Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


C000021a Not Repairable Fatal System Error

  • Please log in to reply
9 replies to this topic

#1 technikal


  • Members
  • 13 posts
  • Location:Utrecht \o/
  • Local time:05:06 AM

Posted 28 September 2006 - 08:46 AM

Hi there.

I seem to be having some serious problems and I have no clue what to do next.
Maybe anyone here knows a solution.

Yesterday I found out about that latest windows leak, I ran some tests and I was infected with it so I downloaded the patch, installed it and hoped for the best.

Because I was working to clean my computer a bit anyway I decided to run ad-aware to scan for any junk on my comp.
I have been using ad-aware since like for ever and never had any problems with it.

The first time I tried running ad-aware it scanned 7k files and then the problem occured.
My windows shut off, I got a bright blue screen wich stated :


STOP: c000021a (onherstelbare systeemfout}
Het systeemproces windows logon process is onverwachts afgebroken, met de status: 0xc0000005 c0x00000000 0x00000000
Het systeem is afgesloten

Since I dont know if any dutch people come here I'll try to translate it to english but I might be a little off

STOP: c000021a (not repairable sytem error}
The system process Windows Logon Process suddenly stopped, with the status: 0xc0000005 c0x00000000 0x00000000
The system is shut-down


The only thing possible after this message is hitting your power button and start up your computer again.
I tried running ad-aware again and to my surprise it scanned up to 105k files.
I thought I was lucky and all went well after reboot but no luck.
I got the same error again.

After a third reboot I started windows in save mode as I have seen it recommended on several topics at this site.
Ad-aware had the same response, this time after scanning 60k files.
Rebooted again to save mode and tried spybot S&D and AVG anti-virus.
Both found some infections, removed them, but the problem still occured.

Next thing I did: Ask a friend for help.
He said: well, Since the problem only occurs when you try to scan with ad-aware. Un-install it and dont use it anymore. You have Spybot S&D and AVG too so why bother.
I thought there might be some sense in it.

So I decided to do nothing and see what happens.
The first thing that changed after another reboot was that the computer does not stop loading anymore.
I had every program I normally use shut-off but the comp keeps loading on.

The next thing I tried was getting another anti spy-ware program.
When I tried to download it I found out my download speed was down to 5kb/s

I tried google to find any solutions to the problem but the next change happenned.
My start page changes everytime I start up IE and when I google something and press a link it redirects me to another search engine wich wont show anything I want.
Even worse, no matter what link I click on google or yahoo it gets me to a site wich claims to be a search-engine but actually is an advertisement page for a enormous pool in my backyard....

And then the final change.
Since this morning I get pop-ups like crazy (888 casino ones and some prices I won because im the 50th million viewer or so)
There is one pop-up I really dont get though, Microsoft office 2000, it wants to install about every 15/20 minutes.
I need to cancel it 4 times before it'll leave and it gets back soon enough again.

There are some other minor changes but thats because of the spyware and I dont think it's worth mentioning.


*run spybot S&D and AVG in save mode, they both removed some junk but didn't help anything.
*system restore to 15 september, wich was a pretty good idea in my opinion but it didn't do anything either.
*panda scan, found about 400 problems but need to upgrade to pro to get them of. Since I dont have a credit card its rather hard to order it.

I am really desperate here. Anyone have an idea or a possible solution?
Any help would be much apreciated.

As told in a reply on my topic I have made a HiJack this log wich I will paste below.

Cheers in advance,


Logfile of HijackThis v1.99.1
Scan saved at 15:41:38, on 28-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g1348109.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegEasy.exe] C:\Program Files\RegistryEasy\RegEasy.exe
O4 - HKLM\..\Run: [hdj02f74] RUNDLL32.EXE w0521ec4.dll,n 00502f6f0000000a0521ec4
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e16.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e16.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\wapasf.dll (file missing)
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)


#2 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:10:06 PM

Posted 29 September 2006 - 07:58 PM

Hi Technikal and welcome to Bleeping Computer. :thumbsup:

I will be helping you under the supervision of one of our experienced coaches.

Please give me a little time to analyze your log. I will post back with instructions.


#3 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:10:06 PM

Posted 02 October 2006 - 05:37 AM

Hi Technikal,

Sorry for the delay in getting back to you.

Your system is in serious difficulty. I am sorry to tell you that the best solution in your case is to reformat your C: drive and reinstall Windows. The stop error that you have been encountering indicates that critical files have been corrupted or destroyed.

Since System Restore did not help, about the only thing we can try before giving up and reformatting/reinstalling Windows is to scan for a rootkit that might be responsible. If you want to do this, here is the procedure:

Please download Blacklight Beta here. You can read the information on the download page for an idea of what it will do. Download it to your desktop and double click to open. Accept the agreement, then on the next screen click the Scan button. When the scan is finished, click Next. If anything was found, let Blacklight clean it. Then exit the program. You will find a log file on your desktop, named fsbl-xxxxxxxxxxxxx.log. The x's are numbers, the first four being the current year. This is a text file and can be opened with Notepad.

If you can't run the scan in normal mode, try it in safe mode. If you get it to work, please post the log in a reply to this thread. If you decide to skip this and go straight for a reinstall, please get back to me with some details about your machine (make, model, recovery or Windows disks available, and so on) and I will try to help you with the process.

Good luck,

#4 technikal

  • Topic Starter

  • Members
  • 13 posts
  • Location:Utrecht \o/
  • Local time:05:06 AM

Posted 02 October 2006 - 08:02 AM

Hi Dave,

Thank you for getting back to me about this :thumbsup:

Im trying that blacklight scan right now.

Since my post a lot has happenned with the computer since.
I scanned regurarely with AVG anti virus and every scan comes up with some trojan bleep in my java console folder.
There is no way of removing that with avg.

Sometimes java works, and sometimes it dont.
Im getting a bit desperate here.

I will post the sca results when its done.

Thanx in advance

#5 technikal

  • Topic Starter

  • Members
  • 13 posts
  • Location:Utrecht \o/
  • Local time:05:06 AM

Posted 02 October 2006 - 08:07 AM

hey Dave,

Think im screwed here.
The scan didn't found anything.

I'll paste the log below anyway :thumbsup:

10/02/06 14:57:50 [Info]: BlackLight Engine 1.0.47 initialized
10/02/06 14:57:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/02/06 14:57:51 [Note]: 7019 4
10/02/06 14:57:51 [Note]: 7005 0
10/02/06 14:57:57 [Note]: 7006 0
10/02/06 14:57:57 [Note]: 7011 1520
10/02/06 14:57:57 [Note]: 7026 0
10/02/06 14:57:57 [Note]: 7026 0
10/02/06 14:58:11 [Note]: FSRAW library version 1.7.1020
10/02/06 15:03:06 [Note]: 2000 1012
10/02/06 15:03:50 [Note]: 7007 0


#6 technikal

  • Topic Starter

  • Members
  • 13 posts
  • Location:Utrecht \o/
  • Local time:05:06 AM

Posted 02 October 2006 - 01:47 PM

Hi there,

I've formatted my computer and re-installed windows with the os recovery cd i made from my dell menu.
Twice to be honest...

The first time the computer couldn't find my Network card.
Now it still cant find it and my soundcard wont work either :thumbsup:

I guess i'll stop trying now and see of you might be able to help cause I really dont know what to do anymore.


#7 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:10:06 PM

Posted 02 October 2006 - 06:47 PM

Hi Technikal,

Please post your Dell computer model number and I will try to help you with this issue. It sounds like your network and sound card drivers are not installed. This can be fixed without starting over with the recovery disk.

If you wish, you can also start a topic about this problem in the Windows XP forum. There are people there who have a lot of experience with reinstalling Windows. If you do this please be sure to include the make and model number of your computer as well as basic specifications -- Processor, speed, RAM, disk drives, and any information of that kind that you can find in the owner's manual.

Good luck --


#8 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:10:06 PM

Posted 04 October 2006 - 08:04 AM

Hey Technikal,

Have you managed to resolve the issues with your reinstallation/restore?


#9 technikal

  • Topic Starter

  • Members
  • 13 posts
  • Location:Utrecht \o/
  • Local time:05:06 AM

Posted 04 October 2006 - 08:19 AM

Hey Dave,

Since this morning I have yeah.

I downloaded this prog called Everest to see what exactly was in my computer.
After that i could download and install the right drivers at the dell site.

Everything is working like it should again.
Too bad it had to be done this way tho.

A lot of thanx for trying to help me and review my logs.
I really apreciate it.

cheers from holland

#10 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:10:06 PM

Posted 04 October 2006 - 09:57 AM

Hi Technikal,

Glad to hear you got it sorted. Sounds like you did some research.

Everest is a great program, it can sniff out equipment Windows doesn't "know" about. Has a lot of other capabilities as well.

I too am sorry that you had to go to the "nuclear option" but sometimes spyware does so much damage that that is the only sure-fire repair.

Now that you have a clean and fully functional computer I recommend you check this BC tutorial for some tips on avoiding infections in the future:


Finally, congratulations on getting your computer back. :thumbsup:

Regards from Tennessee,


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users