BSOD after computer awakening, no malware detected


  1. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
       #1

    BSOD after computer awakening, no malware detected


    Strange, opened the lid of my laptop, which woke it up, then clicked on my browser, then boom. Haven't installed anything recently, except Virtual box, but it wasn't running at the time, so I'm stumped. Everything is working fine now, so I just wanted to make sure what the cause was as I ran a scan with Malwarebytes and Hitmanpro and nothing showed up.
      My Computer


  2. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #2

    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 3B, {c0000005, fffff88001928c1d, fffff8800bc37a70, 0}
    
    *** WARNING: Unable to verify timestamp for mwac.sys
    *** ERROR: Module load completed but symbols could not be loaded for mwac.sys
    Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
    
    Followup: MachineOwner
    ---------
    0: kd> !thread
    GetPointerFromAddress: unable to read from fffff800030af000
    THREAD fffffa8006fb3a00  Cid 0a84.236c  Teb: 000000007ef7d000 Win32Thread: 0000000000000000 RUNNING on processor 0
    IRP List:
        Unable to read nt!_IRP @ fffffa80532e6220
    Not impersonating
    GetUlongFromAddress: unable to read from fffff80002feeba8
    Owning Process            fffffa800c0375e0       Image:         mbamservice.ex
    Attached Process          N/A            Image:         N/A
    fffff78000000000: Unable to get shared data
    Wait Start TickCount      10716026     
    Context Switch Count      12             IdealProcessor: 2             
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime                  00:00:00.000
    KernelTime                00:00:00.000
    Win32 Start Address 0x00000000009c3d70
    Stack Init fffff8800bc38db0 Current fffff8800bc37d50
    At first glance, the problem seems to be with Malwarebytes. In my experience, these are always a red-herring caused by a networking issue. Lets check.

    Code:
    fffff880`0bc37ef0  fffff880`00000002
    fffff880`0bc37ef8  00000000`00000801
    fffff880`0bc37f00  fffff880`017f43b8Unable to load image brnfilelock.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for brnfilelock.sys
    *** ERROR: Module load completed but symbols could not be loaded for brnfilelock.sys
     brnfilelock+0xe3b8
    fffff880`0bc37f08  fffff800`02ea06c5 nt!RtlGetExtendedContextLength+0x19
    fffff880`0bc37f10  00000000`00000000
    fffff880`0bc37f18  fffff800`02eb8976 nt!iswctype_l+0x76
    fffff880`0bc37f20  00000000`00000000
    .
        Loaded symbol image file: brnfilelock.sys
        Image path: brnfilelock.sys
        Image name: brnfilelock.sys
        Timestamp:        Sat Feb 22 07:53:44 2014 (5307C3E0)
        CheckSum:         00017B9E
        ImageSize:        00017000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Code:
    Start Menu\Programs\Blue Ridge Networks	Public:Start Menu\Programs\Blue Ridge Networks	Public
    Bingo! The real issue seems to be with the Blue Ridge Networks filter driver conflicting with the Malwarebytes update service.

    Check the manufacturer's website for an updated driver, and download it. Create a system restore point. Install the updated driver and monitor for further BSOD's.
      My Computer


  3. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
    Thread Starter
       #3

    “Hi Golden,

    First thank you for the response! Blueridge is the company the owns Appguard, but I don't recall any drivers being installed. They also do not have any drivers available on their site.

    I have not had a BSOD since that one strange happening, so I'm not sure as to why Appguard and MAlwarebytes butted heads this time.

    In the Driver manager the only error I'm having is a Broadcom USH driver, which I haven't been able to resolve it's identification since I've originally installed on this laptop which was last year, before I installed Appguard.
      My Computer


  4. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #4

    There's definately a driver installed as evidenced by its appearance in the. dmp file. At this stage, the only thing I can suggest is to remove AppGuard as clearly it is indeed conflicting with Malwarebytes.

    Once you've done that, run Driver Verifier so see if we can isolate the Broadcom driver.

    Please do the following:

    Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.
    Driver Verifier - Enable and Disable

    Driver Verifier will cause your computer to run very sluggishly - this is normal. What it is trying to do is force your system to BSOD and isolate the offending driver/s. When it does, reboot, disable driver verifier, reboot as normal and upload the new dmp file/s here.

    I recommend creating a system restore point before turning on driver verifier:
    System Restore Point - Create

    If your system fails to boot to desktop once driver verifier is enabled, turn it off by booting into Safe Mode:
    Safe Mode
      My Computer


  5. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
    Thread Starter
       #5

    Hi Golden,

    It's been a while since I've used this laptop, so I haven't dealt with the problem yet, but today I had another BSOD, but couldn't run the program until ow. Couple questions:

    If this program needs to run for 24hrs do I need to avoid using the computer? Also should I disable sleep or any other power saver configurations at all?
      My Computer


  6. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
    Thread Starter
       #6

    Also, there is a broadcom USH driver which gives me the status of :
    The drivers for this device are not installed. (Code 28)

    There is no driver selected for the device information set or element.


    To find a driver for this device, click Update Driver.
    But, trying to update, results in a negative. Also couldn't use the ID's in the links from the tutorial either. Just wanted to put this up in case it helped
      My Computer


  7. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #7

    No. When running Driver Verifier, just use the PC as you normally would. Lrave sleep etc. Settings as they are.

    What links are yiu referring to?
      My Computer


  8. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
    Thread Starter
       #8

    Sorry, forgot to link it.

    Device Manager - Finding Unknown Devices
      My Computer


  9. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #9

    Do you mean this link?

    Drivers Lookup
      My Computer


  10. Posts : 330
    Microsoft Windows 7 Professional 64-bit SP1
    Thread Starter
       #10

    Golden said:
    Do you mean this link?

    Drivers Lookup
    Thats the one. Sorry it's been a long couple days
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:08.
Find Us