Jump to content

MBAM BSOD, Insider Build 14926


Recommended Posts

This applies to Windows 10 x64 Insider Build 14926 that was released on 14-Sept-2016.  When MBAM starts to perform a system scan, driver MBAMSwissArmy.sys promptly causes a BSOD.  (Page Fault in non-paged area).  I have the zipped 180 mbyte .DMP file if it is needed.  

Whereas this is an insider build, it may be inappropriate to post; however, I thought the developers may be slightly interested.

 

 

MBAMBSOD.zip

Link to post
Share on other sites

Hi, @siliconman01:

Sorry to hear about the BSOD on the new Insider Build of Win10.

Until a member of the QA and/or development team has a chance to respond, it would help to see the usual set of basic diagnostic logs, please.
Please follow the steps here: Diagnostic Logs
Then, please also attach all 3 of those logs to your next reply.

Thanks,

Link to post
Share on other sites

Sorry for the delay in responding - my wife's business is moving and we just had a granddaughter (so I've been tasked as babysitter for their 3 year old).

Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum):  https://forums.malwarebytes.org/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know.
NOTE:  On problem systems it can take up to 20 minutes for the log files to complete.  Please be patient and let it run.

If you still have problems with it running, there's an alternate tool here (direct download link):  https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe

NOTE:
Please zip up the (.ZIP) files - do not use .RAR or other compression utilities.
.ZIP is the type file that can be uploaded to the forums.

Link to post
Share on other sites

21 hours ago, usasma said:

Sorry for the delay in responding - my wife's business is moving and we just had a granddaughter (so I've been tasked as babysitter for their 3 year old).

Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum):  https://forums.malwarebytes.org/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know.
NOTE:  On problem systems it can take up to 20 minutes for the log files to complete.  Please be patient and let it run.

If you still have problems with it running, there's an alternate tool here (direct download link):  https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe

NOTE:
Please zip up the (.ZIP) files - do not use .RAR or other compression utilities.
.ZIP is the type file that can be uploaded to the forums.

Attached are the requested files

PerformReport.zip

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

Debugging Insider builds is a bit more complicated than doing regular BSOD's - but most of the tools are still there.
Unfortunately, the symbols for the drivers aren't publicly available, so it may take a bit longer.

The perfmon report shows that the MalwareBytes Antimalware Service has stopped unexpectedly.
Did you stop it?  If so, why?
Have you tried uninstalling/reinstalling MalwareBytes?

Your UEFI/BIOS (version A11) dates from 2015.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a more recent update.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).
 

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

I presume, from reading your first post, that you can cause a BSOD by running a system scan with MalwareBytes.  Is this the case?
If so, start by uninstalling SuperAntiSpyware (it's drivers date from 2011), rebooting, and then seeing if you can cause a BSOD by running a system scan.

If the BSOD still occurs, then next try uninstalling Norton (make sure that Windows Defender is enabled while testing).
Then run the Norton Removal Tool to remove any remnants (free from here:  https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Then reboot and try to cause a BSOD by running a system scan.
If it does BSOD, then try running Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

The hope here is that, even without the proper symbols, the debugger will be able to isolate the problem drivers (and with Norton and SAS being removed, this'll make our job a bit easier).

Analysis:
The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Tue Sep 20 03:21:01.949 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\092016-5000-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 14926 MP (8 procs) Free x64
Built by: 14926.1000.amd64fre.rs_prerelease.160910-1529
System Uptime:0 days 0:01:26.637
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57D4BE727FE000 )
BugCheck 50, {ffffaa8bdd1fe000, 0, fffff80bcfe2ce90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffaa8bdd1fe000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80bcfe2ce90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57D4BE72
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_14926.1000.amd64fre.rs_prerelease.160910-1529_TIMESTAMP_160911-021618_57D4BE72_nt_wrong_symbols!57D4BE727FE000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Sep 20 03:16:36.600 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\092016-4765-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 14926 MP (8 procs) Free x64
System Uptime:0 days 0:10:24.280
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57D4BE727FE000 )
BugCheck 50, {ffffb909c7bfe000, 0, fffff80249a5ce90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments:
Arg1: ffffb909c7bfe000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80249a5ce90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57D4BE72
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_TIMESTAMP_160911-021618_57D4BE72_nt_wrong_symbols!57D4BE727FE000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
 


3rd Party Drivers:
The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Tue Sep 20 03:21:01.949 2016 (UTC - 4:00)**************************

	SASKUTIL64.SYS                                Tue Jul 12 17:00:01 2011 (4E1CB5D1)

	SASDIFSV64.SYS                                Thu Jul 21 19:03:00 2011 (4E28B024)

	XtuAcpiDriver.sys                             Thu Feb 26 07:51:57 2015 (54EF16ED)

	HWiNFO64A.SYS                                 Tue Mar 31 05:51:32 2015 (551A6E24)

	LEqdUsb.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)

	LHidEqd.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)

	LMouFilt.Sys                                  Tue Jun  9 15:25:39 2015 (55773DB3)

	LHidFilt.Sys                                  Tue Jun  9 15:25:40 2015 (55773DB4)

	cthda.sys                                     Thu Jun 18 02:14:05 2015 (558261AD)

	cthdb.sys                                     Thu Jun 18 02:14:10 2015 (558261B2)

	TeeDriverW8x64.sys                            Tue Jul  7 13:43:32 2015 (559C0FC4)

	MBAMSwissArmy.sys                             Wed Jul 29 00:26:01 2015 (55B855D9)

	mbam.sys                                      Tue Aug 11 13:35:19 2015 (55CA3257)

	iaStorA.sys                                   Wed Nov  4 05:27:49 2015 (5639DDA5)

	TuneUpUtilitiesDriver64.sys                   Thu Jan 14 09:16:23 2016 (5697ADB7)

	mbae64.sys                                    Wed Jan 27 11:54:02 2016 (56A8F62A)

	ALSysIO64.sys                                 Fri Feb 19 17:24:23 2016 (56C79617)

	SYMNETS.SYS                                   Tue Apr 12 19:47:43 2016 (570D891F)

	Netwbw02.sys                                  Sun Apr 17 10:09:53 2016 (57139931)

	eeCtrl64.sys                                  Mon Apr 25 13:47:05 2016 (571E5819)

	EraserUtilRebootDrv.sys                       Mon Apr 25 13:47:06 2016 (571E581A)

	Ironx64.SYS                                   Wed May  4 08:56:49 2016 (5729F191)

	ccSetx64.sys                                  Thu May  5 18:33:33 2016 (572BCA3D)

	SYMEFASI64.SYS                                Thu May 12 15:21:02 2016 (5734D79E)

	idmwfp.sys                                    Thu May 19 09:20:29 2016 (573DBD9D)

	ibtusb.sys                                    Mon May 23 13:22:44 2016 (57433C64)

	SYMEVENT64x86.SYS                             Mon May 23 16:42:54 2016 (57436B4E)

	SRTSPX64.SYS                                  Wed May 25 23:18:13 2016 (57466AF5)

	Smb_driver_Intel.sys                          Fri May 27 16:54:08 2016 (5748B3F0)

	IDSvia64.sys                                  Fri Jul  1 18:14:47 2016 (5776EB57)

	rt640x64.sys                                  Thu Jul 14 05:04:28 2016 (5787559C)

	AtihdWT6.sys                                  Sun Jul 24 15:51:39 2016 (57951C4B)

	SRTSP64.SYS                                   Sun Aug  7 16:04:08 2016 (57A79438)

	BHDrvx64.sys                                  Sun Aug 14 18:59:09 2016 (57B0F7BD)

	atikmpag.sys                                  Wed Sep  7 10:00:50 2016 (57D01D92)

	atikmdag.sys                                  Wed Sep  7 11:10:40 2016 (57D02DF0)

	intelppm.sys                                  Sat Sep 10 22:11:06 2016 (57D4BD3A)

	Microsoft.Bluetooth.Legacy.LEEnumerator.sys   Sat Sep 10 22:41:05 2016 (57D4C441)

	[/CODE]



http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS
http://www.carrona.org/drivers/driver.php?id=XtuAcpiDriver.sys
http://www.carrona.org/drivers/driver.php?id=HWiNFO64A.SYS
http://www.carrona.org/drivers/driver.php?id=LEqdUsb.Sys
http://www.carrona.org/drivers/driver.php?id=LHidEqd.Sys
http://www.carrona.org/drivers/driver.php?id=LMouFilt.Sys
http://www.carrona.org/drivers/driver.php?id=LHidFilt.Sys
http://www.carrona.org/drivers/driver.php?id=cthda.sys
http://www.carrona.org/drivers/driver.php?id=cthdb.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=TuneUpUtilitiesDriver64.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=ALSysIO64.sys
http://www.carrona.org/drivers/driver.php?id=SYMNETS.SYS
http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys
http://www.carrona.org/drivers/driver.php?id=eeCtrl64.sys
http://www.carrona.org/drivers/driver.php?id=EraserUtilRebootDrv.sys
http://www.carrona.org/drivers/driver.php?id=Ironx64.SYS
http://www.carrona.org/drivers/driver.php?id=ccSetx64.sys
http://www.carrona.org/drivers/driver.php?id=SYMEFASI64.SYS
http://www.carrona.org/drivers/driver.php?id=idmwfp.sys
http://www.carrona.org/drivers/driver.php?id=ibtusb.sys
http://www.carrona.org/drivers/driver.php?id=SYMEVENT64x86.SYS
http://www.carrona.org/drivers/driver.php?id=SRTSPX64.SYS
http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys
http://www.carrona.org/drivers/driver.php?id=IDSvia64.sys
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
http://www.carrona.org/drivers/driver.php?id=AtihdWT6.sys
http://www.carrona.org/drivers/driver.php?id=SRTSP64.SYS
http://www.carrona.org/drivers/driver.php?id=BHDrvx64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
Microsoft.Bluetooth.Legacy.LEEnumerator.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.

 

Edited by usasma
Link to post
Share on other sites

 

On 9/20/2016 at 6:23 AM, usasma said:

The perfmon report shows that the MalwareBytes Antimalware Service has stopped unexpectedly.
Did you stop it?  If so, why?
Have you tried uninstalling/reinstalling MalwareBytes?

No, I did not stop the Antimalware Service.  Yes, I have tried fully installing and re-installing MBAM

 

On 9/20/2016 at 6:23 AM, usasma said:

Your UEFI/BIOS (version A11) dates from 2015.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system. 

For the Dell XPS 8700, version A11 is the latest released version of UEFI/BIOS.  

 

On 9/20/2016 at 6:23 AM, usasma said:

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates. 

Please keep in mind that this BSOD issue started as soon as I downloaded/installed the Microsoft Insider Build 14926 update via Windows Update.  There have been no updates released by MS since this new test build was released.  I check this daily.  

 

On 9/20/2016 at 6:23 AM, usasma said:

I presume, from reading your first post, that you can cause a BSOD by running a system scan with MalwareBytes.  Is this the case?

Yes, this is the case.  HOWEVER, if I uncheck the detection option "Scan for Rootkits", MBAM no longer causes a BSOD and the scan will successfully scan the entire system.

Now that you know that "scan for Rootkits" is the cause of the BSOD, do you still feel I need to uninstall Norton and SAS ??

I booted into SAFE MODE (minimal), and attempted to run a MBAM scan with "Scan for Rootkits", checked.  The BSOD still occurred, The Norton and SAS drivers were not loaded when booted into SAFE MODE.  

 

 

Link to post
Share on other sites

  • Root Admin

Not to interfere with John's recommendations but hopefully in line with them. Please do a full removal of your antivirus including the manual removal tool.

Then do a clean removal and reinstall of MBAM using this method below. Reinstall MBAM, update. Then scan again and let us know if the issue persists.

Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x


Thanks

 

Link to post
Share on other sites

1 hour ago, AdvancedSetup said:

Not to interfere with John's recommendations but hopefully in line with them. Please do a full removal of your antivirus including the manual removal tool.

Then do a clean removal and reinstall of MBAM using this method below. Reinstall MBAM, update. Then scan again and let us know if the issue persists.

Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x


Thanks

 

Followed your instructions and the BSOD still occurs with Norton and SAS removed and clean/fresh install of MBAM.  I also tried with Secure Boot disabled and it occurs irrespective of the Secure Boot state.

Reports are attached.  I have a full 800 mbyte DMP as well (140 mbytes zipped) if you need it

 

PerfmonReport.zip

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

I generally don't use full memory dumps - but I can take a look at it if you'd like.
Just zip it up and upload it to a free file-hosting service (I suggest OneDrive), then post a link to it here.

Have you reported this issue to the Windows Insider people through the reporting system built into the builds?
Have they responded back to you? 

There's 2 things that can cause BSOD's - hardware or software.  We divide software into 2 categories because of the numbers of problems that we see:

Quote

- 3rd party drivers (over 90% of BSOD's are due to this) (MS says 70% as of mid-2016)
- hardware (less than 10% of BSOD's are due to this) (MS says 10% as of mid-2016)
- Windows problems (less than 1% of BSOD's are due to this - as long as Windows Updates are fully up to date). (MS says 5% as of mid-2016)
- also, MS says that 15% are due to unknown causes (the crash is too corrupted to tell) as of mid-2016

Now, as this is a Fast Ring build, I'd expect that Windows problems would move up in frequency.  But this is complicated as we don't know if this is a compatibility issue that hasn't been addressed (and may/'may not be addressed).  And, if it is addressed, who will address it (MalwareBytes, Windows, or them working together as a team?)?

Additionally, BSOD's occur in different ways.  Some are simple and are only related to the driver that is blamed.  Others can be due to a conflict with other drivers (either WIndows or with other 3rd party software).

Finally, drivers can corrupt the memory space owned by other drivers.  They can then exit, leaving no trace that they have done this.  Then, when the other driver looks at it's memory space and finds corrupt data, it panics and throws a BSOD to prevent damage to the system.  As the causing driver is no longer around, the memory dump will blame the driver that the crash happened in (even though it's not to blame).

Removing the Norton and other antivirus/malware software is only the first step here.
Along with that, we use Driver Verifier to attempt to force more information out of the memory dumps
And we use other techniques to attempt to isolate the drivers/programs that are involved.

FYI - I am not a MalwareBytes employee or staff member.  I'm not a developer either.
I just like doing BSOD analysis - and have been doing it for many years now (I started around 2004).

More to follow once the memory dumps are finished running.....
I'm late for work, so I'll likely have to post them this afternoon (UTC-5)
I'm also installing the latest Insider build on my test machine - and will test MBAM on it once it's done.

 

Link to post
Share on other sites

1 hour ago, usasma said:

 

I generally don't use full memory dumps - but I can take a look at it if you'd like.
Just zip it up and upload it to a free file-hosting service (I suggest OneDrive), then post a link to it here.

 

If you look at Post ID 12 above you will see the wetransfer.com link to the full dump.  Please examine.

Just for bit of user(me) info.  I've been into computers since 1966/7 (yep, I'am an retiree and older man :) ) and am pretty familiar with the ins and outs of hardware and software.  I'm not, however, a systems engineer so I have never dug into dumps and the other "gutsy" stuff that Windows pukes out. :wacko:  I've also been a beta tester for Windows, Norton, MBAM, SAS, Casper, and many other programs over the years....so I am familiar with the potential conflicts and weird events that occur during testing.  I typically "report' conflicts, deficiencies, failures, etc., and the extent of my analysis is mostly via "process of elimination".  I don't do coding examination, etc.  

I do appreciate your assistance on this and am hopeful that a resolution will assist the MBAM developers during future releases of Windows 10.  

Link to post
Share on other sites

FYI - I'm older also (I'm 64) and have been working with computers since the early days of DOS.
My dad was an engineer who was involved in early computer development - so I got a lot of my education at the dinner table.
I accidentally stumbled into BSOD analysis simply because there was no one else doing it - and I liked it, so I continued on with it.

Having a bit of a problem with the forum software, memory dumps are in my next post.....

 

 

 

Link to post
Share on other sites

Please note the number of 3rd party drivers listed in these dumps.
There are fewer drivers listed once the Norton and SAS programs were uninstalled.
The program lists the drivers in dated order - so that's the order that I'll examine them in.
 

 

Analysis:The following is for information purposes only. The following information contains the relevant information from the blue screen analysis: 

**************************Thu Sep 22 04:54:09.598 2016 (UTC - 4:00)**************************


Loading Dump File [C:\Users\john\SysnativeBSODApps\092216-4796-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 14931 MP (8 procs) Free x64
Built by: 14931.1000.amd64fre.rs_prerelease.160916-1700
System Uptime:0 days 0:01:25.277
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57DCB8B67FF000 )
BugCheck 50, {ffffa981cd7ff000, 0, fffff80c058bce90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments: 
Arg1: ffffa981cd7ff000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80c058bce90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57DCB8B6
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_14931.1000.amd64fre.rs_prerelease.160916-1700_TIMESTAMP_160917-032958_57DCB8B6_nt_wrong_symbols!57DCB8B67FF000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Sep 22 04:46:56.829 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\092216-4531-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 14931 MP (8 procs) Free x64
System Uptime:0 days 0:01:45.512
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57DCB8B67FF000 )
BugCheck 50, {ffffb88e11fff000, 0, fffff803efcece90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments: 
Arg1: ffffb88e11fff000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff803efcece90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57DCB8B6
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_TIMESTAMP_160917-032958_57DCB8B6_nt_wrong_symbols!57DCB8B67FF000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Sep 22 04:41:33.544 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\092216-9500-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 10 Kernel Version 14931 MP (8 procs) Free x64
System Uptime:0 days 0:20:55.223
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57DCB8B67FF000 )
BugCheck 50, {ffffaa836f9ff000, 0, fffff8077620ce90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments: 
Arg1: ffffaa836f9ff000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8077620ce90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57DCB8B6
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_TIMESTAMP_160917-032958_57DCB8B6_nt_wrong_symbols!57DCB8B67FF000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box: 

**************************Thu Sep 22 04:54:09.598 2016 (UTC - 4:00)**************************
XtuAcpiDriver.sys                             Thu Feb 26 07:51:57 2015 (54EF16ED)
HWiNFO64A.SYS                                 Tue Mar 31 05:51:32 2015 (551A6E24)
LEqdUsb.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
LHidEqd.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
LMouFilt.Sys                                  Tue Jun  9 15:25:39 2015 (55773DB3)
LHidFilt.Sys                                  Tue Jun  9 15:25:40 2015 (55773DB4)
cthda.sys                                     Thu Jun 18 02:14:05 2015 (558261AD)
cthdb.sys                                     Thu Jun 18 02:14:10 2015 (558261B2)
TeeDriverW8x64.sys                            Tue Jul  7 13:43:32 2015 (559C0FC4)
MBAMSwissArmy.sys                             Wed Jul 29 00:26:01 2015 (55B855D9)
iaStorA.sys                                   Wed Nov  4 05:27:49 2015 (5639DDA5)
TuneUpUtilitiesDriver64.sys                   Thu Jan 14 09:16:23 2016 (5697ADB7)
mbae64.sys                                    Wed Jan 27 11:54:02 2016 (56A8F62A)
ALSysIO64.sys                                 Fri Feb 19 17:24:23 2016 (56C79617)
Netwbw02.sys                                  Sun Apr 17 10:09:53 2016 (57139931)
ibtusb.sys                                    Mon May 23 13:22:44 2016 (57433C64)
Smb_driver_Intel.sys                          Fri May 27 16:54:08 2016 (5748B3F0)
rt640x64.sys                                  Thu Jul 14 05:04:28 2016 (5787559C)
AtihdWT6.sys                                  Sun Jul 24 15:51:39 2016 (57951C4B)
atikmpag.sys                                  Wed Sep  7 10:00:50 2016 (57D01D92)
atikmdag.sys                                  Wed Sep  7 11:10:40 2016 (57D02DF0)
intelppm.sys                                  Fri Sep 16 23:24:42 2016 (57DCB77A)
Microsoft.Bluetooth.Legacy.LEEnumerator.sys   Fri Sep 16 23:55:29 2016 (57DCBEB1)
idmwfp.sys                                    Mon Sep 19 12:22:54 2016 (57E010DE)
[/CODE]


[url=http://www.carrona.org/drivers/driver.php?id=XtuAcpiDriver.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]XtuAcpiDriver.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=HWiNFO64A.SYS]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]HWiNFO64A.SYS[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LEqdUsb.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LEqdUsb.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LHidEqd.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LHidEqd.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LMouFilt.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LMouFilt.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LHidFilt.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LHidFilt.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=cthda.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]cthda.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=cthdb.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]cthdb.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]TeeDriverW8x64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]MBAMSwissArmy.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=iaStorA.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]iaStorA.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=TuneUpUtilitiesDriver64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]TuneUpUtilitiesDriver64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mbae64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mbae64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=ALSysIO64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]ALSysIO64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Netwbw02.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=ibtusb.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]ibtusb.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Smb_driver_Intel.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=rt640x64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]rt640x64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=AtihdWT6.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]AtihdWT6.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=atikmpag.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]atikmpag.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=atikmdag.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]atikmdag.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=intelppm.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]intelppm.sys[/COLOR][/B][/url]
[color=#777777][color=#4b0082]Microsoft.Bluetooth.Legacy.LEEnumerator.sys[/color] - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.[/color]
[url=http://www.carrona.org/drivers/driver.php?id=idmwfp.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]idmwfp.sys[/COLOR][/B][/url]
 

Dunno how well this will post, but here's a comparison of the drivers from the 2 different batches:

SASKUTIL64.SYS                                Tue Jul 12 17:00:01 2011 (4E1CB5D1)            
        SASDIFSV64.SYS                                Thu Jul 21 19:03:00 2011 (4E28B024)            
        XtuAcpiDriver.sys                             Thu Feb 26 07:51:57 2015 (54EF16ED) XtuAcpiDriver.sys                             Thu Feb 26 07:51:57 2015 (54EF16ED)
        HWiNFO64A.SYS                                 Tue Mar 31 05:51:32 2015 (551A6E24) HWiNFO64A.SYS                                 Tue Mar 31 05:51:32 2015 (551A6E24)
        LEqdUsb.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA) LEqdUsb.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
        LHidEqd.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA) LHidEqd.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
        LMouFilt.Sys                                  Tue Jun  9 15:25:39 2015 (55773DB3) LMouFilt.Sys                                  Tue Jun  9 15:25:39 2015 (55773DB3)
        LHidFilt.Sys                                  Tue Jun  9 15:25:40 2015 (55773DB4) LHidFilt.Sys                                  Tue Jun  9 15:25:40 2015 (55773DB4)
        cthda.sys                                     Thu Jun 18 02:14:05 2015 (558261AD) cthda.sys                                     Thu Jun 18 02:14:05 2015 (558261AD)
        cthdb.sys                                     Thu Jun 18 02:14:10 2015 (558261B2) cthdb.sys                                     Thu Jun 18 02:14:10 2015 (558261B2)
        TeeDriverW8x64.sys                            Tue Jul  7 13:43:32 2015 (559C0FC4) TeeDriverW8x64.sys                            Tue Jul  7 13:43:32 2015 (559C0FC4)
        MBAMSwissArmy.sys                             Wed Jul 29 00:26:01 2015 (55B855D9) MBAMSwissArmy.sys                             Wed Jul 29 00:26:01 2015 (55B855D9)
        mbam.sys                                      Tue Aug 11 13:35:19 2015 (55CA3257)            
        iaStorA.sys                                   Wed Nov  4 05:27:49 2015 (5639DDA5) iaStorA.sys                                   Wed Nov  4 05:27:49 2015 (5639DDA5)
        TuneUpUtilitiesDriver64.sys                   Thu Jan 14 09:16:23 2016 (5697ADB7) TuneUpUtilitiesDriver64.sys                   Thu Jan 14 09:16:23 2016 (5697ADB7)
        mbae64.sys                                    Wed Jan 27 11:54:02 2016 (56A8F62A) mbae64.sys                                    Wed Jan 27 11:54:02 2016 (56A8F62A)
        ALSysIO64.sys                                 Fri Feb 19 17:24:23 2016 (56C79617) ALSysIO64.sys                                 Fri Feb 19 17:24:23 2016 (56C79617)
        SYMNETS.SYS                                   Tue Apr 12 19:47:43 2016 (570D891F)            
        Netwbw02.sys                                  Sun Apr 17 10:09:53 2016 (57139931) Netwbw02.sys                                  Sun Apr 17 10:09:53 2016 (57139931)
        eeCtrl64.sys                                  Mon Apr 25 13:47:05 2016 (571E5819)            
        EraserUtilRebootDrv.sys                       Mon Apr 25 13:47:06 2016 (571E581A)            
        Ironx64.SYS                                   Wed May  4 08:56:49 2016 (5729F191)            
        ccSetx64.sys                                  Thu May  5 18:33:33 2016 (572BCA3D)            
        SYMEFASI64.SYS                                Thu May 12 15:21:02 2016 (5734D79E)            
        idmwfp.sys                                    Thu May 19 09:20:29 2016 (573DBD9D)            
        ibtusb.sys                                    Mon May 23 13:22:44 2016 (57433C64) ibtusb.sys                                    Mon May 23 13:22:44 2016 (57433C64)
        SYMEVENT64x86.SYS                             Mon May 23 16:42:54 2016 (57436B4E)            
        SRTSPX64.SYS                                  Wed May 25 23:18:13 2016 (57466AF5)            
        Smb_driver_Intel.sys                          Fri May 27 16:54:08 2016 (5748B3F0) Smb_driver_Intel.sys                          Fri May 27 16:54:08 2016 (5748B3F0)
        IDSvia64.sys                                  Fri Jul  1 18:14:47 2016 (5776EB57)            
        rt640x64.sys                                  Thu Jul 14 05:04:28 2016 (5787559C) rt640x64.sys                                  Thu Jul 14 05:04:28 2016 (5787559C)
        AtihdWT6.sys                                  Sun Jul 24 15:51:39 2016 (57951C4B) AtihdWT6.sys                                  Sun Jul 24 15:51:39 2016 (57951C4B)
        SRTSP64.SYS                                   Sun Aug  7 16:04:08 2016 (57A79438)            
        BHDrvx64.sys                                  Sun Aug 14 18:59:09 2016 (57B0F7BD)            
        atikmpag.sys                                  Wed Sep  7 10:00:50 2016 (57D01D92) atikmpag.sys                                  Wed Sep  7 10:00:50 2016 (57D01D92)
        atikmdag.sys                                  Wed Sep  7 11:10:40 2016 (57D02DF0) atikmdag.sys                                  Wed Sep  7 11:10:40 2016 (57D02DF0)
        intelppm.sys                                  Sat Sep 10 22:11:06 2016 (57D4BD3A) intelppm.sys                                  Fri Sep 16 23:24:42 2016 (57DCB77A)
        Microsoft.Bluetooth.Legacy.LEEnumerator.sys   Sat Sep 10 22:41:05 2016 (57D4C441) Microsoft.Bluetooth.Legacy.LEEnumerator.sys   Fri Sep 16 23:55:29 2016 (57DCBEB1)
  idmwfp.sys                                    Mon Sep 19 12:22:54 2016 (57E010DE)
Link to post
Share on other sites

So, we start with the Intel Extreme Tuning Utility.  It's not needed at this point, so please uninstall it (as the driver dates from before the release of W10 (it' may not even be compatible w/W10, as it's not a current offering from Intel).

The same goes for HWInfo.  Uninstall it for now.  If it's needed later on, you can always install a freshly downloaded copy.

Although Logitech software is usually pretty stable, please uninstall it also, and see if that helps.  You can always download/install a fresh copy later on.

Please uninstall your SoundBlaster audio programs (from Control Panel...Programs and Features).
Then download/install the latest, W10 compatible version (if there isn't a W10 version, please post back).
 

Unfortunately, the TeeDriverW8x64.sys is the latest one available from Dell.
We can try sourcing it from other manufactuures - but that's for later stages of troubleshooting.


Then, once again, please try to generate a couple of BSOD's and run/upload the report again.
I'll also get to the large memory dump in a short while (gotta feed the dogs now).


My test system is still trying to install the latest Insider build.
I'll post back my results with MBAM once it's done (it's rebooting now).

Edited by usasma
Link to post
Share on other sites

Downloaded and updated MBAM from the website today onto my test system (a Samsung NP750) running Insider build 14931.1000.
Currently doing a full scan with MalwareBytes (the trial version of the Premium program) on my test system without any issues.
I then enabled the rootkit scan and BAM!  STOP 0x50 (PAGE_FAULT_IN_NONPAGED_AREA) in MAMSwissArmy.sys
So, I'm able to reproduce this on a nearly virgin system with the latest Insider build (14931.1000).
I was able to crash the system each time that I ran the MBAM scan with Rootkit scanning enabled.  The crash occurs as soon as the rootkit scanner starts.
I'll see what I can do to have this sent over to the developers.  Meanwhile, I suggest disabling the Rootkit scan.
If needed, you may want to try Kaspersky's TDSS Killer for a rootkit scan (free from here: 

http://usa.kaspersky.com/downloads/TDSSKiller

 

 

The latest minidump (  092216-4796-01.dmp  )  in my latest analysis was extracted from the large memory dump that you uploaded.
As such, the analysis should be nearly identical....
 

Analysis:The following is for information purposes only. The following information contains the relevant information from the blue screen analysis: 
**************************Thu Sep 22 04:54:09.598 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\MEMORY.DMP]
Windows 10 Kernel Version 14931 MP (8 procs) Free x64
Built by: 14931.1000.amd64fre.rs_prerelease.160916-1700
System Uptime:0 days 0:01:25.277
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by :ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!57DCB8B67FF000 )
BugCheck 50, {ffffa981cd7ff000, 0, fffff80c058bce90, 0}
BugCheck Info: PAGE_FAULT_IN_NONPAGED_AREA (50)
Arguments: 
Arg1: ffffa981cd7ff000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80c058bce90, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)
BUGCHECK_STR:  57DCB8B6
PROCESS_NAME:  ntoskrnl.wrong.symbols.exe
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_14931.1000.amd64fre.rs_prerelease.160916-1700_TIMESTAMP_160917-032958_57DCB8B6_nt_wrong_symbols!57DCB8B67FF000
CPUID:        "Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  A11
  BIOS Release Date             07/09/2015
  Manufacturer                  Dell Inc.
  Product Name                  XPS 8700
  Baseboard Product             0KWVT8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
 


3rd Party Drivers:The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box: 

**************************Thu Sep 22 04:54:09.598 2016 (UTC - 4:00)**************************
XtuAcpiDriver.sys                             Thu Feb 26 07:51:57 2015 (54EF16ED)
HWiNFO64A.SYS                                 Tue Mar 31 05:51:32 2015 (551A6E24)
LHidEqd.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
LEqdUsb.Sys                                   Tue Jun  9 15:25:30 2015 (55773DAA)
LMouFilt.Sys                                  Tue Jun  9 15:25:39 2015 (55773DB3)
LHidFilt.Sys                                  Tue Jun  9 15:25:40 2015 (55773DB4)
cthda.sys                                     Thu Jun 18 02:14:05 2015 (558261AD)
cthdb.sys                                     Thu Jun 18 02:14:10 2015 (558261B2)
TeeDriverW8x64.sys                            Tue Jul  7 13:43:32 2015 (559C0FC4)
MBAMSwissArmy.sys                             Wed Jul 29 00:26:01 2015 (55B855D9)
iaStorA.sys                                   Wed Nov  4 05:27:49 2015 (5639DDA5)
TuneUpUtilitiesDriver64.sys                   Thu Jan 14 09:16:23 2016 (5697ADB7)
mbae64.sys                                    Wed Jan 27 11:54:02 2016 (56A8F62A)
ALSysIO64.sys                                 Fri Feb 19 17:24:23 2016 (56C79617)
Netwbw02.sys                                  Sun Apr 17 10:09:53 2016 (57139931)
ibtusb.sys                                    Mon May 23 13:22:44 2016 (57433C64)
Smb_driver_Intel.sys                          Fri May 27 16:54:08 2016 (5748B3F0)
rt640x64.sys                                  Thu Jul 14 05:04:28 2016 (5787559C)
AtihdWT6.sys                                  Sun Jul 24 15:51:39 2016 (57951C4B)
atikmpag.sys                                  Wed Sep  7 10:00:50 2016 (57D01D92)
atikmdag.sys                                  Wed Sep  7 11:10:40 2016 (57D02DF0)
intelppm.sys                                  Fri Sep 16 23:24:42 2016 (57DCB77A)
Microsoft.Bluetooth.Legacy.LEEnumerator.sys   Fri Sep 16 23:55:29 2016 (57DCBEB1)
idmwfp.sys                                    Mon Sep 19 12:22:54 2016 (57E010DE)
[/CODE]


[url=http://www.carrona.org/drivers/driver.php?id=XtuAcpiDriver.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]XtuAcpiDriver.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=HWiNFO64A.SYS]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]HWiNFO64A.SYS[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LHidEqd.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LHidEqd.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LEqdUsb.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LEqdUsb.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LMouFilt.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LMouFilt.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=LHidFilt.Sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]LHidFilt.Sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=cthda.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]cthda.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=cthdb.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]cthdb.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]TeeDriverW8x64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]MBAMSwissArmy.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=iaStorA.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]iaStorA.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=TuneUpUtilitiesDriver64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]TuneUpUtilitiesDriver64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mbae64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mbae64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=ALSysIO64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]ALSysIO64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Netwbw02.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Netwbw02.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=ibtusb.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]ibtusb.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Smb_driver_Intel.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=rt640x64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]rt640x64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=AtihdWT6.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]AtihdWT6.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=atikmpag.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]atikmpag.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=atikmdag.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]atikmdag.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=intelppm.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]intelppm.sys[/COLOR][/B][/url]
[color=#777777][color=#4b0082]Microsoft.Bluetooth.Legacy.LEEnumerator.sys[/color] - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.[/color]
[url=http://www.carrona.org/drivers/driver.php?id=idmwfp.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]idmwfp.sys[/COLOR][/B][/url]


 

The newest minidump in the latest dumps ( 092216-4796-01.dmp ) is the minidump that was extracted from the large memory dump that you uploaded separately.

Here's the analysis of the large memory dump:

 

Link to post
Share on other sites

Thanks for all the effort and help.  TetonBob notified me that the developers are looking into this and have been able to reproduce the issue on their test systems.  So we'll just wait on them to resolve the issue....hopefully :blink:  I suspect this is going to be a common occurrence as MS keeps "enhancing" Windows 10.  That's one of the avantages of Insider program, eh....discover/resolve many of the conflict problems prior to a major public upgrade of Windows. 

I have installed Avira Pro which has a good rootkit scanner so I am okay on waiting with "scan for rootkits" disabled in MBAM.

Have a fun and safe weekend.

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.