Jump to content

Search the Community

Showing results for tags 'bsod'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 21 results

  1. Today my PC crashed with stop code REGISTRY_FILTER_DRIVER_EXCEPTION and farflt.sys was mentioned. Using MB Trial version 4.1.0. Windows 10 64bit with latest updates. I can send more logs if needed. FRST.txt Addition.txt mb-check-results.zip
  2. Hello, I have been using Malwarebytes for a long time now and also adwcleaner here and there but recently within the last 2 weeks i have been given BSOD crashes via farflt.sys which is a registered ransom ware system file for malwarebytes, Now i would like to know if Malwarebytes will continue to work if i delete this file and stay deleted not replicate itself upon reboot of the software/update as being a savvy user i dont have a need for the ransom ware protection anyway, but i dont want to have to go elsewhere for my malware protection as i much prefer to keep what im used to. Thanks Martyn
  3. I can confirm it was causing havoc on my server that runs Plex
  4. Just as an FYI... I also use Plex and uTorrent, and have also been experiencing multiple BSOD in the last few days. I had assumed it was caused by the most recent uTorrent release, but I just caught the latest screen before it restarted, and it stated mwac.sys as being what had 'failed'.
  5. Hi So I have both Kaspersky and Malwarebytes and today kaspersky asked me to restart to complete an update. So I did and when it finished restarting it gave me an error saying my PC needs to be repaired and that the operating system couldn’t be loaded because a critical system mdriver is missin or contains errors. The file in question was Windows\system32\DRIVERS\MbamElam.sys and the error code was 0xc000007b. I don’t know what to do please help I have a lot of important info on this computer and I can’t go out to repair it because of the whole pandemic 😭😭😭
  6. Hi, I have been getting memory related BSOD at early morning around 6am - 8am. The diagnostic files are attached below. The windows 10 (x64) installed came with the laptop when I purchased it.· Age of system : 4-5 years· Age of OS installation - No i didn't I just do system restore from time to time· CPU : Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, 2808 Mhz, 4 Core(s), 8 Logical Processor(s)· Video Card : NVIDIA GeForce GTX 1060 · Laptop model : Acer Predator Helios 300 G3-572 * The laptop is undervolted to -110.4 mV SysnativeFileCollectionApp.zip
  7. Hello. I had a Windows update on FRI 1-10-2020. Over this weekend my server rebooted after BSOD. Over 12 times since Fri. BSOD points to MWAC.SYS. IRQL not less or equal. Windows cumulative update windows server 2019 (1809) x64 based -- (KB4530715) We Shut off service to keep business running for the day will try reinstall malwarebytes tonight. I have extracted the dump file text and memory dump text. From what i gather windows and malwarebytes are fighting for file control due to file protection, and system protection. I have not been able to test but an uninstall and reinstall maybe the fix. Basically resetting permissions after Windows does what ever it thinks it needed to do. Dumpfile text .txt MemoryDMP.txt
  8. I was working on my PC and suddenly I got the "Blue Screen of Death" on mwac.sys and I lost all my work for the last 2 hours! :( I am a Malwarebytes Premium user. After looking it up the file online, I saw that it is part of Malwarebytes I have Malwarebytes Premium Ver 4.0.4
  9. Ran Farbar64 and mb-check logs are attached. no minidump or *.dmp in c:\windows mb-check-results.zip FRST.txt Addition.txt
  10. Hello, During this month I've been experiencing multiple BSODs due to what I'm assuming mwac.sys. I've attached the required Sysnative file and included my computer details below. · OS - Windows 7 · x64 ? · What was original installed OS on system? · OEM version · 2014 · Installation Date: 4/2/2014 · CPU: Intel Core i5 4670K @ 3.40GHz · Video Card: 2047MB NVIDIA GeForce GTX 760 (MSI) · MotherBoard - MSI Z87-G55 (MS-7821) · Power Supply - In Win 650 W 80+ Bronze Certified ATX Power Supply · Desktop Please let me know if additional information is needed. Thanks - Anders SysnativeFileCollectionApp AC2020.zip
  11. Twice now in the last week, my system has crashed for no apparent reason giving me the BSOD. In one case, I was typing an email. The other case occurred while the computer was idle. I have Windows 10 Pro and am using the latest paid version of Malwarebytes - Premium 3.4.4. Windows gave me the following message: "Stop code: SYSTEM SCAN AT RAISED IRQL CAUGHT IMPROPER DRIVER UPLOAD. What failed: mwac.sys". As far as I can tell, everything is up to date. If you require additional information, please let me know. Thanks.
  12. If you need anymore information please tell me.
  13. Hello everyone, I am new here. I am using a HP pavilion DM4, with windows 7 home premium, and about 20 days ago (7/8/2019, I got a black screen with a cursor only after logging into my Admin Account, even on safemode. the day before this issue occurred (7/7/2019), I had turned off my AVG, while trying to run a malwarebytes scan, to do so, I changed its (AVGs) permissions to EVERYONE and I also set the AVG off, and restarted my computer, Lo and Behold, I couldn't get back on my ADMIN main user!, I am currently writing this on the same laptop, but on the account of a secondary user. I can only open a few Antivirus programs such as malwarebytes and AVG, however I cannot run Roguekiller or MSERT as they freeze. Ive done many test and NONE concluded malware, except a Malware bytes Anti Rootkit scan which detected 4 trojan files located in C:$\recyclebin (system recycle bin?). I've since removed them and I am currently attempting all my options. The crazy thing is, I actually fixed the problem, via system restore, and all was good! however I became stupid in thinking and decided to RE-RESTORE the system, because I was upset that my google chrome had updated!!!, and thus the problem had returned, and the old restore points have vanished since!. I would really love some help because I am sure something has taken over the admin privileges of the system, and is running SVCHOST.EXE and CONSENT.EXE upon start. Ive studied the strings and the threads and they run at 25% CPUs, jamming the system up. Ive also noticed something keeps closing antiviruses and services.exe when i try to open them. (I see all this via PROCESSEXPLORER from the second account with admin privileges). I cannot run SERVICES.EXE, but i can run regedit, msconfig, task manager, etc. Ive done SFC/scan as well as CHKDSK and it found some corrupt files and "fixed them", but the issue persist. Ive downloaded FRST, roguekiller, combofix, adwcleaner,. I have not run them, I am awaiting assistance (from you guys). please help me!!!! thank you in advance!
  14. I've read the posts on similar failures. My BSOD happened as I was running Defraggler overnight. I can find no malware or other cause. This is my first encounter with this particular BSOD, which was annotated: RECOVERY FILE DRIVER EXTENSION what failed: Farftc.sys Attached is my mb-check-results zip, plus the FRST and Addition files just for the sake of completeness. Any information you can provide on what went wrong and how I can prevent such failures in the future would be greatly appreciated. Thanks again for your product, which I have used for many years successfully. mb-check-results.zip FRST.txt Addition.txt
  15. Every time when i start Malwarebytes BSOD appiers. In safe mode it runs. Tried support tool, but if i run it, it causes BSOD. ADWcleaner, and another malwarebytes production works OK. Win7 home basic; 8gb RAM; intel pentium g2030 14d premium version.
  16. MBAM 3.5.1 Premium for Windows 7 on a 32-bit Dell laptop worked fine. Tried to install MBAM 3.6.1 days ago first without clean install and BSOD upon reboot. Did a clean install today using the MBAM Support Tool and after rebooting and almost at the end of the reinstalling, a blue screen of death again. I have attached logs. I also have the MEMORY.DMP file zipped, but its 139 MB, so if you need, please let know how to send. I also ran a full drive security scan with MBAM v3.5.1 just prior to the 3.6.1 clean install and no malware found. Other security software on this machine Zone Alarm Firewall and Anti-Virus Pro v15.3.060.17669 and SpyShelter Premium v11.2, both latest versions. I have reverted back to MBAM v3.5.1 until this issue is resolved. mbst-grab-results.zip mbst-clean-results.txt
  17. Bonjour Je viens vous demander de l'aide concernant un BSOD a chaque analyse personnalisée avec l'option "recherche de Rootkit". En effet, a chaque fois que je lance une analyse avec cette option cochée, un BSOD surviens après 10 secondes . Lorsque je lance une analyse personnalisée sans l'option rootkit, l'analyse réussit. J'ai une version premium a vie (la dernière version 3.4.4) depuis 5 ans, et c'est la première fois que cela arrive... Tout est ok sur mon PC (RAM, DRIVERS, ZERO INFECTION, MATERIEL OK, TESTE CPU OK .....) Je suis Helper, donc j'ai déjà fais toutes les recherches d'infection ou matériel .... Le BSOD surviens uniquement en lançant l'analyse MBAM Pourriez-vous me dire si cela concerne un bug de MBAM SVP? I come to ask you for help regarding a BSOD with each analysis personalized with the option "search of Rootkit". Indeed, every time I run a scan with this option checked, a BSOD will occur after 10 seconds. When I run a custom scan without the rootkit option, the scan succeeds. I have a premium version for 5 years (Version 3.4.4), and this is the first time it happens ... Everything is OK on my PC (RAM, DRIVERS, ZERO INFECTION, HARDWARE OK, TEST CPU OK) I am a Helper, so I have already done all the research of infection or equipment .... The BSOD only happen by launching the MBAM analysis Could you tell me if this concerns an MBAM bug please ? Merci pour vos réponse et votre aide jmi
  18. I'm getting the BSOD with farflt.sys listed as the cause. I've seen that others have had the same problem, but the topics were fairly old so I thought it best to start a new one. The machine is an HP Compaq PC. I reinstalled Windows 7 Pro 32-bit yesterday and put all the software on top, including MB Premium. I had to install MB twice because it errored, but it went on okay second time and I was using the PC for a few hours without problems last night. As well as installing software like Office, and setting up Outlook, I've run Windows Update and installed all the updates it wanted, including SP1. This morning it started BSOD on boot, with farflt.sys given as the culprit. Windows runs okay in Safe Mode but not in normal mode. Following instructions given in other posts I ran mb-clean in Safe Mode, which seemed to work okay, rebooted into Normal Mode, which came up okay, then re-installed MB. It seemed to install okay but didn't even wait until I rebooted before it went BSOD. I've run FRST and MB-Check and attached the zip file, and also attached the minidump file from one of the BSOD's, so I'm hoping someone will be able to tell me what's wrong. I'm running AVG Free - does MB "fight" with AVG? The built-in Windows virus checker is running as well, so is there a problem there? I've also installed Trusteer Rapport, which my bank recommends, but it's created by IBM so should be safe. I don't want to have to turn off anti-ransomware in MB, as the main reason I bought MB was because I was the victim of a ransomware attack a few years ago, which fortunately didn't cause much damage as I saw what was happening very early and stopped it. If anyone can tell me what's happening and how to stop it I'd be grateful. mb-check-results.zip 090118-29406-01.dmp
  19. Just had to uninstall Malwarebytes. I kept getting BSoD on farflt.sys. Although my machine was supposedly writing a dmp file there is none to be found. No idea why it's just started (literally today 25/8) as there haven't been any updates either hardware or software to my machine. mbst-grab-results.zip
  20. Hello, For the past week i've been having trouble with BSODs, "Bad_Pool_Caller" i tried reading the dump files and all i could understand from them is that malwarebytes could be causing them. The files are attached in the form of a rar file Any help is much appreciated Minidump.rar
  21. Greetings, I am representing a client of mine in which they have a problem with your Antimalware product. The client is experiencing numerous blue screens that seem to be related to your "mbamchamelon.sys" kernel-mode driver causing a Blue Screen of Death upon boot up. However, on the second boot up, there is a very high chance it'll boot up normally. My client installed MalwareBytes for protection against malware in conjuction with his security software, Total Defense Total Security. Yes I know what you're thinking, but apparently it is a real product using the BitDefender Antivirus Product Engine and the company is apparently based in the USA. I use BitDefender myself but that is besides the point. Client Computer Configuration AMD AM4 Platform with a AMD A10 Quad Core Processor ASUS PRIME A320M-K Motherboard 4GB DDR4 System Memory Windows 10 32Bit* (more on that in a bit) 120GB System SSD Total Defense™ Total Security MalwareBytes Home Edition 3.5 (Licensed) Microsoft Office 2013 - might be 2016 or Office 365. Cannot confirm right now. I cannot provide you the installed product list because my client has given me instructions to keep that information private as it is a business machine, but the reason why this machine is running Windows 10 32bit is because it was an emergency migration from a older Intel Core 2 Duo machine that had severe problems. No, a fresh installation of Windows 10 is not possible at this point in time as it is a production machine and downtime must be kept to a minimum. All drivers are up to date, as well as latest BIOS updates. Is this a BSOD? Yes. Windows 10 BSOD says "UNEXPECTED_KERNEL_MODE_TRAP" (0x7F) WinDBG Preview for Windows 10 on my workstation where I analyze these crash dumps says: Microsoft (R) Windows Debugger Version 10.0.17674.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [S:\ClientAnalysis\[REDACTED]\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 17134 MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 17134.1.x86fre.rs4_release.180410-1804 Machine Name: [REDACTED] Kernel base = 0x81a69000 PsLoadedModuleList = 0x81ce8938 Debug session time: Fri Jun 22 06:59:57.499 2018 (UTC + 10:00) System Uptime: 0 days 23:55:39.731 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols PEB address is NULL ! Loading unloaded module list ........ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, 8075bc00, 0, 0} Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] *** ERROR: Module load completed but symbols could not be loaded for MbamChameleon.sys *** ERROR: Module load completed but symbols could not be loaded for farflt.sys Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] [ rinse and repeat this for a good couple dozen lines ] Probably caused by : MbamChameleon.sys ( MbamChameleon+6131 ) Followup: MachineOwner --------- WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 eax=8075bc00 ebx=00000000 ecx=8075b850 edx=00000000 esi=00000000 edi=8075b800 eip=81baf11c esp=81cdd390 ebp=00000000 iopl=0 ov up di ng nz ac pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000896 nt!KiBugCheck2: 81baf11c 55 push ebp When asking the debugger for more info: ****************************************************************************** * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: 8075bc00 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ (lots of repeated messages about 2 page locations not being available) KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 17134.1.x86fre.rs4_release.180410-1804 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 4011 BIOS_DATE: 04/19/2018 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: PRIME A320M-K BASEBOARD_VERSION: Rev X.0x DUMP_TYPE: 1 BUGCHECK_P1: 8 BUGCHECK_P2: ffffffff8075bc00 BUGCHECK_P3: 0 BUGCHECK_P4: 0 BUGCHECK_STR: 0x7f_8 TSS: 00000028 -- (.tss 0x28) eax=b66a1120 ebx=00000000 ecx=b66a1520 edx=92d42110 esi=b66a1520 edi=00000000 eip=891d711e esp=b66a0f94 ebp=b66a10a4 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 Ntfs!NtfsLookupRealAllocation+0x1e: 891d711e 53 push ebx Resetting default scope CPU_COUNT: 4 CPU_MHZ: da5 CPU_VENDOR: AuthenticAMD CPU_FAMILY: 15 CPU_MODEL: 65 CPU_STEPPING: 1 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: Registry CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: DESKTOP-8K174LE ANALYSIS_SESSION_TIME: 06-27-2018 13:02:15.0843 ANALYSIS_VERSION: 10.0.17674.1000 amd64fre TRAP_FRAME: b66a194c -- (.trap 0xffffffffb66a194c) ErrCode = 00000000 eax=00000000 ebx=b66a19f4 ecx=0000001c edx=b98bd8c0 esi=024a9000 edi=00000360 eip=81d688c4 esp=b66a19c0 ebp=b66a19cc iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206 nt!HvpGetCellPaged+0x84: 81d688c4 8b043e mov eax,dword ptr [esi+edi] ds:0023:024a9360=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 891d6f2b to 891d711e BAD_STACK_POINTER: 81cdd390 STACK_OVERFLOW: Stack Limit: b66a1000. Use (kF) and (!stackusage) to investigate stack usage. STACK_TEXT: b66a19cc 81d67eb7 95459008 02278360 b66a19f4 nt!HvpGetCellPaged+0x84 b66a1a3c 81d5c322 b66a1ab8 b66a1a88 b66a1adf nt!CmpWalkOneLevel+0x227 b66a1b94 81d61e02 48077500 00000240 b66a1e1c nt!CmpDoParseKey+0x822 b66a1cac 81d5e362 8800efd0 87f7a9a0 c3bc7418 nt!CmpParseKey+0x232 b66a1dbc 81d64da8 00000240 87f7a9a0 00000000 nt!ObpLookupObjectName+0x3d2 b66a1e44 81d64b80 b66a206c 87f7a9a0 00000000 nt!ObOpenObjectByNameEx+0x118 b66a1fb0 81d66ff8 b66a206c 00000000 00000000 nt!CmOpenKey+0x240 b66a1fc8 81bc0b2f b66a208c 000f003f b66a206c nt!NtOpenKey+0x18 b66a1fc8 81badfb5 b66a208c 000f003f b66a206c nt!KiSystemServicePostCall b66a204c 98406131 b66a208c 000f003f b66a206c nt!ZwOpenKey+0x11 WARNING: Stack unwind information not available. Following frames may be wrong. b66a2090 98401e27 44fda755 00000000 a4f461b8 MbamChameleon+0x6131 b66a20e0 81d7dc49 98421e28 b66a213c 00021410 MbamChameleon+0x1e27 b66a2124 81d62a8c b66a2190 87eb2040 b66a24cc nt!ObpCallPreOperationCallbacks+0xd9 b66a2214 81d76a0e 00000000 b66a24cc 00000000 nt!ObpCreateHandle+0x89c b66a2398 81d761ba 9e56fa00 00000200 b66a24cc nt!ObOpenObjectByPointer+0xce b66a2564 81d76039 b66a2624 b66a263c 00000000 nt!PsOpenProcess+0x17a b66a2584 81bc0b2f b66a265c 80020000 b66a2624 nt!NtOpenProcess+0x2d b66a2584 81badf15 b66a265c 80020000 b66a2624 nt!KiSystemServicePostCall b66a260c 9840bbec b66a265c 80020000 b66a2624 nt!ZwOpenProcess+0x11 b66a2644 9840ab6f 000003c8 80020000 b66a265c MbamChameleon+0xbbec b66a2668 984083b6 81bb0760 00008013 b66a2780 MbamChameleon+0xab6f b66a2678 98402de8 be2f1580 44fda035 00000000 MbamChameleon+0x83b6 b66a2780 81d5fa13 00000000 0000001c b66a28d0 MbamChameleon+0x2de8 b66a2834 81d61db4 b66a2878 00000001 0000001d nt!CmpCallCallBacksEx+0x313 b66a2944 81d5e362 8800efd0 87f7a9a0 c3f87820 nt!CmpParseKey+0x1e4 b66a2a54 81d64da8 00000240 87f7a9a0 00000000 nt!ObpLookupObjectName+0x3d2 b66a2adc 81d64b80 b66a2d04 87f7a9a0 00000000 nt!ObOpenObjectByNameEx+0x118 b66a2c48 81d66ff8 b66a2d04 00000000 00000000 nt!CmOpenKey+0x240 b66a2c60 81bc0b2f b66a2d24 000f003f b66a2d04 nt!NtOpenKey+0x18 b66a2c60 81badfb5 b66a2d24 000f003f b66a2d04 nt!KiSystemServicePostCall b66a2ce4 98406131 b66a2d24 000f003f b66a2d04 nt!ZwOpenKey+0x11 b66a2d28 98401e27 44fdaacd 00000000 a4f461b8 MbamChameleon+0x6131 b66a2d78 81d7dc49 98421e28 b66a2dd4 001fffff MbamChameleon+0x1e27 b66a2dbc 81d62a8c b66a2e28 87eb2040 b66a3168 nt!ObpCallPreOperationCallbacks+0xd9 b66a2eac 81d76a0e 00000000 b66a3168 00000000 nt!ObpCreateHandle+0x89c b66a3034 81d761ba 9e56fa00 00000200 b66a3168 nt!ObOpenObjectByPointer+0xce b66a3200 81d76039 b66a32cc b66a32e4 00000000 nt!PsOpenProcess+0x17a b66a3220 81bc0b2f b66a32f8 001fffff b66a32cc nt!NtOpenProcess+0x2d b66a3220 81badf15 b66a32f8 001fffff b66a32cc nt!KiSystemServicePostCall b66a32a8 ad005791 b66a32f8 001fffff b66a32cc nt!ZwOpenProcess+0x11 b66a3310 81d71997 000003c8 000028ec 87f68901 farflt+0x5791 b66a333c 81d4e4f0 00000000 48075bf3 00000000 nt!PspCallThreadNotifyRoutines+0x97 b66a33b4 81d4e033 b66a3894 b66a3410 001fffff nt!PspInsertThread+0x3a4 b66a3584 81d4a831 b66a3aec 80000b70 00000000 nt!PspCreateThread+0x211 b66a3a08 81bc0b2f b66a3b10 001fffff b66a3aec nt!NtCreateThreadEx+0x161 b66a3a08 81bae861 b66a3b10 001fffff b66a3aec nt!KiSystemServicePostCall b66a3aac 81e00150 b66a3b10 001fffff b66a3aec nt!ZwCreateThreadEx+0x11 b66a3b3c 81b704c5 00000000 00000000 00040000 nt!RtlpCreateUserThreadEx+0xc2 b66a3b90 81ab1dbf 9e4f2cb0 9e521140 9e580e80 nt!ExpWorkerFactoryCreateThread+0xb1 b66a3bb4 81ab1b96 00000000 000005c0 0320f668 nt!ExpWorkerFactoryCheckCreate+0x13f b66a3c08 81bc0b2f 000005c0 0320f6b0 77410750 nt!NtReleaseWorkerFactoryWorker+0x266 b66a3c08 77410750 000005c0 0320f6b0 77410750 nt!KiSystemServicePostCall 0320f6b0 00000000 00000000 00000000 00000000 0x77410750 STACK_COMMAND: .trap 0xffffffffb66a194c ; kb THREAD_SHA1_HASH_MOD_FUNC: 7c84cad4e395a6ac6b9cbc45a29ffdca7fb29c4b THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 91cea10d87227341343679aaa708d3737ba0d688 THREAD_SHA1_HASH_MOD: a168ef793a0dbedb24c03939f290ba65f52710ce FOLLOWUP_IP: MbamChameleon+6131 98406131 8b3dc0e04198 mov edi,dword ptr [MbamChameleon+0x1e0c0 (9841e0c0)] FAULT_INSTR_CODE: e0c03d8b SYMBOL_STACK_INDEX: a SYMBOL_NAME: MbamChameleon+6131 FOLLOWUP_NAME: MachineOwner MODULE_NAME: MbamChameleon IMAGE_NAME: MbamChameleon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5ae0d958 BUCKET_ID_FUNC_OFFSET: 6131 FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function BUCKET_ID: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function PRIMARY_PROBLEM_CLASS: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function TARGET_TIME: 2018-06-21T20:59:57.000Z OSBUILD: 17134 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2018-06-08 18:55:45 BUILDDATESTAMP_STR: 180410-1804 BUILDLAB_STR: rs4_release BUILDOSVER_STR: 10.0.17134.1.x86fre.rs4_release.180410-1804 ANALYSIS_SESSION_ELAPSED_TIME: 221c ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_stackptr_error_mbamchameleon!unknown_function FAILURE_ID_HASH: {b9ae5be3-18b3-bd8f-2c30-bdfcaf14819a} Followup: MachineOwner --------- WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 Memory Dump for debugging team available upon request. Simply notify me with email and I'll get it to you within a few hours. This is a semi-urgent request so I appreciate if I could have this issue placed on high priority.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.