Jump to content

Recommended Posts

On four different Dell laptops, I amintermittently getting a 9f blue screen of death.  In each case, the blue screen was reported when the computer was coming out of sleep.  I sent the minidumps to Dell for analysis, and their final analysis (after some initial misdiagnosis about the WLAN card), was that malwarebytes was running a scan while the computer was sleeping and locking up the computer.  Indeed, on my computer (I'm the sysadmin), the mbam scan was set to run at about 2 am.  My computer was one of the computers having the problem.

 

Are there any known issues of mbam causing blue screens of death while trying to run a scan while the computer is asleep?

 

I'm attaching the blue screens of death from three of the machines to this entry.

 

Thanks,

Dave

minidump1.zip

minidump2.zip

minidump3.zip

Link to post
Share on other sites

Hello davem77 and :welcome:

 

Thank you for the Minidumps.

 

It likely would be helpful, for the experts/staffers, if you would include the following diagnostic output reports from one of the computers:

  • Please read the topic Diagnostic Logs and then individually ATTACH the 3 requested logs in your next reply to this thread only.
  • The 3 files, from Step 1, to be individually ATTACHED from your desktop are CheckResults.txt, FRST.txt and Addition.txt. Please do not Zip or Copy and Paste them into a reply. Please do not alter, any FRST categories as they are pre-configured for this forum.

Thank You.

Link to post
Share on other sites

It looks to me, from the latest dump (070215-6567-01.dmp), that *something* is interfering with the Intel Wireless driver, Netwsw02.sys.

 

As there are 4 machines involved, I suggest you follow the BSOD collection info here and attach the required files separately from each machine for individual analysis (perhaps the topic could be moved there, if the 3 txt files supplied don't furnish any definitive answer?).

Mini Kernel Dump File: Only registers and stack trace are availableDbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?00000000`00000000?DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`023e1c32?DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`02376902?DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`11a11c32?DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff800`00b9a3c0?************* Symbol Path validation summary **************Response                         Time (ms)     LocationDeferred                                       srv*c:\symbols*http://msdl.microsoft.com/download/symbolsSymbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbolsExecutable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64Product: WinNt, suite: TerminalServer SingleUserTSBuilt by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603Machine Name:Kernel base = 0xfffff800`03252000 PsLoadedModuleList = 0xfffff800`03499730Debug session time: Thu Jul  2 16:12:17.326 2015 (UTC + 1:00)System Uptime: 0 days 3:33:33.262Loading Kernel Symbols.Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.Run !sym noisy before .reload to track down problems loading symbols..................................................................................................................................................................................Loading User SymbolsLoading unloaded module list......................No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.********************************************************************************                                                                             **                        Bugcheck Analysis                                    **                                                                             ********************************************************************************Use !analyze -v to get detailed debugging information.BugCheck 9F, {3, fffffa80069e8060, fffff80000b9a3d8, fffffa801392fc60}Probably caused by : pci.sysFollowup:     MachineOwner---------0: kd> !analyze -v********************************************************************************                                                                             **                        Bugcheck Analysis                                    **                                                                             ********************************************************************************DRIVER_POWER_STATE_FAILURE (9f)A driver has failed to complete a power IRP within a specific time.Arguments:Arg1: 0000000000000003, A device object has been blocking an Irp for too long a timeArg2: fffffa80069e8060, Physical Device Object of the stackArg3: fffff80000b9a3d8, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stackArg4: fffffa801392fc60, The blocked IRPDebugging Details:------------------SYSTEM_SKU:  Latitude E7250SYSTEM_VERSION:  01BIOS_DATE:  05/13/2015BASEBOARD_PRODUCT:  0V8RX3BASEBOARD_VERSION:  A00BUGCHECK_P1: 3BUGCHECK_P2: fffffa80069e8060BUGCHECK_P3: fffff80000b9a3d8BUGCHECK_P4: fffffa801392fc60DRVPOWERSTATE_SUBCODE:  3IMAGE_NAME:  pci.sysDEBUG_FLR_IMAGE_TIMESTAMP:  4ce7928fMODULE_NAME: pciFAULTING_MODULE: fffff88000fbf000 pciCPU_COUNT: 4CPU_MHZ: 8f6CPU_VENDOR:  GenuineIntelCPU_FAMILY: 6CPU_MODEL: 3dCPU_STEPPING: 4CUSTOMER_CRASH_COUNT:  1DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULTBUGCHECK_STR:  0x9FPROCESS_NAME:  SystemCURRENT_IRQL:  2ANALYSIS_VERSION: 10.0.10075.9 amd64freDPC_STACK_BASE:  FFFFF80000BA0FB0STACK_OVERFLOW: Stack Limit: fffff80000b9afb0. Use (kF) and (!stackusage) to investigate stack usage.STACK_TEXT:  fffff800`00b9a388 fffff800`03335510 : 00000000`0000009f 00000000`00000003 fffffa80`069e8060 fffff800`00b9a3d8 : nt!KeBugCheckExfffff800`00b9a390 fffff800`032d272c : fffff800`00b9a4c0 fffff800`00b9a4c0 00000000`00000000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x324a0fffff800`00b9a430 fffff800`032d25c6 : fffffa80`16950a88 fffffa80`16950a88 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6cfffff800`00b9a4a0 fffff800`032d24ae : 0000001d`d54cc5cb fffff800`00b9ab18 00000000`000c886d fffff800`03449028 : nt!KiProcessExpiredTimerList+0xc6fffff800`00b9aaf0 fffff800`032d2297 : 00000006`af66d4c2 00000006`000c886d 00000006`af66d41f 00000000`0000006d : nt!KiTimerExpiration+0x1befffff800`00b9ab90 fffff800`032be5ca : fffff800`03445e80 fffff800`03453cc0 00000000`00000002 fffff880`00000000 : nt!KiRetireDpcList+0x277fffff800`00b9ac40 00000000`00000000 : fffff800`00b9b000 fffff800`00b95000 fffff800`00b9ac00 00000000`00000000 : nt!KiIdleLoop+0x5aSTACK_COMMAND:  kbFOLLOWUP_NAME:  MachineOwnerIMAGE_VERSION:  6.1.7601.17514FAILURE_BUCKET_ID:  X64_0x9F_3_POWER_DOWN_Netwsw02_IMAGE_pci.sysBUCKET_ID:  X64_0x9F_3_POWER_DOWN_Netwsw02_IMAGE_pci.sysPRIMARY_PROBLEM_CLASS:  X64_0x9F_3_POWER_DOWN_Netwsw02_IMAGE_pci.sysANALYSIS_SOURCE:  KMFAILURE_ID_HASH_STRING:  km:x64_0x9f_3_power_down_netwsw02_image_pci.sysFAILURE_ID_HASH:  {912f5fd7-e5cd-3289-8e10-8dc81efec3f8}Followup:     MachineOwner---------0: kd> !irp fffffa801392fc60Irp is active with 5 stacks 3 is current (= 0xfffffa801392fdc0) No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.       cmd  flg cl Device   File     Completion-Context [N/A(0), N/A(0)]            0  0 00000000 00000000 00000000-00000000    			Args: 00000000 00000000 00000000 00000000 [N/A(0), N/A(0)]            0  0 00000000 00000000 00000000-00000000    			Args: 00000000 00000000 00000000 00000000>[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]            0  0 fffffa8017b54050 00000000 00000000-00000000    	      Unable to load image \SystemRoot\system32\DRIVERS\Netwsw02.sys, Win32 error 0n2*** WARNING: Unable to verify timestamp for Netwsw02.sys*** ERROR: Module load completed but symbols could not be loaded for Netwsw02.sys \Driver\NETwNs64			Args: 00014400 00000000 00000004 00000002 [IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]            0 e1 fffffa8016dc1cc0 00000000 fffff80003518210-fffffa80175e4da0 Success Error Cancel pending	       \Driver\vwifibus	nt!PopSystemIrpCompletion			Args: 00014400 00000000 00000004 00000002 [N/A(0), N/A(0)]            0  0 00000000 00000000 00000000-fffffa80175e4da0    			Args: 00000000 00000000 00000000 00000000
Link to post
Share on other sites

Following up on this thread, I agree that the culprit seems to be my WLAN adapter.  I have no evidence myself that MBAM is the cause of the BSODs - only what Dell told me and the anecdotal evidence that the 9f BSODs ceased after removing MBAM.  

Link to post
Share on other sites

I agree with satrow, but I would update your Intel wifi driver first -- or even run a/few of the systems via Ethernet and see if they BSOD.

 

PCI command shows Intel wifi blocking the IRP -

0: kd> !irp fffffa8007867c60Irp is active with 5 stacks 3 is current (= 0xfffffa8007867dc0) No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.       cmd  flg cl Device   File     Completion-Context [  0, 0]   0  0 00000000 00000000 00000000-00000000    			Args: 00000000 00000000 00000000 00000000 [  0, 0]   0  0 00000000 00000000 00000000-00000000    			Args: 00000000 00000000 00000000 00000000>[ 16, 2]   0  0 fffffa8013746050 00000000 00000000-00000000    	      *** WARNING: Unable to verify timestamp for Netwsw02.sys*** ERROR: Module load completed but symbols could not be loaded for Netwsw02.sys \Driver\NETwNs64			Args: 00014400 00000000 00000004 00000002 [ 16, 2]   0 e1 fffffa80176320c0 00000000 fffff800034e0210-fffffa8018206870 Success Error Cancel pending	       \Driver\vwifibus	nt!PopSystemIrpCompletion			Args: 00014400 00000000 00000004 00000002 [  0, 0]   0  0 00000000 00000000 00000000-fffffa8018206870    			Args: 00000000 00000000 00000000 00000000

Sorry.. can't color code the code box contents here.

 

Look for Intel driver Netwsw02.sys in the above

 

This is an older version "00" v. "02" - http://www.sysnative.com/drivers/driver.php?id=Netwsw00.sys

 

Regards. . .

 

jcgriff2

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.