Jump to content
PeterBG

BSOD - what failed = mwac.sys

Recommended Posts

Hi,

On a new XPS 15 (about a week old).  Just had a couple browsers open, a couple RDC sessions.  Windows 10.

This is actually the second occurrence.  The first the laptop simply froze up entirely.  

NOTE:  the system did not actually restart automatically after the blue screen.  

Files:

1. Sysnative BSOD Dump - how long is this supposed to take?  Been running 25min+ with "Waiting for Tasks to complete" message.

2. Permon - attached

3. BSOD screen shot - attached

I'll run the other the other tests you suggested in the posting rules and add to this if any updates / errors are found / fixed.

 

Thanks!

perfmon.zip

BSOD image.jpg

Share this post


Link to post
Share on other sites

The BSOD dump is still running.  Well over an hour.  I don't have confidence that it will ever complete.

Share this post


Link to post
Share on other sites

Your UEFI/BIOS (version 1.5.0) dates from August 30, 2017.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).
 

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

The systeminfo.txt report shows that Windows was installed on 19 Dec 2017.
Could you describe which sort of install you did at that time (full/clean/kept my files/etc)?

I would suggest running Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html
It may be that a 3rd party application/driver may have caused problems with MalwareBytes.

Your TAP - Windows adapter's driver dates from 2013.  Even though the media reports as being disconnected, the driver still loads at system startup.
Please either update this to the latest, W10 compatible version - or uninstall the software for this device and physically remove the device from your system.

Please run these free hardware diagnostics:  http://www.carrona.org/hwdiag.html
Please run ALL of the tests and let us know the results.
FYI - These are the tests and what we usually see for the reports:

Quote

1 - Antivirus/antimalware scans:  In short, if there are Trojans or other serious malware - start over in the https://forums.malwarebytes.com/forum/7-malware-removal-for-windows/ forums
2 - Memory diagnostics:  Run MemTest86+ for at least 3 passes.  If booting from UEFI, run MemTest86 instead.  Let us know if there were any errors reported
3 - Hard Drive diagnostics:  Don't sweat the details here.  In short, run the Seagate Seatools Long/Extended test from a bootable disk.  If unable to run it from a bootable disk (UEFI and some others), then run the Seagate Seatools for Windows from within Windows.  There are no diagnostics for SSD's, just run the Crystal Mark tests and let us know if there were any failures
4 - Furmark:  run the test until the temperature stabilizes.  Don't let it get much over 90ºC.  Let us know the temp it stabilizes at and if there were any problems running the test (other than slowness).
5 - Prime95:  run the Blend test for 24 hours (this may not be possible, but run it as long as you can.  Look for errors in the output, or for problems running the test (freezes/crashes)
6 - Video 2 (other video tests):  there's several tests here.  Run all of them.  I'm especially interested in the Video Memory Test.  Let us know the results of the test(s)
  - A - simtek.org memtest
  - B - Video memory stress test
  - C - Artifact Locator
  - D - OCCT - 4 built in tests for CPU, GPU, PSU
  - E - Video Memory Stress Test
7 - CPU tests:  run at least one test on your CPU and let us know the result.

 

 


 

 

 

Having trouble pasting analysis output - will put in next post.

Edited by usasma

Share this post


Link to post
Share on other sites

Analysis:
The following is for information purposes only. 
The following information contains the relevant information from the blue screen analysis: 
**************************Tue Jan  2 13:37:08.530 2018 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\010218-9031-01.dmp]
Windows 10 Kernel Version 16299 MP (8 procs) Free x64
Built by: 16299.15.amd64fre.rs3_release.170928-1534
System Uptime:0 days 20:40:17.770
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 50, {fffff80152dbf890, 0, fffff80152c96b25, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments: 
Arg1: fffff80152dbf890, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80152c96b25, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  AV
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  SkypeHost.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT_LARGE
CPUID:        "Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz"
MaxSpeed:     2800
CurrentSpeed: 2808
  BIOS Version                  1.5.0
  BIOS Release Date             08/30/2017
  Manufacturer                  Dell Inc.
  Product Name                  XPS 15 9560
  Baseboard Product             05FFDN
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

3rd Party Drivers:
The following is for information purposes only. 
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box: 
**************************Tue Jan  2 13:37:08.530 2018 (UTC - 5:00)**************************
IndirectKmd.sys                               Sat May  2 03:07:27 1981 (155114AF)
intelppm.sys                                  Thu Sep 22 06:43:11 2011 (4E7B113F)
tap0901.sys                                   Thu Aug 22 08:40:01 2013 (521606A1)
dlusbaudio_x64.sys                            Tue Aug  2 06:07:35 2016 (57A070E7)
dptf_cpu.sys                                  Wed Aug 10 14:43:11 2016 (57AB75BF)
dptf_acpi.sys                                 Wed Aug 10 14:43:11 2016 (57AB75BF)
esif_lf.sys                                   Wed Aug 10 14:43:26 2016 (57AB75CE)
btfilter.sys                                  Wed Aug 31 01:04:48 2016 (57C66570)
dlcdcncm62_x64.sys                            Fri Oct  7 07:41:02 2016 (57F789CE)
HidEventFilter.sys                            Thu Oct 27 16:45:02 2016 (5812674E)
TeeDriverW8x64.sys                            Wed Nov 16 14:50:53 2016 (582CB89D)
IntcDAud.sys                                  Thu Dec  1 05:15:06 2016 (583FF82A)
DDDriver64Dcsa.sys                            Wed Jan 11 10:28:26 2017 (58764F1A)
mbae64.sys                                    Wed Jan 11 12:08:00 2017 (58766670)
mfesapsn.sys                                  Wed Feb  8 12:40:30 2017 (589B580E)
IntcAudioBus.sys                              Fri Mar 31 08:57:19 2017 (58DE522F)
IntcOED.sys                                   Fri Mar 31 08:58:33 2017 (58DE5279)
bwcW10x64.sys                                 Sun Apr  2 20:43:15 2017 (58E19AA3)
DellProf.sys                                  Mon Apr  3 14:48:04 2017 (58E298E4)
nvvad64v.sys                                  Wed Apr  5 17:21:30 2017 (58E55FDA)
Qcamain10x64.sys                              Tue Apr 18 06:21:46 2017 (58F5E8BA)
igdkmd64.sys                                  Fri Apr 21 12:17:08 2017 (58FA3084)
iaLPSS2i_I2C.sys                              Wed Jun 14 00:00:59 2017 (5940B4FB)
RTKVHD64.sys                                  Wed Jul 19 01:58:58 2017 (596EF522)
iaStorA.sys                                   Thu Aug 10 04:27:02 2017 (598C18D6)
farflt.sys                                    Tue Sep  5 19:44:07 2017 (59AF36C7)
mwac.sys                                      Thu Sep  7 12:04:14 2017 (59B16DFE)
mfehidk.sys                                   Wed Sep 13 00:43:20 2017 (59B8B768)
mfewfpk.sys                                   Wed Sep 13 00:43:52 2017 (59B8B788)
mfeavfk.sys                                   Wed Sep 13 00:45:35 2017 (59B8B7EF)
mfefirek.sys                                  Wed Sep 13 00:48:44 2017 (59B8B8AC)
cfwids.sys                                    Wed Sep 13 00:50:01 2017 (59B8B8F9)
mfeaack.sys                                   Wed Sep 13 00:56:29 2017 (59B8BA7D)
mfeplk.sys                                    Wed Sep 13 00:56:46 2017 (59B8BA8E)
mbam.sys                                      Thu Oct 12 11:23:13 2017 (59DF88E1)
mbamswissarmy.sys                             Fri Oct 13 14:58:51 2017 (59E10CEB)
nvlddmkm.sys                                  Mon Oct 30 16:10:11 2017 (59F78723)
mfencbdc.sys                                  Mon Nov 13 08:16:30 2017 (5A099B2E)
MbamChameleon.sys                             Tue Nov 28 23:17:27 2017 (5A1E34D7)
bthl2cap.sys                                  ***** Invalid 1980 Invalid 1980 Invalid
 


IndirectKmd.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
http://www.carrona.org/drivers/driver.php?id=dlusbaudio_x64.sys
http://www.carrona.org/drivers/driver.php?id=dptf_cpu.sys
http://www.carrona.org/drivers/driver.php?id=dptf_acpi.sys
http://www.carrona.org/drivers/driver.php?id=esif_lf.sys
http://www.carrona.org/drivers/driver.php?id=btfilter.sys
http://www.carrona.org/drivers/driver.php?id=dlcdcncm62_x64.sys
http://www.carrona.org/drivers/driver.php?id=HidEventFilter.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=DDDriver64Dcsa.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=mfesapsn.sys
IntcAudioBus.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
IntcOED.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=bwcW10x64.sys
http://www.carrona.org/drivers/driver.php?id=DellProf.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=Qcamain10x64.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=iaLPSS2i_I2C.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=farflt.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=mfehidk.sys
http://www.carrona.org/drivers/driver.php?id=mfewfpk.sys
http://www.carrona.org/drivers/driver.php?id=mfeavfk.sys
http://www.carrona.org/drivers/driver.php?id=mfefirek.sys
http://www.carrona.org/drivers/driver.php?id=cfwids.sys
http://www.carrona.org/drivers/driver.php?id=mfeaack.sys
mfeplk.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=mfencbdc.sys
http://www.carrona.org/drivers/driver.php?id=MbamChameleon.sys
bthl2cap.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

Share this post


Link to post
Share on other sites

Hi usasma and thank you for the detailed response!

1. system blue screen again today, same message, etc.  (this was before I took any of the steps you suggested)

2. I updated the TAP driver from v9.0.0.9 to v9.0.0.21 - while it may have been off during the tests I ran and sent, I do use a VPN software that uses this and I think it may be the culprit.

3. the system is brand new, so the OS was installed by the manufacturer.  I assume it was a clean install on the date you noted.

4. windows update is current

5. I checked Dell's site and found a BIOS and other driver updates which I have now installed.  (see attached for what was found by the manufacturer's driver update tool).

I will eventually get to the other items on your list of actions to take, but want to see if the system is stable for a couple days with the above changes first.

Thanks again and I'll report back either way.

DriverUpdates_20180105.PNG

Share this post


Link to post
Share on other sites

Is the TAP driver listed as being compatible with Windows 10?

The Dell Update tool does not find ALL of the available drivers - but for now those that were installed were the most important (IMO)
Let's wait and see what happens next.  Should the system BSOD again, please zip up the contents of the C:\Windows\Minidump directory and upload it with your next post.

In the event that you can't zip it there - copy it to your Desktop and zip it there.

Share this post


Link to post
Share on other sites

System crashed again with the same blue screen warnings.  This was a couple hours ago and the minidump directory is empty now.

How do I find whether the TAP driver is compatible with Windows 10?  I've looked / searched but don't see any compatibility list.

I did find these items in the event log just before the BSOD:

 

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user XPS-15-PG\peter SID (S-1-5-21-2760188542-769935457-2333136815-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

The driver \Driver\WUDFRd failed to load for the device USB\VID_17E9&PID_4307&MI_00\7&3b933424&0&0000.
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0091\8b1fa88cd687.

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user XPS-15-PG\peter SID (S-1-5-21-2760188542-769935457-2333136815-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

http://troubleshooter.xyz/wiki/fix-driver-wudfrd-failed-to-load/

 

 

Share this post


Link to post
Share on other sites

FYI - I had a Dell premium support specialist take a deep dive on the system last night.  He of course wanted me to uninstall Malwarebytes (we didn't).  He did make a number of other changes / updates to things.  I'm not sure that any were related to our BSOD issue, but I'm going to let the system be for a few days and see if it dies again or not.

Among other things, he removed the remnants of a McAfee install that came as bloatware on the system.  He thought this was a likely culprit.

Edited by PeterBG

Share this post


Link to post
Share on other sites

Glad to hear that the Dell tech removed the McAfee.  I've seen it cause problems at work - but the BSOD analysis generally doesn't look for that (depends on the errors that are seen and the dump files that we can read).

I rarely suggest removing MalwareBytes - but that's simply because we have "oversight" here for/by the developers.  While they don't get directly involved in these cases, they do use the info here to help with development (and, at times, they've helped to find problems with other products that caused BSOD's when using MalwareBytes).
When I do suggest removing it, it's only to see if it's directly involved in the BSOD's (and I suggest installing it again as soon as the testing is done).

Good luck!

Share this post


Link to post
Share on other sites

Wanted to add detail for the record:

Machine crashed again today.  Here is what I sent in to the Dell technical queue:

Hi Sameer,

Thank you for your help last night.
 
This machine blue screened again at 3:52 today.  This time, all of the Windows background, start menu, etc. disappeared.  I had clicked to open a network share and File Explorer hung.  A minute later the background went blue.  I closed all the open windows hoping the system would come back, but it didn't after 10+ minutes so I cold rebooted using the power button.  Malwarebytes did show usiing CTRL+ALT+DEL as an open application, though I could not select it to close it.
 
Note:  ~ it may be coincidence, but approximately 4pm seems to be when the system crashes.  The virus scan for MWB is set to run at ~3am.
 
I've attached screen shots of the event log for system and applications.  I'm still getting the driver load errors at startup.
 
I can do another screen share later this evening (10pm EST) or sometime tomorrow Monday between 10:30am and 3pm.
 
Thanks!
Pete

CrashEvents_system_20180107_3h52pm.PNG

CrashEvents_applications_20180107_3h52pm.PNG

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.