Jump to content

Tech Sup Corner

Recommended Posts

After providing tech support in a Linkshell last night, I figured I'd just make a thread in case anyone else is having issues. For any given computer problem there can be any number of causes. There are at least a few "general practice" things you can do to keep up on your PC's health (much like checking fluid levels in a car)


Windows System File Checker tool

This command has been built into Windows since XP-SP3. It can be run from the command prompt (preferably elevated). This will scan all critical Windows system components and compare the file signatures to those within the WinSxS (formerly i386) folder. If any of them are damaged, it will copy snapshots of the original file back to the system folder. If files cannot be repaired, it will create a log file showing all such files.


1.) Open a command prompt

- Start -> All Programs -> Accessories -> Command Prompt

OR - Start -> {start typing the name 'command prompt', and it should appear in a list. Click or hit enter}

OR - Start -> Run -> {type 'cmd', hit enter}

OR - Key Combo Win+R -> {type 'cmd', hit enter }

OR (Windows 8 and newer) - Right-Click the start button area, chose 'Command Prompt (Admin)'


2.) Type the command: sfc /scannow

3.) Enter


The tool will take time to perform the scan. You can do other things while this happens. When finished, if all is well it should say no errors were found. If it was able to repair a problem, it should say files were repaired. If it could NOT fix the problem, it will say that some files could not be repaired.


If it did find corruption, then you most likely found whatever cause of Windows instability has been plaguing you recently. Corrupted system files can cause all sorts of bad behaviour from crashes, to blue screens, to things just locking up. You can either attempt a system restore (followed by another SFC scan to be sure), take it to a professional, or try a manual repair (instructions below).


How to find those files:

You will need to parse the CBS log file. This is for advanced users only.


1.) Open a command prompt in the folder C:\Windows\Logs\CBS

- Browse to that folder in Explorer. Hold down shift, and right-click in empty space. Chose "Open Command Window Here" from the list.

OR - From the command prompt, type 'cd C:\windows\lots\cbs' and hit Enter.


2.) Type the following command: findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

3.) Enter


This will parce the CBS.log file and put the results into a text file named sfcdetails.txt, inside that folder. You can open this with notepad, wordpad, word, etc. What you are looking for are lines that say something to the effect of "Cannot repair member file XYZ". This is the file you need to manually copy. Either find said file on a working computer, or try to download it off the web from a trusted source. You can copy it to the correct location and overwrite the old one. Reboot when finished and run SFC again to be sure everything is fixed.

Link to comment

Windows Blue Screen of Death (Crash-dump)

Most people see this screen and think their computer is dead. Others see it as a major annoyance or take it as proof that Windows is the worst operating system out there. In truth, this is a bug-check screen that developers need to correct major flaws in their software.


The BSoD only occurs if there is a major hardware failure, or if a poorly written piece of software (usually drivers) tells the computer to do something it can't physically do (access RAM that doesn't exist, or poll the CPU on a locked interrupt request line, for example).


What can you do with this? Not much, unfortunately, as it requires special programs to parse. Luckily someone has made a website to do that for you.


Instant Online Crash Analysis


Here you can upload a Windows minidump file to be analyzed instantly online, and view the results. The file you are looking to upload will be located in C:\Windows\Minidump and will end with .dmp


The pertinent information is located under the Primary Analysis section. You are looking for this section here (as an example):





Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.


Arg1: 000000007789747a, Address of system function (system call routine)

Arg2: 0000000000000001, Current IRQL

Arg3: 0000000000000000, 0

Arg4: fffffa6004b9bca0, 0


Debugging Details:



TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2








00000000`7789747a ?? ???






LAST_CONTROL_TRANSFER: from fffff800018b6eee to fffff800018b7150



fffffa60`04b9ba68 fffff800`018b6eee : 00000000`0000004a 00000000`7789747a 00000000`00000001 00000000`00000000 : nt!KeBugCheckEx

fffffa60`04b9ba70 fffff800`018b6e04 : 00000000`00001d5c 00000000`1d02aa28 00000000`00000000 fffff800`00000001 : nt!KiBugCheckDispatch+0x6e

fffffa60`04b9bbb0 00000000`7789747a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x209

00000000`1d02ab48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7789747a







fffff800`018b6e04 4883ec50 sub rsp,50h




SYMBOL_NAME: nt!KiSystemServiceExit+209






IMAGE_NAME: ntkrnlmp.exe






BUCKET_ID: X64_RAISED_IRQL_FAULT_LTSVC.exe_nt!KiSystemServiceExit+209


Followup: MachineOwner




The name bolded in the example is the piece of software that caused this bluescreen. From there you can search online to find out what this is, and then either uninstall it, update it, or whatever you need to do to resolve the issue.


Hope this helps.

Link to comment

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Create New...