Windows BSOD crash many times in last 2 days - mwac.sys file error

[gazzaphillips]

Can you advise if this has been corrected in the latest update - I just did that this morning and I am waiting to see if that fixes the problem.

[Porthos]

19 minutes ago, gazzaphillips said:

Can you advise if this has been corrected in the latest update - I just did that this morning and I am waiting to see if that fixes the problem.

Since this is your first post we could use some info on your computer.

Can you please collect and upload as an attachment the diagnostic data using our MBST?

• Download and run the Malwarebytes Support Tool
• Accept the EULA and click Advanced tab on the left (not Start Repair)
• Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

[gazzaphillips]

mbst-grab-results.zip

[Porthos]

I am going to let @AdvancedSetup  look his over. I personally have NO experience with Windows running with boot-camp on Apple hardware.

[AdvancedSetup]

Hello @gazzaphillips

Sorry for the delay. I just saw the alert asking me to look at this.

Are  you still having issues and need further assistance?

Please let me know and I'll take a closer look tomorrow and assist you if needed

Thanks

 

 

[gazzaphillips]

Yes - I have turned off Malwarebytes as it consistently causes the Blue Screen of Death crash when left unused, and PC has gone into sleep mode.

Gary

[AdvancedSetup]

Fixing issues and removing old, or possibly unwanted or unneeded software is probably route to go in order to fix this.

 

Do you really need this driver? It appears to be for a very old Brother printer with a driver from 2011

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.) [File not signed]

Do you really want, need, use the RealPlayer? The vast majority of consumer videos online do not use RealPlayer

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [353064 2020-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\realplayer\downloader2.exe [1188136 2020-10-26] (RealNetworks, Inc. -> )

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-10-26]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
 

R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38536 2020-10-15] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [990856 2020-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)

 

 

You have a scheduled task for this program from 2005. Do you still use it?
C:\Program Files (x86)\Any Password\AnyPass.exe [333312 2005-06-20]

You have the following that runs on a scheduled task as well. Does it need to keep running?
C:\DATA\Negawatts\DATA SHEETS\Inverters\Redback\Firmware Update\ROSSv1.5.16.0\ROSSv1.5.16.0\setup.exe

 

 

You're using CCleaner - most Experts no longer recommend using this program. The choice is yours of course but you may want to consider removal

 

Do you still use Citrix Online? Go To Meeting?   It is from 2016

 

I would recommend you uninstall Bonjour

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

Your version of KeePass is very old and should be updated 

 

 

Please update me on the above and I'll work on creating a system clean up script for you to run

Thanks @gazzaphillips

 

[gazzaphillips]

Thanks - I will try to remove any unwanted programs, etc.

I can't find the "Run" section in the registry above as you abbreviated the path - and a search in the registry did not show it either - can you advise full path?

Where are you finding the Scheduled Tasks?

[AdvancedSetup]

Please go ahead and uninstall anything no longer wanted or needed. Then restart the computer. Then get me a fresh set of logs and I'll write a script to remove the other left over items

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[gazzaphillips]

I have attached the files. Note that I still use Real Player a lot and my Bother Printer is an HL-5040DN and is used all the time - not sure what the old 2011 Brother Driver is?

 

Gary Phillips

Addition.txt FRST.txt mbst-grab-results.zip

[AdvancedSetup]

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Flash Player cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[gazzaphillips]

This seems to have screwed up a few things in Windows Programs. Mainly seems to be related to Printing and  Re-installing Programs - any ideas?

Adobe Acrobat no longer can print to the printer, and I can't re-install the latest version:

Windows Live Mail 2011 does not allow a "New Mail" to be selected.

I tried to reinstall Windows Live Mail and Update to the 2012 version at the same time but it shows this error:

[AdvancedSetup]

Not sure why that would have happened. The log did not remove anything for Adobe or for Live Mail, but Microsoft Live was discontinued many years ago.

https://www.theguardian.com/technology/askjack/2016/jun/02/microsoft-killing-windows-live-mail-what-should-i-do-hotmail-msn-outlook

https://en.wikipedia.org/wiki/Windows_Live_Mail

 

You could attempt to do a System Restore back to before you ran the clean up. But we can probably fix Adobe, as for Live Mail it was discontinued so not sure what you want or need that for.

 

[gazzaphillips]

I use Windows Live Mail all the time for my Private emails and it has all my old emails stored - OF Course I still want to use it!

Whether it was dis-continued or not.

So basically it was just a complete waste of my time now - as I have to restore everything and will probably still have problems!

I'll try a System Restore and see how that goes.

 

[gazzaphillips]

Looks like my system is completely stuffed! Any suggestions how to reverse what FRST has done?

It won't run the Restore:

[AdvancedSetup]

Again, we did not remove Live Mail with FRST

Please save the attached file to the same location as FRST and then click on the FIX button and it will do a Full Restore back to before we removed anything

fixlist.txt

Thanks

 

[gazzaphillips]

That file is just to restore Quarantine - it did nothing!

What about all the files and registry settings that were modified by the fixlist.txt file you originally sent?

Gary

[AdvancedSetup]

The Restore puts back any registry changes made.

As I said. We did not remove Live Mail - why it does not work I am not sure. If you have the information of your email provider you can use just about any email client to normally point to your email.

We could try to find an archived installer for it if someone saved a copy.

 

[AdvancedSetup]

https://support.microsoft.com/en-us/windows/windows-essentials-2707b879-5004-4349-c4a4-e5900945f2a9

 

https://windowsreport.com/windows-live-mail-windows-10/

Looks like you may be able to still download it from this link

https://download.cnet.com/Windows-Live-Essentials-2012/3000-20418_4-10805747.html

 

[gazzaphillips]

"RestoreQuarantine:" is all that is in the fixlist.txt file you sent - how can that work - there was so much that was changed in the original fixlist.txt file you originally sent.

I think that the fixlist.txt file is incorrect and if you are restoring everything.

Can you check at your end please?

 

Live Mail is stil working  - but won't allow a reply to an email.

 

Gary

Edited February 21, 2021 by AdvancedSetup
corrected font issue

[AdvancedSetup]

That is how it works. FRST reads the commands and does what it says to do.

Yes, that is the correct way to do a Full Restore of everything it removed

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks