Jump to content

BSOD Error - Verified Source: MBAM


Recommended Posts

I have suffered a BSOD and called Toshiba laptop technical support and after running several tests they identified positively as MBAM as being the source of the error and gave me the following report:

 

BAD_POOL_HEADER 0x00000019 Windows 7 Error

error 0xc000000d win 7 64bit

 

Sorry, I don't know how to ZIP a file, therefore the perform report file is unzipped.

 

Can you please help me?

 

 

 

 

 

SysnativeFileCollectionApp.zip

perform report.html

Link to post
Share on other sites

Hello rwharold:
 
Please take no additional remedial steps from this time forward unless requested to do so by a member of this forum's BSOD Kernel Dump Expert/Expert/Trusted Advisor/Moderator/Administrator groups.
 
In an effort to bring more clarity to your system's issue, please consider providing the additional below reports:

  • Please read the topic Diagnostic Logs and then individually ATTACH the 3 requested logs in your next reply to this thread only.
  • The 3 files, from Step 1, to be individually ATTACHED from your desktop are CheckResults.txt, FRST.txt and Addition.txt. Please do not Zip or Copy and Paste them into a reply. Please do not alter, any FRST categories as they are pre-configured for this subforum.

Then, because it will take additional time, please read Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 & Vista and similarly post those reports to this thread.

Thank You rwharold.

Link to post
Share on other sites

No memory dumps in the uploaded reports. Maybe Toshiba deleted them?

 

Only 210 Windows Update Hotfixes installed.  Most W7 SP1 systems have 300 to 350 or more.  Please get ALL available Windows Updates.  If you have troubles with Windows Update, please post back to get help in fixing that.

 

4 memory dumps listed in the WER section of MSINFO32.

3 are STOP 0x19 errors that blame the kernel (core) of the OS

1 is a STOP 0x7E error that blames a Symantec/Norton driver

 

We have seen BSOD's blaming MalwareBytes that are actually caused by other programs.
One of these was a popular anti-virus solution.

I would first suggest that:

- you uninstall your Norton/Symantec products using Control Panel...Programs and Features.

- then I'd suggest using the free Norton Removal Tool to get rid of any remnants:  https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

- then (temporarily) download and install Microsoft Security Essentials for protection while we're troubleshooting this problem.  Don't forget to check and see if the Windows firewall is active - as Norton may have turned it off.

 

Then wait and see if the BSOD's continue

 

FYI - BSOD's that blame the kernel of the OS aren't likely to be correct.  There are many protection mechanisms for this within the OS, and if it was a problem with the kernel - then you'd have many more problems other than the occasional BSOD.

More likely is that a 3rd party driver has caused a corruption in the kernel's memory space.

And when the kernel went to look at that memory space and found unknown data - it panicked and threw a BSOD to prevent possible damage to the system.

Link to post
Share on other sites

Oh, the report that Toshiba gave you doesn't show blame for Malwarebytes.

It shows that there was an invalid parameter passed to a function  (the 0xc000000d error) which (presumably) resulted in a STOP 0x19 error.

STOP 0x19 is shorthand for the STOP 0x00000019 in your report.
The Symbolic Name for the STOP 0x19 error is BAD_POOL_HEADER.

Here's a link to the info on this error at my website:  http://www.carrona.org/bsodindx.html#0x00000019

Link to post
Share on other sites

For some strange reason, I NEVER received any of your above communications. Only after complaining to "AdvancedSetup", he told me that you had already replied twice to my posting. Is there something wrong with your reply system?

 

Since it is very late at night and I am tired and ready to go to bed, I will have to work on your requests tomorrow. However, in the mean time, perhaps you can address some of my current concerns. Since I have run the original programs that you requested that I download and install, my computer has begun to act VERY strangely. My  NORMAL time that it usually takes to do a system re-boot is around 30 seconds. Now the re-boot time is 160 seconds. Webpages take forever to load. Is there a program running in the background that is causing these abnormalities?

Link to post
Share on other sites

In the upper right corner of the post is a button to "Follow this topic"  Click on that and select that it notify you immediately by email.

I have had issues with this and have had to change my account settings - but I just fiddled around with them.

FYI - I usually respond in the early morning (UTC-5) on the east coast of the US.

So try checking then.

 

While I have a Staff title, I have very few permissions to do things with the forums.

It's best to ask those questions of a moderator or administrator.

 

I'd expect that problems with your Norton product may be causing issues.  But that's just a guess on my part.

I don't recall anyone who has experienced similar issues in the years that I've been doing this.

Could it be that the system is infected?  If so, it may be trying to reassert control over your system.

If you suspect an infection, then I'd post over in the Malware Removal Help forum;  https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/

 

Let's try looking at this report, it may give some clues as to what's going on:

Please do the following:
- open Event Viewer (run eventvwr.msc from the "Run" dialog)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on the "Administrative Events" heading
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).
 

Beyond that, I'll probably ask for a fresh copy of the first report that you submitted.

It has a bit more information in it (but is harder to sort through).

 

Good luck!

Link to post
Share on other sites

For some strange reason, I NEVER received any of your above communications. Only after complaining to "AdvancedSetup", he told me that you had already replied twice to my posting. Is there something wrong with your reply system?

 

Since it is very late at night and I am tired and ready to go to bed, I will have to work on your requests tomorrow. However, in the mean time, perhaps you can address some of my current concerns. Since I have run the original programs that you requested that I download and install, my computer has begun to act VERY strangely. My  NORMAL time that it usually takes to do a system re-boot is around 30 seconds. Now the re-boot time is 160 seconds. Webpages take forever to load. Is there a program running in the background that is causing these abnormalities?

Please re-read my second paragraph above concerning the strange behavior of my computer since running those two initial programs that I downloaded and ran. In addition to the strange items mentioned, MBAE is also affected. It will not load. Is there a program running in the background causing this strange behavior?

Link to post
Share on other sites

Please re-read my 3rd paragraph for my suspicions/guesses regarding your system's behavior.

 

 

As an additional suggestion - you may want to uninstall your Norton and then run the Norton Removal Tool in order to remove any remnants.
Here's a link to the Norton Removal Tool:  ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

This is a direct download, so I suggest that you scan it with your antivirus after downloading it (so don't uninstall Norton until after you've done this).

Then, to be sure that you're protected while we're troubleshooting - please download and install Microsoft Security Essentials (free from here:  http://windows.microsoft.com/en-us/windows/security-essentials-download )

 

 

Please re-read my 4th and 5th paragraphs for things to do in order to help us figure out and resolve your issues.

 

 

I am a volunteer and am in no way associated with MalwareBytes (other than my participation in these forums).

I am a BSOD analyst, and I spend a lot of time working with Windows error messages.  I know little about MBAM and little about antivirus/malware problems.

Link to post
Share on other sites

Hello rwharold:

 

Please take no additional remedial steps from this time forward unless requested to do so by a member of this forum's BSOD Kernel Dump Expert/Expert/Trusted Advisor/Moderator/Administrator groups.

 

In an effort to bring more clarity to your system's issue, please consider providing the additional below reports:

  • Please read the topic Diagnostic Logs and then individually ATTACH the 3 requested logs in your next reply to this thread only.
  • The 3 files, from Step 1, to be individually ATTACHED from your desktop are CheckResults.txt, FRST.txt and Addition.txt. Please do not Zip or Copy and Paste them into a reply. Please do not alter, any FRST categories as they are pre-configured for this subforum.

Then, because it will take additional time, please read Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 & Vista and similarly post those reports to this thread.

Thank You rwharold.

Before I take any of the additional steps requested in this posting, I would like a definitive answer to my very specific question. Prior to running the two requested programs: 1) SysnativeFileCollectionApp and 2) Perform, there had been no BSODs for several days and my computer was running normally; ie: boot-up times averaging 15 seconds, MBAM scans averaging 7 to 8 minutes, MBAE loading normally, and web pages loading quickly. AFTER running these two programs everything has changed. Boot-up time is now 160 seconds, MBAM scans 30 minutes, MBAE won't load, and web pages take considerably longer to load. It is like EVERYTHING is in SLOW MOTION now. Is one or the other of these two programs now running in the background causing these problems?

Link to post
Share on other sites
  • Root Admin

Hi rwharold

 

Let me see if I can assist you and get the computer back to it's previous working state. We have no idea why or what would cause the issues you're experiencing as it's not normal behavior from the programs.

 

Please run the FRST program as requested. Make sure you place a check mark on the Additions.txt check box and post back both new logs as attachments please.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Thank you

 

Ron

Link to post
Share on other sites

Thanks for your help Ron. It is most important that I get my system back to the way it was before I ran those two programs BEFORE I run ANY of the many of the other steps that are being requested. The two files that you requested are attached. What's next?

FRST.txt

Addition.txt

Link to post
Share on other sites
  • Root Admin

Okay well not sure where or how you got these programs installed but please uninstall the following programs. Go into Control Panel, Programs, Add/Remove and uninstall them please.

 

 

Wise Care 365

SpyHunter 4

FileHippo App Manager

Nanoheal Client

 

After you've uninstalled those programs restart the computer and then run the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Thanks

 

 

fixlist.txt

Link to post
Share on other sites

Okay well not sure where or how you got these programs installed but please uninstall the following programs. Go into Control Panel, Programs, Add/Remove and uninstall them please.

 

 

Wise Care 365

SpyHunter 4

FileHippo App Manager

Nanoheal Client

 

After you've uninstalled those programs restart the computer and then run the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

 

Thanks

Ron,

 

Those four programs have been installed a long time and were most certainly running when I had the period of time after the BSOD and prior to the running of the two programs 1) SysnativeFileCollectionApp and 2) Perform. During that period of time, my computer was running normally with the run time stats that I reported previously and MBAE would load. I paid good money for the WiseCare program, and Nanoheal is a diagnostic program that was installed by the Toshiba Technical support department months ago. I most certainly don't mean to be disrespectful, but they couldn't be the source of the problem since they were running when all things were perfectly normal. I realize that you are trying to do your best to solve this initial problem, but there just has to be another source. It just can't be a coincidence that the sluggishness and MBAE problem only started IMMEDIATEDLY after those two programs were run.

 

Richard

 

Richard

Link to post
Share on other sites
It just can't be a coincidence that the sluggishness and MBAE problem only started IMMEDIATEDLY after those two programs were run.

 

Hi,

 

Just to make you aware, the SysnativeBSODCollectionApp is simply a program designed to collect system information and gather log files required for analysis. The app makes no modifications to your system. It has been run on thousands, if not tens of thousands of computers over the years and has not caused any issues.

 

Perfmon is a tool built into Windows and the command perfmon /report simply opens perfmon and generates a report on some system information. Again, this is a native windows tool by Microsoft, and wouldn't cause these issues.

 

Kind regards,

Stephen (Admin, Sysnative Forums)

Link to post
Share on other sites

Attn: Ron (AdvancedSetup),

 

I've have invested a lot of money in WiseCare 365, SpyHunter4, and Norton Security which have never caused me any problems in the years that I have been using them. And Nanoheal Client was installed by the Toshiba Technical Support team as a diagnostic tool for their troubleshooting. With these considerations, what do you want me to do next? I most certainly want to get this strange behavior problem solved before I begin the BSOD trouble shooting steps, taking one step at a time. I'll do whatever you want me to do.

 

Best regards,

 

Richard

Link to post
Share on other sites
  • Root Admin

Well I'm sorry then Richard. There is nothing we can do for you if you don't wish to listen to our advice. Regardless if you've paid money for these apps are not does not make them good apps.

 

Uninstall MBAM and all tools used since you've posted and then do a System Restore back to before Dec 31 when you posted and your computer will be back to the way it was exactly before, good or bad.

 

Thank you

Link to post
Share on other sites

Ron,

 

I think that I may have offended you, the EXPERT, and that was most certainly was not my intention. I am just a natural "penny pincher", since at 72 (just turned today), my sole source of income is my meager Social Security benefit.  Please forgive me!!! As far as doing a system restore, that function has strangely never worked on my computer so that is unfortunately not an option for me. I will do whatever you want me to do, since, fortunately, I have the registration numbers for the programs that I have paid for which I can simply reinstall after your tests. Where do you want me to start?

 

Richard

Link to post
Share on other sites
  • Root Admin

No offense Richard.

 

Please start at post #12 and remove those items. Then run the other script with the attached file. Then reboot the computer a couple extra times and let me know how it's running now. Once we're all done you're welcome to reinstall anything you want.

 

Thanks

Link to post
Share on other sites

Ron,

 

 

I uninstalled the four programs that you wanted me to uninstall using Revo Uninstaller to make sure all traces were removed. I then downloaded the fixlist.txt file and then ran FRST64 and pressed the Fix button just once and waited. Re-booted several times. The re-boot time is a very sluggish 240 seconds and the computer still runs in very slow motion just as it was before all your steps were performed. MBAE still won't load. So nothing has changed. I had forgotten, but on December 19th, I used my Seagate external hard drive to perform an IMAGE backup. Before I do anything further, I would like your impressions and advice for further steps. However, it is now 1:10 AM January 6th and I am very sleepy. Please post your next step(s) and I will follow them to the letter.

 

 

Best regards,

 

Richard

Fixlog.txt

Link to post
Share on other sites
  • Root Admin

Well looks like Revo did an amazing job as none of the items were found by the fixlist. Please run new FRST scan and make sure to place a check mark in the Additions.txt check box and post back both new logs as attachments.

 

Something odd going on as it should  not take 2 minutes to load the OS. Not sure yet but make sure you have a good backup of your personal data on an external drive as it's potentially possible the hard drive may be having issues.

 

Thanks

Link to post
Share on other sites

Ron,

 

Attached are the two files that you requested. Don't forget, not only is my computer running in SLOW motion, MBAE will not load. Concerning your comment about my disc drive. It is an SSD NOT an HDD drive. And I have a program that tests SSD drives, and my test report indicated that my SSD is in perfect condition with an expected 8 and 1/2 year remaining lifespan. What do the new reports tell you? What's next?

 

Richard

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Root Admin

Didn't say it was a bad hard drive only that we'll probably need to double check it if load times are taking 2 minutes then something is wrong.

 

The logs do not show any reason for such a slow load time. For now (temporarily) please uninstall all Malwarebytes software and then reboot. Don't reinstall anything just yet. Just choose option 3 and Remove Only

 

lease uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

 

 

Then restart again and let me know if load time is still slow or not.

 

Link to post
Share on other sites

Ron,

 

I followed all your steps to the letter. Boot up time is 240 seconds. MBAE will not load. In my humble opinion I think the time has come to give up considering the current condition of my computer which is absolutely abysmal. As I previously mentioned to you, my Seagate external hard disc drive has a full IMAGE backup that was created on 12/19/2015. Unless you have some miracle cure for my situation that you know will finally work, I will proceed tomorrow to use the Seagate Disc Wizard Program to revert my system back to a known point in in time when my computer was working correctly. Since it is now 2:30 AM EST, it is way past my bedtime and I need some sleep. I will assume that you will read this message shortly and you will leave me a reply that I can read in the morning when I wake up. You most certainly have done your best Ron, and I deeply appreciate it, but I really need my computer and all its programs functioning again normally.

 

Best regards,

 

Richard

Link to post
Share on other sites

Ron,

Just to keep you updated, I was unable to use my image restore program because of a screen problem with my computer which will be fixed when I can find a ride to my Toshiba Repair Shop. I will then send you a report.

Richard

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.