Reboot Loop (C000021a)

Mobo: Foxconn 865A01
Bios: Springdale-6A79AFKAC-00
Chipset: Intel 865/848
RAM: 4 x 512MB SDRAM
etc..

OS: Windows XP Home SP2 (up to date as of 15/03/2008)

Problem: I rebooted after installing/removing some software and got stuck in a reboot loop. I've tried:
Safe mode - Same problem
Last known good configuration - same problem
disabled auto-reboot on system failure - BSOD as below.


STOP: c000021a (Fatal System Error)
The windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000).
The system has been shut down.


Booted from windows CD, got

STOP: 0x0000008E (0xC0000006, 0xF740DFEA, 0xF78C2A14, 0x00000000)

*** setupdd.sys - Address F740DFEA base at F73EC000 Datestamp 411078C8F

*** asc35550.sys - Address F78C2A14 base at F78C2A14 Datestamp 00000000

Therefore couldn't load up recovery console.

- Swapped (broken) master drive (D around with slave drive (C.
- Booted from C:. No problems.
- Backed up files from D:, no problems.
- Installed recovery console on C:, rebooted, ran FIXROOT, CHKDSK and - FIXMBR on D: - nothing came up except FIXMBR found the MBR to be corrupt and supposedly fixed it.

Tried again to boot from D: but same as before, reboot loop (or c000021a Stop error). Still unable to boot from windows CD (0x0000008E)

Booted from C:. Ran Antivir, SB S&D, Sophos anti rootkit and Rootkit Revealer.

2 warnings from antivir, niether relevant I think as they both relate to the (working) C: drive.


C:\pagefile.sys
[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


Nothing from SB or Sophos AR, but Rootkit revealer threw up this:

D:\System Volume Information\_restore{........}\RP65\A0010405.dll
Visible in Windows API, but not in MFT or directory index

Anyone heard of this rootkit or know if it could be the culprit? located file with antivir and it claimed it:

Is the Trojan horse TR/ConnectServices.0

but I'm not convinced...

Going back to the 0x0000008E STOP error when booting from the XP cd, MS knowledge base claims this is due to faulty hardware, usually memory, but seeing as I have 0 problems booting from a slave drive I doubt htis is the case. Still worth doing a memory test?

The C000021a error looks to be a fairly common one, where winlogon.exe and/or Csrss.exe fail. Problem is I can't get into the registry on that drive to check if Msgina.dll is causing problems. Would it be worth simply replacing said files with ones from the working slave system?

Any help with this would be much appreciated as not too sure what to do now....can't even format drive let alone boot from it. I'm 99% sure this is a software problem and I think it probably has something to do with that dubious \system volume information .dll, but beyond that I'm out of ideas.

 

Thanks for the link, not sure how I missed that one.
Managed to access the registry on the broken drive using that guide, but didn't find any PendingFileRenameOperations entries. However in the software hive of the prior installation I did find this entry:

HKEY_LOCAL_MACHINE\TEST2\Microsoft\Windows\CurrentVersion\RunOnce
WMC_RebootCheck REG_SZ C:\WINDOWS\inf\unregmp2.exe/FixUps

Don't know if that could have anything to do with the problem but it's supposedly safe to delete so I'll give it a shot.

Assuming that's not the problem and it's a trojan/rootkit, is there any software I can use to scan/fix a hive registry?

Thanks again for any help, it's probably obvious that I'm well out of my depth here...

 

I could really use some help on this :/

I've just been through this guide: http://support.microsoft.com/kb/307545/ to try and restore the registry back to how it was the day before the problems started. Think I managed to do this but there's really no way of knowing for sure since the same reboot loop occurs.

Also ran chkdsk again, this time it found some bad sectors and repaired something.

Thing is, the drive really isn't that old, maybe about a year. So it really shouldn't be failing already. I have had htis proble (or a similar one) with a reboot loop twice before over the last few months though, first time I had to format and restart from scratch, second time I was able to access the recovery console and fix the MBR. This time I can't even get windows to boot from the CD, and even if I was able to and reinstall windows there's no saying the same thing wont happen again.

Anycase, I need to find out exactly what's causing this.

If it is a hardware problem, e.g. RAM or GPU, then am I right in thinking that I'd hav ehte same problem trying to boot from my slave drive (which I dont)?

If the registry is corrupt, surely I'd still be able to access the recovery console using the winxp cd? Besides which, rolling the reg back to before the problem started would surely fix this?

If on the other hand it's some form of malware/rootkit/trojan or whatever, would formatting the drive and starting over neccessarily remove it?

Or would I be better off just ditching the drive (which I'm reluctant to do cos it's fairly new) and starting over?

 

Sorry to go on about this, still looking for a solution.

I'm resigned to the fact that I'm going to have to format the drive, I'm just wondering how to go about it. Since I can't boot from the windows CD, would it be advisable to boot from the slave and just format the bad drive from windows? If I do this, are there some programs that will allow me to scan it thoroughly afterwards to make sure there's no malicious software left behind?

 

So i formatted the drive, tried to reinstall from the win xp CD but the same BSOD popped up:

STOP: 0x0000008E (0xC0000006, 0xF740DFEA, 0xF78C2A14, 0x00000000)

*** setupdd.sys - Address F740DFEA base at F73EC000 Datestamp 411078C8F

What to do? I ran windows memory diagnostics from a floppy, it didn't find any errors which leads me to believe that my hardware is fine - at least the mobo, ram, video card etc probably aren't the cause of the problem.

Question is, could a defective HD be causing that stop error?

 

In case anyone is interested, I fixed this problem eventually.

The culprit was the HD, it's a second generation ATA drive and although my socket 478 865 AGP8X chipset put up with the 300mb/s data transfer rate for awhile, after ~12months it couldn't handle it anymore. I jumpered the HD to OPT1 mode (150mb/s transfer rate limitation), cleared the CMOS, and was then able to enter windows setup without getting the 0x0000008E BSOD.

Conclusion is that older motherboards can't always handle SATA 2.0 drives. A Stop c000021a and a Stop 0x0000008E error when loading windows setup are both symptoms of this problem.