This has only been happening for the past few days and I haven't yet noticed any link between the times it's happened, so I don't have any idea what may be causing it. :[
I've attached both of the file options, so hopefully they'll be of use. Thank you so much in advance!
MalwareBytes had been flagged.
Make sure it's updated. If the problem persists when MBAM is completely updated then uninstall it and test.Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {20, fffffa8007868db0, fffffa8007868dd0, 4020008} *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a ) Followup: MachineOwner
Uninstall DaemonTools, a known cause of BSODs.Code:1: kd> lmvm mwac start end module name fffff880`0e07c000 fffff880`0e08e000 mwac T (no symbols) Loaded symbol image file: mwac.sys Image path: \??\C:\Windows\system32\drivers\mwac.sys Image name: mwac.sys Timestamp: Tue Mar 04 21:47:13 2014 (531649E1) CheckSum: 00010A4A ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1. Uninstall Daemon Tools.
2. Download the SPTD standalone installer and follow these steps:
3. Double click the executable to open it
4. Click the button shown below
If the button it is grayed out, as shown in the image, there is no more SPTD installation on your system, and you can just close the window.
Not to take Boozad's post away from him but I'd like to add to his post and I think I may know what might be/add to the cause of your crashes.
This bugcheck indicates a pool header was already corrupt at the time of the request and the culprit has escaped the scene of the crime, lets look into this further.Code:BugCheck 19, {20, fffffa8007868db0, fffffa8007868dd0, 4020008}
So the pool used is invalid, now it has a network pool tag which helps us a bit here.Code:1: kd> !pool fffffa8007868db0 Pool page fffffa8007868db0 region is Nonpaged pool fffffa8007868000 size: d0 previous size: 0 (Allocated) MmCa fffffa80078680d0 size: c0 previous size: d0 (Allocated) FMsl fffffa8007868190 size: 50 previous size: c0 (Allocated) VadS fffffa80078681e0 size: 1e0 previous size: 50 (Free) AfdE fffffa80078683c0 size: d0 previous size: 1e0 (Allocated) MmCa fffffa8007868490 size: 80 previous size: d0 (Allocated) KPXY fffffa8007868510 size: 40 previous size: 80 (Allocated) ReTa fffffa8007868550 size: 80 previous size: 40 (Allocated) Even (Protected) fffffa80078685d0 size: 30 previous size: 80 (Free) ReEv fffffa8007868600 size: 40 previous size: 30 (Allocated) WfpH fffffa8007868640 size: d0 previous size: 40 (Allocated) MmCa fffffa8007868710 size: 160 previous size: d0 (Allocated) Ntfx fffffa8007868870 size: 240 previous size: 160 (Free) pppt fffffa8007868ab0 size: 150 previous size: 240 (Allocated) File (Protected) fffffa8007868c00 size: 20 previous size: 150 (Free ) WfpH fffffa8007868c20 size: 90 previous size: 20 (Allocated) Vad fffffa8007868cb0 size: 80 previous size: 90 (Allocated) Even (Protected) fffffa8007868d30 size: 80 previous size: 80 (Allocated) CM44 Process: fffffa800372bb30 *fffffa8007868db0 size: 20 previous size: 80 (Free ) *Ipng Pooltag Ipng : IP Generic buffers (Address, Interface, Packetize, Route allocations), Binary : tcpip.sys fffffa8007868dd0 doesn't look like a valid small pool allocation, checking to see if the entire page is actually part of a large page allocation... GetUlongFromAddress: unable to read from fffff8000287aa38 Unable to get pool big page table. Check for valid symbols. fffffa8007868dd0 is not valid pool. Checking for freed (or corrupt) pool Bad allocation size @fffffa8007868dd0, zero is invalid *** *** An error (or corruption) in the pool was detected; *** Attempting to diagnose the problem. *** *** Use !poolval fffffa8007868000 for more details. Pool page [ fffffa8007868000 ] is __inVALID. Analyzing linked list... [ fffffa8007868db0 --> fffffa8007868e50 (size = 0xa0 bytes)]: Corrupt region Scanning for single bit errors... None found
As far as I know, that index is wrong, I believe non paged pool should be indicated with 1 which I may or may not be right, I'm pretty sure I am though.Code:1: kd> dt_POOL_HEADER fffffa8007868db0 nt!_POOL_HEADER +0x000 PreviousSize : 0y00001000 (0x8) +0x000 PoolIndex : 0y00000000 (0) +0x000 BlockSize : 0y00000010 (0x2) +0x000 PoolType : 0y00000100 (0x4) +0x000 Ulong1 : 0x4020008 +0x004 PoolTag : 0x676e7049 +0x008 ProcessBilled : 0xfffffa80`08ed12a0 _EPROCESS +0x008 AllocatorBackTraceIndex : 0x12a0 +0x00a PoolTagHash : 0x8ed
It looks cut off, so part of the page is missing, very strange, given that its network related and Malwarebytes is being blamed I have a hunch what it could be.Code:1: kd> dc fffffa8007868db0 fffffa8007868db0+20 fffffa80`07868db0 04020008 676e7049 08ed12a0 fffffa80 ....Ipng........ fffffa80`07868dc0 00110064 61440800 61651120 0900a8c0 d.....Da .ea.... fffffa80`07868dd0 ff00a8c0
Well we can see Malwarebytes is conflicting with a network device and looking at the network devices on the system I see this as a troublemaker...Code:*** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
An Avast firewall, that's probably the cause of the conflict.Code:Name [00000013] avast! Firewall NDIS Filter Miniport
Quote