New
#1
BSOD issue
Hoping you guys can help
Tex mate there are some dump issues with MBAM
Code:*** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys
The fwpkclnt is a Toshiba related issue and again I have no idea what that is referring to from what I can from the dumpsCode:PROCESS_NAME: mbamservice.ex CURRENT_IRQL: 2 ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre LAST_CONTROL_TRANSFER: from fffff80003402cae to fffff800032cc080 STACK_TEXT: fffff880`163b7168 fffff800`03402cae : 00000000`00000019 00000000`00000020 fffffa80`210c6350 fffffa80`210c6370 : nt!KeBugCheckEx fffff880`163b7170 fffff880`01f27d2d : 00000000`00000008 00000000`00000008 00000000`676e7049 fffffa80`212be0ce : nt!ExDeferredFreePool+0x12da fffff880`163b7220 fffff880`01cbe066 : 00000000`00000000 fffff880`01cba0c3 00000000`00000000 fffffa80`24f55ea0 : tcpip!IppInspectBuildHeaders+0x65d fffff880`163b7500 fffff880`108c212d : 00000000`00000000 00000000`00000014 00000000`00000000 fffffa80`263b6b90 : fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x20a fffff880`163b75a0 00000000`00000000 : 00000000`00000014 00000000`00000000 fffffa80`263b6b90 fffffa80`263b6ba4 : mwac+0x612d STACK_COMMAND: kb FOLLOWUP_IP: fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a fffff880`01cbe066 85c0 test eax,eax SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a FOLLOWUP_NAME: MachineOwner MODULE_NAME: fwpkclnt IMAGE_NAME: fwpkclnt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 533f5b09 IMAGE_VERSION: 6.1.7601.18438 FAILURE_BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
Plus there is a dump for NETIO which for me comes up as an update and I am not sure what that means but if it were me I would try a system restore.
The fwpkclnt is a Toshiba related issue and again I have no idea what that is referring to from what I can from the dumps.
I would at least run a sfc in safe mode anyway SFC /SCANNOW Command - System File Checker
fwpkclnt.sys is a Windows driver which has the description FWP/IPsec Kernel-Mode API
NETIO.sys is the Network Input/Output System driver of Windows, a network driver which indicates a network driver at cause or protection software, in most cases it is protection software that is the cause.
My usual suggestion with Malwarebytes is to reinstall it using a new download, but first proper remove it
https://support.malwarebytes.org/cus...5311?b_id=6438
Code:10: kd> lmvm mwac Browse full module list start end module name fffff880`10af0000 fffff880`10b02000 mwac T (no symbols) Loaded symbol image file: mwac.sys Image path: \??\C:\Windows\system32\drivers\mwac.sys Image name: mwac.sys Browse all global symbols functions data Timestamp: Wed Jun 18 04:06:34 2014 (53A0F42A) CheckSum: 0001D0FD ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
thank you both. I'm going to start with Malwarbytes uninstall and reinstall.
In the meantime I also got a bad pool header BSOD last night. Perhaps there is more info here?
Same cause.
On a side note, you might want to change your seated modules to slots
A1The current configuration
B1
D1
C1
A1Attachment 384301
A2
C1
C2
Attachment 384302
Just to add to axe's post this is quite an article but it odes put it in fairly simple language - RAM assignment
Everything You Need to Know About the Dual-, Triple-, and Quad-Channel Memory Architectures - Enabling Dual Channel (Intel and AMD Socket AM3+) of 10 - Hardware Secrets
Now the last dump is still showing an issue with MBAM - is that running real time because maybe the Bitdefender doesn't like it too much. I know I have had some issues with Kaspersky with other scanners so maybe it is worth forgoing the MBAM - if it is a paid for version. Am just wondering too if disabling Bitdefender would make any difference.