fc20279b35dca\iai2c.sys.
Successfully copied file C:\Users\Steve\AppData\Local\niemiro\Archive\amd64_iagpio.inf_31bf3856ad364e35_10.0.14393.0_none_3b254129d7d109ab\iagpio.sys to C:\WINDOWS\WinSxS\amd64_iagpio.inf_31bf3856ad364e35_10.0.14393.0_none_3b254129d7d109ab\iagpio.sys.

Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\RfxVmt.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\RfxVmt.sys
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\Synth3dVsc.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_wsynth3dvsc.inf_31bf3856ad364e35_10.0.14393.0_none_1f798f0d11d64d54\Synth3dVsc.sys
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.14393.0_en-us_a429d0a47f7d26d2\tunnel.sys.mui
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.14393.0_en-us_a429d0a47f7d26d2\tunnel.sys.mui
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.14393.0_en-us_d5a856fcc5a6bb7f\SensorsCx.dll.mui
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.14393.0_en-us_d5a856fcc5a6bb7f\SensorsCx.dll.mui
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.14393.0_none_a284b97287a9fdb2\IddCx.dll
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.14393.0_none_a284b97287a9fdb2\IddCx.dll
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.14393.0_none_6f6c0355154e118d\IndirectKmd.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.14393.0_none_6f6c0355154e118d\IndirectKmd.sys
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.14393.0_none_78970b952b812ef0\iaLPSS2i_GPIO2.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.14393.0_none_78970b952b812ef0\iaLPSS2i_GPIO2.sys
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_iai2c.inf_31bf3856ad364e35_10.0.14393.0_none_e95fc20279b35dca\iai2c.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_iai2c.inf_31bf3856ad364e35_10.0.14393.0_none_e95fc20279b35dca\iai2c.sys
Successfully restored ownership for C:\WINDOWS\WinSxS\amd64_iagpio.inf_31bf3856ad364e35_10.0.14393.0_none_3b254129d7d109ab\iagpio.sys
Successfully restored permissions on C:\WINDOWS\WinSxS\amd64_iagpio.inf_31bf3856ad364e35_10.0.14393.0_none_3b254129d7d109ab\iagpio.sys
PowerCopy:: directive completed successfully.




Successfully processed all directives.



Failed to generate a complete zip file. Upload aborted.


SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 9 datablocks.
Finish time: 2016-12-27 18:09:08.676
Script hash: vNAZGxEuFi0pBTKRgYZl31lxrVp/CeWLqNmlQSSFMvM=
----------------------EOF-----------------------



BC AdBot (Login to Remove)

 


#32 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 27 December 2016 - 07:14 PM

Thank you for the log.

 

It looks promising :) Let's do the SFC scan again, followed by another sigcheck

 

SFC Scan
1. Right-click on the Start w8start.png button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
sfc /scannow
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
Now, we are going to use sigcheck again. Go back into the folder where sigcheck was extracted, and from there, go to FileOpen Command Prompt
Run these three commands one at a time:
sigcheck -a -e -s -nobanner C:\Windows\system32\drivers >%UserProfile%\Desktop\Driversig.txt
sigcheck -a -e C:\Windows\system32\winlogon.exe >>%UserProfile%\Desktop\Driversig.txt
sigcheck -a -e C:\Windows\system32\csrss.exe >>%UserProfile%\Desktop\Driversig.txt

Once you have done that, attach the Driversig.txt file on your Desktop in your next reply

 

-CKing

 


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#33 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 28 December 2016 - 04:01 PM

OK ZIP and TXT file attached.

 

 

 

 

Attached Files



#34 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 28 December 2016 - 06:47 PM

Thanks again for the logs :)

 

This time, sigcheck also checked for winlogon and csrss. Winlogon turns out to be corrupt:

c:\windows\system32\winlogon.exe:

Verified: Unsigned

Again, SFC didn't catch any of the corrupt system files, and now I know why. There are many catalogs that are corrupt. Let's work on fixing that and winlogon

 

SFCFix Fix
This fix is very specific for sippenhaft's computer. Trying this fix on your own computer might damage your computer. If you are after assistance, create a new thread, and you will be assisted shortly.
 
Download SFCFix (by niemiro) and move the executable on your Desktop.  If you have kept SFCFix from previous fixes, use that instead.
Download SFCFix.zip from here and move the archive to your Desktop
Note: Make sure that the file is named SFCFix.zip, do not rename it.
Save any work you have open, and close every programs
Drag the SFCFix.zip file over the SFCFix.exe executable and release it

mMabJGT.gif

SFCFix will launch, let it complete
Once done, a file will appear on your Desktop, called SFCFix.txt
Open the file, then copy and paste its content in your next reply
 
Now that is run, let's verify with DISM if the catalogs are repaired:

DISM Scan
1. Right-click on the Start w8start.png button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
DISM /Online /Cleanup-Image /RestoreHealth
Note: It may appear to be stuck at 20% but it is not stuck.
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter.
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
4. Once this has completed please go to your Desktop and you will find CBS.txt => Right-click on this file and choose Send To...Compressed (zipped folder). Please upload this zipped file CBS.zip to this thread
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
After that is done, I am going to request you to run these commands in Command Prompt:
fsutil hardlink list C:\Windows\system32\winlogon.exe >%UserProfile%\Desktop\info.txt
"C:\Program Files (x86)\Microsoft Visual Studio 12.0\vc\bin\dumpbin.exe" C:\Windows\system32\winlogon.exe /headers | findstr /c:"date stamp" /c:"size of image" >>%UserProfile%\Desktop\info.txt

Once these are finished, copy and paste everything in info.txt on your Desktop so we can trace the correct version of winlogon without the hash from SFC to help us

 
-CKing

If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#35 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 03:46 PM

OK ran the items above. ATTATCHED the files requested. There was ONE error, the last string you asked me to run...here is copy:

 

Microsoft Windows [Version 10.0.14393]
© 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>DISM /Online /Cleanup-Image /RestoreHealth

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.0

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.

C:\WINDOWS\system32>copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
        1 file(s) copied.

C:\WINDOWS\system32>fsutil hardlink list C:\Windows\system32\winlogon.exe >%UserProfile%\Desktop\info.txt

C:\WINDOWS\system32>"C:\Program Files (x86)\Microsoft Visual Studio 12.0\vc\bin\dumpbin.exe" C:\Windows\system32\winlogon.exe /headers | findstr /c:"date stamp" /c:"size of image" >>%UserProfile%\Desktop\info.txt
The system cannot find the path specified.

C:\WINDOWS\system32>

 

Attached Files



#36 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 30 December 2016 - 04:22 PM

The fix was successful :)

 

Oh right. I forgot about Visual Studio thing. For simplicity, could you go to virustotal.com, and have it check C:\Windows\system32\winlogon.exe? Once you are done that, copy the url of the link and post it here :)

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#37 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 05:00 PM

That file is not showing in that folder/path????  "C:\Windows\system32\winlogon.exe?"



#38 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 30 December 2016 - 05:03 PM

It should be there. When in virustotal.com, click on Choose File, and browse to C:\Windows\system32 folder

 

Here, find winlogon.exe and click Open and then Scan it!

 

It will do the scan. Just copy the url once it is done.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#39 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 05:33 PM

It is odd. THe file is there as I can find it using file explorer. But trying to BROWSE for it on that website...its not there.



#40 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 30 December 2016 - 05:39 PM

Strange...

 

Try to copy it to Desktop, and then try scanning the one on the Desktop

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#41 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 06:01 PM

OK. When I did that, it said it was analyzed already:

https://www.virustotal.com/en/file/980cb495751e96543e3e5d945a87211c28241a7dde05a28e9f55488aa24c24f2/analysis/

 

So I did a re analyze:

https://www.virustotal.com/en/file/980cb495751e96543e3e5d945a87211c28241a7dde05a28e9f55488aa24c24f2/analysis/1483138769/



#42 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:10:19 AM

Posted 30 December 2016 - 06:18 PM

Thank you

 

The file is not corrupt. Just verified it again.

 

See if you can boot your computer normally again. From the winlogon version, your computer is not up to date. If you still have BSODs, then I suggest you to install all the updates that are available for the computer. 

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#43 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 06:22 PM

The only update available (and it failed when I tried to do it) was as follows:

 

 Microsoft Office File Validation Add-in - Error 0x8024002d

 

 

There are no other updates.

 

Going to try to restart...bb in a moment to report in!



#44 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 30 December 2016 - 06:35 PM

:(   Same BSOD...same error code. Was able to get in by disabling sig enforcement.


Edited by sippenhaft, 30 December 2016 - 09:09 PM.


#45 sippenhaft

sippenhaft
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Joisey
  • Local time:01:19 PM

Posted 01 January 2017 - 02:08 PM

Really getting confused.

Today, I tried to bootup, got the same BSOD, restarted, BSOD, restart, and this time at ADVANCED SETTINGS I chose F2 (enable boot logging) and the system started.

So I am not sure what is crashing it the first two times at start up, but I can get it to start from the ADVANCED boot options now with F2 or F7.???

 

Thoughts?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users