Sys File Repair

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

timw128

Distinguished
May 9, 2010
205
0
18,680
Hi- I need to repair my System Files. I am running XP Pro SP3 x86. What I am trying to do is make a bootable CD from my Genuine Windows XP Pro SP2 disk and slipstream SP3 to it, so I can run the Repair. I have never done this before, and I am with the understanding that in order to accomplish the task there must be an i386 folder in C:\. Here is what is confusing me- I do not have said folder directly in C:\, but it is contained in a folder named '403971ec4f6071759b'. This folder has 2 files: amd64 and i386, and they both contain the identical data. I do not know how this happened.
Here is an example of the structure: C:\403971ec4f6071759b\amd64 and C:\403971ec4f6071759b\i386.
What I need to end up with is: C:\i386 So, my thinking is to delete the '403971ec4f6071759b' and the 'amd64', I could conceivably wind up with C:\i386.
To be honest, I am not sure that the data within the i386 file is what is supposed to be there.
All of this has happened as a result of an attack, and I noticed that something was definitely wrong via Event Viewer and general performance.
Could I please get some advice on this matter?
Thank you, and Merry Christmas!
tim
 
Solution
What about the Safe Mode Option in the same list as Last Known Good Configuration? If Safe Mode loads, the first thing you see is a box where you can select to Restore the System.

If that doesn't work, download the Hiren's Boot CD .ISO file, burn it on a CD and use it to boot and check or scan the system from CD. Since you've been having virus/malware issues, it may be you haven't got completely rid of them.


Getting back to business:



I noticed that later.. I hadn't seen the third image where you have the 3 CDs.. so I figured later I had it wrong. I still have my doubts about the white CD and what it contains, that'w what I'm asking you to take some screenshots of the main folders and file dates to determine what it exactly contains. If it turns out not to be a fullfledged OS installer, you can still make a Bootable WXP Pro SP3 CD slipstreaming your WXP SP2 hollogram CD with the blue SP3 update CD with the instructions I gave you before... It's easy and quick to do, perfectly legal and you can use it for any installation type plus SC Scannow.



If you mean the WXP SP2 CD, SFC may refuse it... that's because having more recent files in your System, it will not accept the older versions in the SP2 CD... you can confirm this in just a few minutes, all you can lose is a few minutes of your time, nothing wrong can happen. I do that all the time, so I'm sure of that.



Sure, you can backup personal files to one of those USB Hard Drives you have connected to the PC... for peace of mind, but it's not really necessary just to run SFC.

Well, whenever you're ready to throw that p4 rig away just tell me where so I can go catch it. I need a second PC to replace my old PIII lab mouse! :) .. Hey!!. The more you mess-up the more you learn!!... so it’s better to mess-up an old rig.

And if, and when you're ready to upgrade it.. just ask and we can guide you to the right hardware and in the budget range.



The link won’t lead to the image… that’s happened before so don’t copy the link within the browser… copy it to a text file and then copy paste from text to this thread, that’s what I’ve done to make sure they lead to the right page.
 
OK, noted. Well, I ran the SFC and it took awhile. Funny thing is, I went to Windows Update right afterwards and it said there were no Updates available. Seemed weird to me!
I'll go put that Event Viewer in a Text File and post.
 
If you mean the WXP SP2 CD, SFC may refuse it... that's because having more recent files in your System, it will not accept the older versions in the SP2 CD... you can confirm this in just a few minutes, all you can lose is a few minutes of your time, nothing wrong can happen. I do that all the time, so I'm sure of that.

No, I ran the Backup Media w/SP3 Disk.

Well, whenever you're ready to throw that p4 rig away just tell me where so I can go catch it. I need a second PC to replace my old PIII lab mouse! :) .. Hey!!. The more you mess-up the more you learn!!... so it’s better to mess-up an old rig.

Thanks, I have the hardware aspect pretty much figured out. Funny thing is that this new rig I built is a breeze to fiddled with. OC'n it and making adjustments is just a breeze. I sure wish the vendors would get their act together on SSD reliability, though, I want to up the ante with aserious RAID config on this new machine. The P4 rig, I think I am going to update the cpu and mobo. For this XP Pro deal, I am thinking about trying an amd P2 X4 955BE and use one of my VelociRaptor 32MB cache HDD's in it. I have a ton of NOS parts lying around. It pays to have friends in high places!

.. you're honorary latino zeuseng06?

Nah!...Just had to learn a few foreign languages because of my position in automotive engineering.

The link won’t lead to the image… that’s happened before so don’t copy the link within the browser… copy it to a text file and then copy paste from text to this thread, that’s what I’ve done to make sure they lead to the right page.

How do I do that, from My Docs/ My Photos?... I don't have an Office Prog installed. I have Office 2007 Enterprise on CD, but I am afraid to run it, if you get my drift 😱
 
OK, got your responses to the dot...

Just copy the url address to a .txt or .rtf file and from there to the thread. I use more .rtf and .txt than Word to make it simple, they take up less space, open in an instant and they don't copy all the format from webpages just simple text, so it's a quick copy paste. You can find Notepad.exe (txt) in D:\WINDOWS and Wordpad.exe for rtf format in D:\Program files\Windows NT\Accesories. Create shortcuts from those programs and paste them in your desktop, start menu or quick start bar.
 
Hey Chicano, how come I wasn't required to reload Windows Updates after the SFC op?...Went to IE and hit updates, Windows checked the SYS and said there were none available. This relic seems to be snappier than before, though.
I'll see if I can get the .rtf op right.
Well, it looks like I need a Word Processing prog to create the .rtf file. I don't have one. Got any suggestions- step by step?... Gracias, Hombre!
 
SFC doesn't require updating... I guess your system is fully updated, the SFC scan didn't replace older or corrupt files, or provided missing files... all SP3 files so no update was necessary. Yes snapier would be expected, and it can get better if you remove old temp and log files, and a bunch of old and orphaned registry values and keys, remove startup programs from start\run\type: msconfig\startup tab, and disable third party unused services fro the msdonfig\Services tab checking hide microsoft sevices and unckeck third party unused services. I use CCleaner to do the cleaning and ocasionally run Tune Up Utilities or free Glary utilities.

Download the zip file containing Wordpad and Notepad.
http://www.mediafire.com/?d31a38mae8a39vw

Extract both programs (standalone files) to your preferred location and create shortcuts to your desktop, start menu or quick start bar.
 
Talk about corruption... the forum has deleting my last two responses, so here it goes again:

SFC doesn't require updating... I guess your system is fully updated, the SFC scan must have replaced older or corrupt files, or provided missing files... all SP3 files so no update was necessary. Yes snapier would be expected, and it can get better if you remove old temp and log files, and a bunch of old and orphaned registry values and keys, remove startup programs from start\run\type: msconfig\startup tab, and disable third party unused services fro the msdonfig\Services tab checking hide microsoft sevices and unckeck third party unused services. I use CCleaner to do the cleaning and ocasionally run Tune Up Utilities or free Glary utilities.

Download the zip file containing Wordpad and Notepad.
http://www.mediafire.com/?d31a38mae8a39vw
or from
http://www.mediafire.com/file/d31a38mae8a39vw/wordpad.rar

Extract both programs (standalone files) to your preferred location and create shortcuts to your desktop, start menu or quick start bar.

Glad to help out caballero!
 
Talk about corruption, this thread has refusing my last three repeated responses, so here it goes again.

SFC doesn't require updating... I guess your system is fully updated, the SFC scan must have replaced older or corrupt files, or provided missing files... all SP3 files so no update was necessary. Yes snapier would be expected, and it can get better if you remove old temp and log files, and a bunch of old and orphaned registry values and keys, remove startup programs from start\run\type: msconfig\startup tab, and disable third party unused services fro the msdonfig\Services tab checking hide microsoft sevices and unckeck third party unused services. I use CCleaner to do the cleaning and ocasionally run Tune Up Utilities or free Glary utilities.

Download the zip file containing Wordpad and Notepad.
http://www.mediafire.com/?d31a38mae8a39vw
or from
http://www.mediafire.com/file/d31a38mae8a39vw/wordpad.rar

Extract both programs (standalone files) to your preferred location and create shortcuts to your desktop, start menu or quick start bar.

Glad to help out caballero!
 
Just got a reply from my OS Software source. This is what she had to say regarding the Backup Media w/SP3 disk:


Hi again Mr. Whalen:

You should be able to use the "Pro
Backup Disk (w SP3)" for your
repairs; just proceed as you normally would
for a holographic SP2 disk;
after that, you WILL have to download (again)
ALL the latest (ca.2009+)
patches and security updates from
Microsoft.

(FYI: The "Pro Backup Disk (w SP3)" (a TRUE Retail Version of
the
software) was never publicly distributed by Microsoft. The software,

and disk, WERE designed / engineered by Microsoft's "Windows Team", but

it was only made available (as an ISO-file; I only burn copies) to

software designers, select engineers and some of Microsoft's larger

corporate clients.)

-- Mary S., Microsoft Certified System
Engineer

Funny thing is, I couldn't get the patches and Sec Updates- Windows Update said I didn't need them!
 


Talk about corruption, this thread has refusing my last repeated responses, so here it goes again. I have repeated the response some 4 times and it keeps posting and dissappearing.

SFC doesn't require updating... I guess your system is fully updated, the SFC scan must have replaced older or corrupt files, or provided missing files... all SP3 files so no update was necessary. Yes snapier would be expected, and it can get better if you remove old temp and log files, and a bunch of old and orphaned registry values and keys, remove startup programs from start\run\type: msconfig\startup tab, and disable third party unused services fro the msdonfig\Services tab checking hide microsoft sevices and unckeck third party unused services. I use CCleaner to do the cleaning and ocasionally run Tune Up Utilities or free Glary utilities.

Download the zip file containing Wordpad and Notepad.
http://www.mediafire.com/?d31a38mae8a39vw
or from
http://www.mediafire.com/file/d31a38mae8a39vw/wordpad.rar

Extract both programs (standalone files) to your preferred location and create shortcuts to your desktop, start menu or quick start bar.

Glad to help out!
 
Here is the reply from OS vendor regarding the Backup Media w/SP3 disk.


Hi again Mr. Whalen:

You should be able to use the "Pro
Backup Disk (w SP3)" for your
repairs; just proceed as you normally would
for a holographic SP2 disk;
after that, you WILL have to download (again)
ALL the latest (ca.2009+)
patches and security updates from
Microsoft.

(FYI: The "Pro Backup Disk (w SP3)" (a TRUE Retail Version of
the
software) was never publicly distributed by Microsoft. The software,

and disk, WERE designed / engineered by Microsoft's "Windows Team", but

it was only made available (as an ISO-file; I only burn copies) to

software designers, select engineers and some of Microsoft's larger

corporate clients.)

-- Mary S., Microsoft Certified System
Engineer

Funny thing is Windows Update said I was up to date when I went to 'Check for Updates'.
 
LOL.... I can see you had the same problem.. We'll have to delete repeated responses but will have to do that when the problem has stabilized.

I don't know if I explained myself but those were my similar thoughts on the Backup Media CD. What I get is that you can use it as a regular retail Windows XP Pro SP3 CD, just the same as your WXP SP2 hollogrammed CD though upgraded to SP3.

On the updates, have you enabled Automatic Updates? maybe that will help.
 
Yo, esse!....lol...decided to put my picture up, homes!...lol!

Anyway, the updates are on...The machine crashed real hard and the OS wouldn't boot. Played around in the DOS recovery area (F10) and it said the OS was installed- 2 of them- but not really(?) I am wondering if the SFC /SCANNOW worked...Like I said, went to Windows Update and it said I was already updated. Shoot, I really don't want to do a repair install. I have way too many custom settings, icon packages, etc.. Repair Install can be touchy...I have them go both ways and there isn't enough time in my day to chase this thing. There has to be an answer. When the machine boots, it goes to the Compaq page where I get the normal choices- F1, F8, F10, etc., then goes to the black page where it lists Recovery Console, Windows XP Professional- I have it set to stay there for 3 secs. However, since the crash, there is a ':/?' at the top of the list where the Debug used to be.
I finally recovered through F8, Last Known Good Config, and then did a Sys Restore back to 3 hrs. ago. Can't remember if that was before or after the SFC.
I just have this gut feeling something isn't right as it takes a long time for the Desk Top to load after the Password is entered and the Printer spools up.
Whatta ya think?
 


What I think, is you have to rebuild the MBR followed by a FIXBOOT from the Recovery Console using the Windows XP CD or your installed Recovery Console.

What I don't get is
there is a ':/?'
.. Whatcha mean by that?

http://www.computerhope.com/issues/ch000627.htm
http://michaelstevenstech.com/r_c_cmds.htm
 
I guess it was a typo. All I know is that after I do the SFC and reboot, I have no screen display. I have to go to 'Last Known Good Config' and then a Sys Restore. It's something in the DLL Cache, I think. Could have something to do with the Video Card and/or nVidia updates- not sure.
Let me check those links out. I am going to have to think that MBR-FIXBOOT thing out.
This startin' to drive me nuts! I have videos to burn and other stuff.
I'll give you a report in a bit. Let me study those links- Thanks, man!
Latino's?... Nah, jus' have a bunch of esse' I run around with. Shoot, man, I'm jus' in it for the food! Betcha ya don't know too many beloved patriot's who likes Menudo- that stuff'l cure anything!
 


I would do a repair reinstall instead of dealing with the trouble every restart. A reinstallation won't lose settings or files... it's just another way of resetting everything, renewing files, reinstalling programs, registering .dll files, etc. it only takes about 45-60 min tops and you will not lose files as you're probably thinking. That would be the recommended fix for all the problems your PC is displaying. You only need to recover the serial key with Keyfinder... so you can type it in during the installation.

Yeah, that menudo is good for hangovers.. betcha that's what you mean by 'anything'... and it's even better with plenty of chilli sauce.. bet you didn't know that!.. Not many gringos like even looking at menudo, but they don't know what they're missing... do they? You only have to wash it thoroughly before cooking and throw some steer leg bone and feet in the pot to make it taste better... strange food aint it??... but great stuff for you.. hey, the whole steer is edible.. you can eat the eyes, tongue, cheek, gut intestines... brain, kidney, liver... the blood!!.. Some cultures dont waste anything... and you guys only eat the meat, and leave the good stuff for the dogs?
 
I eat it all!...barbecoa, lengua....everything!
Anyway, I am convinced there is something running around in my rig- infection wise.
Clock changes, keyboard misfires, weird file folders popping up that I haven't seen before. Found one tonight called '$LDR$', Googled it and nothing. Opened it in Notepad and it was a bunch of jibberish I couldn't figure out.
Can't run the SFC, install Recovery Console, etc.. No entry in my Boot.ini in msconfig.exe. Made a copy of it and renamed it and was still able to run it from there- NOT GOOD!
So, I need to find someone who can interpret ComboFix and HJT files, and has a good solution for nukin' the MF'er who is sneakin' around inside that steal box. Shoot, my Rottie doesn't even sense 'em, so ya know it's clever!
Chico, let me know if ya got any tricks, aight?
 
The clock changing could mean the BIOS battery is done for... keyboard misfires could indicate the power supply is on way to the morgue... it could also cause system freezes, bogdowns, asorted symptoms. Unknown folders popping out o their own?.. that cold be a bug. $LDR$ must be a bug... did you delete it? most system files are jibberish cause their in code, but bugs are also in code so just scan them with the antivirus and manually delete files that you can't find in the net... particularly those that are named with strange names.

No entry in Boot.ini? you mean it's blank? See if opening boot.ini from Control Panel\System\Advanced\Start and Recovery\Configuration\Edit. If msdconfig doesn't show what you find in boot.ini, it must be msconfig is infected. I didn't get the meaning in "made a copy of it and renamed it and was able to run it from there"... clear that up for me. I have run Combo Fix and it didn't make any report... so beats me. HJT I use regularly so I may be able to read it.
 
....the BIOS battery is done for..
Even with the machine plugged in and running? :??: ... If that's the case, I better get that AMD P2 X4 955BE and MOBO ordered up... OEM mobo has a wheezed RAM slot, anyhow! :fou: Plus, being OEM= locked BIOS= No Fun! (Cheap-Azz ASUS goldfish3 mobo)

...the power supply is on way to the morgue.. 🙁 ..
Better not be!...Replaced the Chinese OEM PS (250w) a year ago with a nice Corsair 450w piece.

$LDR$ must be a bug... did you delete it?
Hell yeah!!! :lol: ...Shoulda Screen shotted it for ya- it looked like somethin' drippin' off that creature in the movie Alien!

No entry in Boot.ini? you mean it's blank?
Yeppers!

... it must be msconfig is infected. I didn't get the meaning in "made a copy of it and renamed it...
Well, that's a quick test for local infection in an .exe file. I sorta misspoke there. What I did was went into the directory in the Service Pack folder and found the root- MSCONFIG.EXE, and renamed it MSCONFIG1.EXE and ran it- and it ran. It shouldn't have because the file name was altered.

I just got done doing an exhaustive Malware tutorial called 'READ & RUN ME FIRST. Malware Removal Guide' at Major Geeks Forum. Uses pretty much the same protocol as 'bleepingcomputer.com'. The deal is that the dudes at Geek's ain't as stiff as the dude's at the bleep.

SAS did find some sh_t from CNET Informer that got removed and quarantined. Like I said earlier, I haven't paid too much attention to the specialty progs like HJT and ComboFix to interpret the logs. Looks like it's time to figure them out!

Well, I might as well try a Repair in a coupla days if'n I'm still havin' issues. I haven't ruled out some Hware pieces yet, either... I have the right tools to diagnose that stuff from my professional Slot Car racin' and R/C Boat racin' days. Design, Engineering, and Troubleshooting is my world....LOL! 😱
 
The BIOS acting up before booting, which is where you mentioned a problem... The computer running has nothing to do with the BIOS... some BIOS batteries had the capability to be charged by the PSU but today's motherboards use a non rechargeable battery afaik, and even if they had, even rechargeable batteries die eventually. You did mention the computer being Compaq didn't you? well those have their own BIOS program and those are only configurable to a very limited degree.

OK, so the PSU may not be the cause for instability, but have checked the hardware power and digital connections?, checked the ram is well seated in the slots, have you ever cleaned the slots?

You tested msconfig.exe found in the Service Pack folder? that's the backup, but what about the one in; C:\WINDOWS\PCHEALTH\HELPCTR\Binaries .. that's the msconfig in use. They may act the same but better check both, even do a search for other copies in the system... and even delete them and get a clean copy in your system. BTW... did you download the Wordpad and Notepad? sorry I uploaded sp versions but I plainly forgot my system is in SP!! But you can download english versions or install similar text programs.

HJT has a forum where you can upload the report for assistance in reading it... I can read my own because I have tabs on what I install but on someone elses system I'd have to ask, but even so you can mostly ID malware by their weird or unrecognizable names... If you know what you installed, that sort of names pop-up when you read them. About ComboFix, I've never have read the log, I've just ran it and trusted it...

I'd suggest you thoroughly clean the system before doing a reinstall... I'm not convinced you'd get rid of all bugs reinstalling the system... A good application worth considering is A Squared Free.. I've found this application can detect dozens when others detect nothing or just a few... some detections are false positives but it's better you ignore false positives when deleting, than the application ignoring real bugs.

About the hardware, if you plan to upgrade the dinosaur, newegg has some real specials right now.. I was looking into them last night, and some cheap but good AMD mobos are going as low as $39.00 and AMD processors that would blow the socks out of a P4 are around $61.00 ... even a Sempron which is a locked core Athlon IIX2 and far better than a Pentium 4 is going for $39.00. These processors can be unlocked in the BIOS to work just like a $61.00 Athlon II.

Professional Slot Car Racing? is there any money in that, or is it just for fun?... Congrats about your profession.. sounds like a fun occupation..




 
Hey, Amigo!...How's it goin'?....

OK, let's see what we got he-ah!

...checked the hardware power and digital connections?, checked the ram is well seated in the slots, have you ever cleaned the slots?

Sí, todo está bien allí ... It's a dual channel config, and the #3 slot is wheezed. So, I have dos slots in the 1st channel and uno slotto in the 2nd channel. Running a 2 x 2GB DDR2 stick set-up. Comprende, esse?

...what about the one in; C:\WINDOWS\PCHEALTH\HELPCTR\Binaries .. that's the msconfig in use

NADA!...sorry, my mistake. :lol:

...did you download the Wordpad and Notepad?
Not yet, was up all night runnin' scans to post at MajorGeeks Malware Police Dept.

Got a real mess on me hands here. Find a bunch of obsolete nVidia Display Drivers that were apparently bogging everything down. Removed them and kept the current update and this relic REALLY woke up! I think there is more in the tank, too. It's just a matter of sorting through my Directories and keeping an eye on that Event Viewer and Task Manager. For the record, the OS is only 'seeing' 2.68GB's of the 4GB's of RAM installed. When I was running off the integrated graphics it was 'seeing' approx. 3.5GB. I threw a PNY GS8400 512MB PCI at it, and I think that's where the RAM went. I tried a Sapphire 1GB PCI, but it smoked real quick. Got in a big pissin' contest with their Tech Support over that deal! PCI is too weak a link to support a 1GB VC. Idiots!

...you can mostly ID malware by their weird or unrecognizable names...
Yeah, I was looking at the scan logs we generated from HJT, ComboFix, MGTools, etc.. Googled a couple of the extensions and, BINGO!, GUESS WHAT???...'...high probability of malware'

...thoroughly clean the system before doing a reinstall...
Chicano, I couldn't agree with you more! A repair install isn't bulletproof

Check this out!: http://www.michaelstevenstech.com/XPrepairinstall.htm

Dude!, is this guy like Einstein 'r what, dude???

Hardware?...This is what I am looking at: http://www.portatech.com/catalog/products.asp?id=1240, and

http://www.portatech.com/catalog/viewitem.asp?ID=70257&O=26755

What I like about these guys is the warranty options, service, etc.. Yeah, they cost more than the 'Egg or the Tiger, but everything is mounted, burned

in, BIOS flashed- you name it! Check the whole site out. It is well laid out with plenty of side windows w/ specs. You'll probably dig it!

This mATX Compaq chassis'd rig is far from stock. We got around the BIOS and pushed the FSB and the chip voltage just a tad. Went from 2.97Ghz to

3.10 on some hot rodded, in house cooling. Problem with P4 is it ain't got no cache! That's why the one RAM slot is wheezed- you can see on the

mobo where a capacitor popped like a zit and has pus hangin' out of it!!!...LMAO! :bounce:

So, when I gitter all tuned in and up with this XP Pro on it, we're gonna network with the W7 x64/ 2600k rig and my new DROID Razr dumb phone, and

my Printer, which, by the way, is pretty slick in it's own right. Cloud technology and everything!

I gotta run, my friend... I'll tell ya about the Slot Cars later. WAAAAAY more intense than any game for the pc.

I'll get that wordpad installed and send ya some ugliness from the Event Viewer. Application>Warning!>EventSystem>cat52>event 4356 and

cat54>event 4353- ALL DAY LONG!...Pretty Spooky! :hello:


 
Status
Not open for further replies.