Windows 8 and 8.1 Forums


BSOD on restart Windows 8.1 0xc000021a WINLOGON_FATALERROR

  1. #1


    Posts : 8
    Windows 8.1

    BSOD on restart Windows 8.1 0xc000021a WINLOGON_FATALERROR


    Greetings,

    I receive a BSOD everytime I restart windows 8.1 or whenever windows restarts automatically to install updates (although it finishes updating successfully on reboot) with error code 0xc000021a. Besides that, the PC works normally. A few days ago the problem was reversed, i.e. Windows crashed on shut down with the same error but not on restart, this happened after I uncheched the Turn on fast startup option in power options which apparently solved similar problems for other people. I had to perform a Windows Refresh, keeping both files and installed apps intact, to reverse the PC in the previous condition so now it crashes again on restart but afterwards boots normally, though with some delay. I tracked the problem to Winlogon process terminating unexpectedly but I don't know how to fix the problem since a reinstallation of Windows didn't solve it. I suspect that a third party program is causing the problem and since I kept all of them after the refresh it still causes problems. Since I am not an expert however I could be totally wrong. The last incident happened today (18/02/2014) on restart due to a windows update. I would greatly appreciate any help offered on this matter.

    Thank you

      My System SpecsSystem Spec

  2. #2


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Hi,

    Uninstall Freeride Games or whatever software you have made by them etc...

    Code:
    4: kd> lmvm X5XSEx_Pr148
    start             end                 module name
    fffff800`04e12000 fffff800`04e24000   X5XSEx_Pr148   (deferred)             
        Image path: \??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
        Image name: X5XSEx_Pr148.Sys
        Timestamp:        Thu Aug 02 08:51:27 2012 (501A77CF)
        CheckSum:         00017C75
        ImageSize:        00012000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Update Realtek HD Audio codec driver:

    RTKVHD64 RTKVHD64.sys Tue Nov 27 08:48:01 2012 (50B4C491)

    Update Synaptics touchpad driver:


    SynTP SynTP.sys Fri Nov 30 02:38:37 2012 (50B8627D)

    Uninstall Rapport:

    RapportCerberus64_59849 RapportCerberus64_59849.sys Sat Sep 21 17:47:05 2013 (523E13D9)
    RapportEI64 RapportEI64.sys Wed Jan 22 13:35:14 2014 (52E00F62)
    RapportHades64 RapportHades64.sys Wed Jan 22 13:35:12 2014 (52E00F60)
    RapportKE64 RapportKE64.sys Wed Jan 22 13:35:12 2014 (52E00F60)
    RapportPG64 RapportPG64.sys Wed Jan 22 13:35:32 2014 (52E00F74)

    Update from Lenovo (you'll have to e-mail them or something. Nobody knows how to update this and it seems to cause issues on 8(.1) universally):

    LhdX64 LhdX64.sys Mon Jan 11 10:06:58 2010 (4B4B3E92)

    Uninstall Daemon Tools Lite and replace it with PowerISO:

    dtsoftbus01 dtsoftbus01.sys Thu Jun 20 03:22:51 2013 (51C2ADCB)

    Uninstall Avast. Use removal tool for it after. Set Windows Firewall and Windows Defender to Automatic and start them too:

    aswMonFlt aswMonFlt.sys Tue Jan 21 12:11:16 2014 (52DEAA34)
    aswRdr2 aswRdr2.sys Fri Oct 11 07:11:37 2013 (5257DCE9)
    aswRvrt aswRvrt.sys Fri Oct 04 03:48:58 2013 (524E72EA)
    aswSnx aswSnx.sys Tue Jan 21 12:11:09 2014 (52DEAA2D)
    aswSP aswSP.sys Tue Jan 21 12:17:55 2014 (52DEABC3)
    aswStm aswStm.sys Tue Jan 21 12:18:41 2014 (52DEABF1)
    aswVmm aswVmm.sys Mon Dec 09 02:04:51 2013 (52A56B93)

    Enjoy.
      My System SpecsSystem Spec

  3. #3


    Posts : 1,360
    Windows 8.1 Enterprise


    Among other things you have a nasty virus on this computer. You need to wipe the drive and reinstall Windows.

    rikvm_3A60B698.sys Mon May 14 03:49:40 2012 (4FB0B914) <== Stealth MBR rootkit/Mebroot/Sinowal/TDL4
      My System SpecsSystem Spec

  4. #4


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Quote Originally Posted by ectech View Post
    Among other things you have a nasty virus on this computer. You need to wipe the drive and reinstall Windows.

    rikvm_3A60B698.sys Mon May 14 03:49:40 2012 (4FB0B914) <== Stealth MBR rootkit/Mebroot/Sinowal/TDL4
    lol

    You know, the instant I saw the funk in the stack (literally like 3 seconds into it), I knew that. It completely slipped my mind while investigating further. I even seen the driver itself and mentally blocked myself from saying, for some reason.

    lol again. I'm losing it here!!!!!! Good find man.

    The red is what I mean.

    Code:
    STACK_TEXT:  
    ffffd000`316886b8 fffff803`c5d81da5 : 00000000`0000004c 00000000`c000021a ffffd000`247a93f8 ffffe000`006f5870 : nt!KeBugCheckEx
    ffffd000`316886c0 fffff803`c5d7a320 : ffffe000`018cb400 ffffd000`316887d9 00000000`00000000 00000000`00000002 : nt!PopGracefulShutdown+0x2c9
    ffffd000`31688700 fffff803`c5b654b3 : ffffe000`018cb040 00000000`00000000 00000000`c0000004 ffffd000`31688900 : nt! ?? ::OKHAJAOM::`string'+0xe30
    ffffd000`31688840 fffff803`c5b5d900 : fffff803`c5fa2853 00000000`00000001 ffffd000`31688a58 00000000`c0000004 : nt!KiSystemServiceCopyEnd+0x13
    ffffd000`316889d8 fffff803`c5fa2853 : 00000000`00000001 ffffd000`31688a58 00000000`c0000004 00000000`00000006 : nt!KiServiceLinkage
    ffffd000`316889e0 fffff803`c5ed73a3 : ffffe000`018cb040 ffffd970`ed2f6eb8 ffffe000`018cb180 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x6cee3
    ffffd000`31688aa0 fffff803`c5b04e32 : fffff803`c5b04d78 00000000`00000000 00000000`00000002 ffffe000`018cb040 : nt!PopPolicyWorkerAction+0x63
    ffffd000`31688b10 fffff803`c5aad1b9 : fffff803`00000002 ffffd000`31688bd0 00000000`80000000 fffff803`c5cdde20 : nt!PopPolicyWorkerThread+0xba
    ffffd000`31688b50 fffff803`c5a992e4 : 00000000`31011f1a ffffe000`018cb040 ffffe000`018cb040 ffffe000`00260900 : nt!ExpWorkerThread+0x2b5
    ffffd000`31688c00 fffff803`c5b602c6 : fffff803`c5cfa180 ffffe000`018cb040 fffff803`c5d52a80 ffffd000`31688d90 : nt!PspSystemThreadStartup+0x58
    ffffd000`31688c60 00000000`00000000 : ffffd000`31689000 ffffd000`31683000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    and very unusual for sure:

    Code:
    ----- ETW minidump data unavailable-----
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::OKHAJAOM::`string'+e30 )
    Glad to be part of "team" here, where 2 or more heads really are actually better than one.

    Well, at least OP knows what to do and not to do with new install after drive wipe.
      My System SpecsSystem Spec

  5. #5


    Posts : 1,360
    Windows 8.1 Enterprise


      My System SpecsSystem Spec

  6. #6


    Posts : 8
    Windows 8.1


    Hello,

    Thank you very much for the help. I uninstalled FreeRide Games (which I really don't know what it is, maybe came preinstalled) and Rapport and updated the drivers. Now windows restarts normally, I suspect FreeRide Games was the problem. How does the virus you mention operate? I never had any other problems with the PC . Thanks again for the help.
      My System SpecsSystem Spec

  7. #7


    Posts : 1,360
    Windows 8.1 Enterprise


    TDL-4 is a highly advanced, fourth generation botnet found worldwide (over a quarter of infected machines are in the US) and the name of the rootkit that runs the botnet (also known as Alureon). Over 4.5 million machines were infected with it in the first three months of 2011, and the botnet continued to grow after that.

    It was often noted by journalists as "indestructible" in 2011, although it is removable with tools such as Kaspersky's TDSSKiller.It infects the master boot record of the target machine, making it harder to detect and remove. Major advancements include encrypting communications, decentralized controls using the Kad network, as well as deleting other malware.
    Source: TDL-4 - Wikipedia, the free encyclopedia

    Link: Clean Install - Windows 8
      My System SpecsSystem Spec

  8. #8


    Posts : 8
    Windows 8.1


    And there I thought I solved my problems... Ok I will look into it although with a quick google search I found this :

    Sinowal/Mebroot/MBR Rootkit infection

    which seems to have a simple procedure to deal with the rootkit (Gmer Method). Any thoughts on this?
      My System SpecsSystem Spec

  9. #9


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    I have been reading up on it the past 10 minutes or so.

    It seems that it might actually be a file included with Cyberlink software and the only people that complain about it are people that used some overly aggressive Norton tool to "find" it.

    I think a good idea is to upload the .sys file to Jotti's malware scan

    C:\WINDOWS\system32\Drivers\rikvm_3A60B698.sys

    If it gets reported as totally clean, then perhaps a Killdisk use is not in order. I would then just delete the driver, delete the Regedit subkey for it, reboot and make sure it did not return.

    If it gets reported as anything malware, then Killdisk it is. The crash was very unusual though, so it could still in fact be the rootkit. And I did see mention that it messes up booting. No coincidence perhaps.
      My System SpecsSystem Spec

  10. #10


    Posts : 8
    Windows 8.1


    Sorry but I don't see the file in the directory you mention and even if I did the website doesn't "see" any of the . sys files in the directory when I try to upload something from there.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
BSOD on restart Windows 8.1 0xc000021a WINLOGON_FATALERROR
Related Threads
BSOD error 0xc000021a while on Chrome in BSOD Crashes and Debugging
Hello guys, I was on chrome and all of a sudden I got a BSOD with the error code 0xc000021a Dump file attached, thanks for all your help in advance. This community has always been amazing at helping me fix my BSOD issues. I appreciate it! :) 57719 The full memory dump...
(BSOD) 0xc000021a, unable to boot in BSOD Crashes and Debugging
I would like to say I'm sorry in advance. I'm unable to use the required programs to neatly bundle and zip the crashlogs. This is my only computer in the house at the moment and I'm am only able to write this from a live usb of Unbutu I flashed at university. As the title suggests, I can't boot...
Solved Sporadic BSOD 0xC000021A at shutdown in BSOD Crashes and Debugging
As stated in title.
I've just started getting a lot of BSODs in Win 8.1. It started a day or so ago. I did install a second NIC for Hyper-V but I have removed that just to eliminate it from the equation.The crash is random, either away from the machine or working on it. Explorer crashes or hangs, ALL Browsers...
Solved BSOD on restartWindows 8.1 Pro 0xc000021a in BSOD Crashes and Debugging
I just upgraded my PC from Windows 7 to 8.1 and now I am getting BSOD with code 0xc000021a whenever I restart my PC. Please help! Many thanks
Hi I've been experiencing BSODs for the past week and was using Windows 8. As many system files was corrupted I thought it was causing by my faulty hard drive. So, I freshly installed Windows 8.1 Pro x64 on my PC. Then, I installed all required drivers, Avast! Free Antivirus, Comodo Firewall and...
Hello everyone, my friend has asked me to have a look at his HP "Envy" ultrabook running Windows 8, as it's stuck in a boot up "loop" whilst displaying an error code (0XC000021a) I had a bit of shock, when I found out it doesn't have a DVD drive! Cue, several hours reading up how to install...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook