Jump to content

Recommended Posts

I've read the posts on similar failures. My BSOD happened as I was running Defraggler overnight. I can find no malware or other cause. This is my first encounter with this particular BSOD, which was annotated: RECOVERY FILE DRIVER EXTENSION   what failed: Farftc.sys

Attached is my mb-check-results zip, plus the FRST and Addition files just for the sake of completeness.

Any information you can provide on what went wrong and how I can prevent such failures in the future would be greatly appreciated.

Thanks again for your product, which I have used for many years successfully.

mb-check-results.zip FRST.txt Addition.txt

Link to post
Share on other sites
  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:


To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.


One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team


Link to post
Share on other sites

Can't. My automated cleaning cycle disposed of it on startup, which it should not have done. I will adjust its settings and await a repeat of the problem to repeat the entire process.

Thanks for the quick response. Would that I could answer it as requested.


Link to post
Share on other sites
  • Root Admin

Okay, before we create a crash dump. Please do the following.

Locate the network card you're using in device manager. Then visit the manufacturer website and check for and update the network card drivers

Then if the issue is still happening let's try doing a clean removal and reinstall of Malwarebytes




Link to post
Share on other sites

One of the first things I did. And remove the duplicate card driver because my built-in networking card failed and was replaced with an IDE network driver card. The driver for the dead card always reloads at startup. I also updated the drivers for mouse, keyboard, and my graphics card. No upgrades were available for any of them from the manufacturer or from Windows Update. I've been getting WHEA_UNRECOVERABLE_ERROR BSODs for months now and cannot find the driver supposedly causing the error. I've checked even the motherboard bus drivers; all negative.

It may help you to know I did desktop support for General Motors as part of EDS for some twenty-five years. I'd like to think I still speak the language. Ordinarily I'd take your last advice first and do a wipe and reinstall of MBM, but I'm curious to find the cause, too. I will keep you informed -- and run FRST and mb-check- or later before sending you the files. AND the saved system dump. Let's get to the bottom of this. When it happens again.

Thanks again for all your help.



Link to post
Share on other sites
  • Root Admin

Okay - when ready, let's get some logs please.

Please create a Memory Dump so that we can analyze what may be causing this

Create Process Memory Dump using Windows Task Manager on Windows Vista/7/8/8.1/10:

  • Open Task Manager by pressing Ctrl+Shift+Esc on your keyboard
  • Click Show processes from all users at the bottom to enable that option and click Yes if prompted by User Account Control
  • Click on the Image Name column near the top to sort the list of running processes by name
  • Locate the MBAMService.exe process and right-click on it, selecting Create Dump File
  • Wait a moment while Windows creates the dump file
  • Once it completes it will inform you of the name and location of the dump file - typically C:\Users\Your user name\AppData\Local\Temp\MBAMService.dmp
  • Navigate to this location and right-click on the MBAMService.dmp file and choose Cut
  • Right-click on your desktop or some other convenient location where you'd like to place the file and choose Paste
  • Right-click on the MBAMService.dmp file you just moved and hover your mouse over Send to and choose Compressed (zipped) folder
  • Attach the MBAMService.zip file you just created to your next post or if it is too large, upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply






Link to post
Share on other sites

Negative on dump file creation. On right-click on 'Create dump file' I get an alert window: "The operation could not be completed. Access is denied."

Any idea how I can fix this, or address it some other way? By the way, I'm on Windows 10 64-bit, version 1903, build no. 18362.267. My hardware is a homebuilt box with an AMD Phenom II X6 1100T processor (6 threads) at 3.30 GHz. I run 16.0 GB of RAM on a 500Mb SSD C drive on an MSi 990FXA-GD80 V2 Military Class II motherboard, and an NVIDIA GeForce GTX 1050 ti video card. My replacement network card is

Link to post
Share on other sites

I'm not doing something right. I have a memory dump from an overnight system stoppage -- no BSOD, no notice at all, just a black screen when the machine was supposed to be running Defraggler. But 7Zip refuses to compress the file; access denied, it tells me again. I am attempting to attach the uncompressed MEMORY.DMP file here, but if it fails, I need advice on whatever else I can use to compress the fool thing to send to you. Sorry for the continuing problems, but this seems to be my due this month.

Addendum: I can't even do that! The MEMORY.DMP file disappeared between my attempt to compress it and my writing of this note. I ran no utility that would have disposed of it or performed any action at all. I have no explanation. It would seem I can't compress a MEMORY.DMP, and even when the system produces one, I am unable to either save it or send it to you. I am beginning to suspect gremlins. A gigabyte file like that should not simply vanish.

I am left with no alternative to fixing my original problem than to uninstall Malwarebytes completely and attempt to reinstall it. Frankly, given the machine's odd performance of late, I am reluctant to do this. I'm in the middle of defragging my main data drive, a process that appears will take two weeks (not a typo!) to complete running overnight, and my instinct is to complete this job first and then see if I'm still having problems. The black shutdowns concern me but even Event Viewer isn't showing me why. Memory dumps are being created because of a reboot due to a bugcheck, and other events note that some system files seem to be missing. I would run SFC again but the last time it did, it told me system files were not found in a location that does not exist on my machine. I suspect the problem is larger than Malwarebytes alone.

Until I can find a way forward, I'm going to have to say I cannot proceed with providing a memory dump as required, for reasons unknown. I will be back in contact when I can, or when the problem resolves itself, if it does, on its own. And if it doesn't, I'll be back anyway. I need a resolution for the spookiness I'm experiencing.


Link to post
Share on other sites
  • Root Admin

You seriously have something wrong with this system. Windows 10 automatically runs defrag on it's own. You don't need any 3rd party utility to do that. The fact that any tool would tell you it will take a week to complete, there is something wrong. None of  your hard drives are that big.

I would suggest that you temporarily uninstall Avast antivirus and Malwarebytes as well. Then restart the computer at least one more time after they have been removed. Ensure that Windows Defender is running and no errors reported.

Then run a full disk check on the C:\ hard drive.



Please click on the "Search the web and Windows" box.



Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"




In the command prompt please type the following exactly.


This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.




Then restart the computer and let it run.


After the disk check completes and you're back into Normal Mode for Windows run the following.


Press the Windows + R keys to open the Run dialog, type powershell.exe, and press Enter.

In PowerShell, copy and paste the command below, and press Enter

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

CHKDSKResults.txt file will be created on your desktop, that is the log file of your chkdsk scan results from Event Viewer.

Please upload that file on your next reply






Link to post
Share on other sites

This course of action poses a problem for me. My hardware firewall is out of commission and needs replacement. Windows Defender does not adequately check outgoing traffic for infections communication back to their command-and-control servers. I would have to be offline entirely to remove Malwarebytes and Avast, and would still need to sweep for opportunistic infections before I reconnected to the modem. I cannot endanger my production environment. I will only be able to get to it after I run my current checks.

Speaking of which, I checked Event Viewer for why I was experiencing Black Screens of Death - no text, just a black screen and an inert machine. I found references to bugchecks, resources that were not present, and finally a WHEA monitor alert. I have since removed NVIDIA's GEForce Experience automatic driver updater, which apparently was causing these faults. Or at least some of them. I am now looking to see how it handles my normal workload. If I find no further interruptions, I'll run CHKDSK as instructed and send you the results as directed. Thanks for your patience and your attention to my sickening details. I appreciate the support greatly.


Link to post
Share on other sites

Oh-- Incidentally, Windows does a remarkably poor job of defragmenting my files; the oldest fragment I have found so far is dated 2008, and fragmentation on my 3Tb data drive was 41%. resulting in unacceptably degraded performance.

Windows defrag is also not the indicated tool for my SSD C drive, which requires trimming from time to time, not defrag, which can reduce the life of the drive with no appreciable difference in performance.

I have three internal 3Tb drives for 9Tb of storage aside from my NAS drives.  I believe I have a real need for a professional defragmentation tool to keep my operation going. But thanks for your concern.


Link to post
Share on other sites
  • Root Admin

Windows does not defrag your external drives out of the box. Only the OS drive. But if you tell it to defrag it will degrag those drives too. As for the technology I can promise you that everyone is using the API from Microsoft. Different programs over time have provided "features" that Microsoft did not out of the box and Microsoft themselves has even used Diskeeper for many years in a limited version.  I actually worked with the Engineers of Diskeeper years ago to fix some issues (they were about a block away) - they've since sold the business long ago. No harm in using any program you like to defrag your hard drives and if you feel program x gives you options another does not then I would agree, use that program. Under the covers though they're using the built-in Windows API to move and manipulate files and folders. However, my main point is that if you have any hard drive that is going to take 5 days or more to complete then there is some software configuration issue or a hardware issue. I have a 16TB drive and it doesn't take that long.




Edited by AdvancedSetup
updated information
Link to post
Share on other sites

Part of the problem is my not paying attention to the growing fragmentation on my data drives, which only recently became troublesome. Professionally, I would find a drive with more than 7% fragmentation in need of a defrag. A fragmentation of 41% is no longer a minor operation, but a major reorganization of the entire contents of the drive. I'm not that surprised that it has taken longer than a week; this is a production drive, after all, and every day, alas, I'm forced to worsen the situation saving down correspondence and articles needed for my work. Every file on it will probably be moved at least five times, refragmented in the process, and require defragmentation at least five times. The file list produced at every initiation of the program confirms this. Nonetheless, I'm making progress. Didn't I mention that the oldest file fragment is from 2008? This problem is older than Windows 10 and I have unfortunately let it go on this long. My experience shows that the longer the interval without defragmentation, the larger the task to get the drive back into shape. I can't recall a drive so badly fragmented in my professional life. It's typically easier to simply move the files to another medium and restore them to a freshly-erased drive; this option is not available to me presently or I'd be doing that instead. Take this as an object lesson in why you need to regularly defrag and not leave the task to automatic programs, no matter how lauded. Sooner or later you will wind up with a drive paralyzed by fragmentation, and face the same choices I had.

By the way, I was very fond of Diskeeper that I used professionally, and have felt the lack of its capabilities ever since. I've heard good things about Defraggler; I'm giving it a chance here. Knowing it's not an afternoon's job.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.