The batch files are just to remove remnants of old antivirus apps and remove some crap. I was a little busy with life yesterday so i will take a look at this when I get home. Leave malwarebytes if you wish , but you can always download it later...
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Suddenly getting BSOD on every startup (corrupt Windows or old hard drive?)
Started by
meeshymee
, Jul 23 2024 11:00 AM
59 replies to this topic
#16
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Back to top
#17
meeshymee
- Topic Starter
-
- Members
- 325 posts
- OFFLINE
- Gender:Not Telling
- Local time:05:33 AM
Posted 25 July 2024 - 09:41 AM
Thank you... I need the computer and can't chance startup failure right now but will do the batch file when I can. For the one posted with all the antivirus I paste that into notepad to run? I don't see Malwarebytes on the list (maybe I missed it) .. I'd like to keep it.. don't want extra problems right now having to reinstall anything.
I don't know if anyone had the chance to take a look at the SysnativeFileCollectionApp.zip/file... I'm hoping it helps to confirm if it's Windows or the hard drive. (5 days without shutting down - hibernate only - and not a single issue.)
Thank you!
Edited by meeshymee, 25 July 2024 - 09:49 AM.
#18
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 25 July 2024 - 07:49 PM
Microsoft (R) Windows Debugger Version 10.0.17134.12 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\New folder (5)\070324-18111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
Machine Name:
Kernel base = 0xfffff800`04200000 PsLoadedModuleList = 0xfffff800`04439c90
Debug session time: Wed Jul 3 10:25:52.047 2024 (UTC - 4:00)
System Uptime: 0 days 0:00:10.530
Loading Kernel Symbols
...............................................................
.........................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880041aa468, fffff880041a9cd0, fffff88002618419}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCleanupIrpContext+119 )
Followup: MachineOwner
---------
3: kd> kd: Reading initial command '!analyze -v; !thread; !sysinfo cpuinfo; !sysinfo cpuspeed; !sysinfo smbios; q'
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880041aa468
Arg3: fffff880041a9cd0
Arg4: fffff88002618419
Debugging Details:
------------------
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
DUMP_TYPE: 2
BUGCHECK_P1: 1904fb
BUGCHECK_P2: fffff880041aa468
BUGCHECK_P3: fffff880041a9cd0
BUGCHECK_P4: fffff88002618419
EXCEPTION_RECORD: fffff880041aa468 -- (.exr 0xfffff880041aa468)
ExceptionAddress: fffff88002618419 (Ntfs!NtfsCleanupIrpContext+0x0000000000000119)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000018
Attempt to read from address 0000000000000018
CONTEXT: fffff880041a9cd0 -- (.cxr 0xfffff880041a9cd0)
rax=0000000000000000 rbx=fffffa800a25e290 rcx=0000000000400020
rdx=0000000000000000 rsi=0000000000000001 rdi=0000000000000000
rip=fffff88002618419 rsp=fffff880041aa6a0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000727 r10=fffff800044f7810
r11=fffffa8006706b50 r12=0000000000000001 r13=0000000000000702
r14=fffff88002668fa8 r15=0000000000000000
iopl=0 nv up ei pl zr na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010247
Ntfs!NtfsCleanupIrpContext+0x119:
fffff880`02618419 488b4818 mov rcx,qword ptr [rax+18h] ds:002b:00000000`00000018=????????????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: 960
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 4e
CPU_STEPPING: 3
CPU_MICROCODE: 6,4e,3,0 (F,M,S,R) SIG: C6'00000000 (cache) C6'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
Ntfs!NtfsCleanupIrpContext+119
fffff880`02618419 488b4818 mov rcx,qword ptr [rax+18h]
FAULTING_IP:
Ntfs!NtfsCleanupIrpContext+119
fffff880`02618419 488b4818 mov rcx,qword ptr [rax+18h]
BUGCHECK_STR: 0x24
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000449d100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff8000449d2f0
GetUlongPtrFromAddress: unable to read from fffff8000449d4a8
GetPointerFromAddress: unable to read from fffff8000449d0d8
0000000000000018
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000018
ANALYSIS_SESSION_HOST: CCCCCCC
ANALYSIS_SESSION_TIME: 07-24-2024 18:12:15.0620
ANALYSIS_VERSION: 10.0.17134.12 x86fre
LAST_CONTROL_TRANSFER: from fffff8800261b454 to fffff88002618419
STACK_TEXT:
fffff880`041aa6a0 fffff880`0261b454 : fffffa80`0a25e290 00000000`00000001 00000000`00000000 fffffa80`0a410010 : Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041aa6f0 fffff880`026ebb1a : 00000000`00000000 fffffa80`0a25e290 00000000`00000000 00000000`00000000 : Ntfs!NtfsExtendedCompleteRequestInternal+0xd4
fffff880`041aa730 fffff880`02686849 : fffffa80`0a25e290 fffffa80`0a410010 fffff880`041aaa28 fffff880`041aaa20 : Ntfs!NtfsMountVolume+0x28cd
fffff880`041aa9f0 fffff880`0260d26b : fffffa80`0a25e290 fffff800`04232e23 00000000`00000000 fffffa80`09cf7ce0 : Ntfs!NtfsCommonFileSystemControl+0xc9
fffff880`041aaaa0 fffff800`04243dc9 : fffff800`04410700 fffff800`04509b00 fffffa80`06706b00 00000000`00000001 : Ntfs!NtfsFspDispatch+0x29b
fffff880`041aab70 fffff800`0453f2e8 : 00000000`00000000 fffff880`009aa180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`041aac00 fffff800`04299ec6 : fffff880`009aa180 fffffa80`06706b50 fffff880`009b9140 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`041aac40 00000000`00000000 : fffff880`041ab000 fffff880`041a5000 fffff880`041a9770 00000000`00000000 : nt!KiStartSystemThread+0x16
THREAD_SHA1_HASH_MOD_FUNC: 8668db34898fe87d3605b66faafa2186e845baeb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f54040a6a88175960e74d21b9d630f4a872f8463
THREAD_SHA1_HASH_MOD: 651b097a0efcb5821386e66b6e93714592f6ba92
FAULT_INSTR_CODE: 18488b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCleanupIrpContext+119
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c6044e6
IMAGE_VERSION: 6.1.7601.24382
STACK_COMMAND: .cxr 0xfffff880041a9cd0 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCleanupIrpContext+119
BUCKET_ID: X64_0x24_Ntfs!NtfsCleanupIrpContext+119
PRIMARY_PROBLEM_CLASS: X64_0x24_Ntfs!NtfsCleanupIrpContext+119
TARGET_TIME: 2024-07-03T14:25:52.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-01-02 21:56:30
BUILDDATESTAMP_STR: 200102-1707
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
ANALYSIS_SESSION_ELAPSED_TIME: 99b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x24_ntfs!ntfscleanupirpcontext+119
FAILURE_ID_HASH: {dcd34379-fa7d-513f-e324-83263f448ffc}
Followup: MachineOwner
---------
GetPointerFromAddress: unable to read from fffff8000449d000
THREAD fffffa8006706b50 Cid 0004.0028 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
Not impersonating
GetUlongFromAddress: unable to read from fffff800043dfc24
Owning Process fffffa80066f0040 Image: System
Attached Process N/A Image: N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount 674
Context Switch Count 4051 IdealProcessor: 0
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address nt!ExpWorkerThread (0xfffff80004243cb8)
Stack Init fffff880041aac70 Current fffff880041a9770
Base fffff880041ab000 Limit fffff880041a5000 Call 0000000000000000
Priority 14 BasePriority 13 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880`041a9498 fffff880`0260e261 : 00000000`00000024 00000000`001904fb fffff880`041aa468 fffff880`041a9cd0 : nt!KeBugCheckEx
fffff880`041a94a0 fffff880`0262d788 : fffff880`02656638 fffff880`041aaaa0 fffff880`041aaaa0 fffffa80`09bd0b00 : Ntfs! ?? ::FNODOBFM::`string'+0x27dd
fffff880`041a94e0 fffff800`04282248 : fffffa80`09de5800 fffff880`01602300 00000000`00000030 fffffa80`09a4f610 : Ntfs! ?? ::FNODOBFM::`string'+0xea5
fffff880`041a9520 fffff800`0429b1fd : fffff880`0265662c fffff880`041aaaa0 00000000`00000000 fffff880`0260a000 : nt!_C_specific_handler+0x8c
fffff880`041a9590 fffff800`0425b125 : fffff880`0265662c fffff880`041a9608 fffff880`041aa468 fffff880`0260a000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`041a95c0 fffff800`0437aeee : fffff880`041aa468 fffff880`041a9cd0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x415
fffff880`041a9ca0 fffff800`042a23c2 : fffff880`041aa468 fffffa80`0a25e290 fffff880`041aa510 00000000`00000001 : nt!KiDispatchException+0x17e
fffff880`041aa330 fffff800`042a00a8 : 00000000`00000000 00000000`00000018 00000000`00000000 fffffa80`0a25e290 : nt!KiExceptionDispatch+0xc2
fffff880`041aa510 fffff880`02618419 : ffffd410`fc83e680 fffff800`042976c0 00000000`00000010 00000000`00000082 : nt!KiPageFault+0x428 (TrapFrame @ fffff880`041aa510)
fffff880`041aa6a0 fffff880`0261b454 : fffffa80`0a25e290 00000000`00000001 00000000`00000000 fffffa80`0a410010 : Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041aa6f0 fffff880`026ebb1a : 00000000`00000000 fffffa80`0a25e290 00000000`00000000 00000000`00000000 : Ntfs!NtfsExtendedCompleteRequestInternal+0xd4
fffff880`041aa730 fffff880`02686849 : fffffa80`0a25e290 fffffa80`0a410010 fffff880`041aaa28 fffff880`041aaa20 : Ntfs!NtfsMountVolume+0x28cd
fffff880`041aa9f0 fffff880`0260d26b : fffffa80`0a25e290 fffff800`04232e23 00000000`00000000 fffffa80`09cf7ce0 : Ntfs!NtfsCommonFileSystemControl+0xc9
fffff880`041aaaa0 fffff800`04243dc9 : fffff800`04410700 fffff800`04509b00 fffffa80`06706b00 00000000`00000001 : Ntfs!NtfsFspDispatch+0x29b
fffff880`041aab70 fffff800`0453f2e8 : 00000000`00000000 fffff880`009aa180 00000000`00000080 00000000`00000001 : nt!ExpWorkerThread+0x111
fffff880`041aac00 fffff800`04299ec6 : fffff880`009aa180 fffffa80`06706b50 fffff880`009b9140 00000000`00000000 : nt!PspSystemThreadStartup+0x194
fffff880`041aac40 00000000`00000000 : fffff880`041ab000 fffff880`041a5000 fffff880`041a9770 00000000`00000000 : nt!KiStartSystemThread+0x16
[CPU Information]
~MHz = REG_DWORD 2400
Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
Identifier = REG_SZ Intel64 Family 6 Model 78 Stepping 3
ProcessorNameString = REG_SZ Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Update Signature = REG_BINARY 0,0,0,0,c6,0,0,0
Update Status = REG_DWORD 2
VendorIdentifier = REG_SZ GenuineIntel
MSR8B = REG_QWORD c600000000
CPUID: "Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz"
MaxSpeed: 2300
CurrentSpeed: 2400
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
quit:
Microsoft (R) Windows Debugger Version 10.0.17134.12 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\New folder (5)\070324-18111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
Machine Name:
Kernel base = 0xfffff800`04200000 PsLoadedModuleList = 0xfffff800`04439c90
Debug session time: Wed Jul 3 10:25:52.047 2024 (UTC - 4:00)
System Uptime: 0 days 0:00:10.530
Loading Kernel Symbols
...............................................................
.........................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880041aa468, fffff880041a9cd0, fffff88002618419}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCleanupIrpContext+119 )
Followup: MachineOwner
---------
3: kd> kd: Reading initial command 'dps @@(((nt!_kthread *)@$thread)->StackLimit) @@(((nt!_kthread *)@$thread)->StackBase); q'
fffff880`041a9000 00000000`00000000
fffff880`041a9008 00000000`00000000
fffff880`041a9010 00000000`00000000
fffff880`041a9018 00000000`00000000
fffff880`041a9020 00000000`00000000
fffff880`041a9028 00000000`00000000
fffff880`041a9030 00000000`00000000
fffff880`041a9038 00000000`00000000
fffff880`041a9040 00000000`00000000
fffff880`041a9048 00000000`00000000
fffff880`041a9050 00000000`00000000
fffff880`041a9058 00000000`00000000
fffff880`041a9060 a9e62914`6d82c196
fffff880`041a9068 f732aca3`ede0074f
fffff880`041a9070 00000000`00000000
fffff880`041a9078 00000000`00000000
fffff880`041a9080 00000000`00000000
fffff880`041a9088 00000000`00000000
fffff880`041a9090 00000000`00000000
fffff880`041a9098 00000000`00000000
fffff880`041a90a0 00000000`00000000
fffff880`041a90a8 00000000`00000000
fffff880`041a90b0 0001967b`0000021f
fffff880`041a90b8 00000000`00000008
fffff880`041a90c0 00000000`00000000
fffff880`041a90c8 00000000`00000000
fffff880`041a90d0 00000000`00000000
fffff880`041a90d8 00000000`00000000
fffff880`041a90e0 00000000`00000000
fffff880`041a90e8 00000000`00000000
fffff880`041a90f0 00000000`00000000
fffff880`041a90f8 00000000`00000000
fffff880`041a9100 00000000`00000000
fffff880`041a9108 00000000`00000000
fffff880`041a9110 00000000`00000000
fffff880`041a9118 00000000`00000000
fffff880`041a9120 00000000`00000000
fffff880`041a9128 00000000`00000000
fffff880`041a9130 00000000`00000000
fffff880`041a9138 00000000`00000000
fffff880`041a9140 00000000`00000000
fffff880`041a9148 00000000`00000000
fffff880`041a9150 00000000`00000000
fffff880`041a9158 00000000`00000000
fffff880`041a9160 00000000`00000000
fffff880`041a9168 00000000`00000000
fffff880`041a9170 00000000`00000000
fffff880`041a9178 00000000`00000000
fffff880`041a9180 00000000`00000000
fffff880`041a9188 00000000`00000000
fffff880`041a9190 00000000`00000000
fffff880`041a9198 00000000`00000000
fffff880`041a91a0 00000000`00000000
fffff880`041a91a8 00000000`00000000
fffff880`041a91b0 00000000`00000000
fffff880`041a91b8 00000000`00000000
fffff880`041a91c0 00000000`00000000
fffff880`041a91c8 00000000`00000000
fffff880`041a91d0 00000000`00000000
fffff880`041a91d8 00000000`00000000
fffff880`041a91e0 00000000`00000000
fffff880`041a91e8 00000000`00000000
fffff880`041a91f0 00000000`00000000
fffff880`041a91f8 00000000`00000000
fffff880`041a9200 00000000`00000000
fffff880`041a9208 00000000`00000000
fffff880`041a9210 00000000`00000000
fffff880`041a9218 00000000`00000000
fffff880`041a9220 00000000`00000000
fffff880`041a9228 00000000`00000000
fffff880`041a9230 00000000`00000000
fffff880`041a9238 00000000`00000000
fffff880`041a9240 00000000`00000000
fffff880`041a9248 00000000`00000000
fffff880`041a9250 00000000`00000000
fffff880`041a9258 00000000`00000000
fffff880`041a9260 00000000`00000000
fffff880`041a9268 00000000`00000000
fffff880`041a9270 00000000`00000000
fffff880`041a9278 00000000`00000000
fffff880`041a9280 00000000`00000000
fffff880`041a9288 00000000`00000000
fffff880`041a9290 00000000`00000000
fffff880`041a9298 00000000`00000000
fffff880`041a92a0 00000000`00000000
fffff880`041a92a8 00000000`00000000
fffff880`041a92b0 00000000`00000000
fffff880`041a92b8 00000000`00000000
fffff880`041a92c0 00000000`00000000
fffff880`041a92c8 00000000`00000000
fffff880`041a92d0 00000000`00000000
fffff880`041a92d8 00000000`00000000
fffff880`041a92e0 00000000`00000000
fffff880`041a92e8 00000000`00000000
fffff880`041a92f0 00000000`00000000
fffff880`041a92f8 00000000`00000000
fffff880`041a9300 00000000`00000000
fffff880`041a9308 00000000`00000000
fffff880`041a9310 00000000`00000000
fffff880`041a9318 00000000`00000000
fffff880`041a9320 00000000`00000000
fffff880`041a9328 00000000`00000000
fffff880`041a9330 00000000`00000000
fffff880`041a9338 00000000`00000000
fffff880`041a9340 00000000`00000000
fffff880`041a9348 00000000`00000000
fffff880`041a9350 00000000`00000000
fffff880`041a9358 00000000`00000000
fffff880`041a9360 00000000`00000000
fffff880`041a9368 00000000`00000000
fffff880`041a9370 00000000`00000000
fffff880`041a9378 00000000`00000000
fffff880`041a9380 00000000`00000000
fffff880`041a9388 00000000`00000000
fffff880`041a9390 2020202a`2a2a0a0d
fffff880`041a9398 2e736674`4e202020
fffff880`041a93a0 6441202d`20737973
fffff880`041a93a8 46462073`73657264
fffff880`041a93b0 32303038`38464646
fffff880`041a93b8 62203931`34383136
fffff880`041a93c0 46207461`20657361
fffff880`041a93c8 30303838`46464646
fffff880`041a93d0 2c303030`41303632
fffff880`041a93d8 61745365`74614420
fffff880`041a93e0 34303663`3520706d
fffff880`041a93e8 ffff000a`0d366534
fffff880`041a93f0 00000000`c0000005
fffff880`041a93f8 fffff880`041a9550
fffff880`041a9400 fffffa80`0a25e290
fffff880`041a9408 fffff800`0426dab2 nt!WmiTraceMessage+0x1e
fffff880`041a9410 00000000`00000004
fffff880`041a9418 fffff880`041aa468
fffff880`041a9420 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9428 00000000`0000326b
fffff880`041a9430 fffff880`0265662c Ntfs!HotPatchBuffer+0xfc
fffff880`041a9438 00000000`c0000005
fffff880`041a9440 fffff880`041a9550
fffff880`041a9448 00000000`c00000d8
fffff880`041a9450 fffffa80`0a25e290
fffff880`041a9458 fffff800`04293fa4 nt!KeBugCheckEx+0x104
fffff880`041a9460 fffffa80`06706b50
fffff880`041a9468 ffff0000`067c000c
fffff880`041a9470 fffff880`041a94b8
fffff880`041a9478 00000000`00000004
fffff880`041a9480 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041a9488 00000000`00000000
fffff880`041a9490 00000000`00000282
fffff880`041a9498 fffff880`0260e261 Ntfs! ?? ::FNODOBFM::`string'+0x27dd
fffff880`041a94a0 00000000`00000024
fffff880`041a94a8 00000000`001904fb
fffff880`041a94b0 fffff880`041aa468
fffff880`041a94b8 fffff880`041a9cd0
fffff880`041a94c0 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041a94c8 fffffa80`0a4195e0
fffff880`041a94d0 00000000`00000000
fffff880`041a94d8 fffff880`0262d788 Ntfs! ?? ::FNODOBFM::`string'+0xea5
fffff880`041a94e0 fffff880`02656638 Ntfs!_security_cookie_complement
fffff880`041a94e8 fffff880`041aaaa0
fffff880`041a94f0 fffff880`041aaaa0
fffff880`041a94f8 fffffa80`09bd0b00
fffff880`041a9500 00000000`00000000
fffff880`041a9508 00000000`00000000
fffff880`041a9510 fffff880`041a9650
fffff880`041a9518 fffff800`04282248 nt!_C_specific_handler+0x8c
fffff880`041a9520 fffffa80`09de5800
fffff880`041a9528 fffff880`01602300 fltmgr!FltpPerformPreCallbacks+0x714
fffff880`041a9530 00000000`00000030
fffff880`041a9538 fffffa80`09a4f610
fffff880`041a9540 fffffa80`09cfb800
fffff880`041a9548 fffff800`0425be3f nt!KeQueryCurrentStackInformation+0x4b
fffff880`041a9550 fffff880`041aa468
fffff880`041a9558 fffff880`041a9cd0
fffff880`041a9560 00000000`00000000
fffff880`041a9568 fffff880`02625900 Ntfs!_C_specific_handler
fffff880`041a9570 fffff880`02672114 Ntfs!__PchSym_ <PERF> (Ntfs+0x68114)
fffff880`041a9578 fffff880`0260d26b Ntfs!NtfsFspDispatch+0x29b
fffff880`041a9580 00000000`00000000
fffff880`041a9588 fffff800`0429b1fd nt!RtlpExecuteHandlerForException+0xd
fffff880`041a9590 fffff880`0265662c Ntfs!HotPatchBuffer+0xfc
fffff880`041a9598 fffff880`041aaaa0
fffff880`041a95a0 00000000`00000000
fffff880`041a95a8 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a95b0 fffff880`041a9650
fffff880`041a95b8 fffff800`0425b125 nt!RtlDispatchException+0x415
fffff880`041a95c0 fffff880`0265662c Ntfs!HotPatchBuffer+0xfc
fffff880`041a95c8 fffff880`041a9608
fffff880`041a95d0 fffff880`041aa468
fffff880`041a95d8 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a95e0 fffff880`041a5000
fffff880`041a95e8 00000000`00000002
fffff880`041a95f0 fffffa80`0a421b00
fffff880`041a95f8 fffffa80`0a38e010
fffff880`041a9600 fffff880`041aaaa0
fffff880`041a9608 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9610 fffff880`0265662c Ntfs!HotPatchBuffer+0xfc
fffff880`041a9618 fffff880`041a9b70
fffff880`041a9620 00000000`00000000
fffff880`041a9628 fffff880`02672114 Ntfs!__PchSym_ <PERF> (Ntfs+0x68114)
fffff880`041a9630 fffff880`041ab000
fffff880`041a9638 fffff880`041a5000
fffff880`041a9640 00000000`00000000
fffff880`041a9648 fffffa80`09cfb800
fffff880`041a9650 fffff880`0260d26b Ntfs!NtfsFspDispatch+0x29b
fffff880`041a9658 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9660 fffff880`02672114 Ntfs!__PchSym_ <PERF> (Ntfs+0x68114)
fffff880`041a9668 fffff880`041aaaa0
fffff880`041a9670 fffff800`043f4180 nt!KiNode0+0x80
fffff880`041a9678 fffff880`041a96a0
fffff880`041a9680 fffff880`02625900 Ntfs!_C_specific_handler
fffff880`041a9688 fffff880`0265662c Ntfs!HotPatchBuffer+0xfc
fffff880`041a9690 fffff880`041a9b70
fffff880`041a9698 00000000`00000000
fffff880`041a96a0 fffff880`041a9890
fffff880`041a96a8 00000000`0000ffff
fffff880`041a96b0 fffff8a0`00706130
fffff880`041a96b8 fffff880`0261842b Ntfs!NtfsCleanupIrpContext+0x12b
fffff880`041a96c0 fffff880`041a9828
fffff880`041a96c8 fffff880`041a9aa0
fffff880`041a96d0 00001f80`00000000
fffff880`041a96d8 fffff8a0`00700010
fffff880`041a96e0 00010247`00181b80
fffff880`041a96e8 00000000`00000000
fffff880`041a96f0 fffffa80`0a421f68
fffff880`041a96f8 fffffa80`0a421b80
fffff880`041a9700 fffff880`041a97e0
fffff880`041a9708 fffff880`02619935 Ntfs!NtfsCommonCleanupOnNewStack+0x195
fffff880`041a9710 fffff880`041a97e0
fffff880`041a9718 fffff880`00000001
fffff880`041a9720 00000000`00000000
fffff880`041a9728 00000000`00000000
fffff880`041a9730 fffff880`0260cfd0 Ntfs!NtfsFspDispatch
fffff880`041a9738 fffff880`041aab70
fffff880`041a9740 fffff800`044107a0 nt!ExWorkerQueue
fffff880`041a9748 fffffa80`06706b50
fffff880`041a9750 fffffa80`0a25e290
fffff880`041a9758 fffffa80`00000000
fffff880`041a9760 00000000`00000000
fffff880`041a9768 fffff880`041a99a0
fffff880`041a9770 00000000`00000000
fffff880`041a9778 fffffa80`0a25e2d8
fffff880`041a9780 00000000`00000001
fffff880`041a9788 00000000`00000000
fffff880`041a9790 00000000`00000001
fffff880`041a9798 fffff800`04243dc9 nt!ExpWorkerThread+0x111
fffff880`041a97a0 00000000`00100800
fffff880`041a97a8 fffff880`041a9ee8
fffff880`041a97b0 00000000`001fffff
fffff880`041a97b8 fffff800`00001f80
fffff880`041a97c0 00000000`00000000
fffff880`041a97c8 fffffa80`0a3fc040
fffff880`041a97d0 fffff880`041a9ef0
fffff880`041a97d8 fffffa80`06689a70
fffff880`041a97e0 001fffff`001fffff
fffff880`041a97e8 00000000`00000000
fffff880`041a97f0 00000000`00000000
fffff880`041a97f8 00000001`00000001
fffff880`041a9800 fffffa80`0a3fc040
fffff880`041a9808 fffffa80`06689a70
fffff880`041a9810 00000000`00000000
fffff880`041a9818 fffff880`041a9e10
fffff880`041a9820 00000000`00000000
fffff880`041a9828 00000000`00000000
fffff880`041a9830 00000000`00000000
fffff880`041a9838 fffff800`044f9da1 nt!ObpCreateHandle+0x281
fffff880`041a9840 fffff880`041a9968
fffff880`041a9848 fffffa80`0a1d5180
fffff880`041a9850 fffffa80`0a40b280
fffff880`041a9858 fffff880`041a9968
fffff880`041a9860 00000000`00000001
fffff880`041a9868 fffffa80`0a419500
fffff880`041a9870 fffff880`041a9882
fffff880`041a9878 fffff880`01600000 fltmgr!FltpEnableNameCachingForStream <PERF> (fltmgr+0x0)
fffff880`041a9880 00000000`04000100
fffff880`041a9888 fffffa80`0a1d5180
fffff880`041a9890 00000000`00000000
fffff880`041a9898 00000000`00000000
fffff880`041a98a0 00000000`00000000
fffff880`041a98a8 00000000`00000000
fffff880`041a98b0 00000000`00000000
fffff880`041a98b8 00000000`00000000
fffff880`041a98c0 00000000`00000000
fffff880`041a98c8 00000000`00000000
fffff880`041a98d0 00000000`00000000
fffff880`041a98d8 00000000`00000000
fffff880`041a98e0 00000000`00000000
fffff880`041a98e8 00000000`00000000
fffff880`041a98f0 00000000`00000000
fffff880`041a98f8 00000000`00000000
fffff880`041a9900 00000000`00000000
fffff880`041a9908 00000000`00000000
fffff880`041a9910 00000000`00000000
fffff880`041a9918 00000000`00000000
fffff880`041a9920 00000000`00000000
fffff880`041a9928 00000000`00000000
fffff880`041a9930 00000000`00000000
fffff880`041a9938 00000000`00000000
fffff880`041a9940 fffffa80`09cfb801
fffff880`041a9948 00000000`00000000
fffff880`041a9950 00000000`00000000
fffff880`041a9958 fffffa80`0a40b280
fffff880`041a9960 fffff8a0`00706260
fffff880`041a9968 00000000`00000000
fffff880`041a9970 fffffa80`0a1d5180
fffff880`041a9978 fffff8a0`00706130
fffff880`041a9980 fffffa80`0a41d010
fffff880`041a9988 fffffa80`0a4195e0
fffff880`041a9990 fffff880`041a99a8
fffff880`041a9998 fffffa80`06706b50
fffff880`041a99a0 00000000`0a000001
fffff880`041a99a8 00000000`0a000001
fffff880`041a99b0 00000000`00000000
fffff880`041a99b8 00000000`00000000
fffff880`041a99c0 00000000`00000000
fffff880`041a99c8 00000000`00000000
fffff880`041a99d0 fffff880`041a9ac0
fffff880`041a99d8 00000000`00000000
fffff880`041a99e0 fffffa80`09bd0b50
fffff880`041a99e8 fffffa80`0a41d010
fffff880`041a99f0 00000000`00000000
fffff880`041a99f8 fffffa80`0a38e010
fffff880`041a9a00 fffffa80`0a41d440
fffff880`041a9a08 fffff880`0160283f fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`041a9a10 fffffa80`066f0001
fffff880`041a9a18 fffffa80`0a41d010
fffff880`041a9a20 00000000`00000300
fffff880`041a9a28 fffffa80`00000002
fffff880`041a9a30 fffffa80`09bd0b50
fffff880`041a9a38 00000000`00000478
fffff880`041a9a40 00000000`000003e8
fffff880`041a9a48 fffffa80`0a41d010
fffff880`041a9a50 fffffa80`09bd0b50
fffff880`041a9a58 fffffa80`09a4ef40
fffff880`041a9a60 00000000`00000000
fffff880`041a9a68 fffffa80`0768c4f0
fffff880`041a9a70 fffffa80`0a4195e0
fffff880`041a9a78 fffffa80`09bd0b50
fffff880`041a9a80 fffff8a0`00823660
fffff880`041a9a88 00000000`00000090
fffff880`041a9a90 00000000`00000001
fffff880`041a9a98 00000000`000007ff
fffff880`041a9aa0 fffffa80`09bd0b50
fffff880`041a9aa8 fffffa80`0a41d010
fffff880`041a9ab0 fffffa80`0a41d000
fffff880`041a9ab8 fffffa80`0a41d010
fffff880`041a9ac0 fffffa80`066f0040
fffff880`041a9ac8 00000000`00000000
fffff880`041a9ad0 fffffa80`0a4195e0
fffff880`041a9ad8 fffffa80`0a1d5030
fffff880`041a9ae0 fffffa80`06713f30
fffff880`041a9ae8 00000000`00000000
fffff880`041a9af0 fffffa80`0a4195e0
fffff880`041a9af8 fffff800`044fd247 nt!IopDeleteFile+0x1c7
fffff880`041a9b00 fffffa80`09b56830
fffff880`041a9b08 fffffa80`09b56830
fffff880`041a9b10 fffffa80`0a4196c0
fffff880`041a9b18 00000000`00000130
fffff880`041a9b20 00000000`00000000
fffff880`041a9b28 00000000`000007ff
fffff880`041a9b30 00000000`00000000
fffff880`041a9b38 fffff800`045e7996 nt!ObpFreeObject+0x266
fffff880`041a9b40 00000001`0a060000
fffff880`041a9b48 fffff880`041a9b48
fffff880`041a9b50 fffffa80`0a4195e0
fffff880`041a9b58 fffffa80`066f0040
fffff880`041a9b60 00000000`00000000
fffff880`041a9b68 fffffa80`0a4195b0
fffff880`041a9b70 00000000`00000005
fffff880`041a9b78 fffff880`0260cfd0 Ntfs!NtfsFspDispatch
fffff880`041a9b80 fffff880`026ebb50 Ntfs!NtfsUpgradeSecurity
fffff880`041a9b88 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9b90 fffff880`026728f4 Ntfs!__PchSym_ <PERF> (Ntfs+0x688f4)
fffff880`041a9b98 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9ba0 fffff880`02672b34 Ntfs!__PchSym_ <PERF> (Ntfs+0x68b34)
fffff880`041a9ba8 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9bb0 fffff880`026770d0 Ntfs!__PchSym_ <PERF> (Ntfs+0x6d0d0)
fffff880`041a9bb8 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9bc0 fffff880`02674f88 Ntfs!__PchSym_ <PERF> (Ntfs+0x6af88)
fffff880`041a9bc8 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041a9bd0 fffff880`02672114 Ntfs!__PchSym_ <PERF> (Ntfs+0x68114)
fffff880`041a9bd8 fffff880`041aa500
fffff880`041a9be0 fffff8a0`00003730
fffff880`041a9be8 fffff800`0462c860 nt!ObpCloseHandleTableEntry+0x280
fffff880`041a9bf0 fffff880`041aa510
fffff880`041a9bf8 00000000`10000000
fffff880`041a9c00 fffff880`041aa400
fffff880`041a9c08 fffff800`0427a9d8 nt!KiPreprocessFault+0xf4
fffff880`041a9c10 fffff880`041aa468
fffff880`041a9c18 00000000`000bde00
fffff880`041a9c20 00000000`0008008b
fffff880`041a9c28 fffff880`0168c000Unable to load image \SystemRoot\System32\Drivers\MbamChameleon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MbamChameleon.sys
*** ERROR: Module load completed but symbols could not be loaded for MbamChameleon.sys
MbamChameleon+0x2e000
fffff880`041a9c30 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041a9c38 fffff880`0261841b Ntfs!NtfsCleanupIrpContext+0x11b
fffff880`041a9c40 fffff880`041a9cd0
fffff880`041a9c48 fffff880`041aa468
fffff880`041a9c50 fffff880`0261841a Ntfs!NtfsCleanupIrpContext+0x11a
fffff880`041a9c58 00000000`00000000
fffff880`041a9c60 fffff880`041aa330
fffff880`041a9c68 00000000`0010001f
fffff880`041a9c70 fffff880`041aa510
fffff880`041a9c78 00000000`00000000
fffff880`041a9c80 fffff880`041a9cd0
fffff880`041a9c88 fffff880`041aa1d0
fffff880`041a9c90 fffff880`041aa468
fffff880`041a9c98 fffff800`0437aeee nt!KiDispatchException+0x17e
fffff880`041a9ca0 fffff880`041aa468
fffff880`041a9ca8 fffff880`041a9cd0
fffff880`041a9cb0 fffff880`00000000
fffff880`041a9cb8 00000000`00000000
fffff880`041a9cc0 00000000`00000000
fffff880`041a9cc8 fffffa80`06689b00
fffff880`041a9cd0 00000000`00000001
fffff880`041a9cd8 fffff880`041a9d50
fffff880`041a9ce0 fffff880`0168c000 MbamChameleon+0x2e000
fffff880`041a9ce8 fffff880`016735ac MbamChameleon+0x155ac
fffff880`041a9cf0 00000000`00000000
fffff880`041a9cf8 00000000`00000000
fffff880`041a9d00 00001f80`0010001f
fffff880`041a9d08 0053002b`002b0010
fffff880`041a9d10 00010247`0018002b
fffff880`041a9d18 fffff800`04520ed9 nt!PsCreateSystemThread+0x135
fffff880`041a9d20 00000000`00000000
fffff880`041a9d28 00000000`00000000
fffff880`041a9d30 fffffa80`0a1e9180
fffff880`041a9d38 fffffa80`0a25e290
fffff880`041a9d40 fffffa80`066f0040
fffff880`041a9d48 00000000`00000000
fffff880`041a9d50 00000000`00400020
fffff880`041a9d58 00000000`00000000
fffff880`041a9d60 fffffa80`0a25e290
fffff880`041a9d68 fffff880`041aa6a0
fffff880`041a9d70 00000000`00000000
fffff880`041a9d78 00000000`00000001
fffff880`041a9d80 00000000`00000000
fffff880`041a9d88 00000000`00000000
fffff880`041a9d90 00000000`00000727
fffff880`041a9d98 fffff800`044f7810 nt!NtClose
fffff880`041a9da0 fffffa80`06706b50
fffff880`041a9da8 00000000`00000001
fffff880`041a9db0 00000000`00000702
fffff880`041a9db8 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041a9dc0 00000000`00000000
fffff880`041a9dc8 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041a9dd0 00000000`00100800
fffff880`041a9dd8 fffff880`041a9ee8
fffff880`041a9de0 00000000`001fffff
fffff880`041a9de8 fffff800`00001f80
fffff880`041a9df0 00000000`00000000
fffff880`041a9df8 fffffa80`0a3fc040
fffff880`041a9e00 fffff880`041a9ef0
fffff880`041a9e08 fffffa80`06689a70
fffff880`041a9e10 001fffff`001fffff
fffff880`041a9e18 00000000`00000000
fffff880`041a9e20 00000000`00000000
fffff880`041a9e28 00000001`00000001
fffff880`041a9e30 fffffa80`0a3fc040
fffff880`041a9e38 fffffa80`06689a70
fffff880`041a9e40 00000000`00000000
fffff880`041a9e48 fffff880`041a9e10
fffff880`041a9e50 00000000`00000000
fffff880`041a9e58 00000000`00000000
fffff880`041a9e60 00000000`00000000
fffff880`041a9e68 fffff800`044f9da1 nt!ObpCreateHandle+0x281
fffff880`041a9e70 00320033`006d0065
fffff880`041a9e78 00740075`0061005c
fffff880`041a9e80 006b0068`0063006f
fffff880`041a9e88 00650078`0065002e
fffff880`041a9e90 00000000`00000000
fffff880`041a9e98 00000000`00000000
fffff880`041a9ea0 00000000`00000000
fffff880`041a9ea8 00000000`00000000
fffff880`041a9eb0 00000000`00000000
fffff880`041a9eb8 00000000`00000000
fffff880`041a9ec0 0001967b`0000021f
fffff880`041a9ec8 00000000`00000008
fffff880`041a9ed0 00000000`00000000
fffff880`041a9ed8 00000000`00000000
fffff880`041a9ee0 00000000`00000000
fffff880`041a9ee8 00000000`00000000
fffff880`041a9ef0 00000000`00000000
fffff880`041a9ef8 00000000`00000000
fffff880`041a9f00 00000000`00000000
fffff880`041a9f08 00000000`00000000
fffff880`041a9f10 00000000`00000000
fffff880`041a9f18 00000000`00000000
fffff880`041a9f20 00000000`00000000
fffff880`041a9f28 00000000`00000000
fffff880`041a9f30 00000000`00000000
fffff880`041a9f38 00000000`00000000
fffff880`041a9f40 00000000`00000000
fffff880`041a9f48 00000000`00000000
fffff880`041a9f50 00000000`00000000
fffff880`041a9f58 00000000`00000000
fffff880`041a9f60 00000000`00000000
fffff880`041a9f68 00000000`00000000
fffff880`041a9f70 fffff880`041aa410
fffff880`041a9f78 fffff800`044ec0cf nt!ObOpenObjectByPointerWithTag+0x133
fffff880`041a9f80 fffffa80`00000001
fffff880`041a9f88 fffffa80`0a3fc040
fffff880`041a9f90 00000002`00000000
fffff880`041a9f98 fffff6fb`7ea00200
fffff880`041a9fa0 fffff880`00000000
fffff880`041a9fa8 00000000`00000201
fffff880`041a9fb0 fffffa80`0a413000
fffff880`041a9fb8 00000000`00000000
fffff880`041a9fc0 00000000`00000000
fffff880`041a9fc8 fffff880`041aa590
fffff880`041a9fd0 fffff880`041aa080
fffff880`041a9fd8 fffff880`041aa030
fffff880`041a9fe0 fffff880`041aa000
fffff880`041a9fe8 fffff800`044f8500 nt!ExMapHandleToPointerEx+0x40
fffff880`041a9ff0 00000000`0000003f
fffff880`041a9ff8 00000000`00000000
fffff880`041aa000 fffff880`0168c000 MbamChameleon+0x2e000
fffff880`041aa008 fffffa80`0a443000
fffff880`041aa010 00000000`c0000001
fffff880`041aa018 fffff880`041aa0f9
fffff880`041aa020 fffffa80`0a445088
fffff880`041aa028 fffff880`016776ad MbamChameleon+0x196ad
fffff880`041aa030 fffffa80`0a3fc040
fffff880`041aa038 00000000`00000086
fffff880`041aa040 fffff880`41724765
fffff880`041aa048 fffffa80`00000000
fffff880`041aa050 fffffa80`0a445088
fffff880`041aa058 fffff880`01673031 MbamChameleon+0x15031
fffff880`041aa060 fffffa80`0a445088
fffff880`041aa068 fffff880`00000000
fffff880`041aa070 00000000`c0000001
fffff880`041aa078 fffffa80`0a443000
fffff880`041aa080 00000000`00000000
fffff880`041aa088 00000000`00000000
fffff880`041aa090 ffffffff`800001b8
fffff880`041aa098 fffffa80`0a3b7040
fffff880`041aa0a0 00000000`02080064
fffff880`041aa0a8 fffffa80`0a412df0
fffff880`041aa0b0 fffffa80`00120010
fffff880`041aa0b8 fffff880`041aa100
fffff880`041aa0c0 00000000`001e001c
fffff880`041aa0c8 fffff800`047e4be3 hal!HalSendSoftwareInterrupt+0x48
fffff880`041aa0d0 00000000`00000000
fffff880`041aa0d8 00000000`00000000
fffff880`041aa0e0 00000000`003e003c
fffff880`041aa0e8 fffff880`016883f0 MbamChameleon+0x2a3f0
fffff880`041aa0f0 00000000`00000202
fffff880`041aa0f8 fffff800`0423735a nt!KiDeferredReadyThread+0x31a
fffff880`041aa100 fffff800`043e4180 nt!KiInitialPCR+0x180
fffff880`041aa108 fffffa80`0a3fc040
fffff880`041aa110 fffffa80`0a3fc040
fffff880`041aa118 00000000`00000004
fffff880`041aa120 fffffa80`066f0000
fffff880`041aa128 00000000`00000005
fffff880`041aa130 00000000`00000000
fffff880`041aa138 00000000`0000000f
fffff880`041aa140 00000000`00000000
fffff880`041aa148 ffffd410`fc83e270
fffff880`041aa150 00000000`00000001
fffff880`041aa158 00000000`00000000
fffff880`041aa160 fffffa80`066f0040
fffff880`041aa168 fffff800`04221a59 nt!RtlGetExtendedContextLength+0x19
fffff880`041aa170 fffffa80`0a3fc040
fffff880`041aa178 fffff800`04255687 nt!KiFastReadyThread+0x73
fffff880`041aa180 00000000`00000000
fffff880`041aa188 00000000`00000000
fffff880`041aa190 00000000`00000000
fffff880`041aa198 00000000`00000000
fffff880`041aa1a0 000004e8`fffffb30
fffff880`041aa1a8 000004d0`fffffb30
fffff880`041aa1b0 00000000`00000019
fffff880`041aa1b8 fffff800`04255787 nt!KeReadyThread+0x23
fffff880`041aa1c0 fffffa80`0a3fc040
fffff880`041aa1c8 fffffa80`066f0040
fffff880`041aa1d0 00000000`0010001f
fffff880`041aa1d8 fffff880`041aa330
fffff880`041aa1e0 fffff880`041aa1a0
fffff880`041aa1e8 000004f7`00000000
fffff880`041aa1f0 fffff880`041aa410
fffff880`041aa1f8 00000000`c0000008
fffff880`041aa200 fffffa80`066f0040
fffff880`041aa208 00000000`00000000
fffff880`041aa210 00000000`00000001
fffff880`041aa218 00000000`00000000
fffff880`041aa220 fffff880`041a9cd0
fffff880`041aa228 fffff800`043461d2 nt!MmUnmapViewInSystemCache+0x872
fffff880`041aa230 fffffa80`00000000
fffff880`041aa238 fffffa80`066f0040
fffff880`041aa240 00000000`00000000
fffff880`041aa248 fffffa80`0573ec40
fffff880`041aa250 00000000`00000000
fffff880`041aa258 fffffa80`066f0040
fffff880`041aa260 fffffa80`00000040
fffff880`041aa268 fffffa80`0a1eac10
fffff880`041aa270 f8a02071`52080400
fffff880`041aa278 fffff8a0`00715208
fffff880`041aa280 fffffa80`0a412940
fffff880`041aa288 fffff8a0`00000000
fffff880`041aa290 00000000`00000040
fffff880`041aa298 00000001`cf424863
fffff880`041aa2a0 fffff6fc`c001c800
fffff880`041aa2a8 fffffa80`0a4128c0
fffff880`041aa2b0 fffff6fc`c001ca00
fffff880`041aa2b8 fffffa80`056dc6c0
fffff880`041aa2c0 fffffa80`0a40d370
fffff880`041aa2c8 fffff8a0`008235a0
fffff880`041aa2d0 4a300001`d114d821
fffff880`041aa2d8 4a200001`d12ce821
fffff880`041aa2e0 4a100001`d12cf821
fffff880`041aa2e8 4a000001`d11d0821
fffff880`041aa2f0 ffffd410`fc83e2a0
fffff880`041aa2f8 49e00001`d32d2821
fffff880`041aa300 00000000`00000000
fffff880`041aa308 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041aa310 00000000`00000702
fffff880`041aa318 00000000`00000001
fffff880`041aa320 fffff880`041aa590
fffff880`041aa328 fffff800`042a23c2 nt!KiExceptionDispatch+0xc2
fffff880`041aa330 fffff880`041aa468
fffff880`041aa338 fffffa80`0a25e290
fffff880`041aa340 fffff880`041aa510
fffff880`041aa348 00000000`00000001
fffff880`041aa350 00000000`00000001
fffff880`041aa358 fffffa80`066f0040
fffff880`041aa360 00000000`00000000
fffff880`041aa368 00000000`00000000
fffff880`041aa370 00000000`00000000
fffff880`041aa378 00000000`00000000
fffff880`041aa380 00000000`00000000
fffff880`041aa388 00000000`00000000
fffff880`041aa390 00000000`00000000
fffff880`041aa398 00000000`00000000
fffff880`041aa3a0 00000000`00000000
fffff880`041aa3a8 00000000`00000000
fffff880`041aa3b0 00000000`00000000
fffff880`041aa3b8 00000000`00000000
fffff880`041aa3c0 00000000`00000000
fffff880`041aa3c8 00000000`00000000
fffff880`041aa3d0 00000000`00000000
fffff880`041aa3d8 00000000`00000000
fffff880`041aa3e0 00000000`00000000
fffff880`041aa3e8 00000000`00000000
fffff880`041aa3f0 00000000`00000000
fffff880`041aa3f8 00000000`00000000
fffff880`041aa400 fffff880`041aa690
fffff880`041aa408 00000000`00000000
fffff880`041aa410 00000000`0000cff4
fffff880`041aa418 00000001`00000000
fffff880`041aa420 fffffa80`06706b50
fffff880`041aa428 fffff800`044fb819 nt!ExDestroyHandle+0xa9
fffff880`041aa430 fffffa80`0a25e290
fffff880`041aa438 00000000`00000000
fffff880`041aa440 00000000`00000001
fffff880`041aa448 00000000`00000001
fffff880`041aa450 00000000`00000702
fffff880`041aa458 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041aa460 00000000`00000000
fffff880`041aa468 00000000`c0000005
fffff880`041aa470 00000000`00000000
fffff880`041aa478 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041aa480 00000000`00000002
fffff880`041aa488 00000000`00000000
fffff880`041aa490 00000000`00000018
fffff880`041aa498 00000000`001dd71e
fffff880`041aa4a0 fffff6fb`40000000
fffff880`041aa4a8 00000000`00000000
fffff880`041aa4b0 fffff880`041aa460
fffff880`041aa4b8 fffff800`00000000
fffff880`041aa4c0 00000000`00000007
fffff880`041aa4c8 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041aa4d0 00000000`00000000
fffff880`041aa4d8 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041aa4e0 00000000`00000702
fffff880`041aa4e8 00000000`00000001
fffff880`041aa4f0 00000000`00000000
fffff880`041aa4f8 00000000`00000001
fffff880`041aa500 fffff880`041aa590
fffff880`041aa508 fffff800`042a00a8 nt!KiPageFault+0x428
fffff880`041aa510 00000000`00000000
fffff880`041aa518 00000000`00000018
fffff880`041aa520 00000000`00000000
fffff880`041aa528 fffffa80`0a25e290
fffff880`041aa530 00000000`00000000
fffff880`041aa538 00001f80`01001f53
fffff880`041aa540 00000000`00000000
fffff880`041aa548 00000000`00400020
fffff880`041aa550 00000000`00000000
fffff880`041aa558 00000000`00000000
fffff880`041aa560 00000000`00000727
fffff880`041aa568 fffff800`044f7810 nt!NtClose
fffff880`041aa570 fffffa80`06706b50
fffff880`041aa578 00000000`00000000
fffff880`041aa580 00320033`006d0065
fffff880`041aa588 00740075`0061005c
fffff880`041aa590 006b0068`0063006f
fffff880`041aa598 00650078`0065002e
fffff880`041aa5a0 00000000`00000000
fffff880`041aa5a8 00000000`00000000
fffff880`041aa5b0 00000000`00000000
fffff880`041aa5b8 00000000`00000000
fffff880`041aa5c0 00000000`00000000
fffff880`041aa5c8 00000000`00000000
fffff880`041aa5d0 0001967b`0000021f
fffff880`041aa5d8 00000000`00000008
fffff880`041aa5e0 00000000`00000018
fffff880`041aa5e8 fffff800`04520ed9 nt!PsCreateSystemThread+0x135
fffff880`041aa5f0 00000000`00000000
fffff880`041aa5f8 00000000`00000000
fffff880`041aa600 fffffa80`0a1e9180
fffff880`041aa608 fffffa80`0a25e290
fffff880`041aa610 fffffa80`066f0040
fffff880`041aa618 00000000`00000000
fffff880`041aa620 fffff880`041aa690
fffff880`041aa628 00000000`00000000
fffff880`041aa630 00000000`00000000
fffff880`041aa638 00000000`00000000
fffff880`041aa640 00000000`00000000
fffff880`041aa648 fffff880`026d4530 Ntfs!EfspCheckVolumeForRecoveryLog
fffff880`041aa650 fffffa80`09b5bcd0
fffff880`041aa658 00000000`00000000
fffff880`041aa660 00000000`00000030
fffff880`041aa668 00000000`00000000
fffff880`041aa670 00000000`00000000
fffff880`041aa678 fffff880`02618419 Ntfs!NtfsCleanupIrpContext+0x119
fffff880`041aa680 00000000`00000010
fffff880`041aa688 00000000`00010247
fffff880`041aa690 fffff880`041aa6a0
fffff880`041aa698 00000000`00000018
fffff880`041aa6a0 ffffd410`fc83e680
fffff880`041aa6a8 fffff800`042976c0 nt!KiServiceLinkage
fffff880`041aa6b0 00000000`00000010
fffff880`041aa6b8 00000000`00000082
fffff880`041aa6c0 00000000`00000007
fffff880`041aa6c8 fffff880`02668fa8 Ntfs!NtfsData+0x28
fffff880`041aa6d0 00000000`00000000
fffff880`041aa6d8 00000000`00000001
fffff880`041aa6e0 00000000`00000000
fffff880`041aa6e8 fffff880`0261b454 Ntfs!NtfsExtendedCompleteRequestInternal+0xd4
fffff880`041aa6f0 fffffa80`0a25e290
fffff880`041aa6f8 00000000`00000001
fffff880`041aa700 00000000`00000000
fffff880`041aa708 fffffa80`0a410010
fffff880`041aa710 00000000`00000001
fffff880`041aa718 fffffa80`0a1e9180
fffff880`041aa720 fffff800`044107a0 nt!ExWorkerQueue
fffff880`041aa728 fffff880`026ebb1a Ntfs!NtfsMountVolume+0x28cd
fffff880`041aa730 00000000`00000000
fffff880`041aa738 fffffa80`0a25e290
fffff880`041aa740 00000000`00000000
fffff880`041aa748 00000000`00000000
fffff880`041aa750 00000000`00000001
fffff880`041aa758 00000000`00000000
fffff880`041aa760 fffff880`041aa7a9
fffff880`041aa768 00000000`00000000
fffff880`041aa770 00000000`00000000
fffff880`041aa778 fffff880`041aa940
fffff880`041aa780 ffff0300`041aa800
fffff880`041aa788 00000000`7dbe0000
fffff880`041aa790 00000008`00000101
fffff880`041aa798 fffff601`00000100
fffff880`041aa7a0 fffffa80`0a1e9180
fffff880`041aa7a8 fffff880`026e0000 Ntfs!NtfsUnlockVolume
fffff880`041aa7b0 fffffa80`09b55820
fffff880`041aa7b8 fffffa80`0a4105f0
fffff880`041aa7c0 fffff980`03840c00
fffff880`041aa7c8 00000000`00000001
fffff880`041aa7d0 00030000`00000003
fffff880`041aa7d8 00000001`00000040
fffff880`041aa7e0 fffff980`02ac0c00
fffff880`041aa7e8 00030000`00000003
fffff880`041aa7f0 00000000`00000000
fffff880`041aa7f8 fffffa80`0a4103f8
fffff880`041aa800 00000000`00000000
fffff880`041aa808 fffff880`041aa8c0
fffff880`041aa810 fffff880`041aa8c0
fffff880`041aa818 00000000`00000000
fffff880`041aa820 00000000`00000001
fffff880`041aa828 fffffa80`0a1e9030
fffff880`041aa830 fffff8a0`007092f0
fffff880`041aa838 00010000`00000000
fffff880`041aa840 00000000`00000100
fffff880`041aa848 00000001`00000000
fffff880`041aa850 00000000`00000000
fffff880`041aa858 00000000`00020000
fffff880`041aa860 00000000`00080200
fffff880`041aa868 000000f8`00000000
fffff880`041aa870 00000800`00ff003f
fffff880`041aa878 00001f80`00000000
fffff880`041aa880 fffffa80`09cf9040
fffff880`041aa888 fffffa80`0a25e290
fffff880`041aa890 00000000`00000000
fffff880`041aa898 00000000`00000000
fffff880`041aa8a0 00000000`00000000
fffff880`041aa8a8 00000000`00000000
fffff880`041aa8b0 00000000`00000000
fffff880`041aa8b8 00000000`00000000
fffff880`041aa8c0 00000000`00000000
fffff880`041aa8c8 00000000`00000000
fffff880`041aa8d0 00000000`00000000
fffff880`041aa8d8 00000000`00000000
fffff880`041aa8e0 00000000`00000000
fffff880`041aa8e8 00000000`00000000
fffff880`041aa8f0 00000000`00000000
fffff880`041aa8f8 00000000`00000000
fffff880`041aa900 00000000`00000000
fffff880`041aa908 00000000`00000000
fffff880`041aa910 00000000`00000000
fffff880`041aa918 00000000`00000005
fffff880`041aa920 fffff880`026e9240 Ntfs!NtfsMountVolume
fffff880`041aa928 fffff980`02a80d60
fffff880`041aa930 00000000`00000000
fffff880`041aa938 00000000`00001000
fffff880`041aa940 fffff980`038c0148
fffff880`041aa948 fffff980`038c0000
fffff880`041aa950 00000000`00000000
fffff880`041aa958 00000000`00000000
fffff880`041aa960 00000000`00000000
fffff880`041aa968 00000000`00000000
fffff880`041aa970 00000000`00000000
fffff880`041aa978 00000000`00000000
fffff880`041aa980 00000000`00000000
fffff880`041aa988 00000000`00000000
fffff880`041aa990 00000000`00000000
fffff880`041aa998 00000000`00000000
fffff880`041aa9a0 00000000`00000000
fffff880`041aa9a8 fffff800`044107a0 nt!ExWorkerQueue
fffff880`041aa9b0 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041aa9b8 00000000`00000000
fffff880`041aa9c0 00000000`00000000
fffff880`041aa9c8 00000000`00000001
fffff880`041aa9d0 fffffa80`0a410010
fffff880`041aa9d8 fffffa80`0a25e290
fffff880`041aa9e0 00000000`00000000
fffff880`041aa9e8 fffff880`02686849 Ntfs!NtfsCommonFileSystemControl+0xc9
fffff880`041aa9f0 fffffa80`0a25e290
fffff880`041aa9f8 fffffa80`0a410010
fffff880`041aaa00 fffff880`041aaa28
fffff880`041aaa08 fffff880`041aaa20
fffff880`041aaa10 fffffa80`06706c58
fffff880`041aaa18 fffff800`04232452 nt!KiCommitThreadWait+0x1d2
fffff880`041aaa20 fffffa80`0a40e330
fffff880`041aaa28 fffffa80`0a1e9180
fffff880`041aaa30 00000000`00000000
fffff880`041aaa38 fffffa80`06706b50
fffff880`041aaa40 00000000`00000000
fffff880`041aaa48 00000000`000e0082
fffff880`041aaa50 00000000`00000000
fffff880`041aaa58 fffff880`0261aebe Ntfs!NtfsInitializeTopLevelIrp+0x3e
fffff880`041aaa60 fffff880`0260a000 Ntfs!RtlULongLongToULong <PERF> (Ntfs+0x0)
fffff880`041aaa68 00000000`00000000
fffff880`041aaa70 ffff0000`067cc85f
fffff880`041aaa78 fffffa80`0a410010
fffff880`041aaa80 fffffa80`0a410010
fffff880`041aaa88 fffff880`041aab00
fffff880`041aaa90 fffffa80`0a25e290
fffff880`041aaa98 fffff880`0260d26b Ntfs!NtfsFspDispatch+0x29b
fffff880`041aaaa0 fffffa80`0a25e290
fffff880`041aaaa8 fffff800`04232e23 nt!KeRemoveQueueEx+0x323
fffff880`041aaab0 00000000`00000000
fffff880`041aaab8 fffffa80`09cf7ce0
fffff880`041aaac0 fffffa80`00000000
fffff880`041aaac8 fffffa80`09cf7c00
fffff880`041aaad0 00000000`00000000
fffff880`041aaad8 fffffa80`0a25e290
fffff880`041aaae0 fffff880`00000000
fffff880`041aaae8 fffff880`041aab00
fffff880`041aaaf0 00000000`00000000
fffff880`041aaaf8 fffffa80`0a410010
fffff880`041aab00 5346544e`04000001
fffff880`041aab08 00000000`00000000
fffff880`041aab10 00000000`00000000
fffff880`041aab18 00000000`00000000
fffff880`041aab20 fffffa80`0a25e290
fffff880`041aab28 00000000`00000000
fffff880`041aab30 00000000`00000001
fffff880`041aab38 00000000`00000000
fffff880`041aab40 00000000`00000001
fffff880`041aab48 fffffa80`0a25e2d8
fffff880`041aab50 fffffa80`0a25e290
fffff880`041aab58 fffffa80`06706b50
fffff880`041aab60 fffff880`0260cfd0 Ntfs!NtfsFspDispatch
fffff880`041aab68 fffff800`04243dc9 nt!ExpWorkerThread+0x111
fffff880`041aab70 fffff800`04410700 nt!ExpWorkerSwapinMutex+0x20
fffff880`041aab78 fffff800`04509b00 nt!SeCopyClientToken+0xb0
fffff880`041aab80 fffffa80`06706b00
fffff880`041aab88 00000000`00000001
fffff880`041aab90 fffff880`041aaba0
fffff880`041aab98 00000000`00000001
fffff880`041aaba0 fffffa80`0a25e2d8
fffff880`041aaba8 00000000`00000000
fffff880`041aabb0 00000000`00000000
fffff880`041aabb8 00000000`00000000
fffff880`041aabc0 ffffd410`fc83e800
fffff880`041aabc8 00000000`00000000
fffff880`041aabd0 fffff800`04243cb8 nt!ExpWorkerThread
fffff880`041aabd8 00000000`00000000
fffff880`041aabe0 00000000`00000000
fffff880`041aabe8 fffffa80`06706b50
fffff880`041aabf0 fffffa80`066f0040
fffff880`041aabf8 fffff800`0453f2e8 nt!PspSystemThreadStartup+0x194
fffff880`041aac00 00000000`00000000
fffff880`041aac08 fffff880`009aa180
fffff880`041aac10 00000000`00000080
fffff880`041aac18 00000000`00000001
fffff880`041aac20 fffffa80`06706148
fffff880`041aac28 fffffa80`066f0040
fffff880`041aac30 00000000`00000000
fffff880`041aac38 fffff800`04299ec6 nt!KiStartSystemThread+0x16
fffff880`041aac40 fffff880`009aa180
fffff880`041aac48 fffffa80`06706b50
fffff880`041aac50 fffff880`009b9140
fffff880`041aac58 00000000`00000000
fffff880`041aac60 00000000`00000000
fffff880`041aac68 00000000`00000000
fffff880`041aac70 fffff880`041ab000
fffff880`041aac78 fffff880`041a5000
fffff880`041aac80 fffff880`041a9770
fffff880`041aac88 00000000`00000000
fffff880`041aac90 fffff880`041a5000
fffff880`041aac98 00000000`00000000
fffff880`041aaca0 00000000`00000000
fffff880`041aaca8 00000000`00000000
fffff880`041aacb0 00000000`00000000
fffff880`041aacb8 00000000`00000000
fffff880`041aacc0 00000000`00000040
fffff880`041aacc8 00000000`00000000
fffff880`041aacd0 00000000`00000000
fffff880`041aacd8 0000ffff`00001f80
fffff880`041aace0 00000000`00000000
fffff880`041aace8 00000000`00000000
fffff880`041aacf0 00000000`00000000
fffff880`041aacf8 00000000`00000000
fffff880`041aad00 00000000`00000000
fffff880`041aad08 00000000`00000000
fffff880`041aad10 00000000`00000000
fffff880`041aad18 00000000`00000000
fffff880`041aad20 00000000`00000000
fffff880`041aad28 00000000`00000000
fffff880`041aad30 00000000`00000000
fffff880`041aad38 00000000`00000000
fffff880`041aad40 00000000`00000000
fffff880`041aad48 00000000`00000000
fffff880`041aad50 00000000`00000000
fffff880`041aad58 00000000`00000000
fffff880`041aad60 00000000`00000000
fffff880`041aad68 00000000`00000000
fffff880`041aad70 00000000`00000000
fffff880`041aad78 00000000`00000000
fffff880`041aad80 00000000`00000000
fffff880`041aad88 00000000`00000000
fffff880`041aad90 00000000`00000000
fffff880`041aad98 00000000`00000000
fffff880`041aada0 00000000`00000000
fffff880`041aada8 00000000`00000000
fffff880`041aadb0 00000000`00000000
fffff880`041aadb8 00000000`00000000
fffff880`041aadc0 00000000`00000000
fffff880`041aadc8 00000000`00000000
fffff880`041aadd0 00000000`00000000
fffff880`041aadd8 00000000`00000000
fffff880`041aade0 00000000`00000000
fffff880`041aade8 00000000`00000000
fffff880`041aadf0 00000000`00000000
fffff880`041aadf8 00000000`00000000
fffff880`041aae00 00000000`00000000
fffff880`041aae08 00000000`00000000
fffff880`041aae10 00000000`00000000
fffff880`041aae18 00000000`00000000
fffff880`041aae20 00000000`00000000
fffff880`041aae28 00000000`00000000
fffff880`041aae30 00000000`00000000
fffff880`041aae38 00000000`00000000
fffff880`041aae40 00000000`00000000
fffff880`041aae48 00000000`00000000
fffff880`041aae50 00000000`00000000
fffff880`041aae58 00000000`00000000
fffff880`041aae60 00000000`00000000
fffff880`041aae68 00000000`00000000
fffff880`041aae70 00000000`00000000
fffff880`041aae78 00000000`00000000
fffff880`041aae80 00000000`00000000
fffff880`041aae88 00000000`00000000
fffff880`041aae90 00000000`00000000
fffff880`041aae98 00000000`00000000
fffff880`041aaea0 00000000`00000000
fffff880`041aaea8 00000000`00000000
fffff880`041aaeb0 00000000`00000000
fffff880`041aaeb8 00000000`00000000
fffff880`041aaec0 00000000`00000000
fffff880`041aaec8 00000000`00000000
fffff880`041aaed0 00000000`00000000
fffff880`041aaed8 00000000`00000000
fffff880`041aaee0 00000000`00000000
fffff880`041aaee8 00000000`00000000
fffff880`041aaef0 00000000`00000000
fffff880`041aaef8 00000000`00000000
fffff880`041aaf00 00000000`00000000
fffff880`041aaf08 00000000`00000000
fffff880`041aaf10 00000000`00000000
fffff880`041aaf18 00000000`00000000
fffff880`041aaf20 00000000`00000000
fffff880`041aaf28 00000000`00000000
fffff880`041aaf30 00000000`00000000
fffff880`041aaf38 00000000`00000000
fffff880`041aaf40 00000000`00000000
fffff880`041aaf48 00000000`00000000
fffff880`041aaf50 00000000`00000000
fffff880`041aaf58 00000000`00000000
fffff880`041aaf60 00000000`00000000
fffff880`041aaf68 00000000`00000000
fffff880`041aaf70 00000000`00000000
fffff880`041aaf78 00000000`00000000
fffff880`041aaf80 00000000`00000000
fffff880`041aaf88 00000000`00000000
fffff880`041aaf90 00000000`00000000
fffff880`041aaf98 00000000`00000000
fffff880`041aafa0 00000000`00000000
fffff880`041aafa8 00000000`00000000
fffff880`041aafb0 00000000`00000000
fffff880`041aafb8 00000000`00000000
fffff880`041aafc0 00000000`00000000
fffff880`041aafc8 00000000`00000000
fffff880`041aafd0 00000000`00000000
fffff880`041aafd8 00000000`00000000
fffff880`041aafe0 00000000`00000000
fffff880`041aafe8 00000000`00000000
fffff880`041aaff0 00000000`00000000
fffff880`041aaff8 00000000`00000000
quit:
Microsoft (R) Windows Debugger Version 10.0.17134.12 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\New folder (5)\070324-18111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24545.amd64fre.win7sp1_ldr_escrow.200102-1707
Machine Name:
Kernel base = 0xfffff800`04200000 PsLoadedModuleList = 0xfffff800`04439c90
Debug session time: Wed Jul 3 10:25:52.047 2024 (UTC - 4:00)
System Uptime: 0 days 0:00:10.530
Loading Kernel Symbols
...............................................................
.........................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880041aa468, fffff880041a9cd0, fffff88002618419}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCleanupIrpContext+119 )
Followup: MachineOwner
---------
3: kd> kd: Reading initial command 'lmvm Ntfs; lmvm MbamChameleon; q'
start end module name
fffff880`0260a000 fffff880`027b1000 Ntfs (pdb symbols) C:\Users\ADMINI~1\AppData\Local\Temp\MiniDumper\sym\ntfs.pdb\F746DEB6FD8F43AEA0E8CE94B499EF852\ntfs.pdb
Loaded symbol image file: Ntfs.sys
Mapped memory image file: C:\Users\ADMINI~1\AppData\Local\Temp\MiniDumper\sym\Ntfs.sys\5C6044E61a7000\Ntfs.sys
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Timestamp: Sun Feb 10 07:36:06 2019 (5C6044E6)
CheckSum: 001A495B
ImageSize: 001A7000
File version: 6.1.7601.24382
Product version: 6.1.7601.24382
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 6.1.7601.24382
FileVersion: 6.1.7601.24382 (win7sp1_ldr.190210-0600)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
start end module name
fffff880`0165e000 fffff880`01698000 MbamChameleon (deferred)
Image path: \SystemRoot\System32\Drivers\MbamChameleon.sys
Image name: MbamChameleon.sys
Timestamp: Tue May 28 08:10:30 2024 (6655F3E6)
CheckSum: 0003773A
ImageSize: 0003A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
quit:
Basically Water.
#19
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 25 July 2024 - 07:54 PM
It looks a lot like malwarebytes is the issue here.
You can remove it and run both batch files I provided as well. Create a system restore point prior to running running the batch files and removing malwarebytes.
You can also run both of these programs and provide screen shots of each outcome after the tools has ran for HDD Tune do not do the short test.
Remove these from your machine as well.
410536 8/25/2022 2:57:54 AM "C:\Program Files\Trend Micro\HouseCall\Tmcomm.sys"
67168 8/25/2022 2:57:54 AM "C:\Program Files\Trend Micro\HouseCall\TMEBC64.sys"
Edited by FiredUpIce, 25 July 2024 - 08:03 PM.
Basically Water.
#20
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 25 July 2024 - 08:19 PM
Do you have any idea what these randomly named drivers are? Can you send a couple of them to virustotal?
https://www.nirsoft.net/utils/driverview.html
Use this tool for me.
Right click run as admin,
View hide microsoft drivers.
Then Edit select all
File save selected items.
Save to desktop.;
name the file abc
and under save as type
Select html file vertical
Upload it here please.
255928 11/7/2023 9:20:44 PM "C:\Windows\System32\drivers\1647D1AB.sys"
255928 4/10/2024 10:04:56 PM "C:\Windows\System32\drivers\16665232.sys"
255928 7/20/2023 9:47:39 AM "C:\Windows\System32\drivers\1725E318.sys"
255928 12/26/2023 10:06:10 AM "C:\Windows\System32\drivers\2117574D.sys"
255928 6/10/2023 6:26:29 PM "C:\Windows\System32\drivers\2137666F.sys"
255928 9/25/2020 11:32:15 AM "C:\Windows\System32\drivers\21482330.sys"
255928 4/23/2020 8:45:15 PM "C:\Windows\System32\drivers\2267138F.sys"
255928 10/8/2022 6:58:36 PM "C:\Windows\System32\drivers\2312871F.sys"
255928 7/5/2022 3:33:34 PM "C:\Windows\System32\drivers\247F02B5.sys"
255928 4/17/2020 1:11:27 AM "C:\Windows\System32\drivers\2513236F.sys"
255928 10/13/2023 6:32:04 PM "C:\Windows\System32\drivers\25761652.sys"
255928 3/16/2023 11:16:07 PM "C:\Windows\System32\drivers\2D4343F7.sys"
255928 8/1/2023 5:02:54 PM "C:\Windows\System32\drivers\3353433B.sys"
255928 7/24/2022 5:52:03 PM "C:\Windows\System32\drivers\3629E23C.sys"
255928 10/5/2023 10:10:55 PM "C:\Windows\System32\drivers\36758AE8.sys"
255928 9/26/2023 11:22:18 PM "C:\Windows\System32\drivers\3692B4F9.sys"
255928 7/21/2022 1:15:46 PM "C:\Windows\System32\drivers\412435CD.sys"
255928 5/20/2023 11:05:16 AM "C:\Windows\System32\drivers\4371E38F.sys"
255928 1/23/2023 11:04:17 PM "C:\Windows\System32\drivers\45342192.sys"
255928 6/22/2020 10:29:52 PM "C:\Windows\System32\drivers\47252210.sys"
255928 11/16/2022 10:39:48 PM "C:\Windows\System32\drivers\477715DF.sys"
255928 3/31/2024 4:00:06 PM "C:\Windows\System32\drivers\512536A4.sys"
255928 1/24/2024 7:29:25 PM "C:\Windows\System32\drivers\52564AD6.sys"
255928 7/2/2022 6:22:00 PM "C:\Windows\System32\drivers\542152F1.sys"
255928 9/10/2020 9:59:37 PM "C:\Windows\System32\drivers\547D95E3.sys"
255928 5/29/2022 5:45:00 PM "C:\Windows\System32\drivers\5511C251.sys"
255928 6/6/2024 7:12:03 PM "C:\Windows\System32\drivers\551592DC.sys"
255928 1/26/2022 11:13:49 AM "C:\Windows\System32\drivers\5565A7B5.sys"
255928 12/17/2020 8:28:54 PM "C:\Windows\System32\drivers\557615C5.sys"
255928 6/2/2020 10:42:10 PM "C:\Windows\System32\drivers\5C62327C.sys"
255928 10/18/2022 9:03:08 PM "C:\Windows\System32\drivers\621654BC.sys"
255928 1/18/2023 2:06:55 AM "C:\Windows\System32\drivers\635331E5.sys"
255928 5/9/2022 6:14:49 PM "C:\Windows\System32\drivers\644331FC.sys"
255928 5/10/2021 10:22:44 PM "C:\Windows\System32\drivers\666453B7.sys"
255928 2/16/2023 9:13:29 PM "C:\Windows\System32\drivers\67223334.sys"
255928 7/2/2022 8:35:23 PM "C:\Windows\System32\drivers\673291CC.sys"
255928 4/30/2021 12:36:02 AM "C:\Windows\System32\drivers\6F467134.sys"
255928 5/9/2023 7:34:59 PM "C:\Windows\System32\drivers\72612919.sys"
255928 9/6/2023 12:54:14 PM "C:\Windows\System32\drivers\7553B522.sys"
255928 9/18/2022 6:57:22 PM "C:\Windows\System32\drivers\76168130.sys"
255928 8/21/2022 5:35:30 PM "C:\Windows\System32\drivers\762461A2.sys"
255928 7/11/2023 6:46:49 PM "C:\Windows\System32\drivers\76784117.sys"
255928 7/10/2020 5:02:43 PM "C:\Windows\System32\drivers\76D13F8E.sys"
255928 1/18/2024 8:26:31 PM "C:\Windows\System32\drivers\77232669.sys"
Edited by FiredUpIce, 25 July 2024 - 08:37 PM.
Basically Water.
#21
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 25 July 2024 - 09:11 PM
Open note pad
Copy and paste the content of the code box.
Paste into notepad.
Save it as 123.bat
to desktop
right click run as admin,.
This is how you run the batch file I created/
Basically Water.
#22
meeshymee
- Topic Starter
-
- Members
- 325 posts
- OFFLINE
- Gender:Not Telling
- Local time:05:33 AM
Posted 25 July 2024 - 09:40 PM
Sorry.. can you tell me one at a time what to do?
Malwarebytes is causing problems? Why would it do that suddenly?
I run both of them one after the other? In safe mode?
I used CrystalDiskInfo before posting.. It says hard drive is good.. I'm not sure if this is the same version as the link you sent but the link you sent doesn't do anything when I try to download. Below is the info. I have.
Do you have any idea what these randomly named drivers are? Can you send a couple of them to virustotal?
which ones? That entire list are unknown?? Maybe from Lenovo? If I understand correctly.. I randomly picked the 2nd one (because it said 2024) and uploaded to the site www.virustotal.com.. It says nothing detected. See picture attached.
I deleted the two sys files from the folder.
It won't let me upload the drivers abc 'vertical html' file.. says I don't have permission.I pasted the info. below.
I appreciate your help but I'm not sure hoe to do all of it and in which order.. I'm also not sure which things will require reboot which I can't do right now because I worry I won;t be able to turn it on again (am waiting for sunday pm)
----------------------------------------------------------------------------
CrystalDiskInfo 9.3.2 © 2008-2024 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Professional [6.1 Build 7601] (x64)
Date : 2024/07/25 23:01:31
-- Controller Map ----------------------------------------------------------
+ Intel® 6th Generation Core Processor Family Platform I/O SATA AHCI Controller [ATA]
- WDC WD5000LPLX-08ZNT SCSI Disk Device
- HL-DT-ST DVDRAM GUE0N SCSI CdRom Device
- BayHubTech Integrated MMC/SD controller [SCSI]
-- Disk List ---------------------------------------------------------------
(01) WDC WD5000LPLX-08ZNTT0 : 500.1 GB [0/0/0, pd1]
----------------------------------------------------------------------------
(01) WDC WD5000LPLX-08ZNTT0
----------------------------------------------------------------------------
Model : WDC WD5000LPLX-08ZNTT0
Firmware : 05.01A05
Serial Number : WD-WXK1A475JPJP
Disk Size : 500.1 GB (8.4/137.4/500.1/----)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 22419 hours
Power On Count : 4264 count
Temperature : 37 C (98 F)
Health Status : Good
Features : S.M.A.R.T., APM, NCQ, GPL
APM Level : 0060h [ON]
AAM Level : ----
Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 144 142 _21 0000000006FF Spin-Up Time
04 _46 _46 __0 00000000D33F Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 _51 000000000000 Seek Error Rate
09 _70 _70 __0 000000005793 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C _96 _96 __0 0000000010A8 Power Cycle Count
C0 200 200 __0 00000000004D Power-off Retract Count
C1 134 134 __0 0000000308CA Load/Unload Cycle Count
C2 106 _83 __0 000000000025 Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 100 253 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 200 200 __0 000000000000 Write Error Rate
F0 _70 _70 __0 0000000055BA Head Flying Hours
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4B31 4134 3735 4A50 4A50
020: 0000 FFFF 0000 3035 2E30 3141 3035 5744 4320 5744
030: 3530 3030 4C50 4C58 2D30 385A 4E54 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0D00
070: 0000 0000 0000 0000 0000 001F 9D0E 0006 004C 004C
080: 03FE 001F 346B 7D09 6123 3469 BC09 6123 407F 0024
090: 0024 0060 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5001 4EE6
110: B246 24BE 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0400
130: 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 49A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 90 8E FF 06 00 00 00 00 00 04 32 00 2E 2E 3F
020: D3 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2F 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 46 46 93 57 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 60 60 A8 10 00 00 00 00 00 C0 32
070: 00 C8 C8 4D 00 00 00 00 00 00 C1 32 00 86 86 CA
080: 08 03 00 00 00 00 C2 22 00 6A 53 25 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 00 00 00 00 00 00 00 F0 32
0D0: 00 46 46 BA 55 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 7C 1A 01 7B
170: 03 00 01 00 02 50 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5E
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 33 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 00 00 00 00 00 00 00 00 F0 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EA
Drivers List
Created by using DriverView
Driver Name amdxata.sys Address FFFFF880`01600000 End Address FFFFF880`0160B000 Size 0x0000b000 Load Count 1 Index 27 File Type System Driver Description Storage Filter Driver Version 1.1.2.5 Company Advanced Micro Devices Product Name Storage Filter Driver Modified Date 3/11/2011 2:41:12 AM Created Date 1/5/2019 12:23:59 PM Filename C:\Windows\system32\drivers\amdxata.sys File Attributes A Service Name amdxata Service Display Name Digital Signature
Driver Name ApsHM64.sys Address FFFFF880`027E9000 End Address FFFFF880`027F4000 Size 0x0000b000 Load Count 1 Index 44 File Type System Driver Description ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver Version 1.82.4.4 Company Lenovo. Product Name ThinkVantage Active Protection System Modified Date 3/21/2017 1:31:12 AM Created Date 3/21/2017 1:31:12 AM Filename C:\Windows\System32\DRIVERS\ApsHM64.sys File Attributes A Service Name TPDIGIMN Service Display Name Digital Signature
Driver Name Apsx64.sys Address FFFFF880`0223A000 End Address FFFFF880`02264000 Size 0x0002a000 Load Count 1 Index 47 File Type Installable Driver Description Shockproof Disk Driver Version 1.82.4.4 Company Lenovo. Product Name ThinkVantage Active Protection System Modified Date 3/21/2017 1:31:12 AM Created Date 3/21/2017 1:31:12 AM Filename C:\Windows\System32\DRIVERS\Apsx64.sys File Attributes A Service Name Shockprf Service Display Name Digital Signature
Driver Name ATMFD.DLL Address FFFFF960`00990000 End Address FFFFF960`009F3000 Size 0x00063000 Load Count 2 Index 149 File Type Driver Description Windows NT OpenType/Type 1 Font Driver Version 5.1.2.254 Company Adobe Systems Incorporated Product Name Adobe Type Manager Modified Date 11/14/2019 10:25:22 PM Created Date 12/11/2019 11:16:30 AM Filename C:\Windows\System32\ATMFD.DLL File Attributes A Service Name Service Display Name Digital Signature
Driver Name bhtpcrdr.sys Address FFFFF880`0674D000 End Address FFFFF880`06783000 Size 0x00036000 Load Count 1 Index 90 File Type Dynamic Link Library Description BayHubTech/O2Micro SD Reader Driver Version 1.1.1.1019 Company BayHubTech/O2Micro Product Name BayHubTech/O2Micro SD Reader Driver Modified Date 4/21/2020 8:06:00 PM Created Date 4/21/2020 8:06:00 PM Filename C:\Windows\system32\DRIVERS\bhtpcrdr.sys File Attributes A Service Name BHTPCRDR Service Display Name Digital Signature
Driver Name btath_a2dp.sys Address FFFFF880`03883000 End Address FFFFF880`038EB000 Size 0x00068000 Load Count 1 Index 142 File Type Dynamic Link Library Description Qualcomm Atheros A2DP driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\drivers\btath_a2dp.sys File Attributes A Service Name BTATH_A2DP Service Display Name Bluetooth A2DP Audio Driver Digital Signature
Driver Name btath_avdt.sys Address FFFFF880`09236000 End Address FFFFF880`09260000 Size 0x0002a000 Load Count 1 Index 141 File Type Dynamic Link Library Description Qualcomm Atheros Bluetooth AVDT driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\drivers\btath_avdt.sys File Attributes A Service Name btath_avdt Service Display Name Qualcomm Atheros Bluetooth AVDT Service Digital Signature
Driver Name btath_bus.sys Address FFFFF880`067CD000 End Address FFFFF880`067DA000 Size 0x0000d000 Load Count 1 Index 115 File Type Dynamic Link Library Description Qualcomm Atheros BUS driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btath_bus.sys File Attributes A Service Name BTATH_BUS Service Display Name Qualcomm Atheros Bluetooth Bus Digital Signature
Driver Name btath_flt.sys Address FFFFF880`03938000 End Address FFFFF880`03954000 Size 0x0001c000 Load Count 1 Index 144 File Type Dynamic Link Library Description Qualcomm Atheros FILTER driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btath_flt.sys File Attributes A Service Name AthBTPort Service Display Name Qualcomm Atheros Virtual Bluetooth Class Digital Signature
Driver Name btath_hcrp.sys Address FFFFF880`038EB000 End Address FFFFF880`03938000 Size 0x0004d000 Load Count 1 Index 143 File Type Dynamic Link Library Description Qualcomm Atheros HCRP driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btath_hcrp.sys File Attributes A Service Name BTATH_HCRP Service Display Name Bluetooth HCRP Server driver Digital Signature
Driver Name btath_lwflt.sys Address FFFFF880`03954000 End Address FFFFF880`0396C000 Size 0x00018000 Load Count 1 Index 145 File Type Dynamic Link Library Description Qualcomm Atheros FILTER driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btath_lwflt.sys File Attributes A Service Name BTATH_LWFLT Service Display Name Bluetooth LWFLT Device Digital Signature
Driver Name btath_rcp.sys Address FFFFF880`09893000 End Address FFFFF880`098DF000 Size 0x0004c000 Load Count 1 Index 140 File Type Dynamic Link Library Description Qualcomm Atheros AVRCP driver Version 4.0.0.688 Company Qualcomm Atheros Product Name Blue Manager Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btath_rcp.sys File Attributes A Service Name BTATH_RCP Service Display Name Bluetooth AVRCP Device Digital Signature
Driver Name btfilter.sys Address FFFFF880`09283000 End Address FFFFF880`09329000 Size 0x000a6000 Load Count 1 Index 126 File Type System Driver Description Qualcomm BtFilter Driver Version 4.0.0.788 Company Qualcomm Product Name Windows ® Win 7 DDK driver Modified Date 5/23/2018 6:09:38 AM Created Date 5/23/2018 6:09:38 AM Filename C:\Windows\system32\DRIVERS\btfilter.sys File Attributes A Service Name BtFilter Service Display Name BtFilter Digital Signature
Driver Name CHDRT64.sys Address FFFFF880`09425000 End Address FFFFF880`095A4000 Size 0x0017f000 Load Count 1 Index 119 File Type Sound Driver Description 64-bit High Definition Audio Function Driver Version 8.66.68.0 Company Conexant Systems Inc. Product Name Conexant HDAudio Driver Modified Date 4/21/2020 8:07:33 PM Created Date 4/21/2020 8:07:33 PM Filename C:\Windows\system32\drivers\CHDRT64.sys File Attributes A Service Name CnxtHdAudService Service Display Name Conexant UAA Function Driver for High Definition Audio Service Digital Signature
Driver Name dump_diskdump.sys Address FFFFF880`0981A000 End Address FFFFF880`09824000 Size 0x0000a000 Load Count 2 Index 134 File Type Unknown Description Version Company Product Name Modified Date N/A Created Date N/A Filename C:\Windows\System32\Drivers\dump_diskdump.sys File Attributes Service Name Service Display Name Digital Signature
Driver Name dump_dumpfve.sys Address FFFFF880`09824000 End Address FFFFF880`09837000 Size 0x00013000 Load Count 1 Index 136 File Type Unknown Description Version Company Product Name Modified Date N/A Created Date N/A Filename C:\Windows\System32\Drivers\dump_dumpfve.sys File Attributes Service Name Service Display Name Digital Signature
Driver Name dump_iaStorAC.sys Address FFFFF880`05822000 End Address FFFFF880`06375000 Size 0x00b53000 Load Count 1 Index 135 File Type Unknown Description Version Company Product Name Modified Date N/A Created Date N/A Filename C:\Windows\System32\Drivers\dump_iaStorAC.sys File Attributes Service Name Service Display Name Digital Signature
Driver Name farflt.sys Address FFFFF880`0D800000 End Address FFFFF880`0D83D000 Size 0x0003d000 Load Count 1 Index 175 File Type System Driver Description Malwarebytes Anti-Ransomware Protection Version 3.2.0.585 Company Malwarebytes Product Name Malwarebytes Anti-Ransomware Protection Modified Date 7/24/2024 8:50:17 AM Created Date 7/24/2024 8:50:17 AM Filename C:\Windows\system32\DRIVERS\farflt.sys File Attributes A Service Name MBAMFarflt Service Display Name MBAMFarflt Digital Signature
Driver Name HWiNFO64A.SYS Address FFFFF880`04C6A000 End Address FFFFF880`04C74000 Size 0x0000a000 Load Count 1 Index 78 File Type System Driver Description HWiNFO AMD64 Kernel Driver Version 8.98.0.0 Company REALiX™ Product Name HWiNFO AMD64 Kernel Driver Modified Date 4/21/2020 8:02:13 PM Created Date 4/21/2020 8:02:13 PM Filename C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS File Attributes A Service Name HWiNFO32 Service Display Name HWiNFO32/64 Kernel Driver Digital Signature
Driver Name iaStorA.sys Address FFFFF880`010FB000 End Address FFFFF880`015CB000 Size 0x004d0000 Load Count 1 Index 24 File Type System Driver Description Intel® Rapid Storage Technology driver - x64 Version 15.2.7.1042 Company Intel Corporation Product Name Intel® Rapid Storage Technology driver Modified Date 1/5/2017 5:39:30 PM Created Date 1/4/2019 7:18:28 PM Filename C:\Windows\system32\DRIVERS\iaStorA.sys File Attributes A Service Name iaStorA Service Display Name Digital Signature
Driver Name iaStorAC.sys Address FFFFF880`016AA000 End Address FFFFF880`021FD000 Size 0x00b53000 Load Count 1 Index 26 File Type System Driver Description Intel® Rapid Storage Technology driver - x64 Version 15.9.8.1050 Company Intel Corporation Product Name Intel® Rapid Storage Technology driver Modified Date 4/21/2020 8:15:15 PM Created Date 4/21/2020 8:15:15 PM Filename C:\Windows\system32\DRIVERS\iaStorAC.sys File Attributes A Service Name iaStorAC Service Display Name Intel® Chipset SATA/PCIe RST Premium Controller Digital Signature
Driver Name iaStorF.sys Address FFFFF880`025F4000 End Address FFFFF880`025FF000 Size 0x0000b000 Load Count 1 Index 49 File Type System Driver Description Intel® Rapid Storage Technology Filter driver - x64 Version 15.9.8.1050 Company Intel Corporation Product Name Intel® Rapid Storage Technology Filter driver Modified Date 4/21/2020 8:15:15 PM Created Date 4/21/2020 8:15:15 PM Filename C:\Windows\system32\DRIVERS\iaStorF.sys File Attributes A Service Name iaStorF Service Display Name Digital Signature
Driver Name ibmpmdrv.sys Address FFFFF880`06A32000 End Address FFFFF880`06A47000 Size 0x00015000 Load Count 1 Index 97 File Type System Driver Description Lenovo Power Management Driver Version 1.67.16.42 Company Lenovo. Product Name ThinkPad Modified Date 12/11/2019 6:42:30 PM Created Date 7/16/2022 1:59:56 PM Filename C:\Windows\system32\DRIVERS\ibmpmdrv.sys File Attributes A Service Name IBMPMDRV Service Display Name Digital Signature
Driver Name igdkmd64.sys Address FFFFF880`074A2000 End Address FFFFF880`07F67000 Size 0x00ac5000 Load Count 1 Index 84 File Type Display Driver Description Intel Graphics Kernel Mode Driver Version 21.20.16.5127 Company Intel Corporation Product Name Intel HD Graphics Drivers for Windows® Modified Date 4/10/2020 9:37:28 AM Created Date 8/2/2020 10:46:38 AM Filename C:\Windows\system32\DRIVERS\igdkmd64.sys File Attributes A Service Name igfx Service Display Name Digital Signature
Driver Name IntcDAud.sys Address FFFFF880`05200000 End Address FFFFF880`05277000 Size 0x00077000 Load Count 1 Index 123 File Type Sound Driver Description Intel® Display Audio Driver Version 6.16.0.3200 Company Intel® Corporation Product Name Intel® Display Audio Modified Date 10/14/2017 12:36:58 PM Created Date 1/4/2019 6:50:05 PM Filename C:\Windows\system32\DRIVERS\IntcDAud.sys File Attributes A Service Name IntcDAud Service Display Name Intel® Display Audio Digital Signature
Driver Name iusb3hub.sys Address FFFFF880`07400000 End Address FFFFF880`07466000 Size 0x00066000 Load Count 1 Index 118 File Type Dynamic Link Library Description Intel® USB 3.0 Hub Driver Version 5.0.1.38 Company Intel Corporation Product Name USB 3.0 Device Driver Modified Date 11/29/2016 11:32:00 AM Created Date 1/4/2019 8:54:54 PM Filename C:\Windows\system32\DRIVERS\iusb3hub.sys File Attributes A Service Name iusb3hub Service Display Name Intel® USB 3.0 Hub Driver Digital Signature
Driver Name iusb3xhc.sys Address FFFFF880`0664E000 End Address FFFFF880`06719000 Size 0x000cb000 Load Count 1 Index 87 File Type Dynamic Link Library Description Intel® USB 3.0 eXtensible Host Controller Driver Version 5.0.4.43 Company Intel Corporation Product Name USB 3.0 Device Driver Modified Date 4/21/2020 8:14:28 PM Created Date 4/21/2020 8:14:28 PM Filename C:\Windows\system32\DRIVERS\iusb3xhc.sys File Attributes A Service Name iusb3xhc Service Display Name Intel® USB 3.0 eXtensible Host Controller Driver Digital Signature
Driver Name mbae64.sys Address FFFFF880`0D83D000 End Address FFFFF880`0D865000 Size 0x00028000 Load Count 1 Index 176 File Type Unknown Description Malwarebytes Anti-Exploit Version 1.13.4.475 Company Malwarebytes Product Name Malwarebytes Anti-Exploit Modified Date 6/9/2022 10:04:22 PM Created Date 12/17/2020 2:36:37 AM Filename C:\Windows\system32\drivers\mbae64.sys File Attributes A Service Name ESProtectionDriver Service Display Name Malwarebytes Anti-Exploit Digital Signature
Driver Name mbam.sys Address FFFFF880`0D865000 End Address FFFFF880`0D87C000 Size 0x00017000 Load Count 1 Index 177 File Type Application Description Malwarebytes Real-Time Protection Version 3.2.0.314 Company Malwarebytes Product Name Malwarebytes Real-Time Protection Modified Date 7/24/2024 8:50:20 AM Created Date 7/24/2024 8:50:20 AM Filename C:\Windows\system32\DRIVERS\mbam.sys File Attributes A Service Name MBAMProtection Service Display Name MBAMProtection Digital Signature
Driver Name MbamChameleon.sys Address FFFFF880`0D96B000 End Address FFFFF880`0D9A5000 Size 0x0003a000 Load Count 1 Index 173 File Type Application Description Malwarebytes Chameleon Version 3.2.0.419 Company Malwarebytes Product Name Malwarebytes Chameleon Modified Date 7/20/2024 11:34:44 AM Created Date 7/20/2024 11:34:44 AM Filename C:\Windows\System32\Drivers\MbamChameleon.sys File Attributes A Service Name mbamchameleon Service Display Name MBAMChameleon Digital Signature
Driver Name mbamswissarmy.sys Address FFFFF880`0D92D000 End Address FFFFF880`0D96B000 Size 0x0003e000 Load Count 1 Index 172 File Type Application Description Malwarebytes SwissArmy Version 4.4.0.212 Company Malwarebytes Product Name Malwarebytes SwissArmy Modified Date 7/20/2024 11:34:41 AM Created Date 2/11/2024 8:01:53 PM Filename C:\Windows\System32\Drivers\mbamswissarmy.sys File Attributes A Service Name MBAMSwissArmy Service Display Name MBAMSwissArmy Digital Signature
Driver Name mwac.sys Address FFFFF880`0D9A5000 End Address FFFFF880`0D9CE000 Size 0x00029000 Load Count 1 Index 174 File Type Network Driver Description Malwarebytes Web Protection Version 1.1.0.177 Company Malwarebytes Product Name Malwarebytes Web Protection Modified Date 7/24/2024 8:49:57 AM Created Date 7/24/2024 8:49:57 AM Filename C:\Windows\system32\DRIVERS\mwac.sys File Attributes A Service Name MBAMWebProtection Service Display Name MBAMWebProtection Digital Signature
Driver Name pmdrvs.sys Address FFFFF880`027D5000 End Address FFFFF880`027DF000 Size 0x0000a000 Load Count 1 Index 39 File Type Unknown Description Lenovo Power Management Driver Version 1.67.16.42 Company Lenovo. Product Name Lenovo Power Management Driver Modified Date 12/11/2019 6:42:30 PM Created Date 7/16/2022 1:59:56 PM Filename C:\Windows\system32\DRIVERS\pmdrvs.sys File Attributes A Service Name PMDRVS Service Display Name Digital Signature
Driver Name Qcamain7x64.sys Address FFFFF880`06A62000 End Address FFFFF880`06DE4000 Size 0x00382000 Load Count 1 Index 92 File Type Network Driver Description Qualcomm Atheros Extensible Wireless LAN device driver Version 11.0.0.768 Company Qualcomm Atheros, Inc. Product Name Driver for Qualcomm Atheros QCA61x4 Network Adapter Modified Date 11/9/2017 8:32:42 AM Created Date 11/9/2017 8:32:42 AM Filename C:\Windows\system32\DRIVERS\Qcamain7x64.sys File Attributes A Service Name Qcamain Service Display Name Qualcomm Atheros Extensible Wireless LAN 11AC device driver Digital Signature
Driver Name Rt64win7.sys Address FFFFF880`05499000 End Address FFFFF880`05597000 Size 0x000fe000 Load Count 1 Index 91 File Type Network Driver Description Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver Version 7.101.714.2016 Company Realtek Product Name Realtek 8136/8168/8169 PCI/PCIe Adapters Modified Date 10/19/2016 3:41:44 PM Created Date 1/4/2019 8:55:34 PM Filename C:\Windows\system32\DRIVERS\Rt64win7.sys File Attributes A Service Name RTL8167 Service Display Name Realtek 8167 NT Driver Digital Signature
Driver Name Smb_driver_Intel.sys Address FFFFF880`06A47000 End Address FFFFF880`06A56000 Size 0x0000f000 Load Count 1 Index 99 File Type Driver Description Synaptics SMBus Driver Version 19.3.4.225 Company Synaptics Incorporated Product Name Synaptics SMBus Driver Modified Date 1/12/2020 11:18:00 PM Created Date 1/30/2024 10:29:14 AM Filename C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys File Attributes A Service Name SmbDrvI Service Display Name Digital Signature
Driver Name SPUVCbv64.sys Address FFFFF880`098F3000 End Address FFFFF880`099FC000 Size 0x00109000 Load Count 1 Index 130 File Type Driver Description SunplusIT Camera Driver Version 6.0.0.130 Company Sunplus Innovation Technology Inc. Product Name SunplusIT Camera Driver Modified Date 4/21/2020 8:19:53 PM Created Date 4/21/2020 8:19:53 PM Filename C:\Windows\System32\Drivers\SPUVCbv64.sys File Attributes A Service Name SPUVCbv Service Display Name SPUVCb Driver Service Digital Signature
Driver Name TeeDriverx64.sys Address FFFFF880`0671B000 End Address FFFFF880`0674D000 Size 0x00032000 Load Count 1 Index 89 File Type System Driver Description Intel® Management Engine Interface Version 11.7.0.1057 Company Intel Corporation Product Name Intel® Management Engine Interface Modified Date 11/28/2017 6:07:02 AM Created Date 11/28/2017 6:07:02 AM Filename C:\Windows\system32\DRIVERS\TeeDriverx64.sys File Attributes A Service Name MEIx64 Service Display Name Intel® Management Engine Interface Digital Signature
Driver Name XtuAcpiDriver.sys Address FFFFF880`055E2000 End Address FFFFF880`055F2000 Size 0x00010000 Load Count 1 Index 102 File Type Installable Driver Description Intel® Acpi Control Driver Version 4.0.0.14 Company Intel Corporation Product Name Intel® Extreme Tuning Utility Performance Tuning Driver Modified Date 4/18/2017 6:02:34 AM Created Date 4/18/2017 6:02:34 AM Filename C:\Windows\system32\DRIVERS\XtuAcpiDriver.sys File Attributes A Service Name XtuAcpiDriver Service Display Name Intel® Extreme Tuning Utility Device Service Digital Signature
Attached Files
-
Capture.JPG 21.27KB
0 downloads
-
drivers.JPG 38.08KB
0 downloads
Edited by meeshymee, 25 July 2024 - 10:22 PM.
#23
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 26 July 2024 - 01:52 AM
I do not know why malwarebytes is blamed in the BSOD ? But it most certainly is, that program does update from time to time...
I am sorry if you do not want to remove malwarebytes, I am unsure how to trouble shoot if the information you are giving me points in one direction and you are unwilling to go there.
I understand that you have had the program for a while windows is strange what works today may not work tomorrow.
Crystal disk says the Harddrive is fine. Also, HDtune is fine to download with the link I provided.
Edited by FiredUpIce, 26 July 2024 - 01:57 AM.
Basically Water.
#24
meeshymee
- Topic Starter
-
- Members
- 325 posts
- OFFLINE
- Gender:Not Telling
- Local time:05:33 AM
Posted 26 July 2024 - 11:40 AM
I can uninstall as long as I can put it back - it's not the free version.
I am just confused which order to do things.. I will definitely do the batch things Sunday (I need to use the computer til then and am afraid it won't restart like last time, after shutting down or rebooting ).
So it seems my Malwarebytes is causing the BSOD on startup? And a reinstall will fix it?
It won't let me down download hdd... see attached.
Attached Files
-
hdd.JPG 14.73KB
0 downloads
Edited by meeshymee, 26 July 2024 - 07:02 PM.
#25
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 26 July 2024 - 07:50 PM
You can reinstall anything you like,
As far as it causing a BSOD yes.
Will it fix the issue, can not say.
Can you just list eveything you have done, then I will re read the entire thread and provide step by step instructions. I will have that laid out for you before Sunday,
Basically Water.
#26
meeshymee
- Topic Starter
-
- Members
- 325 posts
- OFFLINE
- Gender:Not Telling
- Local time:05:33 AM
Posted 27 July 2024 - 09:07 AM
Oh that would be wonderful - thank you.
Prior to this thread I ran sfc /scannow, CHKDSK /f, /r, /x.
I tried to do everything that didn't require reboot, so not that much.
- I used the uninstaller for defender (I was under the impression it was disabled since day 1 through group policy so I never understood why it would show up in any errors)
- I removed the two files:
410536 8/25/2022 2:57:54 AM "C:\Program Files\Trend Micro\HouseCall\Tmcomm.sys"
67168 8/25/2022 2:57:54 AM "C:\Program Files\Trend Micro\HouseCall\TMEBC64.sys"
- I have NO IDEA what all those random drivers are and sent one (if there was a batch option I'd send them all).
- I can't download hdd (failed)
I think that's it..
I didn't do the two notepad batch files.
I disabled MSE but didn't remove for the time being.. I'm confused because I read that it uses "Windows 10 defender definitions so you should be fine in 2024".. Not sure if that's true.
https://www.reddit.com/r/windows7/comments/1dl9fq9/does_microsoft_security_essentials_still_protect/
#27
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 28 July 2024 - 03:40 AM
Step 1: Batch file to remove some garbage and disable winodws defender and windows update, a useless service in your case to be running
You can simply delete step 3 from the batch file if you wish, it is just to turn off hibernation, which you seem to use and may be unrelated to the issue, but is something I do when I am paid to work on machines.
Open notepad
copy and paste the code box content into it
Save to desktop as 123.bat
right click 123.bat run as admin.
@echo off :: This batch file performs several maintenance tasks :: Step 1: Clean Event Viewer Logs echo Cleaning Event Viewer Logs... wevtutil cl Application wevtutil cl Security wevtutil cl Setup wevtutil cl System echo Event Viewer Logs cleaned. :: Step 2: Clean Temp Files echo Cleaning Temporary Files... del /q /f %temp%\* del /q /f C:\Windows\Temp\* echo Temporary Files cleaned. :: Step 3: Disable Hibernation echo Disabling Hibernation... powercfg -h off echo Hibernation disabled. :: Step 4: Disable Windows Defender (Note: This may expose your system to risks) echo Disabling Windows Defender... sc stop WinDefend sc config WinDefend start=disabled echo Windows Defender disabled. :: Step 5: Fix Fatal Alert Error (10) echo Attempting to fix fatal alert error... reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "EnableSecurity" /t REG_DWORD /d "0" /f netsh int ip reset resetlog.txt netsh winsock reset catalog ipconfig /flushdns REM Stop the Windows Update service sc stop wuauserv REM Set the Windows Update service to disabled sc config wuauserv start= disabled echo All tasks completed. exit
Step 2: Removal of outdated MSE
Microsoft Security Essentials (MSE) is no longer supported. The end of support for MSE coincided with the end of support for Windows 7, which occurred on January 14, 2020.
Please remove it with geekUninstaller.
Sometimes security software can conflict with each other, and if you have the paid version of malwarebytes there is no need for this,.
Step 3: This will remove some useless items from the machine.
Run this batch file from safe mode please. How to boot to safe mode.
Open notepad
copy and paste the code box content into it
Save to desktop as 1234.bat
right click 123.bat run as admin.
del "C:\Windows\Tasks\CleanerOneProAutoUAC.job" del "C:\Users\User\AppData\Local\housecall.guid.cache" rmdir /s /q "C:\Users\All Users\RogueKiller" rmdir /s /q "C:\Users\User\AppData\Local\ESET" rmdir /s /q "C:\4ea870fc95e02110cf4cbfadca3e3c" rmdir /s /q "C:\Users\All Users\IObit" rmdir /s /q "C:\Users\All Users\Norton" rmdir /s /q "C:\Users\User\AppData\LocalLow\IObit" rmdir /s /q "C:\Program Files\Trend Micro" reg delete "HKLM\Software\WOW6432Node\AVAST Software" /f reg delete "HKLM\Software\NordDivert" /f reg delete "HKLM\Software\ESET" /f reg delete "HKLM\Software\WOW6432Node\Eset" /f reg delete "HKLM\Software\CoreSecurity" /f reg delete "HKU\S-1-5-21-3387588297-3775100362-1754828942-1000\Software\ESET" /f reg delete "HKLM\Software\SophosScanAndClean" /f reg delete "HKLM\Software\TrendMicro" /f reg delete "HKLM\Software\WOW6432Node\trendmicro" /f reg delete "HKU\.DEFAULT\Software\Adlice Software" /f reg delete "HKU\S-1-5-21-3387588297-3775100362-1754828942-1000\Software\Adlice Software" /f ren "C:\Windows\System32\Drivers\tapnordvpn.sys" "tapnordvpn.bak" ren "C:\Windows\System32\Drivers\mcvidrv.sys" "mcvidrv.bak" ren "C:\Windows\System32\Drivers\XtuAcpiDriver.sys" "XtuAcpiDriver.bak"
Basically Water.
#28
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 28 July 2024 - 03:42 AM
For now, leave malwarebytes and perform the steps above, and reboot the machine and see how it performs. If there is another BSOD then upload the single dump file for review.
Basically Water.
#29
meeshymee
- Topic Starter
-
- Members
- 325 posts
- OFFLINE
- Gender:Not Telling
- Local time:05:33 AM
Posted 28 July 2024 - 04:33 PM
Disable defender? I thought the uninstaller uninstalled it.
So none of this will uninstall Malwarebytes?
I get new updates on windows update every day - says it's for MSE - what is it updating?
Thanks - I will do it this evening.
Edited by meeshymee, 28 July 2024 - 04:45 PM.
#30
FiredUpIce
-
- Members
- 326 posts
- OFFLINE
Posted 28 July 2024 - 04:51 PM
Running the batch file will not hurt, it will make sure the services are disabled if they exist.
No, malwarebytes is safe.
I'll tell you after re-reading the whole thread, there were remnants of multiple antivirus applications on the computer. Which could be causing the issue with MB throwing the error. Running the batch files to clean up will certainly not hurt anything, and allow us to venture further into trouble shooting if needed.
Mcafee
Trend
Malwarebytes
Microsoft Security Essentials.
Eset
These from trend and Mcafee were still active... which may be responsible for throwing the fatal error 10
Error: (07/23/2024 11:41:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10.
Might also be worth resetting your firewall to default, unless you have some custom settings you would like to keep. netsh advfirewall reset
C:\Windows\System32\Drivers\mcvidrv.sys C:\Program Files\Trend Micro\HouseCall\Tmcomm.sys C:\Program Files\Trend Micro\HouseCall\TMEBC64.sys
Basically Water.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
