Sys File Repair

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
timw128

timw128

Distinguished
May 9, 2010
205
0
18,680
Hi- I need to repair my System Files. I am running XP Pro SP3 x86. What I am trying to do is make a bootable CD from my Genuine Windows XP Pro SP2 disk and slipstream SP3 to it, so I can run the Repair. I have never done this before, and I am with the understanding that in order to accomplish the task there must be an i386 folder in C:\. Here is what is confusing me- I do not have said folder directly in C:\, but it is contained in a folder named '403971ec4f6071759b'. This folder has 2 files: amd64 and i386, and they both contain the identical data. I do not know how this happened.
Here is an example of the structure: C:\403971ec4f6071759b\amd64 and C:\403971ec4f6071759b\i386.
What I need to end up with is: C:\i386 So, my thinking is to delete the '403971ec4f6071759b' and the 'amd64', I could conceivably wind up with C:\i386.
To be honest, I am not sure that the data within the i386 file is what is supposed to be there.
All of this has happened as a result of an attack, and I noticed that something was definitely wrong via Event Viewer and general performance.
Could I please get some advice on this matter?
Thank you, and Merry Christmas!
tim
 
Solution
Chicano
What about the Safe Mode Option in the same list as Last Known Good Configuration? If Safe Mode loads, the first thing you see is a box where you can select to Restore the System.

If that doesn't work, download the Hiren's Boot CD .ISO file, burn it on a CD and use it to boot and check or scan the system from CD. Since you've been having virus/malware issues, it may be you haven't got completely rid of them.


Sort by date Sort by votes
No can do...yet!...My Genuine XP Pro hologram disk is SP2. I have added SP3 via the SP3 disk that my vendor provided. Also provided is a disk entitled XP Pro Backup Media w/SP3. I don't know if this disk is suitable to run sfc /scannow. So, I had planned on making a disk with my SP2 hologram disk and slipstream SP3 to it. I have been told that I cannot run sfc /scannow with the hologram because the machine has been upgraded to SP3. Does this make sense? As far as the slipstream op is concerned, I don't have C:\i386. Instead, I have C:\40397ec4f6071759b.
This 40397ec4f6071759b has amd64 and i386 in it. When you like at the 2 files, they have the same contents- it's just that some of the mod. dates are different. Other than that, the contents are the same. I don't know where in the hell this amd64 came from. I am not going to walk into a situation where I am forced to do a clean install. It would be a big hassle with all of the programs I have installed. I just want to make sure that my System Files are in tact per Windows intent.
Yes, I know I have to run sfc /scannow- but not until I have everything in order.
 
Upvote 0 Downvote
This article should explain where the i386 folder came from
http://ask-leo.com/can_i_burn_the_i386_folder_to_a_cd_and_use_that_as_an_install_cd.html

And this explains how you can use that i386 folder to make a Windows XP Installation CD.
How to Create a Windows XP CD From a I386 Folder
http://www.ehow.com/how_6660310_create-xp-cd-i386-folder.html

But you would do better to Slipstream your Windows XP SP2 CD with the Service Pack 3 you can download from here.
http://go.microsoft.com/fwlink/?linkid=183302

And here are the instructions to do slipstream the Service Pack manually
Slipstreamed Windows XP CD Using SP3
http://theeldergeek.com/slipstreamed_xpsp3_cd.htm

And here is how to slipstream the Service Pack into a Windows XP CD with nLite
Slipstream Windows XP CD to Add SP3
http://geekyprojects.com/tutorials/slipstream-windows-xp-cd-to-add-sp3/
 
Upvote 0 Downvote

The reason you can't do SFC /SCANNOW with an SP2 CD is because your 2008 to 2011 SP3 Windows XP will not accept older 2004 to 2008 SP2 versions of the same files.

If you want to do it as quick and easy as possible, download the Service Pack 3 ISO. Extract the SP3 files to a folder with Winrar, WinZip, or 7-Zip, next Copy your XP SP2 CD to another folder and use nLite to slipstream SP3 to the Windows XP SP2... nLite will make a bootable .ISO file of slipstreamed Windows XP SP3 which you can also burn with nLite to make a bootable Windows XP SP3 CD.
 
Upvote 0 Downvote


Thank yo, Chicano!... This is my intention, however, will this solve the issue that I have with the lack of a C:/i386?... That scenario is what is bothering me. Please advise- Thanks!
tim
 
Upvote 0 Downvote
Chicano- Please check out the ImageShack album below. This is my XP Pro as it came from the vendor. Notice the disk entitled Backup Media w/SP3. I am wondering if I can use this to run the sfc /scannow op. The SP3 and Backup Media disk were gratuities from my vendor. I am not sure exactly what she does, but she runs a software business that is perfectly legit. This was verified by MS, however I am not aware of them providing any CD's called Backup Media. What do you think?

http://imageshack.us/g/214/dscf1012y.jpg/
 
Upvote 0 Downvote
Yes it will... the i386 folder is left there by the person that installed the System for the System to repair itself when necessary, instead of using a CD. They can leave the files in any location where SFC /SCANNOW should read from with a simple Registry edition in the key;

and sfc /scannow should work with a simple registry edition in the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath"=""
"ServicePackSourcePath"=""

The data in the values SourcePath and ServicePackSourcePath should be the CD/DVD drive letter that Windows was installed from, so if the CD/DVD drive letter has changed, SFC may have trouble reading the CD.. and it can be solved by changing the drive letter in the registry values to the letter used today, and the same goes for a folder.

So changing the data in the values “SourcePath” and “ServicePackSourcePath” from “X:\” (X representing the CD drive XP was installed from) to “C:\403971ec4f6071759b\i386" should make SFC copy files from that folder instead of copying them from a CD/DVD drive.

So then, you would have to edit the registry from this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"SourcePath"="X:\"
"ServicePackSourcePath"="X:\"

To this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"SourcePath"="C:\403971ec4f6071759b\i386"
"ServicePackSourcePath"="C:\403971ec4f6071759b\i386"
 
Upvote 0 Downvote
Hmmm... You have lost me a bit here. I understand the Registry Keys, etc.. Your response, 'Yes it will' is with regard to the Backup Media disk being used for the sfc /scannow?... I installed this OS on the machine, not the OEM source. I have 2 optical drives- D:/ and E:/. However, the OS resides on C:/, which obviously is my HDD.
Here is the way the Registry looks now:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SourcePath= D:\
ServicePackSourcePath= c:\windows\ServicePackFiles
also,
ServicePackCachePath= c:\windows\ServicePackFiles\ServicePackCache

So, with that stated, please note the Drive Letter and the alpha case issue (upper vs. lower case)
As mentioned earlier, their is another file in the '403971ec4f6071759b' directory, being amd64. Highly unusual, as to the coincidence- amd64 being a relic chip. There never has been anything amd in this machine. I am going to surmise that this occurred when I was hacked, jacked, and spyed on.
I am not sure, without thought, as what to do about the Drive Letter issue. I do not want to mess with the Reg. until this is thought out. 😱

Here is what My Computer looks like- Notice the source drive is designated as C:\ :

http://imageshack.us/photo/my-images/21/hddm.png/

Chicano, I am very grateful for all your help!...Thanks!
tim
 
Upvote 0 Downvote


The blue CD is the Service Pack 3 Update only.
The gray CD Backup Media is apparently a Windows XP Professional with the Service Pack 3 integrated… and from the looks of it; date and description it may be a perfectly legal product. I can’t make out the hologram but there are different CD labels sold by computer businesses. The “Backup Media” tittle is probably just another name for Recovery Disk.

The gray CD Backup Media looks like a OEM edition used by computer builders and vendors as far as I can tell... I cant make out the hollogram and never seen a gray CD but I have seen labels in different colors sold by computer businesses (check photos). The one in one photo has chinese print and there may be labels in many languages and label colors, so a gray label doesn’t surprise me.

If your vendor runs a software business she may have a licence from Microsoft to work just as big computer builders do. As far as I know, they can make their own copies, labels and add their own programs such as Dell and Toshiba do and probably many more.

Blue XP CD
Windows XP CD Covers

If the gray CD measures around 600 MB it’s probably a complete Installation CD you can use to do a Repair Re-Installation, do a clean installation or use it with SFC Scannow.
 
Upvote 0 Downvote
Well, the gray is actually white- it's my 7MP Fuji relic that distorts things, and it's time for an upgrade! Chinese?...hmmm!, I don't see it. The hologram is the original XP Pro x86 SP2- can't find any Chinese- think it is just light reflecting off that hologram.

Anyway, if I just go ahead and run the Backup Media w/SP3 disk in sfc /scannow, will that straighten out the discrepancies in the Registry and clean up the amd64/i386 issue?
 
Upvote 0 Downvote
Your folders: C:\403971ec4f6071759b\amd64 and C:\403971ec4f6071759b\i386. were not planted there from any malicious occurrence, unless you consider .Net Framework malicious, because that is where they came from.

Run scannow using your SP2 install disk but be prepared to swap disks often as the SP3 CD will be asked for often, but not always. If the SP3 files are able to be found by scannow, they will work. It's just a lot more work on your part. However... You have 2 CD drives so...

Before you start, check the registry to validate the ServicePackSourcePath was indeed a CD drive and not a folder where they were downloaded to. Since you have two CD drives you can direct the source files in the registry for the install to one, and the source files of SP3 to the other and have both disks in the correct drives before starting scannow and you shouldn't get bothered by the "where's the disk" type problems. Make sure there isn't any extra path errors on the SP3 CD, such as having the files in a folder scannow doesn't know about.
 
Upvote 0 Downvote
Hey tigsounds!...How's that dead cat doin'?...lol...

'check the registry to validate the ServicePackSourcePath was indeed a CD drive...', well, it isn't a CD drive- it did illustrate 'c:', lower case 'c'. Besides, why don't I just use my Backup Media w/SP3 disk? If I provided you some screen shot links, would that give you a better feel?
Hope all's well with you. You still in S.A.?
 
Upvote 0 Downvote
Here's the Registry and My Computer links showing the naming and OS drive discrepancies:
http://imageshack.us/photo/my-images/213/hklm.png/ Registry

http://imageshack.us/photo/my-images/21/hddm.png/ My Computer

http://imageshack.us/photo/my-images/444/dscf1010m.jpg/ Backup Media Disk

I probably should back up my documents to a Thumb Drive and burn my progs or at least record them before I run sfc /scannow.

 
Upvote 0 Downvote
Yes my response "yes it will" was responding to this part:



This is just to clear things up on the Drive letter and i386 folder location for an SFC Scan... but you may not need to edit the registry after all... the Backup Media CD may be all you need,.. if you installed the OS from that (Backup Media) CD, you don't need the i386 folder in the C drive (C:\403971ec4f6071759b\i386???)

So for example: If you want to do a SFC /SCANNOW from the i386 folder location, the registry values should go as:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SourcePath= C:\403971ec4f6071759b\i386(???)

And if you want to do the SFC Scan from the CD (Backup Media).. then edit the registry as follows or leave it as it is or leave it be if you haven't edited it yet:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SourcePath= D:\
ServicePackSourcePath= ignore this one...
The data location for the "ServicPackSourcePath" value should not matter... it must be the drive where the SP3 CD was installed from so it's not related to an SFC scan or a repair installation


The folder in:: C:\403971ec4f6071759b\amd64 must be included in the CD that your Windows XP was installed from, it was included to supply the AMD drivers should it be installed in an AMD System.


The size of the Backup Media CD and some screenshots of the contained folders would help ID it better.

If you have any more doubts.. I'll try to clear them up.
 
Upvote 0 Downvote
OK I get the CD label color... white is still one of the many colors available... if you check the images, they come in different colors. The chinese print I meant was in one of the google images I linked to.

Yes the 617 MB indicates you may have a complete Windows XP Professional SP3 Installation CD, good for a Repair Installation, a Clean Installation or a SFC Scannow (without a change necessary to the Registry). And by the looks of it, it's probably a legitimate copy.

I don't see any discrepancies in the registry, but not to worry, just do the SFC from the CD in drive D and you don't need to edit the registry. One problem though, SFC does not always fix everything... and since it doesn't report any changes when it finishes, you nevery know what it repaired... but you can probably do a Repair Installation with the Backup Media CD. Insert the CD and take some screenshots to see if all the main folders are included... by the 617MB I'm almost certain it's a complete Windows XP OS but the screenshots would make it 100%
 
Upvote 0 Downvote
I installed the OS from the Genuine XP Pro SP/2 hologram disk. Then, I went ahead and ran the blue SP3 disk to upgrade. I don't know why the HKLM Source Path lists D:\ as the drive, unless it refers to the CD drive. The OS is on C:\.
Here's what the Registry looks like:

http://imageshack.us/photo/my-images/213/hklm.png/

Take a good look at those drive letter designations. Something doesn't look right there.

Backup Media CD is approx. 617MB

So, you think it's safe to go ahead and run SFC /SCANNOW from the Backup Media CD?, that is after I change a couple of things in Folder Options.
 
Upvote 0 Downvote



The dead cat was stinkin up the place so I got a bunch of new ones.


Windows doesn't care about upper/lower case drive letters. Cares in passwords though.

I'm looking at your pics.... It looks like you installed XP from drive d: Good, have the original cd in drive d. It also looks like you installed a service pack from a downloaded file? and it was extracted to & ran from the sp folders in your windows folder. That indicates scannow is going to look at the install cd for files to compare that were not changed by the service pack, and it's going to look in the service pack folders for files it knows were replacements for the originals. Remember, windows has a list (Protected Resource List) of system files to compare and what they should be, their checksums and all that. That's how it detects if they are good or bad. Just try changing your TCP/IP settings using XP-Antispy and see how fast windows pops up to report some system files were changed and where they are. One thing though, I'm not on my own computer right now. This rugged old thing has XP Pro SP2 so I can't verify the files that should be in the C\windows\servicepackfiles folder. Check that out, there should be a decent size list of files, cabs and files with the 3rd character of their file extension as an underline. If not, wait and I'll be home in about 5 hours.
 
Upvote 0 Downvote
Service Pack Files = 564MB in volume. 2 folders in there designated 'i386' and 'ServicePackCache'

No, I installed the SP3 from the blue SP3 disk that was included with my OS. Here's a link to what I got at point of sale:

http://imageshack.us/g/214/dscf1012y.jpg/
 
Upvote 0 Downvote
I don't think it's going to ask for that disk. It has what it wants in the folder and the cache folder. If all else fails, you can keep clicking "cancel" every time it stalls wanting a cd or swap cd's as needed so it will complete. Cancel doesn't really cancel, it just skips that file in the check.

I installed SP3 like you did so I'll run scannow when I get home and see how it behaves. Sort of like I'll make my machine the guinea pig. I haven't ever ran scanow so it should be informative.

All that slipstream stuff won't work because that's not how the files got there and scannow can't be fooled that easily.

 
Upvote 0 Downvote


The CD label says it included SP3 so it's not a SP2 XP but a full SP3... don't know why you upgraded to the SP3 Service pack separately having an SP3 installation by the looks of the CD label..

I don't see any discrepancies in the registry images!!

Some screenshots of the CD insides to see the folders and file dates would help clear the confusion... but all you have to lose with a SFC /Scannow is a few minutes... if the System doesn't accept the CD it will do nothing but take up a few minutes of your time.
 
Upvote 0 Downvote
OK, guys, maybe I didn't make things to clear. I did NOT use the Backup Media to install the OS originally. I used the Genuine MS XP Pro hologram disk which is SP2.
Next, I installed SP3 using the SP3 disk. Sooooo, at present, the machine has XP Pro SP3 installed. The Backup Media w/SP3 disk is what it is- 617MB of data on it.
I am about 99% certain I can run the sfc scannow with this disk.
It seems prudent to back up everything on the HDD to a remote locale, just in case something goes wrong.
Really, I don't know why I just don't throw one of these VelociRaptors I have sitting around here in it and reinstall the OS. For that matter, I would feel better upgrading the chip and mobo. This P4 is getting a little long in tooth.
My new rig is powered by 2nd Gen i7-2600k and W7 64bit Pro. I just like using this relic as a lab rat.

'Hey, more help and brains. We'll get Tim's system figured out for sure now.'- I'm grateful for that, tigsounds, now that your drunk cat is deceased!

Hey guys!...For grins, I'll post some photo links of the Event Viewer- then you'll understand why I want to run the System File Check.

Take a peek: http://imageshack.us/g/23/eventvwr2.png/
 
Upvote 0 Downvote
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom