Jump to content

MBAM2 = BSOD on Windows7. No fix?


Mattz

Recommended Posts

I ran MBAM Prem vs1 for many, many years with no issues on a PC with good specs running Windows7. Vs1 did what it was supposed to and caused no problems. The second I updated to vs2, I started getting BSOD (blue screen of death) crashes. I also started getting limited connectibity issues, requiring reboots to get back online. I went round and round with tech support about the crashes (I wasn't yet associating the connectivity issues to MBAM), who were unable correct this, and I eventually reverted back to vs1. I went for nearly another year with no issues, until vs1 kept detecting 2 non-malware items, which kept coming back after being deleted. I thought that perhaps enough updates to vs2 had come out that the crash problem might no longer be an issue. Nope. Totally wrong. As soon as I updated... BSOD crashes, and eventually, my pc was permanently fried. The PC was old enough that I put it down to bad hard drive sectors (which I had detected, prior to the unrecoverable crash).

 

I bought a new HGST hard drive (2TB 7200rpm 32MB cache), installed Windows7, recovered my data and reinstalled everything, except for MBAM. I ran for 2 weeks with just MSE and had no issues. MSE never detected anything, but still thinking that the previous problem had been the old hard drive, I uninstalled MSE and installed MBAM Prem vs2. 1st scans detected nothing, but guess what started happening? BSOD crashes and limited connectivity issues. I uninstalled and went back to MSE. No more issues. A month later, I submitted a case to support, who said thay couldn't help, unless I installed MBAM again, so I did, and guess what? More BSOD and limited connectivity! I'm not really expecting a fix from support, after my last run around in circles with them. I don't want to upgrade to Windows10 and don't really have much confidence that I wouldn't get MBAM caused crashes, even if I did.

 

My PC is no slouch: Intel i7-2600 3.4GHz, 12GB RAM, 64-bit OS, over 1TB free space. And I don't seem to have anything on it that should cause conflicts. Crashe seem random when nothing was open or running and nothing was scheduled.

 

So, can anyone tell me why I should risk reinstalling MBAM Prem when support hasn't been able to help?

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

Have you tried installing MalwareBytes and not installed the Pro version (in other words, not letting it start with Windows)?  If so, what were the results?
 
Only 257 Windows Update hotfixes installed.  Most systems with SP1 have 350 or more.  Please visit Windows Update and get ALL available updates (it may take several trips to get them all).

These devices have problems in Device Manager:

SM Bus Controller    PCI\VEN_8086&DEV_1C22&SUBSYS_2AB6103C&REV_05\3&11583659&0&FB    The drivers for this device are not installed.
Universal Serial Bus (USB) Controller    PCI\VEN_1033&DEV_0194&SUBSYS_80051B5B&REV_03\4&1AFCC52E&0&00E1    The drivers for this device are not installed.

Please download and install the drivers for your chipset and for your USB 3.0 device (available from the HP Support website for your model).
 
Interestingly, the raw stack text shows a lot of networking stuff after the MalwareBytes driver (mwac.sys) appears in the stack.
Makes me wonder about a networking component to your BSOD's (the memory dumps also blame the networking stuff).
Please:
- download the latest wired, wireless, and bluetooth drivers for your system.
- uninstall the current drivers (from Control Panel...Programs and Features).  If not available there, then uninstall via Device Manager (only do this after looking at Programs and Features)
- then install the freshly downloaded drivers
- monitor for further BSOD's
 
Also, I would suggest updating any of the drivers that are dated later than the one's that appear in the memory dumps.
In particular, I am concerned about the dates on the Intel programs - such as the Intel Management Engine (IME) and the Intel Rapid Storage Technology (RST) drivers.
 
Finally, if this doesn't stop the BSOD's, I'd suggest running Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html
 
Analysis:
The following is for informational purposes only.
**************************Sat Dec 12 09:56:08.163 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\121215-14944-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.19045.amd64fre.win7sp1_gdr.151019-1254
System Uptime: 0 days 0:28:41.991
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
BugCheck 19, {20, fffffa800deba2a0, fffffa800deba2c0, 4020009}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800deba2a0, The pool entry we were looking for within the page.
Arg3: fffffa800deba2c0, The next pool entry.
Arg4: 0000000004020009, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
CPUID:        "Intel® Core i7-2600 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  7.11
  BIOS Release Date             03/18/2011
  Manufacturer                  Hewlett-Packard
  Baseboard Manufacturer        PEGATRON CORPORATION
  Product Name                  Rfrb HPE-570t
  Baseboard Product             2AB6
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Dec 11 18:04:50.591 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\121115-15147-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.19045.amd64fre.win7sp1_gdr.151019-1254
System Uptime: 0 days 0:46:46.419
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
BugCheck 19, {20, fffffa800cc06050, fffffa800cc06070, 4020005}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800cc06050, The pool entry we were looking for within the page.
Arg3: fffffa800cc06070, The next pool entry.
Arg4: 0000000004020005, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
CPUID:        "Intel® Core i7-2600 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  7.11
  BIOS Release Date             03/18/2011
  Manufacturer                  Hewlett-Packard
  Baseboard Manufacturer        PEGATRON CORPORATION
  Product Name                  Rfrb HPE-570t
  Baseboard Product             2AB6
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Oct 18 02:14:10.600 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\101815-28969-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.19018.amd64fre.win7sp1_gdr.150928-1507
System Uptime: 0 days 1:21:14.428
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
BugCheck 19, {20, fffffa800d909150, fffffa800d909170, 4020015}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800d909150, The pool entry we were looking for within the page.
Arg3: fffffa800d909170, The next pool entry.
Arg4: 0000000004020015, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
CPUID:        "Intel® Core i7-2600 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  7.11
  BIOS Release Date             03/18/2011
  Manufacturer                  Hewlett-Packard
  Baseboard Manufacturer        PEGATRON CORPORATION
  Product Name                  Rfrb HPE-570t
  Baseboard Product             2AB6
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Oct 14 13:22:15.974 2015 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\101415-18267-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Built by: 7601.19018.amd64fre.win7sp1_gdr.150928-1507
System Uptime: 0 days 18:12:19.690
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
BugCheck 19, {20, fffffa800ee36ce0, fffffa800ee36d00, 4020003}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800ee36ce0, The pool entry we were looking for within the page.
Arg3: fffffa800ee36d00, The next pool entry.
Arg4: 0000000004020003, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
CPUID:        "Intel® Core i7-2600 CPU @ 3.40GHz"
MaxSpeed:     3400
CurrentSpeed: 3392
  BIOS Version                  7.11
  BIOS Release Date             03/18/2011
  Manufacturer                  Hewlett-Packard
  Baseboard Manufacturer        PEGATRON CORPORATION
  Product Name                  Rfrb HPE-570t
  Baseboard Product             2AB6
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
Any drivers in RED should be updated or removed from your system. And should have been discussed in the body of my post.
**************************Sat Dec 12 09:56:08.163 2015 (UTC - 5:00)**************************
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
iaStorV.sys                 Thu Jun 10 20:46:19 2010 (4C11875B)
HECIx64.sys                 Tue Oct 19 19:33:43 2010 (4CBE2AD7)
Rt64win7.sys                Wed Dec 29 06:44:36 2010 (4D1B1F24)
PxHlpa64.sys                Tue Apr 24 13:26:29 2012 (4F96E245)
stwrt64.sys                 Wed Apr 25 05:44:37 2012 (4F97C785)
atikmpag.sys                Wed Apr 25 23:32:45 2012 (4F98C1DD)
atikmdag.sys                Thu Apr 26 00:12:35 2012 (4F98CB33)
netr28x.sys                 Fri Feb 22 04:10:29 2013 (51273605)
NuidFltr.sys                Thu Dec 12 08:16:25 2013 (52A9B729)
mwac.sys                    Tue Jun 17 22:06:34 2014 (53A0F42A)
mbae64.sys                  Mon Sep  8 14:27:15 2014 (540DF503)
MpFilter.sys                Thu Feb 26 19:21:20 2015 (54EFB880)
point64.sys                 Wed Jul 22 14:21:18 2015 (55AFDF1E)
dc3d.sys                    Wed Jul 22 14:21:39 2015 (55AFDF33)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Oct 18 02:14:10.600 2015 (UTC - 5:00)**************************
exfat.SYS                   Mon Jul 13 19:23:29 2009 (4A5BC1F1)
PxHlpa64.sys                Thu May 12 13:16:44 2011 (4DCC15FC)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=iaStorV.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
http://www.carrona.org/drivers/driver.php?id=stwrt64.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=netr28x.sys
http://www.carrona.org/drivers/driver.php?id=NuidFltr.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=MpFilter.sys
http://www.carrona.org/drivers/driver.php?id=point64.sys
http://www.carrona.org/drivers/driver.php?id=dc3d.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=exfat.SYS
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys

Link to post
Share on other sites

This isn't my first time going through this. I've no doubt running the non-prem vs will not cause crashes. It didn't before, so I haven't tried that, but what's the point really? I can just stick with MSE for that. All available Windows updates were already installed. Last auto check was this am and shows only 2 optional. HP support was a joke. Failed to scan for drivers. I selected the first on the list and installed it. Intel appeared to install, but then said failed. I tried several other driver programs that seem like a scam and uninstalled them (I'm not paying for that). I think I updated the first driver above, but not the second. I'm not a geek. Just don't know if any of that was successful. The rest of what you said is beyond my skill level. No thanks to mbam support, who's last email said they will look into it... a week ago.

Link to post
Share on other sites

Just follow my suggestions line-by-line.
As you have questions about it, just post back here and we'll do our best to answer your questions.

There is no need to pay for anything - don't purchase programs that claim to take the work out of this, they're just not worth it (and many are scams).

 

For help with downloading drivers, we'll need the exact model number of your HP system.

Here's a link about it at the HP website: 

- Desktops:  http://support.hp.com/us-en/document/bph07555

- Laptops:  http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c00033108

Link to post
Share on other sites

As I said, HP support was a waste of time. Entered model, got error when scanning my device and only provided a list of possible drivers, instead of exact ones needed. Downloaded HP Support Assistant and ran it. No better.

Intel Driver Update Utility scans, finds Chipset Device Drivers, pop-up seems to install and says it was successful, but Utility says it failed.

Going into devices, pc, troubleshoot finds nothing wrong and no drivers missing.

I did find the USB3 driver at devicescape.com and that is now working properly (hadn't, since I put in new hard drive). There is also a list of system and chipset drivers for my device on that page. Should I download and install them? Would that address the SM Bus Controller drivers you say are missing? http://www.driverscape.com/manufacturers/hp/laptops-desktops/hpe-570t/24606

Link to post
Share on other sites

I presume (from the DriverScape page) that you have an HP Pavilion Elite HPE-570t CTO Desktop PC

 

The "find your product" thing is as reliable as the driver update tools that you find on the web.

That's why I make specific recommendations on how to do this.

 

Also, please understand that the Intel drivers used on your system have been modified by HP.

While the Intel drivers from Intel will most likely work, it's more certain that the one's from HP will work best for you.

Finally, while the HP Support Assistant (that is usually installed on your system) is a good tool, it's not perfect.

While it's great for updating things under normal circumstances - it's best to manually check (as I show in the next paragraph).

 

If you have an HP Pavilion Elite HPE-570t CTO Desktop PC, go to this page:  http://support.hp.com/us-en/drivers/selfservice/HP-Pavilion-Elite-HPE-500-Desktop-PC-series/5035344/model/5061004

That page should automatically detect your operating system - but if not, be sure that it shows Windows 7

Then scroll down to the "Driver - Original" section and expand it by clicking on it.

Then scroll down to the "Original Intel Chipset driver" (the 7th one down) and download/install it.

Then scroll down to the "Original Intel Management Engine Interface driver" (the 9th one down, 2 past the chipset driver) and download/install it.

 

If there are no errors installing the devices, then the next step is to wait and see if the BSOD's return.

Good luck.

Link to post
Share on other sites

That's the page I had been going to. Not sure why it tacks "CTO" onto the model number from the find your model page, but it does. On the page you gave link for, clicking on "Check Now" cycles, gives error, and list of possibles, but not exact drivers needed. It wasn't intuitive, but I found the drivers you directed me to and installed. I'll give mbam a final try, but I don't expect any difference. Those drivers were there, before I got the new hard drive.

Link to post
Share on other sites

I was referring to the time before, when all you had said was that I could find it at HP support. Either way, click or no click, you end up where you were sending me, and last night I did install the set you instructed me to. Today, I went ahead and reinstalled mbam, activated it, and ran threat scan. All it found was 1 pup. The moment I clicked remove, screen went black and then blue. That's a new record. BSOD in about 10 minutes after mbam install.

Link to post
Share on other sites

That pup it found was one of the driver assist programs I downloaded yesterday. I had already uninstalled it, but neglected to delete the download file, which is what found.

Just for laughs, I've uninstalled mbam, run mbam-clean and installed the non-prem vs. Considering the predictability I've come to expect, I'm not anticipating any crashes. That's just not what I paid for.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.