Jump to content

BSOD Bad Pool Header - malwarebytes web access control (mwac.sys)


Recommended Posts

Hi

 

I am also getting many BSOD crashes over the last week since I have reloaded Windows 10 and have updated everything. I am using the WhoCrashed software (home edition v5.5.1) and have attached the report for that. I have also attached the report (zip file) from another BSOD program previously been used on this webpage.

 

It is pointing towards the web access control file (mwac.sys).

 

Please help.

Regards

 

DrBeef

WhoCrashedOutput.htm

DESKTOP_43FCT9N_8_03_2016_5_49_30_PM.zip

Link to post
Share on other sites

I'm pushing against the experts here, but I believe that MalwareBytes and your antivirus are conflicting.

The common belief is that since MalwareBytes isn't an antivirus, it won't conflict with your antivirus.

The test here is to disable one of them from loading with Windows and see if that stops the BSOD's

 

But beyond that, here's the formal analysis:

 

Your UEFI/BIOS (version 1203) dates from 2015.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  This is just in case there has been a recent update.

Only 3 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.

You have a NETGEAR A6200 USB WiFi Adapter:

I do not recommend using wireless USB network devices.
These wireless USB devices have many issues with Win7 and later systems - using older drivers with them is almost certain to cause a BSOD.
Should you want to keep using these devices, be sure to have the latest W7/8/8.1/10 drivers - DO NOT use older drivers!!!
An installable wireless PCI/PCIe card that's plugged into your motherboard is much more robust, reliable, and powerful.


K: drive has less than 1% free space.  Windows likes 15% free space in order to perform stuff "behind the scenes" without adversely affecting the system's performance.  Please free up 15% on ALL hard drives (you can get away with 10% on larger drives and won't notice a large performance penalty)

You have 8 listed hard drives.  What is the make/model/wattage and age of your Power Supply?

These devices have problems in Device Manager:

 

Realtek PCIe GBE Family Controller    PCI\VEN_10EC&DEV_8168&SUBSYS_86771043&REV_15\4&1020E6D3&0&00E7    This device is disabled.
Viscosity Virtual Adapter V9.1    ROOT\NET\0000    This device is disabled.
Intel® Ethernet Connection (2) I219-V    PCI\VEN_8086&DEV_15B8&SUBSYS_86721043&REV_31\3&11583659&0&FE    This device is disabled.

Please enable each one of these devices and then update their drivers.

Once that's done, feel free to disable the device if that's what you want.

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads(pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.

You have MalwareBytes and BitDefender 2016.  If you look at the other topics here, you'll find quite a few mentions of problems between these 2 programs.
Some posters have suggested fixes - either disabling things in BitDefender, or reverting to BitDefender 2015.

I'd suggest that you first stop MalwareBytes from loading with Windows - and see if that stops the BSOD's.

 

Please uninstall the Western Digital software also.  The wdcsam64.sys driver (the 2008 version) is known to cause BSOD's on some Windows systems.

 

 

 

Analysis:
The following is for informational purposes only.
**************************Mon Mar  7 10:54:32.804 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030816-69156-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.122.amd64fre.th2_release_inmarket.160222-1549
System Uptime: 0 days 2:00:36.491
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+9bb0 )
BugCheck C2, {7, 126c, 0, ffffe0016e4f7f38}
BugCheck Info: BAD_POOL_CALLER (c2)
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000126c, (reserved)
Arg3: 0000000000000000, Memory contents of the pool block
Arg4: ffffe0016e4f7f38, Address of the block of pool being deallocated
BUGCHECK_STR:  0xc2_7
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0xc2_7_NETIO!_??_::FNODOBFM::_string_
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Mar  6 02:09:32.161 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030616-70390-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.122.amd64fre.th2_release_inmarket.160222-1549
System Uptime: 0 days 1:20:12.847
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+9bb0 )
BugCheck 19, {20, ffffe000232966d8, ffffe000232968c8, 251fbc90}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe000232966d8, The pool entry we were looking for within the page.
Arg3: ffffe000232968c8, The next pool entry.
Arg4: 00000000251fbc90, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_NETIO!_??_::FNODOBFM::_string_
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Mar  5 22:22:15.682 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030616-68250-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.122.amd64fre.th2_release_inmarket.160222-1549
System Uptime: 0 days 0:31:06.368
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1dd )
BugCheck 19, {20, ffffe001735fd0e0, ffffe001735fd100, 402000e}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe001735fd0e0, The pool entry we were looking for within the page.
Arg3: ffffe001735fd100, The next pool entry.
Arg4: 000000000402000e, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Mar  5 21:21:01.778 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030616-68296-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.122.amd64fre.th2_release_inmarket.160222-1549
System Uptime: 0 days 0:43:40.464
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+9bb0 )
BugCheck C2, {7, 126c, 0, ffffe000e4736008}
BugCheck Info: BAD_POOL_CALLER (c2)
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000126c, (reserved)
Arg3: 0000000000000000, Memory contents of the pool block
Arg4: ffffe000e4736008, Address of the block of pool being deallocated
BUGCHECK_STR:  0xc2_7
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0xc2_7_NETIO!_??_::FNODOBFM::_string_
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Mar  5 20:32:12.876 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030616-69750-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 7:45:02.563
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+9bb0 )
BugCheck C2, {b, ffffe001be08b678, a977e293, ffffe001be08c178}
BugCheck Info: BAD_POOL_CALLER (c2)
Arguments:
Arg1: 000000000000000b, type of pool violation the caller is guilty of.
Arg2: ffffe001be08b678
Arg3: 00000000a977e293
Arg4: ffffe001be08c178
BUGCHECK_STR:  0xc2_b
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0xc2_b_NETIO!_??_::FNODOBFM::_string_
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Mar  5 12:44:59.755 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\030616-64109-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.0.amd64fre.th2_release.151029-1700
System Uptime: 0 days 1:11:38.445
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1dd )
BugCheck 19, {20, ffffe002058be170, ffffe002058be190, 4020017}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe002058be170, The pool entry we were looking for within the page.
Arg3: ffffe002058be190, The next pool entry.
Arg4: 0000000004020017, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0
CPUID:        "Intel® Core i5-6600K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3504
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
**************************Mon Mar  7 10:54:32.804 2016 (UTC - 5:00)**************************
npf.sys                     Fri Jun 25 12:50:58 2010 (4C24DE72)
AsUpIO.sys                  Mon Aug  2 22:47:59 2010 (4C57835F)
GPUZ.sys                    Wed Oct  6 12:14:37 2010 (4CACA06D)
ASUSFILTER.sys              Tue Sep 20 11:46:33 2011 (4E78B559)
AiChargerPlus.sys           Wed Apr 18 21:17:35 2012 (4F8F67AF)
AsIO.sys                    Wed Aug 22 05:54:47 2012 (5034AC67)
bdfwfpf.sys                 Mon Oct 29 08:23:28 2012 (508E7540)
bcmwlhigh63a.sys            Thu Feb 28 10:33:49 2013 (512F78DD)
ASUSwh.sys                  Thu Mar 28 13:44:34 2013 (51548182)
ASUScr.sys                  Thu Mar 28 13:44:37 2013 (51548185)
ASUSumsc.sys                Thu Mar 28 13:44:44 2013 (5154818C)
ASUSstpt.sys                Thu Mar 28 13:44:49 2013 (51548191)
kerneld.x64                 Sat Jul  6 07:27:18 2013 (51D7FF16)
mwac.sys                    Tue Jun 17 22:07:00 2014 (53A0F444)
IOMap64.sys                 Wed Oct 22 20:52:12 2014 (5448513C)
dtproscsibus.sys            Mon Dec  8 05:12:47 2014 (5485799F)
DirectIo64.sys              Mon Feb 16 00:32:24 2015 (54E180E8)
cpuz138_x64.sys             Thu Feb 26 02:04:34 2015 (54EEC582)
gzflt.sys                   Wed Apr 29 07:32:17 2015 (5540C141)
trufos.sys                  Mon May 11 04:26:27 2015 (555067B3)
asmtxhci.sys                Wed Jun  3 02:33:15 2015 (556E9FAB)
asmthub3.sys                Wed Jun  3 02:33:19 2015 (556E9FAF)
iaStorA.sys                 Wed Jun  3 05:38:57 2015 (556ECB31)
dump_asstahci64.sys         Tue Jun 16 23:36:23 2015 (5580EB37)
asstahci64.sys              Tue Jun 16 23:36:23 2015 (5580EB37)
cfosspeed6.sys              Wed Jun 24 09:14:09 2015 (558AAD21)
AndroidAFDx64.sys           Mon Jul  6 04:58:49 2015 (559A4349)
TeeDriverW8x64.sys          Tue Jul  7 13:43:32 2015 (559C0FC4)
RTKVHD64.sys                Wed Jul 15 06:16:44 2015 (55A6330C)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
nvhda64v.sys                Mon Sep 21 05:44:17 2015 (55FFD171)
wdcsam64.sys                Fri Oct  9 16:31:13 2015 (56182411)
ignis.sys                   Tue Oct 20 06:08:29 2015 (5626129D)
intelppm.sys                Thu Oct 29 22:09:51 2015 (5632D16F)
exfat.SYS                   Thu Oct 29 22:36:17 2015 (5632D7A1)
bdvedisk.sys                Mon Nov 23 06:38:07 2015 (5652FA9F)
nvvad64v.sys                Thu Dec 17 07:47:18 2015 (5672AED6)
NvStreamKms.sys             Tue Dec 22 15:53:26 2015 (5679B846)
avc3.sys                    Tue Jan 19 08:52:34 2016 (569E3FA2)
avckf.sys                   Tue Jan 19 08:55:54 2016 (569E406A)
cpuz139_x64.sys             Wed Jan 27 04:18:15 2016 (56A88B57)
nvlddmkm.sys                Tue Feb 23 14:31:51 2016 (56CCB3A7)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Mar  6 02:09:32.161 2016 (UTC - 5:00)**************************
visctap0901.sys             Sun Apr 12 22:32:44 2015 (552B2ACC)

 

http://www.carrona.org/drivers/driver.php?id=npf.sys
http://www.carrona.org/drivers/driver.php?id=AsUpIO.sys
http://www.carrona.org/drivers/driver.php?id=GPUZ.sys
http://www.carrona.org/drivers/driver.php?id=ASUSFILTER.sys
http://www.carrona.org/drivers/driver.php?id=AiChargerPlus.sys
http://www.carrona.org/drivers/driver.php?id=AsIO.sys
http://www.carrona.org/drivers/driver.php?id=bdfwfpf.sys
http://www.carrona.org/drivers/driver.php?id=bcmwlhigh63a.sys
http://www.carrona.org/drivers/driver.php?id=ASUSwh.sys
http://www.carrona.org/drivers/driver.php?id=ASUScr.sys
http://www.carrona.org/drivers/driver.php?id=ASUSumsc.sys
http://www.carrona.org/drivers/driver.php?id=ASUSstpt.sys
http://www.carrona.org/drivers/driver.php?id=kerneld.x64
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=IOMap64.sys
dtproscsibus.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=DirectIo64.sys
http://www.carrona.org/drivers/driver.php?id=cpuz138_x64.sys
http://www.carrona.org/drivers/driver.php?id=gzflt.sys
http://www.carrona.org/drivers/driver.php?id=trufos.sys
http://www.carrona.org/drivers/driver.php?id=asmtxhci.sys
http://www.carrona.org/drivers/driver.php?id=asmthub3.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
dump_asstahci64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=asstahci64.sys
http://www.carrona.org/drivers/driver.php?id=cfosspeed6.sys
AndroidAFDx64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=wdcsam64.sys
http://www.carrona.org/drivers/driver.php?id=ignis.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=exfat.SYS
http://www.carrona.org/drivers/driver.php?id=bdvedisk.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
http://www.carrona.org/drivers/driver.php?id=avc3.sys
http://www.carrona.org/drivers/driver.php?id=avckf.sys
cpuz139_x64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
visctap0901.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.


 

Link to post
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.