Jump to content


BSOD Kernel Dump Expert
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About jcgriff2

  • Rank
    BSOD Kernel Dump Expert

Contact Methods

  • Website URL

Profile Information

  • Location
    New Jersey Shore
  • Interests
    Microsoft MVP (2009-2016)
    Microsoft Windows Insider MVP (2018 - Present)

Recent Profile Visitors

3,622 profile views
  1. Hi @knightng . . . I'd like to get a look at the BSOD kernel memory dump file(s), please. Please run steps 1 and 2 found in this sticky thread - Blue Screen of Death (BSOD) Posting Instructions - Windows - BSOD, Crashes, Kernel Debugging - Malwarebytes Forums Attach the resulting zip file to your next post. Thank you. Regards. . . jcgriff2
  2. Folder Guard (driver = fguard64.sys) is the probable cause listed in your second screenshot. I suggest that you either update the software or remove it from your system. Regards. . . jcgriff2
  3. Hi. . . Unfortunately, there are no BSOD dump files in your attached zip file for me to take a look at. I do see an exception error code on your screen - 0xc0000098 - either you have the wrong driver installed for your internal drive or you are having boot configuration issues. I just had a Boot Config error on my laptop and had to reinstall Windows. Then I bought a new laptop! I also see hal.dll mentioned on the screen, which is the Hardware Abstract Layer, indicative that there is a likely hardware issue. Run SeaTools for DOS, LONG test on your internal drive - (7) H
  4. Hi. . . Apologies for the late reply. You have had your share of BSODs - 14 of them going back to August 2019. You even had one on New Year's Day that had the same bugcheck (0x133 - DPC_WATCHDOG_VIOLATION ) as the four BSODs that I've processed that occurred recently. Same goes for your very first BSOD last August - 0x133 bugcheck. "WATCHDOG" in Windows usually refers to video, but not always. I'm seeing a lot of "Unknown_Image" and "Unknown_Module" listings in the dumps, which should be driver names, not UNKNOWN whatever. This is usually a problem related to RAM or
  5. Hi. . . I have processed the 5 BSOD mini kernel dumps and do believe that we are likely dealing with unknown hardware failure here because of the different bugchecks as well as the dump content. Furthermore, 2 of the dumps contain Unknown_Image in place of driver names, which tells me that some type of memory corruption is occurring. Memory corruption can be caused by a number of factors from bad RAM to a faulty hard drive; heat; over-clocking; motherboard failure; PSU problems, etc.. -- basically anything that could destabilize RAM - while a module is being loaded from the hard drive int
  6. Hi. . . I am a BSOD Analyst and there are no dumps in your zip file. I am not a hardware expert, either. I sit on the software/app side of the fence. All that I can advise you to do is to run tests for RAM and hard drive as I do believe that unknown hardware failure is occurring. RAM - memtest86+ - run 1 stick at a time; alternate the slots - https://www.sysnative.com/forums/hardware-tutorials/3909-test-ram-memtest86.html HDD - SeaTools for DOS, LONG test - https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics-sea-tools-dos-ssd-test.html
  7. Hi. . . Please run the BSOD Posting Instructions - The resulting zip file will contain the mini-kernel memory dumps + about 25 system related files. Once I have the dumps specifically, I can process them and hopefully they will yield a clue. With all this new hardware - are your hard drives new? Did you reinstall Windows after the hardware changes, or did you just take the old hard drives from the old system, put them in the new system and boot-up? If you did not reinstall Windows, you must do so because of the new hardware. Also, you must own a "full retail" copy o
  8. Hi. . . @bsodeath My apologies for the late reply. Almost always, when critical Windows system services and Windows executables die suddenly without explanation, a hard drive is involved. What typically happens is that during Superfetch/Prefetch or paging operations, kernel data from the hard drive gets loaded into RAM and during this process corruption occurs; the system service or Windows executable suddenly dies. Run Hard Drive diagnostics on ALL drives connected to the system, even if one or more is a simple USB stick. Run SeaTools for DOS, LONG test - https://ww
  9. Hi. . . Be sure to update your MBAM installation to the most recent version. Regards. . . jcgriff2
  10. Hi again. . . Would you please run through our BSOD Posting Instructions? The output may yield some clues. Regards. . . jcgriff2
  11. Are you in fact running the most recent version of MBAM? I would suggest that you install the current available version to be certain - https://www.malwarebytes.com/ Regards. .. jcgriff2
  12. Hi. . . I ran all 6 dumps and the cause of the BSODs is in fact Malwarebytes. MBAMSwissArmy MBAMSwissArmy.sys Wed Jul 29 00:26:01 2015 (55B855D9) As you can see the driver is from 2015. I'm also finding other MBAM drivers dated 2015. When is the last time that you updated your Malwarebytes installation? I suggest that you update it now - https://www.malwarebytes.com/ Regards. . . jcgriff2 Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\032019-26140-01.dmp] Built by: 17763.1.amd64fre.rs5_release.180914-1434 Debug session time: Wed Mar 20
  13. Turn Driver Verifier off. The fact that Driver Verifier did not BSOD your system means that more than likely, the cause of your BSODs is unknown hardware failure. Driver Verifier ran, stress-tested all of your 3rd party drivers and found no problems or issues with them. Regards. . . jcgriff2
  14. Take the chance so that you can remove the [likely] one bad RAM stick. Be careful when handling RAM. Touch some metal first to drain any electric shock out of yourself.
  15. Hi. . . I am assisting usasma until his eyesight recovers. I re-ran the original dump and did in fact see the 0x3b bugcheck (system service threw an exception); the exception error code is - 0xc0000094 - Integer division by zero -- meaning that a variable in ntfs.sys attempted to divide a number by zero, which is illegal. I assume that ntfs.sys was involved (as was NT - the Windows kernel) because it is the last driver identified on the stack (scroll to right - you'll see ntfs.sys about 3/4 of the way across starting on the 9th line down - # Child-SP RetAddr
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.