Computer won't restart: "Root cause found: Boot critical file D:\CI.dll is corrupt."

Discussion in 'Windows 7 Help and Support' started by GW7777, Apr 19, 2011.

  1. GW7777

    GW7777 New Member

    Joined:
    Dec 28, 2010
    Messages:
    16
    Likes Received:
    0
    I was using the computer when all of a sudden it shut down. When I turn it back it on, it automatically tries to do a Startup Repair. After several minutes, I get the message: "Startup Repair cannot this repair this computer automatically." When I click on "View problem details," everything looks fine except for "Root cause found: Boot critical file D:\CI.dll is corrupt." This happens every time I try to retart the computer. I've tried System Restore and System Image Recovery to no avail.

    Thanks in advance for your help.
     
    #1 GW7777, Apr 19, 2011
    Last edited: Apr 19, 2011
  2. MikeHawthorne

    MikeHawthorne Essential Member
    Microsoft Community Contributor

    Joined:
    May 25, 2009
    Messages:
    6,042
    Likes Received:
    300
    Hi

    Is your operating system installed on drive D:?
    That seems like a funny place to look for it.

    I guess I would start by running a system scan...

    From run type...

    "Scf /scannow" No Quotes, Scans and restores system files.

    If that doesn't do it then I'd try to do a repair install of Windows 7.

    Repair Install of Windows 7

    http://www.sevenforums.com/tutorials/3413-repair-install

    Here is some info about what ci.dll is.

    http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1327.pdf

    Mike
     
  3. GW7777

    GW7777 New Member

    Joined:
    Dec 28, 2010
    Messages:
    16
    Likes Received:
    0
    Hi Mike,

    A few months ago I had to do a complete factory reinstall, so maybe that's why it's D? I don't know.

    I can't even get to Start/Run because the Startup Repair keeps opening, and when it's done (can't repair the computer) and try to restart, Startup Repair opens again...it's on a loop.
     
  4. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    It may show as D: if you have the small system partition. The recovery system seems to count it as C: and the next partition as D:, maybe..

    Have you tried restoring to an earlier time. I do not remember the exact terms, but one will restore a previous Registry, and one might do a system restore if available.

    If you can get the repair system to get you to a command prompt you could try running SFC /scannow

    That file might not be the only, but the first the boot encounters.

    Can you hit the F8 key during initial boot and get a menu? Have you tried tapping the space bar?

    Is this a laptop or desktop?
     
  5. GW7777

    GW7777 New Member

    Joined:
    Dec 28, 2010
    Messages:
    16
    Likes Received:
    0
    Hi Saltgrass,

    I've tried System Restore...I either get that it worked but still stuck in the Startup Repair loop or I get: "System Restore did not complete successfully. Details: An unspecified error occurred during System Restore."

    I can get to the Command Prompt via System Recovery Options, but when I try "SFC /scannow" I get "There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again."
    Interesting in the Command Prompt, it says: X:\windows\system32> NOT C:\windows\system32>.

    I can check the Hard Disk Drives via Computer: SYSTEM RESERVED - C, ACER - D, PQSERVICE - E...then my external hard drives, then Boot X. Where did "X" come from?

    Also, Startup Repair:

    Problem details

    Problem signature:
    Problem Event Name StartupRepairOffline
    Problem Signature 01: 6.1.7600.16385
    Problem Signature 02: 6.1.7600.16385
    Problem Signature 03: unknown
    Problem Signature 04: 21200648
    Problem Signature 05: AutoFailover
    Problem Signature 06: 11
    Problem Signature 07: CorruptFile
    OS Version: 6.1.7600.2.0.0.256.1
    Locale ID: 1033

    Now I've started getting BSOD: iastor.sys.

    I can hit F8 and get a menu. I can also get into the BIOS, but don't know how to check if the HDD is bad.

    It's a laptop, Acer Aspire 7736Z-4809. Win7 64-bit.

    I think the computer got a virus, and that's why it shutdown.
     
  6. MikeHawthorne

    MikeHawthorne Essential Member
    Microsoft Community Contributor

    Joined:
    May 25, 2009
    Messages:
    6,042
    Likes Received:
    300
    Hi again.

    It sounds like it may be a virus problem, (I can't say for sure) I've seen other people with the same error.
    Try doing the repair install and then if that works boot into Safe Mode as soon as possible and run Malwarebytes.

    It should take less then an hour to do the repair but if it is a virus it will still be there when you get done.

    If it's possible to get into you computer in safe mode now from the F8 boot menu (I'm guessing it isn't) then run it first.

    Here's some related info.

    http://www.malwarebytes.org/mbam.php

    Corrupt file at startup, can not start up Win 7 - Microsoft Answers

    Mike
     
  7. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    Mike might be right about the virus, but no experience myself.

    X: comes from the repair operation, that is where the files are stored so it can be run outside of windows, or "Offline" I believe the term is.

    I would disconnect all the external drives, and anything else I could.

    The loop may be causes by some flag which is not being reset. I am not sure where that information is stored, but you may have to reset the MBR or perhaps something in the BCD Store. The next time you get to the command window, type BCDEDIT and try to take a picture of what it says and attach.

    The Startup repair is supposed to do whatever it needs to fix the problem, including fixing the MBR, but there are some special commands you might try from the command window to see if it will help.
     
  8. GW7777

    GW7777 New Member

    Joined:
    Dec 28, 2010
    Messages:
    16
    Likes Received:
    0
    OK, for some reason I can now boot up the computer (no more Startup Repair loop), but I'm still getting the iastor.sys BSOD. I'm able to boot to Safe Mode and did a Hijack This before I got the BSOD again. Here's the logfile...anything look suspicious?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:14:44 PM, on 4/20/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Safe mode
    Running processes:
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = EarthLink® - Page Not Found
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 8296 bytes


    Thanks again for your help.
     
  9. GW7777

    GW7777 New Member

    Joined:
    Dec 28, 2010
    Messages:
    16
    Likes Received:
    0
    The virus was a rootkit. Downloaded and executed Kaperskys TDSSKiller, which removed it. Everything seems good now.
     
  10. MikeHawthorne

    MikeHawthorne Essential Member
    Microsoft Community Contributor

    Joined:
    May 25, 2009
    Messages:
    6,042
    Likes Received:
    300
    Hi

    Glad to see that you got it fixed!
    Good Luck.

    Mike
     
  11. diar

    diar New Member

    Joined:
    May 3, 2011
    Messages:
    4
    Likes Received:
    0
    Hi there,
    This just happened to me today. GW7777, Did you do something to help get past this system repair loop? I have tried my times now, Its painful, Also can you explain what you did after you suddenly booted up...
    Please help.
    Thanks in advance.
     
  12. canderson35

    canderson35 New Member

    Joined:
    Jun 18, 2011
    Messages:
    2
    Likes Received:
    0
    It just happened to me too Diar...I can't seem to do anything to get it out of the system repair loop.
     
  13. diar

    diar New Member

    Joined:
    May 3, 2011
    Messages:
    4
    Likes Received:
    0
    Hi Canderson

    Check out this link...

    Downloaded a file, now computer goes to system recovery when I startup - Microsoft Answers

    or the extract below from the link. "

    I encountered the exact same problem. I tried to do the windows restore but it was in vain. When I checked the log I could see that ci.dll was corrupted. You should know by now that trying to use windows restore tool to a previous point is not working, but it will work after you delete the ci.dll file.

    How I did it:
    I went in the options screen, after windows's attempt to start, there is also the option of windows image recovery. Click that (it doesn't matter if you have windows image), try to connect to the network and at that it will propably fail, but it doesn't matter, because after a few clicks ( I don't remember the exact procedure) you will be able to access your hard drive. Then go to windows folder and delete ci.dll. Afterwards restart, and try to restore windows in several different points.
    This worked for me, I hope it helps.

    Hi MK
    That was great, Although a more detailed way to access your files is below...
    But first off...The last point said above where "deleting the file ci.dll from the windows/system32 folder and restart and try to restore windows in several different points" did not work for me. everytime i restarted the machine, i found that the file i deleted, ci.dll, had resurfaced in its origianal location. I tried doing a system restore on many points with and without restarting after deleting the file, none of which was succesfull ... Any body have a solution to this? Perhaps copy and pasting / replacing a non corrupt ci.dll file with the corrupt one? haven't tried yet, not sure where to find a non corrupt ci.dll file, and if i can copy such a file from any computer? can that work or would it screw up your machine... please reply with any little bit of information you may have, might be the missing piece in the puzzle.
    Regarding recovering your files...When your on the system recovery options window, select system recovery, as was said above. Then a window appears... click "cancel"... Next window, click "select a system image", and then click "next". (as said above it does not matter if you have an image saved)... Next window, click "advanced"... next window, click "install a driver" and select ok... at that point you have access too all your files...
    Next you should plug in your external hard drive, go to your files that you want backed up, copy and paste them back and forth onto your external harddrive within the "look in" window... Although it limits you to copy and paste one folder or file at a time. "

    After I posted the above I done the following.

    I downloaded the CI.DLL file on another computer, and then copy and pasted the new file into the same location as the original file, thus replacing the damaged file. Then I think i restarted my computer and presto, it got past the loop and started properly. done a scan afterwards. Having no problems since.

    Hope this helps



     

Share This Page

Loading...