Jump to content

BSoD bad pool header (tcpip.sys)


Recommended Posts

· OS - Windows 10, 8.1, 8, 7, Vista ? 10
· x86 (32-bit) or x64 ? 64
· What was original installed OS on system? 8 or 8.1 don't remember
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? 8=OEM 10=downloaded
· Age of system (hardware) 1 year about
· Age of OS installation - have you re-installed the OS? 1 year about

· CPU i5 3317U
· Video Card Intel 4000
· MotherBoard - (if NOT a laptop)
· Power Supply - brand & wattage (skip if laptop)

· System Manufacturer Lenovo
· Exact model number (if laptop, check label on bottom) ideapad S300

· Laptop or Desktop? Laptop
 

perfmon report.rar

SysnativeFileCollectionApp.zip

Link to post
Share on other sites

Your UEFI/BIOS (version 6DCN88WW(V8.02)) dates from 2012.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Only 3 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.

You have a 802.11n USB Wireless LAN Card:

 

 

I do not recommend using wireless USB network devices.
These wireless USB devices have many issues with Win7 and later systems - using older drivers with them is almost certain to cause a BSOD.
Should you want to keep using these devices, be sure to have the latest W7/8/8.1/10 drivers - DO NOT use older drivers!!!
An installable wireless PCI/PCIe card that's plugged into your motherboard is much more robust, reliable, and powerful.


This device is disabled.  Did you disable it deliberately?  If so, why did you disable it?

 

Intel® Centrino® Wireless-N 2230    PCI\VEN_8086&DEV_0888&SUBSYS_42628086&REV_C4\4&18901DAC&0&00E1    This device is disabled.

Please re-enable the device, then download the latest, W10 compatible drivers from the Lenovo website and install them.
I would suggest using this device rather than the 802.11n USB Wireless LAN Card as it is likely to be more stable and have better throughput.

 

All 3 memory dumps blame MalwareBytes and your networking.  I wonder about several of the networking utilities that you have starting with Windows, particularly these 2:

 

ALFA Wireless Utility    c:\progra~2\alfa\common\raui.exe -s    Public    Common Startup
Ralink Wireless Utility    c:\progra~2\ralink\common\raui.exe -s    Public    Common Startup

I would uninstall these programs.  If you opt to go with the Intel wireless device rather than the 802.11n USB Wireless LAN Card - you should also install all it's software and then physically remove the device from your system.

If, after this, the BSOD's continue - please run Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

 

Analysis:
The following is for informational purposes only.

**************************Mon Jan 25 23:22:27.327 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012616-20234-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.63.amd64fre.th2_release.160104-1513
System Uptime: 0 days 10:51:01.196
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1dd )
BugCheck 19, {20, ffffe0014858bce0, ffffe0014858bd00, 402000a}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe0014858bce0, The pool entry we were looking for within the page.
Arg3: ffffe0014858bd00, The next pool entry.
Arg4: 000000000402000a, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0
CPUID:        "Intel® Core i5-3317U CPU @ 1.70GHz"
MaxSpeed:     1700
CurrentSpeed: 1696
  BIOS Version                  6DCN88WW(V8.02)
  BIOS Release Date             09/01/2012
  Manufacturer                  LENOVO
  Product Name                  9803
  Baseboard Product             INVALID
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jan 25 12:30:46.494 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012516-25437-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.63.amd64fre.th2_release.160104-1513
System Uptime: 0 days 20:59:03.363
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1dd )
BugCheck 19, {20, ffffe000c63fba80, ffffe000c63fbaa0, 4020015}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe000c63fba80, The pool entry we were looking for within the page.
Arg3: ffffe000c63fbaa0, The next pool entry.
Arg4: 0000000004020015, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0
CPUID:        "Intel® Core i5-3317U CPU @ 1.70GHz"
MaxSpeed:     1700
CurrentSpeed: 1696
  BIOS Version                  6DCN88WW(V8.02)
  BIOS Release Date             09/01/2012
  Manufacturer                  LENOVO
  Product Name                  9803
  Baseboard Product             INVALID
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 24 13:40:14.322 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012416-21843-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.63.amd64fre.th2_release.160104-1513
System Uptime: 0 days 2:40:41.190
*** WARNING: Unable to verify timestamp for mwac.sys
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1dd )
BugCheck 19, {20, ffffe0006c27c350, ffffe0006c27c370, 4020005}
BugCheck Info: BAD_POOL_HEADER (19)
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe0006c27c350, The pool entry we were looking for within the page.
Arg3: ffffe0006c27c370, The next pool entry.
Arg4: 0000000004020005, (reserved)
BUGCHECK_STR:  0x19_20
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0
CPUID:        "Intel® Core i5-3317U CPU @ 1.70GHz"
MaxSpeed:     1700
CurrentSpeed: 1696
  BIOS Version                  6DCN88WW(V8.02)
  BIOS Release Date             09/01/2012
  Manufacturer                  LENOVO
  Product Name                  9803
  Baseboard Product             INVALID
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``



3rd Party Drivers:
The following is for information purposes only.

**************************Mon Jan 25 23:22:27.327 2016 (UTC - 5:00)**************************
LhdX64.sys                  Mon Jan 11 10:06:58 2010 (4B4B3E92)
FSPFltd2.sys                Fri Jun  3 10:59:38 2011 (4DE8F6DA)
LAD.sys                     Thu Jun  7 22:03:34 2012 (4FD15D76)
mtkvadx.sys                 Mon Jul 16 04:19:27 2012 (5003CE8F)
AMPPAL.sys                  Tue Jul 17 03:35:22 2012 (500515BA)
iaStorA.sys                 Thu Aug 16 16:32:56 2012 (502D58F8)
netr28ux.sys                Thu Jun  5 22:14:29 2014 (53912405)
mwac.sys                    Tue Jun 17 22:07:00 2014 (53A0F444)
mbae64.sys                  Mon Sep  8 14:27:15 2014 (540DF503)
IntcDAud.sys                Tue Sep  9 08:13:01 2014 (540EEECD)
rt640x64.sys                Tue May  5 12:21:03 2015 (5548EDEF)
RtsUer.sys                  Mon May 11 03:10:15 2015 (555055D7)
AcpiVpc.sys                 Fri May 15 01:52:35 2015 (555589A3)
amdkmpfd.sys                Mon May 25 16:25:23 2015 (55638533)
Smb_driver_Intel.sys        Fri May 29 15:57:11 2015 (5568C497)
SynTP.sys                   Fri May 29 20:02:48 2015 (5568FE28)
RTKVHD64.sys                Tue Jun 16 06:55:05 2015 (55800089)
ibtfltcoex.sys              Thu Jun 18 17:14:26 2015 (558334B2)
iwdbus.sys                  Wed Jul  8 18:17:13 2015 (559DA169)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
igdkmd64.sys                Mon Aug 17 11:34:01 2015 (55D1FEE9)
TeeDriverW8x64.sys          Mon Aug 31 15:49:07 2015 (55E4AFB3)
intelppm.sys                Thu Oct 29 22:09:51 2015 (5632D16F)
aswRdr2.sys                 Tue Dec  1 03:50:56 2015 (565D5F70)
aswHwid.sys                 Tue Dec  1 03:51:25 2015 (565D5F8D)
aswVmm.sys                  Tue Dec  1 04:09:37 2015 (565D63D1)
aswStm.sys                  Tue Dec  1 04:15:07 2015 (565D651B)
aswMonFlt.sys               Wed Dec  9 11:00:36 2015 (56685024)
aswSnx.sys                  Tue Jan 19 08:48:20 2016 (569E3EA4)
aswSP.sys                   Tue Jan 19 09:04:28 2016 (569E426C)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jan 25 12:30:46.494 2016 (UTC - 5:00)**************************
hcw17bda.sys                Wed Jan 27 17:57:08 2010 (4B60C4C4)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 24 13:40:14.322 2016 (UTC - 5:00)**************************
NETwew01.sys                Mon May  4 08:52:24 2015 (55476B88)
http://www.carrona.org/drivers/driver.php?id=LhdX64.sys
FSPFltd2.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
LAD.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
mtkvadx.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AMPPAL.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=netr28ux.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
http://www.carrona.org/drivers/driver.php?id=RtsUer.sys
http://www.carrona.org/drivers/driver.php?id=AcpiVpc.sys
http://www.carrona.org/drivers/driver.php?id=amdkmpfd.sys
http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys
http://www.carrona.org/drivers/driver.php?id=SynTP.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=ibtfltcoex.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=aswRdr2.sys
http://www.carrona.org/drivers/driver.php?id=aswHwid.sys
http://www.carrona.org/drivers/driver.php?id=aswVmm.sys
http://www.carrona.org/drivers/driver.php?id=aswStm.sys
http://www.carrona.org/drivers/driver.php?id=aswMonFlt.sys
http://www.carrona.org/drivers/driver.php?id=aswSnx.sys
http://www.carrona.org/drivers/driver.php?id=aswSP.sys
http://www.carrona.org/drivers/driver.php?id=hcw17bda.sys
http://www.carrona.org/drivers/driver.php?id=NETwew01.sys
 

Link to post
Share on other sites

John, thank you very much for your replay. Pls note the following:

 

1) Since disabling MalwareBytes on my laptop, the BSoD did not reappear. So I take it that Malwarebytes is the culprit (a member in an Israeli forum suggested that I should remove Malwarebytes, so it is a well known problem).

 

2) I’m using a 802.11n USB Wireless LAN Card. It is: Alfa AWUS036NH. It is so sensitive and powerful, that if I have to choose between using MalwareBytes or using that LAN Card, I will give up on MalwareBytes.

 

3) I have disabled Intel® Centrino® Wireless-N 2230, since I’m using the Alfa LAN Card.

 

4) Ralink is the driver for the Alfa LAN Card.

 

Thanks and best regards.

Link to post
Share on other sites

Just FYI - I am not affiliated with MalwareBytes.  I am a volunteer here simply because a friend of mine worked to help setup the BSOD forums here.

 

Let's discuss BSOD's for a minute.  These may occur because a driver will write to memory space that is owned by another driver.  In the event that the offending driver exits before the crash, the crash will blame the driver who's memory space was violated - simply because there's nothing else left to blame.

 

I have seen many crashes that involve MalwareBytes.  The most definite that I've seen have been with BitDefender2016.  And, as the proposed solution is to revert to BitDefender2015 - I have to presume that it's a problem with BitDefender - rather than MalwareBytes (which is blamed in these crashes).

Recently, there have been a number of problems suggestive of issues with Avast - but that's a whole different thing.

 

Another, more insidious crash is of the type that has both antivirus/internet security software and MalwareBytes in the same memory dump.

In those cases, IMO, I feel that there is a conflict between the antivirus/internet security software and MalwareBytes.

It's my contention that MalwareBytes has enough similarities to an antivirus that it is conflicting with the other antivirus.  I have seen many, many BSOD's with both antivirus and MalwareBytes drivers in the memory dumps.  If it's not significant, then it's an amazing coincidence.

The "fix" I suggest is to stop MalwareBytes from running when Windows starts.  That will keep the antivirus program and the MalwareBytes program on the system.  The only difference is that you'll have to run MalwareBytes manually.

Many in the online communities disagree with me - taking the position that MalwareBytes is not an antivirus and so it can't conflict.

 

So, if 2 programs are conflicting and you disable/remove one of them (MalwareBytes) - then the BSOD's will stop.  Regardless if you have the offending driver or the offended one.

You can test this by removing your Avast (and leaving MalwareBytes installed) to see if the BSOD's stop then (but that presumes that it's the Avast that's the problem - and not any of the other possibilities).

 

Now, just to confuse things a bit more - the memory dumps blame networking.
They DO NOT blame MalwareBytes.

BUT, the system wants more info on the MalwareBytes drivers (we know this because the memory dump wanted to find the symbols for MalwareBytes drivers), yet it wasn't looking for symbols on other 3rd party drivers.  This is significant, but does not imply that MalwareBytes is the cause - but rather it implies that MalwareBytes "may" be more involved in the crash than other 3rd party drivers.  But without the symbols, it's not possible to tell (and, we may not be able to tell even with the symbols).  FYI - the symbols for the MalwareBytes drivers are private (AFAIK) - so we won't be able to get them for the analysis here.

 

And, as for the wireless USB networking device.  I've had the same discussion with my son.  He disagrees with me also.  So he uses his wireless USB networking device and I don't attempt to change his mind - and we both remain happy :0)

Link to post
Share on other sites
  • 2 weeks later...
  • Staff

Hello Enoch11,

 

 It looks like you are using an older driver for the 802.11n USB Wireless LAN Card. The version reported in the logs in 5.1.16.0, the most current version is 5.1.25.0. You can find the most current version from the provider MediaTek, Inc. at their website http://www.mediatek.com/en/downloads1/downloads/

Please download and install the latest driver. If the issue persists please let me know.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.