Windows 7 Computer won't restart: "Root cause found: Boot critical file D:\CI.dll is corrupt."

GW7777

New Member
I was using the computer when all of a sudden it shut down. When I turn it back it on, it automatically tries to do a Startup Repair. After several minutes, I get the message: "Startup Repair cannot this repair this computer automatically." When I click on "View problem details," everything looks fine except for "Root cause found: Boot critical file D:\CI.dll is corrupt." This happens every time I try to retart the computer. I've tried System Restore and System Image Recovery to no avail.

Thanks in advance for your help.
 
Last edited:
Hi

Is your operating system installed on drive D:?
That seems like a funny place to look for it.

I guess I would start by running a system scan...

From run type...

"Scf /scannow" No Quotes, Scans and restores system files.

If that doesn't do it then I'd try to do a repair install of Windows 7.

Repair Install of Windows 7

http://www.sevenforums.com/tutorials/3413-repair-install

Here is some info about what ci.dll is.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1327.pdf

Mike
 
Hi Mike,

A few months ago I had to do a complete factory reinstall, so maybe that's why it's D? I don't know.

I can't even get to Start/Run because the Startup Repair keeps opening, and when it's done (can't repair the computer) and try to restart, Startup Repair opens again...it's on a loop.
 
It may show as D: if you have the small system partition. The recovery system seems to count it as C: and the next partition as D:, maybe..

Have you tried restoring to an earlier time. I do not remember the exact terms, but one will restore a previous Registry, and one might do a system restore if available.

If you can get the repair system to get you to a command prompt you could try running SFC /scannow

That file might not be the only, but the first the boot encounters.

Can you hit the F8 key during initial boot and get a menu? Have you tried tapping the space bar?

Is this a laptop or desktop?
 
Hi Saltgrass,

I've tried System Restore...I either get that it worked but still stuck in the Startup Repair loop or I get: "System Restore did not complete successfully. Details: An unspecified error occurred during System Restore."

I can get to the Command Prompt via System Recovery Options, but when I try "SFC /scannow" I get "There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again."
Interesting in the Command Prompt, it says: X:\windows\system32> NOT C:\windows\system32>.

I can check the Hard Disk Drives via Computer: SYSTEM RESERVED - C, ACER - D, PQSERVICE - E...then my external hard drives, then Boot X. Where did "X" come from?

Also, Startup Repair:

Problem details

Problem signature:
Problem Event Name StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200648
Problem Signature 05: AutoFailover
Problem Signature 06: 11
Problem Signature 07: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Now I've started getting BSOD: iastor.sys.

I can hit F8 and get a menu. I can also get into the BIOS, but don't know how to check if the HDD is bad.

It's a laptop, Acer Aspire 7736Z-4809. Win7 64-bit.

I think the computer got a virus, and that's why it shutdown.
 
Hi again.

It sounds like it may be a virus problem, (I can't say for sure) I've seen other people with the same error.
Try doing the repair install and then if that works boot into Safe Mode as soon as possible and run Malwarebytes.

It should take less then an hour to do the repair but if it is a virus it will still be there when you get done.

If it's possible to get into you computer in safe mode now from the F8 boot menu (I'm guessing it isn't) then run it first.

Here's some related info.

Link Removed - Invalid URL

Corrupt file at startup, can not start up Win 7 - Microsoft Answers

Mike
 
Mike might be right about the virus, but no experience myself.

X: comes from the repair operation, that is where the files are stored so it can be run outside of windows, or "Offline" I believe the term is.

I would disconnect all the external drives, and anything else I could.

The loop may be causes by some flag which is not being reset. I am not sure where that information is stored, but you may have to reset the MBR or perhaps something in the BCD Store. The next time you get to the command window, type BCDEDIT and try to take a picture of what it says and attach.

The Startup repair is supposed to do whatever it needs to fix the problem, including fixing the MBR, but there are some special commands you might try from the command window to see if it will help.
 
OK, for some reason I can now boot up the computer (no more Startup Repair loop), but I'm still getting the iastor.sys BSOD. I'm able to boot to Safe Mode and did a Hijack This before I got the BSOD again. Here's the logfile...anything look suspicious?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:44 PM, on 4/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode
Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Link Removed due to 404 Error
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Link Removed due to 404 Error
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Link Removed due to 404 Error
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Link Removed due to 404 Error
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Link Removed - Invalid URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8296 bytes


Thanks again for your help.
 
The virus was a rootkit. Downloaded and executed Kaperskys TDSSKiller, which removed it. Everything seems good now.
 
Hi there,
This just happened to me today. GW7777, Did you do something to help get past this system repair loop? I have tried my times now, Its painful, Also can you explain what you did after you suddenly booted up...
Please help.
Thanks in advance.
 
Hi Canderson

Check out this link...

Downloaded a file, now computer goes to system recovery when I startup - Microsoft Answers

or the extract below from the link. "

I encountered the exact same problem. I tried to do the windows restore but it was in vain. When I checked the log I could see that ci.dll was corrupted. You should know by now that trying to use windows restore tool to a previous point is not working, but it will work after you delete the ci.dll file.

How I did it:
I went in the options screen, after windows's attempt to start, there is also the option of windows image recovery. Click that (it doesn't matter if you have windows image), try to connect to the network and at that it will propably fail, but it doesn't matter, because after a few clicks ( I don't remember the exact procedure) you will be able to access your hard drive. Then go to windows folder and delete ci.dll. Afterwards restart, and try to restore windows in several different points.
This worked for me, I hope it helps.

Hi MK
That was great, Although a more detailed way to access your files is below...
But first off...The last point said above where "deleting the file ci.dll from the windows/system32 folder and restart and try to restore windows in several different points" did not work for me. everytime i restarted the machine, i found that the file i deleted, ci.dll, had resurfaced in its origianal location. I tried doing a system restore on many points with and without restarting after deleting the file, none of which was succesfull ... Any body have a solution to this? Perhaps copy and pasting / replacing a non corrupt ci.dll file with the corrupt one? haven't tried yet, not sure where to find a non corrupt ci.dll file, and if i can copy such a file from any computer? can that work or would it screw up your machine... please reply with any little bit of information you may have, might be the missing piece in the puzzle.
Regarding recovering your files...When your on the system recovery options window, select system recovery, as was said above. Then a window appears... click "cancel"... Next window, click "select a system image", and then click "next". (as said above it does not matter if you have an image saved)... Next window, click "advanced"... next window, click "install a driver" and select ok... at that point you have access too all your files...
Next you should plug in your external hard drive, go to your files that you want backed up, copy and paste them back and forth onto your external harddrive within the "look in" window... Although it limits you to copy and paste one folder or file at a time. "

After I posted the above I done the following.

I downloaded the CI.DLL file on another computer, and then copy and pasted the new file into the same location as the original file, thus replacing the damaged file. Then I think i restarted my computer and presto, it got past the loop and started properly. done a scan afterwards. Having no problems since.

Hope this helps



 
Back
Top