New
#11
Two more BSOD's today. I will upload the collected data. Hopefully this will help debug the problem and figure out which app/driver/process is the root cause.
George
Two more BSOD's today. I will upload the collected data. Hopefully this will help debug the problem and figure out which app/driver/process is the root cause.
George
Both dumps from 9/10 indicate a problem with mwac.sys. tcpip.sts and netio.sys are OS modules and not the cause.
Driver Description: Malwarebytes Web Access ControlCode:BugCheck C2, {4, c43741b6, 9d45ad55, ffff81855fe5c838} *** ERROR: Module load completed but symbols could not be loaded for tcpip.sys *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by : NETIO.SYS ( NETIO!NetioFreeMdl+1a380 )
Driver Update Site: Support: http://www.malwarebytes.org/support/consumer/
Download: http://www.malwarebytes.org/downloads/
Uninstall Malwarebytes anti-malware. If it's not installed, the mwac.sys driver is still installed so you could try installing then uninstalling Malwarebytes anti-malware, see if that gets rid of it.
C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
C:\WINDOWS\system32\DRIVERS\mwac.sys
Thank you for taking the time to analyze the dumps. Is there an offset in MWAC.SYS which would be pointing to the failing instruction?
George
Hi GTM,
The first parameter with a value of 0x4 for that bugcheck means Windows detected a pool header had been overwritten. My understanding is that any driver using pool memory could have potentially corrupted the pool header and the recommendation is to turn on Driver Verifier with special pool enabled to hopefully more accurately determine the culprit. Have you already tried enabling DV with special pool? I would have though Microsoft would suggest doing so. If not and before doing so, please make sure you create a restore point and know how to roll back to a restore point in case the system ends up in a boot/crash loop.
edit: Actually, I'd suggest first updating your Ethernet driver to the latest version available from here (10.028). The version showing in the dump files (rt640x64.sys - timestamp: Tue May 5 09:21:03 2015) was notoriously buggy.
Hi cwsink,
Thanks for the suggestion to update the Ethernet driver. It's a good idea to update drivers, especially if they're buggy.
Actually, I had contacted Microsoft support before I tried to get help here at the forum. The person I was chatting with asked me to allow them to investigate the problem by taking over my pc and (against my better judgement) I accepted to do so. They started Driver Verifier and rebooted the pc. After running for a while (it was over an hour) it finally booted to the sign-on screen but the pc was extremely sluggish, and I could not do anything. I wasted another hour or so with the pc being almost unusable, and then I restored it to a previous image I had taken the day before.
Running with Driver Verifier enabled it rendered my pc unusable, so I am a bit leery repeating that experiment.
BTW, I updated the Ethernet driver (10.28.615.2018).
I want to thank all you guys for helping debug this problem.
George
It took an hour to get to the login screen after DV was enabled and restarted? That would make me wonder if it was installing a Windows 10 update. There will be a performance hit with DV turned on but if you're selective about what you enable and only have it monitor non-Microsoft drivers it shouldn't render the computer unusable. If you do try DV again I'd recommend following the instructions here but only enabling special pool and pool tracking in step 2. If it does induce a bugcheck triggered by the DV checks there's a good chance it will allow us to find the buggy driver. If the crashes continue after updating the Ethernet driver please let us know.
This is the first time I've read that a Microsoft employee ran windows driver verifier.
That is the opposite of their training as they typiclly will not perform steps that could cause failures.
Most don't have the training to interpret the dump files.
Enabled Driver Verifier with the recommended settings and rebooted. I did not experience significant performance degradation. Took this dump with Driver Verifier enabled.
George
There are two log collectors: DM and BETA.
At sometime the BETA log collector will replace the DM log collector.
The BETA log collector will collect more useful folders and files.
Please run the BETA log collector on the bottom of this webpage and post a zip into the thread before making any changes to the computer:
BSOD - Posting Instructions - Windows 10 Forums
1) In post #12 it was requested to uninstall Malwarebytes.
a) Was this step performed?
b) Was Malwarbytes uninstalled and then reinstalled?
c) If Malwarebytes was uninstalled what method was used?
2) The latest crash was using Windows driver verifier.
3) Which link was used to customize the settings for the test?
4) Before turning on Windows driver verifier always create a brand new restore point.
5) Make sure that important files are backed up to another drive or to the cloud.
6) Make a backup image using Macrium.
Macrium Software | Macrium Reflect Free
7) Save the backup image to another drive or to the cloud.
8) Many computers have performance sluggishness or delayed boot while using windows driver verifier.
9) The performance and boot problems can be modified by changing the customized tests.
10) In general windows driver verifier is used for 48 hours.
Then after the last BSOD it is used for an additional 36 hours.
If there are no further BSOD then this completes the troubleshooting with this tool.
11) Please use these settings:
Driver Verifier-- tracking down a mis-behaving driver. - Microsoft Community
12) To turn off Windows driver verifier or to recover from using the tool use the information in this link:
Enable and Disable Driver Verifier in Windows 10 | Windows 10 Tutorials
13) When viewing this post please run the BETA log collector at the bottom of this webpage:
BSOD - Posting Instructions - Windows 10 Forums
14) For any new BSOD please run the beta log collector and post a new zip into this thread.
15) And for any new BSOD open file explorer > this PC > C: > in the right upper corner search for: C:\windows\memory.dmp > if the size is < 2GB > zip > post a share link into this thread.
For share links please use one of these three options: one drive, drop box, or google drive.
Code:mwac.sys Mon Aug 06 15:16:49 2018 (5B68ACB1)Code:MBAMWebProte MBAMWebProtection MBAMWebProtection Kernel Manual Running OK TRUE FALSE 8,192 61,440 0 8/6/2018 4:16:49 PM C:\WINDOWS\system32\DRIVERS\mwac.sys 8,192Code:mbamwebprotection MBAMWebProtection c:\windows\system32\drivers\mwac.sys Kernel Driver Yes Manual Running OK Normal No YesCode:mwaccontrollerimpl 3.1.0.295 3.11 MB (3,266,120 bytes) 5/10/2018 8:23 PM Malwarebytes c:\program files\malwarebytes\anti-malware\mwaccontrollerimpl.dllCode:mwacsdkshim 3.1.0.299 2.07 MB (2,169,600 bytes) 5/10/2018 8:23 PM Malwarebytes c:\program files\malwarebytes\anti-malware\mwacsdkshim.dllCode:mwaclib 3.1.0.452 2.64 MB (2,769,768 bytes) 5/10/2018 8:23 PM Malwarebytes c:\program files\malwarebytes\anti-malware\mwaclib.dll
Last edited by zbook; 16 Sep 2018 at 22:21.