Jump to content

Randon Crashes BSOD 57BE0abe.sys possible culprit


Recommended Posts

 

Ran verifier to try to find which driver was causing crashes.  It turns out it is 57BE0abe.sys.  I'm getting about 1 BSOD a day.  I tried uninstalling MBAR and re-installing but the crashes came back.  Currently running BETA 7.  Any suggestions?

 

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\061816-21496-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
Machine Name:
Kernel base = 0xfffff800`02c1c000 PsLoadedModuleList = 0xfffff800`02e5e730
Debug session time: Sat Jun 18 16:55:07.118 2016 (UTC - 7:00)
System Uptime: 0 days 0:02:16.006
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {62, fffffa8003c7fa48, fffffa8003c6fc70, 9}

*** WARNING: Unable to verify timestamp for 57BE0ABE.sys
*** ERROR: Module load completed but symbols could not be loaded for 57BE0ABE.sys
Probably caused by : 57BE0ABE.sys

Followup:     MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa8003c7fa48, name of the driver having the issue.
Arg3: fffffa8003c6fc70, verifier internal structure with driver information.
Arg4: 0000000000000009, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  7601.23418.amd64fre.win7sp1_ldr.160408-2045

SYSTEM_MANUFACTURER:  Gigabyte Technology Co., Ltd.

SYSTEM_PRODUCT_NAME:  G31M-S2L

BIOS_VENDOR:  Award Software International, Inc.

BIOS_VERSION:  F10d

BIOS_DATE:  02/04/2009

BASEBOARD_MANUFACTURER:  Gigabyte Technology Co., Ltd.

BASEBOARD_PRODUCT:  G31M-S2L

DUMP_TYPE:  2

BUGCHECK_P1: 62

BUGCHECK_P2: fffffa8003c7fa48

BUGCHECK_P3: fffffa8003c6fc70

BUGCHECK_P4: 9

BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  57BE0ABE.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  566900d3

MODULE_NAME: 57BE0ABE

FAULTING_MODULE: fffff8800118d000 57BE0ABE

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8003c6fc70
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CPU_COUNT: 2

CPU_MHZ: 7d0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: f

CPU_STEPPING: d

CPU_MICROCODE: 6,f,d,0 (F,M,S,R)  SIG: A3'00000000 (cache) A3'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  services.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  RETROTIGER-PC

ANALYSIS_SESSION_TIME:  06-18-2016 17:24:21.0183

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8000311f4ec to fffff80002c8b400

STACK_TEXT:  
fffff880`01fe2448 fffff800`0311f4ec : 00000000`000000c4 00000000`00000062 fffffa80`03c7fa48 fffffa80`03c6fc70 : nt!KeBugCheckEx
fffff880`01fe2450 fffff800`0312e67a : 00000000`00000001 00000000`00000000 fffff880`0118d000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`01fe2490 fffff800`02d7ebe0 : 00000000`00000000 00000000`00000000 fffff880`009e6180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`01fe24d0 fffff800`03045e3e : fffffa80`03c7f990 00000000`00000000 00000000`00000000 00000000`ffffffff : nt!VfTargetDriversRemove+0x160
fffff880`01fe2570 fffff800`030651a3 : 00000000`00000000 00000000`000e0082 00000000`00000000 00000000`00000001 : nt!VfDriverUnloadImage+0x2e
fffff880`01fe25a0 fffff800`0306561d : 00000000`00000000 fffffa80`03c7f990 00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x283
fffff880`01fe2610 fffff800`0310de41 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`01fe2650 fffff800`02c951a4 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 fffffa80`05951628 : nt!IopDeleteDriver+0x41
fffff880`01fe2680 fffff800`0307076e : fffff880`01fe2930 00000000`00000000 00000000`c0000001 fffff800`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`01fe26e0 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2900 00000000`00000001 fffff980`0144c000 : nt!IopUnloadDriver+0x45c
fffff880`01fe28b0 fffff800`02c86c50 : fffff800`03070467 00000000`00e5edc0 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`01fe2a48 fffff800`03070467 : 00000000`00e5edc0 00000000`00000001 00000000`00000000 00000000`00cddef0 : nt!KiServiceLinkage
fffff880`01fe2a50 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2ca0 00000000`00000000 00000000`00000000 : nt!IopUnloadDriver+0x155
fffff880`01fe2c20 00000000`774ed3aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00e5ed98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774ed3aa


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  591646535b6c407bc45fa532f044222b581d75cc

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d1f189e06279c774d2dd7ec0cfc8fe43158be458

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

PRIMARY_PROBLEM_CLASS:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

TARGET_TIME:  2016-06-18T23:55:07.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-04-08 22:46:22

BUILDDATESTAMP_STR:  160408-2045

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045

ANALYSIS_SESSION_ELAPSED_TIME: 94c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_62_leaked_pool_image_57be0abe.sys

FAILURE_ID_HASH:  {1c543d6e-8c80-d9ff-d4b4-6675f936ca2e}

Followup:     MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa8003c7fa48, name of the driver having the issue.
Arg3: fffffa8003c6fc70, verifier internal structure with driver information.
Arg4: 0000000000000009, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  7601.23418.amd64fre.win7sp1_ldr.160408-2045

SYSTEM_MANUFACTURER:  Gigabyte Technology Co., Ltd.

SYSTEM_PRODUCT_NAME:  G31M-S2L

BIOS_VENDOR:  Award Software International, Inc.

BIOS_VERSION:  F10d

BIOS_DATE:  02/04/2009

BASEBOARD_MANUFACTURER:  Gigabyte Technology Co., Ltd.

BASEBOARD_PRODUCT:  G31M-S2L

DUMP_TYPE:  2

BUGCHECK_P1: 62

BUGCHECK_P2: fffffa8003c7fa48

BUGCHECK_P3: fffffa8003c6fc70

BUGCHECK_P4: 9

BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  57BE0ABE.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  566900d3

MODULE_NAME: 57BE0ABE

FAULTING_MODULE: fffff8800118d000 57BE0ABE

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8003c6fc70
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CPU_COUNT: 2

CPU_MHZ: 7d0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: f

CPU_STEPPING: d

CPU_MICROCODE: 6,f,d,0 (F,M,S,R)  SIG: A3'00000000 (cache) A3'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  services.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  RETROTIGER-PC

ANALYSIS_SESSION_TIME:  06-18-2016 17:24:23.0796

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8000311f4ec to fffff80002c8b400

STACK_TEXT:  
fffff880`01fe2448 fffff800`0311f4ec : 00000000`000000c4 00000000`00000062 fffffa80`03c7fa48 fffffa80`03c6fc70 : nt!KeBugCheckEx
fffff880`01fe2450 fffff800`0312e67a : 00000000`00000001 00000000`00000000 fffff880`0118d000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`01fe2490 fffff800`02d7ebe0 : 00000000`00000000 00000000`00000000 fffff880`009e6180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`01fe24d0 fffff800`03045e3e : fffffa80`03c7f990 00000000`00000000 00000000`00000000 00000000`ffffffff : nt!VfTargetDriversRemove+0x160
fffff880`01fe2570 fffff800`030651a3 : 00000000`00000000 00000000`000e0082 00000000`00000000 00000000`00000001 : nt!VfDriverUnloadImage+0x2e
fffff880`01fe25a0 fffff800`0306561d : 00000000`00000000 fffffa80`03c7f990 00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x283
fffff880`01fe2610 fffff800`0310de41 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`01fe2650 fffff800`02c951a4 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 fffffa80`05951628 : nt!IopDeleteDriver+0x41
fffff880`01fe2680 fffff800`0307076e : fffff880`01fe2930 00000000`00000000 00000000`c0000001 fffff800`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`01fe26e0 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2900 00000000`00000001 fffff980`0144c000 : nt!IopUnloadDriver+0x45c
fffff880`01fe28b0 fffff800`02c86c50 : fffff800`03070467 00000000`00e5edc0 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`01fe2a48 fffff800`03070467 : 00000000`00e5edc0 00000000`00000001 00000000`00000000 00000000`00cddef0 : nt!KiServiceLinkage
fffff880`01fe2a50 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2ca0 00000000`00000000 00000000`00000000 : nt!IopUnloadDriver+0x155
fffff880`01fe2c20 00000000`774ed3aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00e5ed98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774ed3aa


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  591646535b6c407bc45fa532f044222b581d75cc

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d1f189e06279c774d2dd7ec0cfc8fe43158be458

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

PRIMARY_PROBLEM_CLASS:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

TARGET_TIME:  2016-06-18T23:55:07.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-04-08 22:46:22

BUILDDATESTAMP_STR:  160408-2045

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045

ANALYSIS_SESSION_ELAPSED_TIME: 8fc

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_62_leaked_pool_image_57be0abe.sys

FAILURE_ID_HASH:  {1c543d6e-8c80-d9ff-d4b4-6675f936ca2e}

Followup:     MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa8003c7fa48, name of the driver having the issue.
Arg3: fffffa8003c6fc70, verifier internal structure with driver information.
Arg4: 0000000000000009, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  7601.23418.amd64fre.win7sp1_ldr.160408-2045

SYSTEM_MANUFACTURER:  Gigabyte Technology Co., Ltd.

SYSTEM_PRODUCT_NAME:  G31M-S2L

BIOS_VENDOR:  Award Software International, Inc.

BIOS_VERSION:  F10d

BIOS_DATE:  02/04/2009

BASEBOARD_MANUFACTURER:  Gigabyte Technology Co., Ltd.

BASEBOARD_PRODUCT:  G31M-S2L

DUMP_TYPE:  2

BUGCHECK_P1: 62

BUGCHECK_P2: fffffa8003c7fa48

BUGCHECK_P3: fffffa8003c6fc70

BUGCHECK_P4: 9

BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  57BE0ABE.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  566900d3

MODULE_NAME: 57BE0ABE

FAULTING_MODULE: fffff8800118d000 57BE0ABE

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8003c6fc70
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CPU_COUNT: 2

CPU_MHZ: 7d0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: f

CPU_STEPPING: d

CPU_MICROCODE: 6,f,d,0 (F,M,S,R)  SIG: A3'00000000 (cache) A3'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  services.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  RETROTIGER-PC

ANALYSIS_SESSION_TIME:  06-18-2016 17:24:26.0299

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8000311f4ec to fffff80002c8b400

STACK_TEXT:  
fffff880`01fe2448 fffff800`0311f4ec : 00000000`000000c4 00000000`00000062 fffffa80`03c7fa48 fffffa80`03c6fc70 : nt!KeBugCheckEx
fffff880`01fe2450 fffff800`0312e67a : 00000000`00000001 00000000`00000000 fffff880`0118d000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`01fe2490 fffff800`02d7ebe0 : 00000000`00000000 00000000`00000000 fffff880`009e6180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`01fe24d0 fffff800`03045e3e : fffffa80`03c7f990 00000000`00000000 00000000`00000000 00000000`ffffffff : nt!VfTargetDriversRemove+0x160
fffff880`01fe2570 fffff800`030651a3 : 00000000`00000000 00000000`000e0082 00000000`00000000 00000000`00000001 : nt!VfDriverUnloadImage+0x2e
fffff880`01fe25a0 fffff800`0306561d : 00000000`00000000 fffffa80`03c7f990 00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x283
fffff880`01fe2610 fffff800`0310de41 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`01fe2650 fffff800`02c951a4 : 00000000`00000000 fffff880`01fe2930 fffffa80`03d0a4b0 fffffa80`05951628 : nt!IopDeleteDriver+0x41
fffff880`01fe2680 fffff800`0307076e : fffff880`01fe2930 00000000`00000000 00000000`c0000001 fffff800`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`01fe26e0 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2900 00000000`00000001 fffff980`0144c000 : nt!IopUnloadDriver+0x45c
fffff880`01fe28b0 fffff800`02c86c50 : fffff800`03070467 00000000`00e5edc0 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`01fe2a48 fffff800`03070467 : 00000000`00e5edc0 00000000`00000001 00000000`00000000 00000000`00cddef0 : nt!KiServiceLinkage
fffff880`01fe2a50 fffff800`02c8a693 : fffffa80`0654c7b0 fffff880`01fe2ca0 00000000`00000000 00000000`00000000 : nt!IopUnloadDriver+0x155
fffff880`01fe2c20 00000000`774ed3aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00e5ed98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774ed3aa


STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  591646535b6c407bc45fa532f044222b581d75cc

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d1f189e06279c774d2dd7ec0cfc8fe43158be458

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

BUCKET_ID:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

PRIMARY_PROBLEM_CLASS:  X64_0xc4_62_LEAKED_POOL_IMAGE_57BE0ABE.sys

TARGET_TIME:  2016-06-18T23:55:07.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-04-08 22:46:22

BUILDDATESTAMP_STR:  160408-2045

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045

ANALYSIS_SESSION_ELAPSED_TIME: 918

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_62_leaked_pool_image_57be0abe.sys

FAILURE_ID_HASH:  {1c543d6e-8c80-d9ff-d4b4-6675f936ca2e}

Followup:     MachineOwner
---------

1: kd> lmvm 57BE0ABE
Browse full module list
start             end                 module name
fffff880`0118d000 fffff880`011c6000   57BE0ABE T (no symbols)           
    Loaded symbol image file: 57BE0ABE.sys
    Image path: 57BE0ABE.sys
    Image name: 57BE0ABE.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Dec 09 20:34:27 2015 (566900D3)
    CheckSum:         000435CF
    ImageSize:        00039000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
 

061816-21496-01.dmp

Link to post
Share on other sites

Hello CaptainTiger and :welcome:

1. Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

2. Please send a copy of the system's 57BE0ABE.sys driver to https://virustotal.com/ and reply with the URL only of the file's analysis.

3. Your topic has been escalated to Malwarebytes management for further analysis.

Thank you.

Link to post
Share on other sites

Additional System Info:

 

Spoiler

 OS Windows  7
x64 
· W7 x64
· Retail version
· Age of system: ~7 years

· Age of OS installatio:  3 months
· CPU: Intel E2180 Dual Core
· Intel HD2500 Integrated
· MotherBoard - Gigabyte GA-G31M-S2l
· Power Supply: Inwin IP-P300F1-0 300W TFX12v

· System Manufacturer: Home made
· Exact model number: N/A 
· Desktop?


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.