Monday, August 18, 2008


Last night, I did something stupid on my primary desktop computer (a Vista box) and needed to restore the system to a recent backup. I use Windows Home Server on my home network, so I was confident in my ability to roll back the system to a previous night's backup. I booted my machine using the WHS Client Restore CD, chose the appropriate backup, waited (im)patiently for about two hours while the bits were restored, the system rebooted...
...and that's when I saw the Blue Screen of Death... specifically, a STOP 0x0000C1F5. Shit.
Now, my first instinct was that I had a sketchy backup image in WHS, and perhaps I should try a slightlly older one. I repeated the restore process with three older backups and got the same result. On the verge of going off on a major "WHS sucks" tirade, I instead opted for some Googling on a still-working system to see if I could find any clues. It seems as though the frequency of reports of STOP 0x0000C1F5 problems is increasing, with most people attributing the issue to a bad Vista SP1 (or prepare-for-SP1) update or patch. Microsoft acknowledges the problem in KB946084, but there is no public hotfix or workaround save for "clear the MBR and reinstall", which IMHO is unacceptable.
Looking at the problem a little more closely, it seems that if the $TxfLog file is corrupted, the Common Log File System Driver shits the bed at boot time, causing the BSOD. The particularly nasty thing about this problem is that you cannot even boot the Vista distribution DVD to use its repair tools; the BSOD occurs when you boot from DVD too! Basically, it crashes whenever a Windows box tries to mount the file system.
Soooo... a fix might be possible by accessing the disk using an operating system that doesn't give a rat's ass about Windows file systems (e.g. Linux).
At this point, I broke out one of my favorite sysadmin tools, SystemRescueCD. This is a Linux-based live distro that has all sorts of diagnostic and repair goodies on it. I figured that if I booted the SystemRescueCD disk, I might be able to diagnose, and maybe even repair, the problem.
(Unsolicited plug alert: take a minute to download SystemRescueCD, burn a copy, and add it to your sysadmin bag of tricks. The folks who make and maintain this disc do a helluva good job... it has saved my bacon more than once. Check it out.)
So, here's an overview of how I fixed my system. For part 1, you need a SystemRescueCD disc. Don't forget that Linux commands are case-sensitive, so pay careful attention to upper and lower case letters and spaces between items on the command line. Also note that several of these file names contain dollar signs ($), and the $ must be escaped from interpretation by the shell by preceding it immediately with a backslash (\), e.g. "\$foo" when referring to a file named $foo.
Boot the SystemRescueCD disc, answering any localization questions as required, until you get to a shell prompt.
Mount your hard drive at /mnt/windows using ntfs-3g, e.g. "ntfs-3g /dev/sda1 /mnt/windows". You may have to "ls /dev/hd*" or "ls /dev/sd*" or "fdisk -l" to figure out the correct device to mount. If you are using a RAID device for your root file system, run "dmraid -ay" to attempt to mount all available RAID file systems, then "ls /dev/mapper" and look for your device. Also, if the NTFS file system is corrupted (which it probably is if you are reading this post) you may have to add the "-o force" flag to the mount, e.g. "ntfs-3g /dev/sda1 /mnt/windows -o force".
Verify that you have the correct file system mounted by "ls /mnt/windows". You should see the content of "C:" or whatever is your boot drive in Windows... if you don't, repeat Step 2 until you mount the correct device.
Navigate to the first hidden folder: "cd /mnt/windows/\$Extend". Note the backslash before the $; that is important as it keeps the command shell from interpreting the $ (it is really part of the file name).
Navigate to the second hidden folder: type "cd \$RmMetadata". Once again, note that the $ is escaped with a backslash.
Type "ls". Among the files/folders listed you should see "$TxfLog".
Take a deep breath and recursively remove the $TxfLog file: "rm -rf \$TxfLog". Once again, note that the $ is escaped with a backslash.
Use "ls" to verify that it has been deleted. (You should see the same listing as in Step 6 except the $TxfLog folder is now missing.)
"cd /", "umount /mnt/windows", and "init 6" to reboot, removing the CD when appropriate.
At this point, your system will no longer bluescreen, but it won't boot, either. To fix that, here's part 2, for which you'll need a Vista DVD.
Boot the Vista DVD and choose "Repair my computer".
When the system looks for Vista installations to repair, it probably won't find any. Don't panic; just click Next.
In the System Recovery Options list, choose Startup Repair. The system will process for a minute or two, then state that it needs to reboot to finish its repair. Allow it to reboot.
Remove the DVD at the appropriate time and allow the system to boot from the hard drive.
If the system complains that it was not shut down properly, choose "boot normally".
That's it. With any luck at all you should have a bootable system again.
The STOP 0x0000C1F5 bug is a nasty one, and I am confident that Microsoft will release a hotfix and/or Windows Update for it soon. In the meantime, if you are experiencing the problem, I hope this article helps to get you running again.


Rashedimo said...

hi there

how you are doing ? hope fine

thanks a lot for your help

i have been follwing your steps and was fine until i reach init 6

it was shutting down then finally the system look like stuck i waite for 10 min nothing happen then i did shutdown it manul

redo again the steps then i found the file available again TxfLog

so any help


Barley said...

Thank you, worked on my second attempt.

Dumont said...

Thank you so much! I can't believe that actually worked. And it was pretty easy.

For those who may not have done anything like this before with linux, notice that some of the commands to enter have spaces in different parts.

Also, my computer didn't come with a Vista DVD but the repair still worked without using any CD or DVD.

rsasso said...

Thank you for your solution, for this big trouble. You are very clear in your intruccion. It worked excelent. I fixed my problem, thank you so much!!
I deleted the file, and just restarted my laptop and everything return the normality
Greetings from Chile South America.

Ryan said...
This comment has been removed by the author.
Ryan said...
This comment has been removed by the author.
Rajsekar said...

Hi, I am unable to delete the file $TxfLog as it tells invalid option -- '$'. Please help as I need my system very urgent

Ryan said...

Download Windows 7 beta and throw it in the cd drive. Boot and it will repair all of this for you. It will repair the damaged sector and you can cancel out of installing Windows 7. This is a new solution suggested my Microsoft themselves but props to this site's author for explaining a workaround.

Thurman said...

Ryan's comments,
I had a old Windows 7 Beta Disc so I put it in and no more errors anywhere!!! I think that was the only way to get my PC back. The Recovery Disc wouldn't work either. Thanks Ryan!!!!

Andy said...

thanks for your comments on Windows 7. I downloaded windows 7 RC then burnt & booted from the DVD, exited out of the windows install at the first available opertunity then restarted the PC and everything worked again! I had the penguin in reserver just in case!
Thanks Ryan & Vijay

Eric Kim said...

Black magic! But it worked perfectly - thanks so much for the great instructions! Got my friend's laptop back to life - now we can back up his files and do a nice reformat...

Franklin said...

Hello Vijay, Thanks Very Much for your explanation regard Stop: 0x0000c1f5
I suffer this vista failure and:

1) I try to recover from disc recovery ( H.D. and CD )
2) I check from BIOS memory and HD all O.K. I suspect then from O.S.
3) I Contact HP chat help desk ( I have a notebook HP dv26226la ), after a lot of questions the suggest to me to contact microsoft.
4) I check on Internet and saw your YouTube video
5) Follow your instructions: I was some troubles making a bootable CD of sysrescd because I use first Nero 7 , but I did not boot, then check in other computer and did not work, then check on internet regard this trouble and find other user with same problem and solve it using Deep-Burner, then I download and install it and make a bootable image and was success booting sysrescd
6) Follow your instructions and delete $Txflog file
7) Reboot and use system recovery, and install a restoration point from 5 days ago, all work properly and I do not loose any information in my computer

I want to give to you my sincerely grateful
Best Regards
From Caracas Venezuela

hawkeyeknight said...

This is a great explanation on how to get past the C1F5 BSOD, but you never indicated if you were able to restore your files from the HP server. As the BSOD happens at the end of the restore process, were all of your files restored once the faulty log file was repaired and the system rebooted? How about for the Windows 7 fix - would that work equally well, i.e. would the restored files be intact?

hawkeyeknight said...

This is a great explanation on how to get past the C1F5 BSOD, but you never indicated if you were able to restore your files from the HP server. As the BSOD happens at the end of the restore process, were all of your files restored once the faulty log file was repaired and the system rebooted? How about for the Windows 7 fix - would that work equally well, i.e. would the restored files be intact?

ARULI said...


choplin said...

thank you man, it worked at first time, without vista dvd or nothing, y only did until "init 6" and restart.
Thank you very much, greetings from Barcelona.

Nolasco said...

Thank you very much. I am brazilian and your blog has solved my problem. I spent about 1 day trying everything and only 15 minutes with your step-by-step solution.

Best regards
Luiz Augusto Nolasco da Silva

amatore said...

Made my day ,saved my week.

Carlos D. said...

You are a lifesaver. Thank you so much for taking the time to write this tutorial. Genius! I hope you're a millionare!

Kalpesh said...

Thanks a ton for this! I followed the steps and eureka! it worked like charm :) One thing to add. If you even dont have Vista DVD for the step 2 mentioned in the post, do not worry. Just choose the option "Repair system" during next boot and it should repair the problem and your system should be ready! Thanks again!

stevo5398 said...

Yes hi. I did the steps and got rid of the file but the blue screen still shows up. Got me all worked up for nothing haha. any help past this would be great.

alex said...

When installing the new live messenger everything fine until the last bit around 72% and it crashes any ideas? visit- Windows live mail support also Call +1-800-231-4635 (Toll Free).