Question

Q: Missing or Corrupt system32\DRIVERS\pci.sys error

 

I have  an XP-SP3 OS (Originally XP Media Center) and have experienced the error mentioned in the Subject;  After trouble shooting a virus issue and running a series of tools recommended by Kaspersky (including ComboFIx, TDSKILLER, AVZ) I was directed to uninstall the 2009 version of Kaspersky and then reisntall the 2011 version.  I was given an uninstall tool to run in Safe mode and told to run this twice.

I did this on the second run I received a Windows Scrip Error - Microsoft VBScript runtime Error.

The Kaspersky Tech also directed me to delete the INFCACHE.1 inside C:\Windows\inf\

Upon restart I received the error mentioned in this thread:

"Windows could not start because the following file is missing or corrupt:
 
system32\DRIVERS\pci.sys
 
You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM
Select 'r' at the first screen to repair."
I already had Microsoft Windows XP Recovery Console Installed and can launch this.
I tried finding the pci.sys file in a location mentioned in a different thread on a similar error (c:\windows\system32\dllcache\pci.sys) and recieved the following message : "The system cannot find the file specified."
I can go track down a Windows XP Professional CD (although not the original OEM disk for this machine, but a fully licensed version none the less, I may have the OEM disk as well and will look).
Another thread I saw mentioned that multiple copies of this pci.sys file exist in various locations on the HDD, any suggestions on other locations to try or other courses of action to rectify this would be much appreciated.  Alternately instructions on how to do this from my Windows XP CD would be welcome also.
Thank you very much for sharing your expertise.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Did Mr. Kaspersky Tech Guy just bail on you?  

Whenever talking to these people, always make sure you reboot at least one last time and make sure things are working before you hang up!

If your pci.sys file is missing, the chances are good that it "looked" suspicious and was quarantined (deleted) by something.  That could be Kaspersky, ComboFix, etc.  I did not know they were will trained with Combofix since it is not for the weak of heart.  When I see that somebody has run ComboFix without qualified instructions, I always think "Oh no!'.  Don't forget to uninstall it when you're done.

 

After booting into the Recovery Console, you should be in this folder:

C:\WINDOWS

It makes zero sense to try to start copying files around on a system that has corruption in the file system, so you should always make sure that is okay first.

For each of your hard disk partitions, you should then run:

chkdsk /r

For example, from the Recovery Console prompt, enter:

chkdsk c: /r

Let chkdsk finish and correct any problems it might find.  It may take a long time to complete or appear to be 'stuck'.  Be patient.  If the HDD light is still flashing, it is doing something.  Keep an eye on the percentage amount to be sure it is still making progress.  It may even appear to go backwards sometimes.

The chkdsk /r needs to complete without any errors, so you may need to run it multiple times until it does.

 

Make sure you ar typing the copy command into RC correctly since the interface is pretty unforgiving:

copy c:\windows\system32\dllcache\pci.sys   c:\windows\system32\drivers

Respond in the affirmative if asked to overwrite the existing file and then you should see a message that 1 file(s) was copied.

 

If you installed SP3 yourself after your original installation, there should also be a copy of pci.sys here:

c:\Windows\ServicePackFiles\i386

 

That command would be:

copy c:\windows\ServicePackFiles\i386\pci.sys   c:\windows\system32\drivers

Respond in the affirmative if asked to overwrite the existing file and then you should see a message that 1 file(s) was copied.

 

If you have a genuine bootable XP installation CD and if the CD is drive X, you can expand the file from the i386 folder on the CD into your c:\windows\system32\drivers folder by entering this command:

expand x:\i386\pci.sy_  c:\windows\system32\drivers

Respond in the affirmative if asked to overwrite the existing file and then you should see a message that 1 file(s) was expanded.

 

If none of that works:

Make yourself a Hiren's BootCD which you can download from here:

http://www.hirensbootcd.net/

On the left, click Download, scroll down to the bottom, choose the latest version.

The download link is a little hard to see.  It is at the bottom of the page above the drop down list for older versions and looks like this (click this part to download the ZIP file:

Direct HTTP Mirror + Torrent + Torrent Magnet

Click the "Direct HTTP Mirror" link to start the download and save the ZIP file to your desktop of someplace you can remember.  The ZIP file is large, so the download will probably take a little while to complete.  Then unzip the download to extract the Hirens.BootCD.ISO file that will be used to create your new bootable CD.

Creating a bootable CD from a .ISO file is not the same as just copying the .ISO file to a blank CD.  You have to use software that understands how to burn a .ISO file to a CD to create a bootable CD.

In the Hiren's ZIP file are the BurnToCD.cmd file that you can double click to launch it.  The BurnToCD.cmd will use the extracted BurnCDCC.exe file to burn the .ISO file to a blank CD using your existing CD burner.  You can also use your own CD burning software as long as your software is capable of creating a bootable CD from a .ISO file.  Most modern CD burning programs can create bootable CDs from an .ISO image.  Creating a bootable CD from an ISO image is not the same as just burning the file to a CD.

If you need a free and easy CD burning software package, here is a popular free program:

http://www.imgburn.com/

Here are some instructions for ImgBurn:

http://forum.imgburn.com/index.php?showtopic=61

It would be a good idea to test your new bootable CD on a computer that is working.

You may need to adjust the computer BIOS settings to use the CD ROM drive as the first boot device instead of the hard disk.  

These adjustments are  made before Windows tries to load.  If you miss it, you will have to reboot the system again.

When booting on the Hiren's CD you will see a menu of options.  Choose the Mini XP option.  Then it will appear that Windows is being loaded and you will be presented with a desktop that has the look and feel of the Windows Explorer interface you are already used to using.

Using the Mini XP, you can access the Internet, maneuver around your system, search for files, copy files, replace files, run various scans for malicious software, edit text files (like the c:\boot.ini) etc.  It is much friendlier that RC.

There are dozens of free and useful tools included in the CD that can be used to repair your system or copy your important personal files to another device (like a USB device or external drive) in the event that you just give up and decide to reinstall your XP (hopefully you will not make that decision).

 


Don't guess what the problem might be - figure it out and fix it. I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

 

Did this solve your problem?

Sorry this didn't help.


THanks for your help, here is the update:

 

I ran checkdisk, and it relayed it found one or more files that were recovered.

 

Following this I tried the dllcache location for the pci.sys file which again it was not able to locate.

 

I then attempted to copy the file from the i386 location, this said "1 file was copied"

 

Now I am recieving  a similar email for the following file:

 

"system32\DRIVERS\isapnp.sys"

I am assuming I will need to copy this as well, where can this be found?  Also I am wonder how many files were blown away by the Kaspersky Removal Tool (I might be able to look at this if I could get to the log files from the removal tool.  Regardless, am I correct that this might go on for multiple files?  If so is there a wholesale correct, or do I just need to grind through this?

 

On the question of being abandoned by the Kaspersky Tech, I received an "Out of Office" reply until mid next week, classic...

 

Thanks again for your help.

Did this solve your problem?

Sorry this didn't help.


On a healthy system, the Windows File Protection service looks after 3498 critical files.  If one comes up missing, WFP will try to replace it from a backup copy.

The backup copies are usually in:

c:\windows\system32\dllcache. 

Choice 2 when a human being has to manually find a replacement file would be c:\windows\ServicePackFiles\i386, but not every system has that folder (depends on how you installed SP3).

The isanpnp.sys should be in dllcache too since it is one of the 3498 files that XP cares about list.  Just make sure you copy it into folder:

c:\windows\system32\drivers

It does not go in c:\windows\system32 where some people think it belongs.

In the perfect world when XP is running fine, WFP would quickly and silently replace any of the 3498 protected files that come up missing and put a message like this in the Event Log (I just deleted my c:\windows\system32\drivers\isapnp.sys file on purpose):

 

Event Type: Information

Event Source: Windows File Protection

Event Category: None

Event ID: 64002

Date: 10/24/2010

Time: 4:13:22 PM

User: N/A

Description:

File replacement was attempted on the protected system file c:\windows\system32\drivers\isapnp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

 

I don't have any idea what else might be missing, but now you know where the copies are supposed to be (dllcache) and what to do about it so see if you can get along.

If you just can't find them in dllcache or ServicePackFiles\i386, you can copy them from a working system to a USB thumb drive and then replace them on your system (you can access a thumb drive from Recovery Console).  It is also packed into a cabinet file (.CAB file), but that is more work.

I encourage you to make the Hiren's CD and use the Mini XP mode since it has an XP look and feel and you can search for files, copy/pastes, etc (and a bunch of other things).    You will recognize it instantly and be comfortable with it.  Using Recovery Console can be intimidating sometimes. 

You will already know how to use the Hiren's Mini XP when you see it, and you may get done sooner rather than later.

Kaspersky...  I don't use those Internet abbreviation things too much, but that one makes me LOL.  Some people love 'em though...

 


Don't guess what the problem might be - figure it out and fix it. I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

 

Did this solve your problem?

Sorry this didn't help.


THanks Again Jose, a few questions:

 

I made the copy from i386 for the isapnp.sys file, then next one to come up was Ntfs.sys, nothing was found to cpy in the dllcache so I tried again from the ServicePackFiles\i386, where again it said I file copied.

 

When I restart this same missing / corrupt file warning comes up; is there something unique about Ntfs.sys?  I am going now to get an original Windows XP CD, would the "r" repair function here be a good move, although I know that it would not have any of the Service Packs / auto updates.  Also potentially I will not find all the files, is there anyway to look at the contents of the dllcache to see what is there?

 

I am happy to grind through all 3498 files if necessary, but as I saw with Ntfs.sys it does not seem to work?

 

The Hiren solution might be more intuitive, if I can find the files.

 

Thanks again for your advise.

Did this solve your problem?

Sorry this didn't help.


I have a copy of ntfs.sys in dllcache - I don't know why you don't, unless the AV program (who shall remain nameless) thought the files were infected and quarantied (deleted) them.

The ntfs.sys is a protected file and also goes in the c:\windows\ssytem32\drivers folder, so it sounds like your drivers folder took a hit.  With XP not running, Windows File Protection can't help you right now.

Did the message say ntfs.sys was missing?

If you have a genuine bootable XP installation CD of the same Service Pack and your installation, a Repair Install would probably fix it, but I have never used a Repair Install (I fix things instead).

Tell us what you have for genuine bootable XP media.  You can also expand any missing files from your genuine XP installation CD (using a different method).

Make the Hiren's CD and then you will have some more maneuverability and a better visual since it has the Windows Explorer interface where you can browse the folders, do your replacement, rename, copy/paste, etc and then attempt to boot on the hard disk again, see what it complains about now, repeat...

Norton I think has a similar feature.  Your system get messed up, you call them for support, they connect in remotely or somehow get you to run their "Eraser" program, then your system never boots again.  Of course, that is the end of you support call and they suggest you just reinstall your XP from scratch!

ComboFix also has potential for problems.  It will fix hard to fix things, but sometimes there are problems booting afterwards. 

ComboFix makes a c:\qoobox folder and there might be files/clues/logs in there that you can see when you get your Hiren's going.  Maybe you can figure out what it did and pay attention to what it mighthave done to the drivers folder.  It it moved a bunch of stuff out, you may need to move it back.  I don't have much experience with Combofix though or what it might have done (if it did anything).  You are supposed to have "assistance" when running Combofix anyway - where did you download it?  I think it gets updated and adjusted frequently (last week) and you may have gotten an old version.   It is not for the faint of heart.

It sounds like some detective work may be in order.

If you decide there is no hope and you are starting to get nervous about your data, you can use Hiren's to copy off your personal files/folders to another device.

 

 


Don't guess what the problem might be - figure it out and fix it. I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

 

Did this solve your problem?

Sorry this didn't help.


I don't think it was ComboFix actually, I think it was the first or second run of the Kaspersky Removal tool (A tool designed to remove Kaspersky products before a reinstall).  Things were bootable after ComboFix, and TDSSKILLER.  There are logs from each of the Ksapersky Remover tool but I just cannot get to them...  they would probably shed the most light on what was removed.

 

THe XP Media (just retrived from storage) I have are an Original Windows XP Professional Disk, a Dell as install Windows XP Media CenterDisk, but nothing that was updated to SP3 or even close.

Any thoughts on why the copy worked for the pci.sys file and the isapnp.sys file but not for the Ntfs.sys file?  The Message on attempted Boot by the way was "Missing or corrupt.

 

I am somewhat stuck here unless I try the 'r' option from one of the media, or there are alternate locations for the Ntfs.sys file, something unique about Ntfs I am missing, or alternate solutions worth pursuing?

 

Let me know your thoughts and thanks again, genuinely appreciated.

 

 

 

Did this solve your problem?

Sorry this didn't help.


The only way I can get an ntfs.sys missing or corrupt is to boot into RC and actually delete the file and try to boot normally (I just did it again).

Then I copy in a replacement and I am running again.

You could look at the Kaspersky logs and check your ntfs.sys with Hiren's.

You could also boot on Hiren's and browse your XP installation CD and copy the file from there (that is one file on the CD that does not need expanding).


Don't guess what the problem might be - figure it out and fix it. I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

Did this solve your problem?

Sorry this didn't help.

2 people were helped by this reply


Any other locations for the ntfs.sys folder besides dllcache and ServicePackFiles\i386?

 

I was able to copy it from ServicePackFiles\i386 but on reboot it again kicks the "missing or corrupt" message.

Did this solve your problem?

Sorry this didn't help.


You could also boot on Hiren's and browse your XP installation CD and copy the file from there (that is one file on the CD that does not need expanding).

You are putting it in c:\windows\system32\drivers

What does the Kaspersky log say?  Something happened to pci.sys and isapnp.sys.


Don't guess what the problem might be - figure it out and fix it. I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

Did this solve your problem?

Sorry this didn't help.


Yes I put the first two in c:\windows\system32\drivers, and this is where I attempted (it says it successfully put) the version of Ntfs.sys from the ServicePackFiles\i386 version of Ntfs.sys.

 

I have not installed Hiren's yet, will this allow me to get to the Kaspersky Log files on the C Drive?

 

I was going to copy the version of Ntfs from one of the original OS install CD's into the \windows\system32\drivers location.

 

What about pulling one of the .cab files off of my current installs HDD?  Can you assist with commands from RC for this?

 

Right now even though it says I am copying the version of Ntfs.sys from ServicePackFiles\i386 to c:\windows\system32\drivers this version is still corrupt or faulty, hoping I can try an alternate version ideally from inside the current SP3 install (.cab) or elsewhere.

Did this solve your problem?

Sorry this didn't help.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
Question Info

Views: 44,885 Last updated: July 22, 2018 Applies to: