Question

View C:\$Extend from a Windows Environment - Trying to fix a 0xC1F5 bc....

Asked by: johnb6767

Anyone know of any free (preferably) utils that will enable me to view inside this hidden directory?

Can't access it via command line (access denied), cant use cacls to grant myself permissions (access denied), and cant see it mounted in SystemRescueCD (prolly a loose nut behind the keyboard).....

Basically, I have a 0xC1F5 bugcheck, and there is a file I have to delete inside of there, which is the NTFS Transaction Log File.

http://www.theminorityreportblog.com/story/aekowalski/2008/04/24/vista_0xc1f5_bug_fixed_with_linux_frenchmen

Downloading Knoppix to see.....

Thoughts ideas welcome. Suggestions regarding Linux should really be step by step. Although I am very competent in Windows, Linux is something I rarely ever go near.....

Thanks!!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-19 at 00:06:42ID24745227
Topics

Windows Vista

,

Windows XP Operating System

,

Microsoft Windows Operating Systems

,

Linux Administration

,

Linux

Participating Experts
4
Points
500
Comments
21

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. How to make a bootable knoppix cd
    I need to make bootable cd with this thing called knoppix on it. Knoppix is a linux tool that can live on a bootable CD. I need it to help with a hosed windows system. I have never made a bootable cd before. The tools that I have are Easy CD Creator and burnatonce. I d...
  2. I got an Unknown Partition after I QTparted a windows XP N…
    I have a 40gb Hard drive with 2 partitions --- about 20gb each for drive C: & D: ---> both NTFS... Im running Windows XP Professional (w/ service pack 2)...My windows and all my programs are installed in drive C: and I only use drive D: to save my documents and files. ...
  3. Knoppix LiveCD killed my NTFS! Recovery?
    I have an 78gb Windows XP NTFS partition on my harddrive. I was fooling with a KNOPPIX LiveCD which lets you boot from the CD into Linux, loading most of the OS into RAM. While playing with this temporary Linux, I tried to copy a file boot.img to /hda1/ which is my NTFS Windo...
  4. Cannot ingite Knoppix.
    Hello Experts. I've installed Knoppix on Harddrive and had message like "Knoppix installed successfully." But, MBR apparently is not set for LILO. I can boot from Knoppix-CD but not sure, can I ran LILO from it. (At least, I did not have a success.) So, I am tryi...
  5. Knoppix
    I have a laptop that is currently running XP. It crashed the other day and a friend suggested i try Knoppix to recover my lost data. I got Knoppix, and booted it from CD. Now i have been trying to transfer files to my USB drive and it will not do, says it can't. But i was ab...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TiggPosted on 2009-09-19 at 02:28:55ID: 25372211

Easiest way I can think of is to get a copy of bart's pe, boot to it and then delete the file from there.

 

by: johnb6767Posted on 2009-09-19 at 14:42:07ID: 25374824

Cant see it in a Windows Environment. Thats why I am trying Linux...... And it bsods a Win environment booted by CD/DVD...

Knoppix failed to load.....Trying Slax......

 

by: johnb6767Posted on 2009-09-19 at 14:53:40ID: 25374878

Guessing I need root access to delete the file. Assuming I am logged on as root, as under switch user it shows ....

"root: default(:0, vt7)"

Owner of the file is root, so if anyone has any ideas under SLAX how to delete the file, or if there is a command line method to do it, I would be grateful. Like I said before I am a dumb end user in linux.... I know enough to be very very dangerous......

 

 

by: burrcmPosted on 2009-09-19 at 17:12:04ID: 25375375

Sorry about the big paste, but I found this some time ago and it works with the following edit. Where he says cd /mnt/windows/\$Extend/RmMetadata, I found that I needed to get there one level at a time, e.g. cd /mnt enter, cd windows enter, cd \$Extend etc. and if you back out one level, it loses the plot and you have to start again. Watch the backslash before $ .....

Last night, I did something stupid on my primary desktop computer (a Vista box) and needed to restore the system to a recent backup. I use Windows Home Server on my home network, so I was confident in my ability to roll back the system to a previous night's backup. I booted my machine using the WHS Client Restore CD, chose the appropriate backup, waited (im)patiently for about two hours while the bits were restored, the system rebooted...

...and that's when I saw the Blue Screen of Death... specifically, a STOP 0x0000C1F5. ****.

Now, my first instinct was that I had a sketchy backup image in WHS, and perhaps I should try a slightlly older one. I repeated the restore process with three older backups and got the same result. On the verge of going off on a major "WHS sucks" tirade, I instead opted for some Googling on a still-working system to see if I could find any clues. It seems as though the frequency of reports of STOP 0x0000C1F5 problems is increasing, with most people attributing the issue to a bad Vista SP1 (or prepare-for-SP1) update or patch. Microsoft acknowledges the problem in KB946084, but there is no public hotfix or workaround save for "clear the MBR and reinstall", which IMHO is unacceptable.

Looking at the problem a little more closely, it seems that if the $TxfLog file is corrupted, the Common Log File System Driver shits the bed at boot time, causing the BSOD. The particularly nasty thing about this problem is that you cannot even boot the Vista distribution DVD to use its repair tools; the BSOD occurs when you boot from DVD too! Basically, it crashes whenever a Windows box tries to mount the file system.

Soooo... a fix might be possible by accessing the disk using an operating system that doesn't give a rat's about Windows file systems (e.g. Linux).

At this point, I broke out one of my favorite sysadmin tools, SystemRescueCD. This is a Linux-based live distro that has all sorts of diagnostic and repair goodies on it. I figured that if I booted the SystemRescueCD disk, I might be able to diagnose, and maybe even repair, the problem.

(Unsolicited plug alert: take a minute to download SystemRescueCD, burn a copy, and add it to your sysadmin bag of tricks. The folks who make and maintain this disc do a helluva good job... it has saved my bacon more than once. Check it out.)

So, here's an overview of how I fixed my system. For part 1, you need a SystemRescueCD disc (and don't forget that Linux commands are case-sensitive):

1. Boot the SystemRescueCD disc, answering any localization questions as required, until you get to a command prompt.
2. Mount your hard drive at /mnt/windows using ntfs-3g, e.g. "ntfs-3g /dev/sda1 /mnt/windows". You may have to look at /dev/hd* and /dev/sd* to figure out the correct device to mount. Also, if the NTFS file system is corrupted (which it probably is if you are reading this post) you may have to add the "-o force" flag to the mount, e.g. "ntfs-3g /dev/sda1 /mnt/windows -o force".
3. Verify that you have the correct file system mounted by "ls /mnt/windows". You should see the content of "C:\"... if you don't, repeat (2) until you mount the correct device.
4. Navigate to the hidden folder: "cd /mnt/windows/\$Extend/RmMetadata". Note the backslash before the $; that is important as it keeps the command shell from interpreting the $ (it is really part of the file name).
5. Take a deep breath and recursively remove the $TxfLog file: "rm -rf \$TxfLog". Use "ls" to verify that it has been deleted.
6. "cd /", "umount /mnt/windows", and "init 6" to reboot, removing the CD when appropriate.

At this point, your system will no longer bluescreen, but it won't boot, either. To fix that, here's part 2, for which you'll need a Vista DVD:

7. Boot the Vista DVD and choose "Repair my computer".
8. When the system looks for Vista installations to repair, it probably won't find any. Don't panic; just click Next.
9. In the System Recovery Options list, choose Startup Repair. The system will process for a minute or two, then state that it needs to reboot to finish its repair. Allow it to reboot.
10. Remove the DVD at the appropriate time and allow the system to boot from the hard drive.
11. If the system complains that it was not shut down properly, choose "boot normally".

That's it. With any luck at all you should have a bootable system again.

The STOP 0x0000C1F5 bug is a nasty one, and I am confident that Microsoft will release a hotfix and/or Windows Update for it soon. In the meantime, if you are experiencing the problem, I hope this article helps to get you running again.
______

Good Luck

Chris B

 

by: johnb6767Posted on 2009-09-19 at 18:05:54ID: 25375520

Already tried that link....

http://www.delmartian.com/nullpointers/printblog?index_php?view=article&id=50&tmpl=component&print=1

I can mount the disk in the SLAX gui, and I can see the file I need to delete.... Just cant get past the denails....

I have also tried going one step at a time to get to teh files in the SystemRescueCD, but it just isnt working.....

 

by: mwecomputersPosted on 2009-09-19 at 18:23:44ID: 25375570

You probably shouldn't delete/remove that file.

$Extend is an NTFS system file. Used for various optional extensions such as quotas, reparse point data and object identifiers.

Reference:
http://www.ntfs.com/ntfs-system-files.htm

As for the 0xC1F5, there is a Microsoft hotfix available for it...

Stop error message when you start a Windows Vista-based computer: "0x0000C1F5"
http://support.microsoft.com/kb/946084

 

by: burrcmPosted on 2009-09-19 at 18:38:32ID: 25375594

Good find mwecomputers. It would sppear that this is the hoped for hotfix mentioned by Mr Karpowitz. <<You probably shouldn't delete/remove that file>> Would agree as a rule, but in this case it is required, as the file is damaged/corrupt and must be replaced.

johnb6767, This may not be necesary now, but just in case ...So you can see the windows directory as described meaning you are at the correct mount point?  (you must use the -o force switch to get rw access) How far can you get moving into the /mnt/windows/\$Extend/RmMetadata structure? I struggled with this, will do it again if necessary to refresh the memory.

Chris B

p.s. Case must be correct. View and confirm actual case at each step.

 

by: johnb6767Posted on 2009-09-19 at 21:06:52ID: 25375837

mwecomputers...

Stop error message when you start a Windows Vista-based computer: "0x0000C1F5"
http://support.microsoft.com/kb/946084

Is an inside hotfix to prevent this from happening. Once it happens though, there is no GUI access/Win32 method to boot (BartPE/UBCD4Win etc.) to get into the OS with this drive connected, as once Windows tries to mount the drive it fails because that file is corrupted. Yes it is a criticla file, but in the event to try and fix this, it must be deleted. It will be rebuilt....

Back in the SystemRescueCD, I am back to the drive. Realized that when I loaded SLAX, it mounted in the GUI as SDA2, so back in the SRCD, I mounted using.....

ntfs-3g /dev/sda2/ mnt/windows, and can see the drive's data, so I know I am now on the correct drive. So, from /mnt/windows, I cant see the $Extend directory. Probably a syntax error on my part.

Even tried to use mattrib -h to remove the hidden attribute, but no go....

So I am at least farther than I was....  :)

 

by: burrcmPosted on 2009-09-19 at 21:36:20ID: 25375889

It is hidden, but you can get to it - cd \$Extend. There was something odd about this bit. The \ doesn't reference the root directory like in dos or windows, it just allows the $ to be part of the directory name. I can't remember how I did this, if you can't catch it I will set up a temp Vista install shortly and work it out. Don't want to play with the working machine.

Chris B

 

by: burrcmPosted on 2009-09-19 at 21:44:39ID: 25375904

Vista is installing .....

Chris B

 

by: burrcmPosted on 2009-09-19 at 22:46:47ID: 25376008

OK. Found the "funny". He has missed the $ from $RmMetadata, and if you get it wrong it drops you back to root. So the instructions to type exactly are

cd /mnt
cd windows  == note no slash
cd \$Extend
cd \$RmMetadata

and there you are.

l or ls will list the directory contents, and there in all it's glory is $TxfLog (which is of course another directory. Use the listed instruction - rm -rf \$TxfLog - to kill it.

Chris B

 

by: johnb6767Posted on 2009-09-19 at 23:40:33ID: 25376119

I went back in and retried using the full path, and I was able to delete it. Now just got to burn an ISO of Vista 32b to repair the install.... Thats another problem though.....

I do appreciate you going all out in helping to clarify the commands... Sometimes I wish I wasnt so dumb in linux.... Heck, I porefer the command ine in Windows, so you would think Linux would be an ideal alternative?

Thanks again, I will close this part of my problem out for now.....

 

by: johnb6767Posted on 2009-09-19 at 23:41:10ID: 31630897

Thanks again!

 

by: burrcmPosted on 2009-09-20 at 00:41:21ID: 25376212

Excellent. Glad it worked. I don't "linux" much myself either, but years of SCO Unix covers most of what happens on the command line.

Chris B

 

by: MysidiaPosted on 2009-09-20 at 23:15:48ID: 25380550

The $  symbol is special to the Linux shell is all, nothing special about when using filenames with $,  You escape $ with a \   as above or place the name in single quotes.    Unless you want the shell to expand it as a variable.  

The $Extend  $TxfLog and similar  directory entries on a NTFS filesystem are internal to the NTFS  MFT these directory entries really should not be removed, as it is in effect damage to the NTFS volume.

MS went out of their way to make sure these could not be touched directly, so beware, that removing them using a foreign OS is not supported by MS.

chkdsk may be able to handle this and repair the missing MFT entries, to some extent,  but there is a possibility of data corruption on the volume...   dumping  in-flight operations from a FS transaction log without a proper rollback can result in some serious corruption.

So you might want to examine what you get after running a chkdsk with full repair very carefully. And depending on the importance of the system,  copy  any documents to backup media,  and  re-format/clean-install with a fresh filesystem you'll know to be healthy


Certainly you can take your chances --  if a full chkdsk succeeds without error and the system boots,  the risk from then on is small.

But there's still a possibility of latent corruption of other system files or metadata you may not find immediately.


 

by: burrcmPosted on 2009-09-21 at 02:03:19ID: 25381192

Mysidia, you obviously haven't experienced this particular error. It is not possible to boot to the DVD once this occurs, so it is a little difficult to take the course you suggest. Microsoft acknowledge this particular issue and offer the hotfix to prevent it.

Chris B

 

by: johnb6767Posted on 2009-09-28 at 20:51:15ID: 25445868

Basically, once I removed the corrupted $TxfLog file, (yes I know it is critical to the funtions of NTFS, but if it is corrupted, youre basically in the same boat you start down by deleting it), I was able to actually use a USB Sata adapter, and browse the drive. Then lo and behold, I found a recovery partition.. Although I BSOD 0xC1F5 booting to a DVD, I could still boot to a Windows ME CD, and I was about to FDISK it, then decided to give the restore a try. I am about to get a logon prompt for the first time on this box, from a fully destructive recovery......

I think the key to it, was removing the file, and allowing it to rebuild...... As before that, I even blue screened a machine that it was slaved to, directly on the controller.........

Cause before that, it was in paperweight mode.....   :^)

 

by: johnb6767Posted on 2009-09-28 at 20:53:04ID: 25445877

FYI, logged back in ok, just need to complete my setup tweaks/install apps and I am good to go.....

 

by: burrcmPosted on 2009-09-29 at 05:30:37ID: 25448097

Glad it's working, but the plan was to boot to the vista DVD and "Repair My Computer", then no need to reinstall. The repair runs for ages, says it can't fix it, then you reboot and it is back to normal. Ah well, a rebuild is almost as good as a new PC....

Chris B

 

by: johnb6767Posted on 2009-09-30 at 09:23:50ID: 25460506

"but the plan was to boot to the vista DVD and "Repair My Computer", then no need to reinstall."

Works great in theory, still couldnt boot to a DVD though, to do the reinstall.... This was the only method... And I HATE RECOVERY REINSTALLS!!!!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...