No Dump Files in the "SysnativeFileCollectionApp.zip" file

[jcgriff2]

Obviously, we expect there to be mini kernel memory dump files in the SysnativeFileCollectionApp.zip file attached by OPs.

Before assuming that there is something wrong with the OPs system rendering it incapable of producing dump files, it is worthwhile to check out some of the other files contained in the zip file first.

For example, this BSOD thread - Now only boot in Safe Mode and getting slower - Windows Crashes, BSOD, and Hangs Help and Support

There are no dump files found in the attached SysnativeFileCollectionApp.zip file.

The "DIR" portion of the Jcgriff2Log.txt file shows no dump files either (DIR listing is toward the end of the log):

Read More:

Sat 05/23/2015 12:32:02.19 Begin Logging
v4.6.0 compiled EXE
v4.6.0 compiled EXE
v4.6.0 compiled EXE
v4.6.0 compiled EXE
Sat 05/23/2015 12:32:02.20 Finished set commands                     - error level - 0

Sat 05/23/2015 12:32:02.22 Changed the title of the screen           - error level - 0
Sat 05/23/2015 12:32:02.23 Did a PushD to HomeDrive:HomePath\Document- error level - 0
Sat 05/23/2015 12:32:02.23 Checked for existance of TSE Sub-Dir      - error level - 0
Sat 05/23/2015 12:32:02.25 Created user Dir                          - error level - 0
Sat 05/23/2015 12:32:02.56 Copying mini-kernel dump files            - error level - 0
Sat 05/23/2015 12:32:02.69 Copying mini-kernel dump files Done       - error level - 1
-
* * *    B S O D    F I L E    C O L L E C T I O N    S C R I P T    * * *
         Authors:
            jcgriff2 - J. C. Griffith, Microsoft MVP
            TheOutcaste - Jerry Wines, Microsoft MVP
            Patrick - Patrick Barker, Microsoft MVP
            niemiro - Richard
            Tekno Venus - Stephen
         ©  [URL]https://www.sysnative.com/[/URL]
         ©  sysnative.com - MVP
         © 2008 - 2014 sysnative.com
            Last Update: July 2014
         New Jersey, USA; Oregon, USA; New York, USA
         ALL RIGHTS RESERVED
-
  Sat 05/23/2015   12:31:56.88  ----- Actual Start execution time
-
      B E G I N      jcgriff2    B A T C H   E X E C U T I O N
      B E G I N      jcgriff2    B A T C H   E X E C U T I O N
-
-
Sat 05/23/2015 12:32:02.72
-
Original home drive =  C:
home path           =  \Users\John
current directory   =  C:\Users\John\Documents
-
Sat 05/23/2015 12:32:02.77 Running WHOAMI command                    - error level - 1
-
ALL user SIDs ------
USER INFORMATION
----------------
User Name     SID                                         
============= =============================================
john-pc1\john S-1-5-21-2063155984-900280046-2147576916-1000

GROUP INFORMATION
-----------------
Group Name                           Type             SID          Attributes                                                    
==================================== ================ ============ ===============================================================
Everyone                             Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group            
BUILTIN\Administrators               Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                        Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group            
NT AUTHORITY\INTERACTIVE             Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group            
NT AUTHORITY\Authenticated Users     Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group            
NT AUTHORITY\This Organization       Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group            
LOCAL                                Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group            
NT AUTHORITY\NTLM Authentication     Well-known group S-1-5-64-10  Mandatory group, Enabled by default, Enabled group            
Mandatory Label\High Mandatory Level Unknown SID type S-1-16-12288 Mandatory group, Enabled by default, Enabled group            

PRIVILEGES INFORMATION
----------------------
Privilege Name                  Description                               State  
=============================== ========================================= ========
SeLockMemoryPrivilege           Lock pages in memory                      Disabled
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege         Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled
-
Sat 05/23/2015 12:32:02.97 WHOAMI Command Done                       - error level - 1
-
-
Get basic system information . . .
Number of processors . . . . 4
PC Brand . . . . . . . . . .
Platform . . . . . . . . . .
Processor Architecture . . . AMD64
Processor Identifier . . . . AMD64 Family 16 Model 2 Stepping 2, AuthenticAMD
Processor Level. . . . . . . 16
Processor Revision . . . . . 0202
Operating system . . . . . . Windows_NT
Windows Dir. . . . . . . . . C:\Windows
User Profile Dir . . . . . . C:\Users\John
-
Sat 05/23/2015 12:32:03.05 Starting msinfo32 - save in NFO format
-
Sat 05/23/2015 12:32:03.20 msinfo32 Started                          - error level - 0
-
-
Sat 05/23/2015 12:32:03.20 Starting dxdiag
-
Sat 05/23/2015 12:32:03.26 dxdiag Started                            - error level - -
-
-
Sat 05/23/2015 12:32:03.26 Copy Hosts File
-
Sat 05/23/2015 12:32:03.30 Copy Hosts File Done                      - error level - 0
-
-
Sat 05/23/2015 12:32:03.30 Starting Driver Query #1
-
Sat 05/23/2015 12:32:03.46 Driver Query #1 Started                   - error level - 0
-
-
Sat 05/23/2015 12:32:03.46 Starting Driver Query #2
-
Sat 05/23/2015 12:32:03.54 Driver Query #2 Started                   - error level - 0
-
-
Sat 05/23/2015 12:32:03.55 Starting Driver Query #3
-
Sat 05/23/2015 12:32:03.63 Driver Query #3 Started                   - error level - 0
-
-
         D R I V E R      Q U E R Y      E N D
-
-
Sat 05/23/2015 12:32:03.73 Starting Event Viewer log dump - apps
-
Sat 05/23/2015 12:32:03.87 Event Viewer log dump - apps - Started    - error level - 0
-
-
Sat 05/23/2015 12:32:03.87 Starting Event Viewer log dump - System
-
Sat 05/23/2015 12:32:04.00 Event Viewer log dump - System - Started  - error level - 0
-
-
Sat 05/23/2015 12:32:04.00 Starting TRACERT and IPCONFIG
-
-
Sat 05/23/2015 12:32:04.12 TRACERT Started                           - error level - 0
-
Sat 05/23/2015 12:32:04.64 Running IPCONFIG Done                     - error level - 0
-
-
Sat 05/23/2015 12:32:04.65 Starting SystemInfo
-
Sat 05/23/2015 12:32:04.77 SystemInfo Started                        - error level - 0
-
-
Sat 05/23/2015 12:32:04.77 Starting SysInfo e-mail removing vbs script
-
-)
Sat 05/23/2015 12:32:04.97 Export current variables Done             - error level - 0
-
-
Sat 05/23/2015 12:32:05.01 Starting WHERE *.sys Command
-
-)
Sat 05/23/2015 12:32:16.06 NETSH Commands Done                       - error level - 1
-
-
Sat 05/23/2015 12:32:16.06 Running NETSTAT Command
-
Sat 05/23/2015 12:32:17.14 NETSTAT Command Done                      - error level - 0
-
-
Sat 05/23/2015 12:32:17.15 Obtaining Windows Error Reporting information
-
Sat 05/23/2015 12:32:19.81 Windows Error Reporting Done              - error level - 0
-
-
Sat 05/23/2015 12:32:19.81 Running Windows Management Instrumentation
-
Sat 05/23/2015 12:33:23.66 Windows Management Instrumentation Done   - error level - 0
-
-
Sat 05/23/2015 12:33:23.66 Listing running Tasks
-
Sat 05/23/2015 12:33:25.20 Running executing Tasks Listing . . . DONE
Issue cd cmd - Where are we? . . .
C:\Users\John\Documents
Sat 05/23/2015 12:33:25.20 cd command issued                         - error level - 0

Sat 05/23/2015 12:33:25.21 Downloading and executing autorunsc.exe. . .

Sat 05/23/2015 12:33:28.36 Downloading and executing autorunsc.exe. . . DONE

Sat 05/23/2015 12:33:28.36 Copy dumps - 2nd time
Sat 05/23/2015 12:33:28.63 Copy dumps - 2nd time . . . Done          - error level - 1
Sat 05/23/2015 12:33:28.63 Begin registry dump - program un-install strings in case needed
Sat 05/23/2015 12:33:33.06 Regquery 1 . . .  D O N E                 - error level - 0
Sat 05/23/2015 12:33:33.11 Regquery 2 . . .  D O N E                 - error level - 0
Sat 05/23/2015 12:33:33.26 Regquery 3 . . .  D O N E                 - error level - 0
 Volume in drive C is Partition_1
 Volume Serial Number is 400F-9880
 Directory of C:\Users\John\Documents\SysnativeFileCollectionApp
05/23/2015  12:33 PM    <DIR>          .
05/23/2015  12:33 PM    <DIR>          ..
05/23/2015  12:33 PM             4,182 Autoruns.txt
05/23/2015  12:32 PM            36,919 DriverqFo.txt
05/23/2015  12:32 PM                 0 DriverqSi.txt
05/23/2015  12:32 PM            63,686 DriverqV.txt
05/23/2015  12:32 PM                 0 EvtxAppDump.txt
05/23/2015  12:32 PM                 0 EvtxSysDump.txt
05/23/2015  12:33 PM             3,912 HKCUSoftMSWinCVUninstall.txt
05/23/2015  12:33 PM             9,828 HKLMSoftMSA-SInstalledComponents.txt
05/23/2015  12:33 PM            50,830 HKLMSoftMSWinCVUninstall.txt
11/01/2014  02:22 PM               741 Hosts.txt
05/23/2015  12:32 PM             6,453 IPconfigAll.txt
05/23/2015  12:33 PM             9,614 Jcgriff2Log.txt
05/23/2015  12:32 PM             2,265 KernelDumpList.txt
05/23/2015  12:32 PM            11,566 NetSHLAN1.txt
05/23/2015  12:32 PM            16,399 NetstatJcgriff2
05/23/2015  12:32 PM               138 NetstatJcgriff2.StdErr
05/23/2015  12:32 PM            23,766 RAMInfo.html
05/23/2015  12:32 PM             3,652 SetEnvironmentVar.txt
05/23/2015  12:32 PM               153 SysList.txt
05/23/2015  12:32 PM                 0 SystemInfo1.txt
05/23/2015  12:33 PM            46,863 TasklistSVCHOST.txt
05/23/2015  12:32 PM               926 Tracert.txt
05/23/2015  12:32 PM                29 WERALL.txt
05/23/2015  12:32 PM            16,617 WERLocalAppData
05/23/2015  12:32 PM            37,028 WERProgramData
05/23/2015  12:33 PM             1,342 WMICRecoveros.txt
              26 File(s)        346,909 bytes
               2 Dir(s)  238,158,602,240 bytes free
Sat 05/23/2015 12:33:33.26 Dir command . . . Done                    - error level - 0
Sat 05/23/2015 12:33:33.27 -- E  O  J  -  End of Job . . .
Sat 05/23/2015 12:33:33.27 -- E  O  J  -  End of Job . . .
Sat 05/23/2015 12:33:33.27 -- E  O  J  -  End of Job . . .

* * *    B S O D    F I L E    C O L L E C T I O N    S C R I P T    * * *
         Authors:
            jcgriff2 - J. C. Griffith, Microsoft MVP
            TheOutcaste - Jerry Wines, Microsoft MVP
            Patrick - Patrick Barker, Microsoft MVP
            niemiro - Richard
            Tekno Venus - Stephen
         ©  [URL]https://www.sysnative.com/[/URL]
         ©  sysnative.com - MVP
         © 2008 - 2014 sysnative.com
            Last Update: July 2014
         New Jersey, USA; Oregon, USA; New York, USA
         ALL RIGHTS RESERVED
Sat 05/23/2015 12:33:33.39 -- E  O  J  -  End of Job . . .
Sat 05/23/2015 12:33:33.40 -- E  O  J  -  End of Job . . .

The WERCON portion of msinfo32.nfo ("Software Environment"; "Windows Error Reporting") is completely empty, which is rare, but not uncommon as Windows does provide an option to delete all WERCON entries via Action Center/ Problem Reporting & Solutions.

The oddity is compounded by the fact that the WERALL.txt file is not empty; however its contents reveal that the OP has some bad/broken Junctions; namely -
- Documents and Settings
- Appdata
- Local Settings

Seeing WER files with those path names (specifically the 1st & 3rd) first led me to wrongly conclude momentarily that OP had an XP system. A quick check of systeminfo.txt shows build number 6.0.6002 = Vista SP2

You can see the Junction problems, especially given the many repetitive \Application Data paths listed:

1st line of file:

1680 1/16/2015 12:06:11 AM "C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report024feca2\Report.wer"

Entire file - View attachment WERALL.txt

Here is one of the longest entries showing the broken \Application Data Junction -

"C:\Users\John\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report01d8f1fb\Report.wer"

The last time I tested, it was possible for the broken Junction to repeat itself up to 16 times. I guess it would depend on the length & the 255/6 character DOS shell limit. The Junction problem is also causing file listings to replicate for each WER file, i.e., you'll find the same filename, but with different numbers of replicated paths.

There is definitely something wrong with OPs system here because WERProgramData + WERLocalAppData files show at least 96 *.WER files, so I would expect to see msinfo32's WER section populated.

Anyway, back to our "no dump" issue --

Another file in the SysnativeFileCollectionApp.zip file that should be checked is the KernelDumpList.txt file, which I added to the app to create a DIR output listing of -

%windir%\minidump\*.dmp + also DIR for the full kernel dump, located - %windir%\memory.dmp

OPs KernelDumpList.txt file shows 15 minidumps, but no full kernel dump -

Read More:

Sat 05/23/2015 12:32:02.57

  LISTING OF MINI KERNEL DUMP FILES
  LISTING OF MINI KERNEL DUMP FILES
 Volume in drive C is Partition_1
 Volume Serial Number is 400F-9880
 Directory of C:\Windows\minidump
05/20/2015  07:17 AM    <DIR>                       JOHN-PC1\John          .
05/20/2015  07:17 AM    <DIR>                       JOHN-PC1\John          ..
05/17/2015  09:20 AM           310,826 MINI05~1.DMP BUILTIN\Administrators Mini051715-01.dmp
05/18/2015  10:58 PM           293,405 MINI05~2.DMP BUILTIN\Administrators Mini051815-01.dmp
05/18/2015  11:00 PM           343,351 MINI05~3.DMP BUILTIN\Administrators Mini051815-02.dmp
05/18/2015  11:03 PM           293,405 MINI05~4.DMP BUILTIN\Administrators Mini051815-03.dmp
05/18/2015  11:05 PM           293,405 MI070B~1.DMP BUILTIN\Administrators Mini051815-04.dmp
05/19/2015  10:57 PM           342,823 MI0B7D~1.DMP BUILTIN\Administrators Mini051915-01.dmp
05/19/2015  11:06 PM           343,346 MI0F7D~1.DMP BUILTIN\Administrators Mini051915-02.dmp
05/19/2015  11:09 PM           293,405 MI038D~1.DMP BUILTIN\Administrators Mini051915-03.dmp
05/19/2015  11:13 PM           333,506 MI078D~1.DMP BUILTIN\Administrators Mini051915-04.dmp
05/19/2015  11:16 PM           342,583 MI0B8D~1.DMP BUILTIN\Administrators Mini051915-05.dmp
05/19/2015  11:19 PM           333,506 MI7BF6~1.DMP BUILTIN\Administrators Mini052015-01.dmp
05/20/2015  07:00 AM           342,219 MI7FF6~1.DMP BUILTIN\Administrators Mini052015-02.dmp
05/20/2015  07:05 AM           342,759 MI730F~1.DMP BUILTIN\Administrators Mini052015-03.dmp
05/20/2015  07:08 AM           342,768 MI770F~1.DMP BUILTIN\Administrators Mini052015-04.dmp
05/20/2015  07:11 AM           350,194 MI7B0F~1.DMP BUILTIN\Administrators Mini052015-05.dmp
              15 File(s)      4,901,501 bytes
               2 Dir(s)  238,163,210,240 bytes free

_______________________________________________________
Sat 05/23/2015 12:32:02.62

      FULL KERNEL DUMP FILE
      FULL KERNEL DUMP FILE
 Volume in drive C is Partition_1
 Volume Serial Number is 400F-9880
 Directory of C:\Windows

_______________________________________________________

     E O J
     E O J
Sat 05/23/2015 12:32:02.64

I honestly have no idea why the mini dump files did not get copied, but the log entry does show a failing ERRLEVEL "1" for the "DONE" copy step -

Sat 05/23/2015 12:32:02.56 Copying mini-kernel dump files - error level - 0
Sat 05/23/2015 12:32:02.69 Copying mini-kernel dump files Done - error level - 1

In this case, my recommendation would be for OP to manually copy the \windows\minidump directory to \documents, then zip it up. You cannot zip up the \windows\minidump dir itself due to perm errors. Zipping in place will work if logged on to the SID -500 Hidden Admin user account.

Another place to check to see if an OP experienced BSODs are the Event Viewer logs. The SysnativeFileCollectionApp.zip file contains the System + Application Event Logs, courtesy of the wevtutil command. One search term is "Bugcheck" to help find the log entries.

This OPs system has quite a few strange things going on as outlined above. I guess things can be fixed, but given the inability of the Sysnative app to copy dumps; the empty WERCON in msinfo32; empty EVTX logs; Junction issues; etc... + the fact it is an old Vista installation (~7 years old):

OS Name: Microsoft® Windows Vista Home Premium
OS Version: 6.0.6002 Service Pack 2 Build 6002

Original Install Date: 3/5/2008, 1:13:10 PM

If this were my system, I would seriously consider reinstalling Vista. That is the same recommendation that Carrona made to the OP.

One other strange item that I noticed -- the Sysnative app uses WMI to gather RAM info (RAMInfo.html file). It shows 5 sticks of RAM - (or 4 sticks + a 5th line...?) -

4x4 GB
1x1 MB

The RAMInfo.html file itself: View attachment RAMInfo.html

I've never seen anything like that last line showing 1048576 bytes ever before.

Further problems related to path is apparent by OP's trouble when running the PERFMON Health report:

Error attempting PERFMON is:

"The system cannot find path specified".

Regards. . .

jcgriff2