Jump to content

usasma

BSOD Kernel Dump Expert
  • Content Count

    418
  • Joined

  • Last visited

1 Follower

About usasma

  • Rank
    BSOD Kernel Dump Expert

Contact Methods

  • Website URL
    http://www.carrona.org/

Profile Information

  • Location
    At home in front of my computer
  • Interests
    Computers - naturally! :0)

Recent Profile Visitors

6,454 profile views
  1. Glad to hear it. Thanks for the kind words!
  2. No need to run DV unless you're getting BSOD's Just see if Net Nanny works w/o problems.
  3. If the system didn't crash, then there won't be anything in the Minidump folder In that case, just turn Driver Verifier off. If you'd like, you can reinstall Net Nanny and see if the BSOD's are gone for good. Good luck!
  4. The longer you leave it powered on, the longeer it's likely to find a glitch. that being said, there's also something to be said for running the ysstem as you normally would - as that may be more likely to trigger a problem. If the NetNanny driver is no longer in memory, the chances are good that it won't BSOD, but...remember the possibilities I mentioned above: The driver can have several problems: - it can become corrupted - causing the BSOD - it can conflict with Windows - causing the BSOD - it can conflict with other (non-Windows) drivers - causing the BSOD. - it can be sound (no problem), but another driver can cause it to crash - causing the BSOD So, it's possible (but not real likely) that the Driver Verifier could point out another driver problem. So, we wait and see....... Good luck!
  5. There's no real exact answer for how long Driver Verifier should run. I suggest 36 hours - but that's just so I can be sure that any tasks that run daily will be active during that time. The driver can have several problems: - it can become corrupted - causing the BSOD - it can conflict with Windows - causing the BSOD - it can conflict with other (non-Windows) drivers - causing the BSOD. - it can be sound (no problem), but another driver can cause it to crash - causing the BSOD Uninstalling is just to test. You can feel free to reinstall after testing. Then, if the problem doesn't come back - then it was a corruption that caused the problem (and you fixed it by reinstalling).
  6. Sorry, but life interfered :( I had to work overtime yesterday, and when I got home I just collapsed! The good news is that the memory dumps blame narcpi_wfp.sys - which is a driver named NARC Packet Informant (WFP) and is from a company named Content Watch https://www.contentwatch.com/ Most cases that I was able to find about this related to a program called Net Nanny, but they could also use that driver in other similar products that they provide. Do you have such a program on your computer? If so, please uninstall it and test to see if that stops the BOSD's (with Driver Verifier). If it doesn't BSOD anymore, then please turn Driver Verifier off To do this, open up verifier.exe and select "Delete existing settings:, then click on "Finish" in the lower right Then reboot for the setttings to take effect. If it doesn't stop it, please post back and I'll provide detailed instructions for manually removing the driver. Again, I'm sorry for not getting back to you when I promised. Good luck! Analysis: The following is for information purposes only. The following information contains the relevant information from the blue screen analysis: **************************Fri Nov 30 16:31:25.729 2018 (UTC - 5:00)************************** Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-19687-01.dmp] Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429 System Uptime:0 days 0:03:12.758 *** WARNING: Unable to verify timestamp for narcpi_wfp.sys *** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 ) BugCheck C4, {f6, 3e4, fffffa8009fa9620, fffff880039182e5} BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4) DRIVER_VERIFIER_DETECTED_VIOLATION (c4) Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 00000000000003e4, Handle value being referenced. Arg3: fffffa8009fa9620, Address of the current process. Arg4: fffff880039182e5, Address inside the driver that is performing the incorrect reference. BUGCHECK_STR: 0xc4_f6 PROCESS_NAME: mbamtray.exe FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5 CPUID: "Genuine Intel(R) CPU U4100 @ 1.30GHz" MaxSpeed: 1300 CurrentSpeed: 1296 ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` **************************Fri Nov 30 16:27:44.475 2018 (UTC - 5:00)************************** Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-21777-01.dmp] Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429 System Uptime:0 days 0:03:07.520 *** WARNING: Unable to verify timestamp for narcpi_wfp.sys *** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 ) BugCheck C4, {f6, 3dc, fffffa800851ab00, fffff880035602e5} BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4) DRIVER_VERIFIER_DETECTED_VIOLATION (c4) Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 00000000000003dc, Handle value being referenced. Arg3: fffffa800851ab00, Address of the current process. Arg4: fffff880035602e5, Address inside the driver that is performing the incorrect reference. BUGCHECK_STR: 0xc4_f6 PROCESS_NAME: mbamtray.exe FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5 CPUID: "Genuine Intel(R) CPU U4100 @ 1.30GHz" MaxSpeed: 1300 CurrentSpeed: 1296 ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` **************************Fri Nov 30 16:24:01.796 2018 (UTC - 5:00)************************** Loading Dump File [C:\Users\john\SysnativeBSODApps\113018-22464-01.dmp] Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429 System Uptime:0 days 0:02:44.715 *** WARNING: Unable to verify timestamp for narcpi_wfp.sys *** ERROR: Module load completed but symbols could not be loaded for narcpi_wfp.sys Probably caused by :narcpi_wfp.sys ( narcpi_wfp+42e5 ) BugCheck C4, {f6, 3c8, fffffa8007ba4b00, fffff880026762e5} BugCheck Info: DRIVER_VERIFIER_DETECTED_VIOLATION (c4) DRIVER_VERIFIER_DETECTED_VIOLATION (c4) Arguments: Arg1: 00000000000000f6, Referencing user handle as KernelMode. Arg2: 00000000000003c8, Handle value being referenced. Arg3: fffffa8007ba4b00, Address of the current process. Arg4: fffff880026762e5, Address inside the driver that is performing the incorrect reference. BUGCHECK_STR: 0xc4_f6 PROCESS_NAME: mbamtray.exe FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_narcpi_wfp+42e5 CPUID: "Genuine Intel(R) CPU U4100 @ 1.30GHz" MaxSpeed: 1300 CurrentSpeed: 1296 ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` **************************Tue Nov 27 19:56:46.014 2018 (UTC - 5:00)************************** Loading Dump File [C:\Users\john\SysnativeBSODApps\112718-77033-01.dmp] Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Built by: 7601.24291.amd64fre.win7sp1_ldr_escrow.181110-1429 System Uptime:0 days 3:43:22.027 Probably caused by :ntkrnlmp.exe ( nt!KiSwapContext+7a ) BugCheck 1000009F, {4, 258, fffffa8006d14040, fffff80000b9c520} BugCheck Info: DRIVER_POWER_STATE_FAILURE (9f) Arguments: Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp subsystem. Arg2: 0000000000000258, Timeout in seconds. Arg3: fffffa8006d14040, The thread currently holding on to the Pnp lock. Arg4: fffff80000b9c520, nt!TRIAGE_9F_PNP on Win7 and higher BUGCHECK_STR: 0x9F DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: System FAILURE_BUCKET_ID: X64_0x9F_4_nt!KiSwapContext+7a CPUID: "Genuine Intel(R) CPU U4100 @ 1.30GHz" MaxSpeed: 1300 CurrentSpeed: 1296 ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` 3rd Party Drivers: The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box: **************************Fri Nov 30 16:31:25.729 2018 (UTC - 5:00)************************** bcmwl664.sys Tue Jul 7 20:45:04 2009 (4A53EC10) amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA) igdkmd64.sys Fri Feb 11 14:16:32 2011 (4D558B10) Rt64win7.sys Fri Jun 10 02:33:15 2011 (4DF1BAAB) GEARAspiWDM.sys Thu May 3 15:56:17 2012 (4FA2E2E1) narcpi_wfp.sys Mon Feb 29 14:39:47 2016 (56D49E83) MpFilter.sys Mon Aug 8 19:01:17 2016 (57A90F3D) mbamswissarmy.sys Wed Sep 26 09:20:26 2018 (5BAB879A) intelppm.sys Sat Nov 10 19:43:12 2018 (5BE77B20) http://www.carrona.org/drivers/driver.php?id=bcmwl664.sys http://www.carrona.org/drivers/driver.php?id=amdxata.sys http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys narcpi_wfp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. http://www.carrona.org/drivers/driver.php?id=MpFilter.sys http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys http://www.carrona.org/drivers/driver.php?id=intelppm.sys
  7. I'm late for work right now - but will try to get to this this afternoon (East coast of the US). Am running the minidumps while I'm in the shower.....
  8. The perfmon report isn't the one that I'd like to see, rather it's the MSINFO32 report Go to the Run dialog (Win and R keys) and type in MSINFO32 When the report opens, click File...SaVE as and save as an NFO file Zip that report up and upload it with your next post As for Driver Verifier, the current dump file doesn't point to a particular driver, rather it blames the operating system. If it was the operating system that had a problem, you'd be experiencing more problems than just the occasional BSOD. The biggest danger of Driver Verifier is losing what you were working on when it crashes. That can't be helped if you want to have a better shot at locating the problem driver The other way to do this would be to try a clean install of Windows this would wipe out everything on the computer A clean install would tend to rule out 3rd party dirvers and Windows - so if the problem continued then, it'd be due to hardware
  9. Only 232 Windows Update hotfixes installed. Most systems with SP1 have 350-400 or more. Please visit Windows Update and get ALL available updates (it may take several trips to get them all). The actual number is not important. Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating. Unfortunately, I'm not able to open the MSINFO32 report. This sometimes happens when using different languaged (I use US English) You can try generating it again and then zip and upload it to see if that helps The memory dump doesn't show much. I'd suggest running Driver Verifier according to these instructions: https://www.carrona.org/verifier.html The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
  10. This is a name collision error which states that the name already exists (where, I don't know - I'm not a developer) I would suggest uninstalling all of your MalwareBytes stuff and use a program such as Revo Uninstaller to ensure all remnants are removed Then reinstall MalwareBytes to see if the error persists. If it does persist, then I'd suggest posting over in the MalwareBytes forum: https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/
  11. usasma

    Malwarebytes mwac.sys

    Thanks for the prompt response! Those of us who monitor this forum will be very interested in hearing the results!
  12. usasma

    Malwarebytes mwac.sys

    Have you been contacted by a staff member from MalwareBytes?
  13. Sorry for the delay in responding, I didn't get notification of your post. Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum): https://forums.malwarebytes.org/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/ FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know. NOTE: On problem systems it can take up to 20 minutes for the log files to complete. Please be patient and let it run. If you still have problems with it running, there's an alternate tool here (direct download link): https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe NOTE: Please zip up the (.ZIP) files - do not use .RAR, .7z or other compression utilities. .ZIP is the type file that can be uploaded to the forums.
  14. usasma

    BSOD with tcpip.sys

    Thanks for the kind words! I hope that you don't have any further problems with this - but if you do, we'll be here!
  15. usasma

    BSOD with tcpip.sys

    Daemon Tools drivers date from 2015 - that's very old for a known problem program I suggest uninstalling that program. If you MUST keep it, then be sure to get the latest available version. Older versions on Daemon Tools were known to spit out BSOD's quite frequently. I haven't seen many recently (but haven't been as active in BSOD analysis as I used to be). Also, as you get time, please run these free hardware diagnostics: http://www.carrona.org/hwdiag.html I don't strongly suspect a hardware issue - but it is a possibility (seen sometimes with the MEMORY_CORRUPTION_ONE_BYTE Failure Bucket ID) Analysis: The following is for information purposes only. The following information contains the relevant information from the blue screen analysis: **************************Thu Oct 11 22:36:51.096 2018 (UTC - 4:00)************************** Loading Dump File [C:\Users\john\SysnativeBSODApps\101218-10984-01.dmp] Windows 10 Kernel Version 17763 MP (12 procs) Free x64 Built by: 17763.1.amd64fre.rs5_release.180914-1434 System Uptime:0 days 7:28:03.639 *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by :memory_corruption BugCheck D1, {a8, 2, 0, fffff8016ca79790} BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) Arguments: Arg1: 00000000000000a8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8016ca79790, address which referenced memory BUGCHECK_STR: AV DEFAULT_BUCKET_ID: CODE_CORRUPTION PROCESS_NAME: MBAMService.exe FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` 3rd Party Drivers: The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft. You can find links to the driver information and where to update the drivers in the section after the code box: **************************Thu Oct 11 22:36:51.096 2018 (UTC - 4:00)************************** intelppm.sys Wed Feb 8 18:16:35 2012 (4F330253) AsIO.sys Wed Aug 22 05:54:47 2012 (5034AC67) dtlitescsibus.sys Thu Sep 24 16:17:21 2015 (56045A51) dtliteusbbus.sys Mon Dec 28 08:05:52 2015 (568133B0) athwnx.sys Tue Mar 1 03:39:03 2016 (56D55527) fltsrv.sys Thu Feb 9 13:29:52 2017 (589CB520) snapman.sys Thu Feb 9 14:33:30 2017 (589CC40A) tib.sys Thu Feb 9 18:19:35 2017 (589CF907) virtual_file.sys Thu Feb 9 18:56:13 2017 (589D019D) file_tracker.sys Thu Feb 9 19:44:21 2017 (589D0CE5) tib_mounter.sys Fri Feb 10 12:31:42 2017 (589DF8FE) e1d65x64.sys Mon Sep 25 08:45:31 2017 (59C8FA6B) idmwfp.sys Wed Feb 28 14:33:36 2018 (5A970410) TeeDriverW8x64.sys Wed Apr 11 10:46:32 2018 (5ACE1FC8) mbae64.sys Wed May 30 07:20:29 2018 (5B0E88FD) nvhda64v.sys Tue Jun 26 04:22:26 2018 (5B31F7C2) RTKVHD64.sys Thu Aug 2 04:52:59 2018 (5B62C66B) mbamswissarmy.sys Fri Aug 24 10:44:58 2018 (5B8019EA) farflt.sys Tue Sep 4 09:45:39 2018 (5B8E8C83) mbam.sys Thu Sep 6 17:08:30 2018 (5B91974E) mwac.sys Wed Sep 12 17:28:27 2018 (5B9984FB) nvlddmkm.sys Tue Oct 2 01:26:43 2018 (5BB30193) dump_dumpstorport.sys Wed Jul 7 01:29:40 2021 (60E53BC4) SgrmAgent.sys ***** Invalid 2018 Invalid 2018 Invalid afunix.sys ***** Invalid 1975 Invalid 1975 Invalid dump_stornvme.sys ***** Invalid 2021 Invalid 2021 Invalid winquic.sys ***** Invalid 2013 Invalid 2013 Invalid http://www.carrona.org/drivers/driver.php?id=intelppm.sys http://www.carrona.org/drivers/driver.php?id=AsIO.sys http://www.carrona.org/drivers/driver.php?id=dtlitescsibus.sys http://www.carrona.org/drivers/driver.php?id=dtliteusbbus.sys http://www.carrona.org/drivers/driver.php?id=athwnx.sys http://www.carrona.org/drivers/driver.php?id=fltsrv.sys http://www.carrona.org/drivers/driver.php?id=snapman.sys http://www.carrona.org/drivers/driver.php?id=tib.sys virtual_file.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. http://www.carrona.org/drivers/driver.php?id=file_tracker.sys http://www.carrona.org/drivers/driver.php?id=tib_mounter.sys http://www.carrona.org/drivers/driver.php?id=e1d65x64.sys http://www.carrona.org/drivers/driver.php?id=idmwfp.sys http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys http://www.carrona.org/drivers/driver.php?id=mbae64.sys http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys http://www.carrona.org/drivers/driver.php?id=farflt.sys http://www.carrona.org/drivers/driver.php?id=mbam.sys http://www.carrona.org/drivers/driver.php?id=mwac.sys http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys dump_dumpstorport.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. SgrmAgent.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. afunix.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. dump_stornvme.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed. winquic.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.