Jump to content

BSOD caused by mwac.sys and maybe IVACY VPN


Recommended Posts

2 hours ago, MCabZ said:

. If support is not provided for Malwarebytes due to the fact that there is pirated software on the computer. so be it.

14 hours ago, MCabZ said:

Will monitor the next BSOD and see if it occurs when my VPN is active, seeing that there may be an issue with some VPN's. TIA.

 

You will get support, Just making you aware of the security issues.  But the VPN and torrent compatibility  issues my require you to turn off web protection until a fix is released.

In the meantime, if you are running with Web Protection disabled for daily use, you can still have at least your browser protected by installing Malwarebytes Browser Guard if you haven't already.  It blocks the same sites as Web Protection would and actually blocks some additional threats and undesirable web sites/content on top of that (including behavior based blocking for tech support scam sites; a very powerful feature that I recommend for everyone these days) and it is fully compatible with Web Protection in Malwarebytes so once the BSOD issue has been resolved you can enable Web Protection and keep Malwarebytes Browser Guard installed in your browser(s) to get the benefits of both protections.

You can learn more and download Malwarebytes Browser Guard on this page.

 

Edited by Porthos
Link to post
Share on other sites
  • Root Admin

Hello @MCabZ

Let's see if we can do some clean up that may help correct this issue. We will assist you in attempting to get our software working if possible.

 

Please uninstall the following software. Go to Control Panel, Programs, Uninstall

Bonjour

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

The program CCleaner is no longer recommend for use by most Experts. Again, this is your choice but Windows can already perform the vast majority of tasks on it's own.

 

If you're still actively using Dropbox, Inc then you might try downloading their latest installer again and reinstalling. The updater is from 2017 (which may be legit, but seems unlikely they've not updated it in 3 years)

Are you sure this is still a valid and used service? This is from 2011 from 9 years ago. It is very unlikely that Windows 10 needs or uses this driver, but up to you to decide.
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

These are compatibility setting to even allow the software from 10 years ago to even run on Windows 10. Again, do you really need and use them still today?
HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpf3l02t: C:\Windows\System32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)

 

Your Google Chrome updater is also from 2017 - I would recommend you download the full installer and reinstall over the top of your current installation

Do you still have and use the EPSON Perfection V39 on this system? If not then I'd recommend removing that as well

The KMS you're using interferes with other programs. The script below will remove it. If you feel you still need it once we're done then it's up to you if  you want to reinstall it but I'd recommend trying to run without it.

 

Please review  your Google Chrome and Firefox for old, outdated, unused extensions. You appear to have some for Avast that is no longer installed
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Check for updates to plugins for both browsers

 

The TechSmith uploader service is from 5 years ago. I know that is not valid as I use TechSmith software and they have much newer services if you actually use them. Personally I don't use their upload service so I don't install the service but again, up to you. If used I'd update it.

R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)

Are you really using the Apache Tomcat service? That too is extremely old and should be removed or updated
S3 upsTomcat; C:\ViewPower2.14\tomcat\bin\tomcat7.exe [80896 2013-12-19] (Apache Software Foundation) [File not signed]

Both of the Slysoft drivers and service are ancient. In my opinion there are better, newer updates if you really use it. I would highly recommend looking for better or updated solutions for Windows 10
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)

 

You may want to consider using  https://dns.watch/   for your DNS

 

The The Diskeeper service terminated unexpectedly multiple times. There really is no need to use an older or even possibly hacked version of this software. Windows 10 automatically sets up and defrags your hard drives for you. There honestly is no real reason to install and setup something older. I would highly recommend you uninstall this older Diskeeper you're using and allow Microsoft to take care of it. It actually is a subset coding from the original Diskeeper company that is no longer in business.

Error: (09/05/2020 06:33:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diskeeper service terminated unexpectedly.  It has done this 3 time(s).

 

You have some part of Snagit 2018 that also keeps crashing. I would recommend that you get that fixed or remove the auto start entry possibly until you do get it fixed.

Error: (09/05/2020 07:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.18362.1, time stamp: 0x8ceb427f
Faulting module name: AnimatedGIFSource.dll, version: 1.0.0.2, time stamp: 0x58503726
Exception code: 0xc0000005
Fault offset: 0x00000000000079ed
Faulting process id: 0x161c
Faulting application start time: 0x01d683a63555e4c5
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\Program Files\TechSmith\Snagit 2018\AnimatedGIFSource.dll
Report Id: 033fdca1-2f05-4af8-a572-402fbf8bcdd7
Faulting package full name:
Faulting package-relative application ID:

 

 

Please exit out of Malwarebytes and temporarily disable any other security software and run the following fix.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
7 hours ago, AdvancedSetup said:

Hello @MCabZ

Let's see if we can do some clean up that may help correct this issue. We will assist you in attempting to get our software working if possible.

 

Please uninstall the following software. Go to Control Panel, Programs, Uninstall

Bonjour

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

The program CCleaner is no longer recommend for use by most Experts. Again, this is your choice but Windows can already perform the vast majority of tasks on it's own.

 

If you're still actively using Dropbox, Inc then you might try downloading their latest installer again and reinstalling. The updater is from 2017 (which may be legit, but seems unlikely they've not updated it in 3 years)

Are you sure this is still a valid and used service? This is from 2011 from 9 years ago. It is very unlikely that Windows 10 needs or uses this driver, but up to you to decide.
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

These are compatibility setting to even allow the software from 10 years ago to even run on Windows 10. Again, do you really need and use them still today?
HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpf3l02t: C:\Windows\System32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)

 

Your Google Chrome updater is also from 2017 - I would recommend you download the full installer and reinstall over the top of your current installation

Do you still have and use the EPSON Perfection V39 on this system? If not then I'd recommend removing that as well

The KMS you're using interferes with other programs. The script below will remove it. If you feel you still need it once we're done then it's up to you if  you want to reinstall it but I'd recommend trying to run without it.

 

Please review  your Google Chrome and Firefox for old, outdated, unused extensions. You appear to have some for Avast that is no longer installed
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Check for updates to plugins for both browsers

 

The TechSmith uploader service is from 5 years ago. I know that is not valid as I use TechSmith software and they have much newer services if you actually use them. Personally I don't use their upload service so I don't install the service but again, up to you. If used I'd update it.

R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)

Are you really using the Apache Tomcat service? That too is extremely old and should be removed or updated
S3 upsTomcat; C:\ViewPower2.14\tomcat\bin\tomcat7.exe [80896 2013-12-19] (Apache Software Foundation) [File not signed]

Both of the Slysoft drivers and service are ancient. In my opinion there are better, newer updates if you really use it. I would highly recommend looking for better or updated solutions for Windows 10
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)

 

You may want to consider using  https://dns.watch/   for your DNS

 

The The Diskeeper service terminated unexpectedly multiple times. There really is no need to use an older or even possibly hacked version of this software. Windows 10 automatically sets up and defrags your hard drives for you. There honestly is no real reason to install and setup something older. I would highly recommend you uninstall this older Diskeeper you're using and allow Microsoft to take care of it. It actually is a subset coding from the original Diskeeper company that is no longer in business.

Error: (09/05/2020 06:33:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diskeeper service terminated unexpectedly.  It has done this 3 time(s).

 

You have some part of Snagit 2018 that also keeps crashing. I would recommend that you get that fixed or remove the auto start entry possibly until you do get it fixed.

Error: (09/05/2020 07:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.18362.1, time stamp: 0x8ceb427f
Faulting module name: AnimatedGIFSource.dll, version: 1.0.0.2, time stamp: 0x58503726
Exception code: 0xc0000005
Fault offset: 0x00000000000079ed
Faulting process id: 0x161c
Faulting application start time: 0x01d683a63555e4c5
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\Program Files\TechSmith\Snagit 2018\AnimatedGIFSource.dll
Report Id: 033fdca1-2f05-4af8-a572-402fbf8bcdd7
Faulting package full name:
Faulting package-relative application ID:

 

 

Please exit out of Malwarebytes and temporarily disable any other security software and run the following fix.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt 2.13 kB · 1 download

Thanks

 

Thank you very much for your detailed and informative analysis. Will review them all. Currently monitoring what programs are active when the BSOD occurs. I uninstalled AVAST antivirus at it seemed to conflict with MB. Thought that had solved the BSOD scenario, but it eventually occurred again. First Stop Code: Driver IRQL not Less or Equal/ Failed: mwac.sys and then a few days later StopCode: KERNEL SECURITY CHECK FAILURE. Recently upgraded my monitor to a AOC U2879VF 28" which I use at a resolution of 3840x2160. Upgraded my GPU to a MSI RADEON RX 550 2GT LP OC 2GB GDDR5, which has the latest driver updates. The BSOD's increased after installing the new monitor. Have now decreased after all the updates. Curious as to why mwac.sys is involved in the BSOD's.

Link to post
Share on other sites
  • Root Admin

Hello @MCabZ

Following up to see how things are going and if you were able to run the repair fix yet or not. Once that is done I'd like to see the log again and then we'll probably do a clean removal and reinstall of Malwarebytes

When you have time please post a status follow up

Thank you

 

Link to post
Share on other sites
On 9/8/2020 at 6:54 AM, AdvancedSetup said:

Hello @MCabZ

Following up to see how things are going and if you were able to run the repair fix yet or not. Once that is done I'd like to see the log again and then we'll probably do a clean removal and reinstall of Malwarebytes

When you have time please post a status follow up

Thank you

 

Thank you for your kind concern. Been very busy  and little time to dedicate to this subject. Now at last I have time available to investigate what occurred.  Have been running my computer for about a week with my VPN activated. Thus far no BSOD's have appeared. Keeping a record of what programs are open in case a BSOD appears again.

Link to post
Share on other sites

Modified a bit your fixlist. Attaching the modifications made [MB fixlist-2]. Followed your recommendations which is detailed in attachment [MB fixlist-1]. Attaching the zip file of the latest scan. Thank you for your much appreciated assistance. No recurring BSOD's to date. Should one appear I will return to this forum. MB is a program I have recommended to numerous clients, all who have purchased it. I am pleased to see that the tech support is on par with the excellence of the program. Kudos to all. Thank you again. 😊

SysnativeFileCollectionApp.zip MB fixlist-1.pdf MB fixlist-2.pdf

Link to post
Share on other sites
  • Root Admin

Excellent. Glad to hear that things are working much better now. I will go ahead and close your topic but if you do need further assistance please let us know.

The closing speech will also provide a link with information to help you better protect your data and privacy. No need to read it all but I would suggest you bookmark it and review as you have time.

Take care and stay safe out there @MCabZ

 

 

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.