Jump to content

MBAM scan always causes BSOD

trfh
 Share

Recommended Posts

trfh

trfh

Posted
Posted

I am unable to run MBAM currently on my Microsoft Surface 3, running Windows 10 Pro x64.   It makes no difference whether its in normal or safe mode.

As far as I can remember the machine came with Windows 10 installed.  Its an OEM version.  I think the system is about 3 years old.  The OS has never been reinstalled.

CPU is an Intel Atom x7-Z8700 with 4GB of RAM.

There is no label on the bottom of the machine, but as far as I am aware its a standard model - never modified.

 

Richard

 

 

SysnativeFileCollectionApp.zip

Link to post
Share on other sites
jcgriff2

jcgriff2

Posted
Posted

Hi. . .

I ran all 6 dumps and the cause of the BSODs is in fact Malwarebytes. 

MBAMSwissArmy MBAMSwissArmy.sys Wed Jul 29 00:26:01 2015 (55B855D9)

As you can see the driver is from 2015. I'm also finding other MBAM drivers dated 2015.

When is the last time that you updated your Malwarebytes installation?

I suggest that you update it now - https://www.malwarebytes.com/

Regards. . .

jcgriff2 

Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\032019-26140-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Wed Mar 20 02:33:32.528 2019 (UTC - 4:00)
System Uptime: 0 days 0:03:12.744
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffff8184`7b66f000 00000000`00000000 fffff806`3ad0ce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\032019-32296-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Wed Mar 20 02:27:25.923 2019 (UTC - 4:00)
System Uptime: 2 days 20:51:47.840
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffffa406`33e6f000 00000000`00000000 fffff807`6434ce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\033119-13375-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Sun Mar 31 16:18:39.365 2019 (UTC - 4:00)
System Uptime: 0 days 0:04:48.655
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffffae0a`13c6f000 00000000`00000000 fffff805`10e3ce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\033119-15562-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Sun Mar 31 16:13:02.162 2019 (UTC - 4:00)
System Uptime: 0 days 0:01:42.451
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffff9506`1366f000 00000000`00000000 fffff805`4f88ce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\033119-26046-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Sun Mar 31 17:04:51.699 2019 (UTC - 4:00)
System Uptime: 0 days 0:04:33.918
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffffd98b`3886f000 00000000`00000000 fffff801`58ffce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\032019-22796-01.dmp]
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Debug session time: Wed Mar 20 02:42:54.544 2019 (UTC - 4:00)
System Uptime: 0 days 0:01:32.653
*** WARNING: Unable to verify timestamp for MBAMSwissArmy.sys
*** ERROR: Module load completed but symbols could not be loaded for MBAMSwissArmy.sys
Probably caused by : MBAMSwissArmy.sys ( MBAMSwissArmy+ce90 )
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  mbam.exe
FAILURE_BUCKET_ID:  AV_R_INVALID_MBAMSwissArmy!unknown_function
Bugcheck code 00000050
Arguments ffffcb8f`8c06f000 00000000`00000000 fffff801`7711ce90 00000000`00000000
BiosVersion = 1.51116.218
BiosReleaseDate = 03/09/2015
SystemManufacturer = Microsoft Corporation
SystemProductName = Surface 3
MaxSpeed:     1600
CurrentSpeed: 1600
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @trfh and :welcome:

The logs indicate that you have a very old 2.x version of our program installed.

 

Let me have you try doing a clean removal and reinstall of Malwarebytes and see if that helps correct the issue or not.

 

Please download the Malwarebytes Support Tool and use it to do a Clean Removal and reinstall of Malwarebytes

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a check-mark next to Accept License Agreement and click Next
  • Click the Advanced menu on the left.

    mbst_get_started.jpg.141f202702e5e21b4ff
     
  • Click the CLEAN button

    mbst_advanced_options.jpg.aea58d8506c579|
     
  • A progress bar will appear and the program will proceed to remove Malwarebytes from your computer
  • Upon completion, click OK
  • Follow the onscreen prompts to reboot and reinstall Malwarebytes

Then let me know if you're still having issues with Malwarebytes.

Thanks

Ron

 

Link to post
Share on other sites
trfh

trfh

Posted
  • Author
Posted

Thanks to both of you for highlighting that my MBAM install is well out of date.  I used the "Clean" tool as suggested by Ron above.   All was fine, until suddenly during the reinstallation I got a message saying that the installation had been cancelled.   Not by me!   

I have now downloaded the standard MBAM install file, run it, and this time it installed OK.  And its done a scan successfully without crashing the machine.   

So that's job done - thanks to you both!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Great, glad to hear all is well again now.

 

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock for Internet Explorer

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

 

Thank you for choosing Malwarebytes
 

Ron

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept