Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preventing And Fixing Bsod's...


  • Please log in to reply
99 replies to this topic

#1 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 20 June 2008 - 07:15 PM

Hi,
Since my last Blue screen of Death, I have did a bit more research on BSOD's.
I got a BSOD regards to Bad_Pool_Header. Although there is information on this I do not know how to resolve/prevent future BSOD's.
This was the error code:

Bad_Pool_Header

*** stop: 0x00000019(0x00000020,0xE18CBBD8,0xE18CC6B0,0xBB5BACD6)

This was what I copied down during the Bsod. Read some Info here: http://msdn.microsoft.com/en-us/library/ms793223.aspx

Also my OP is obviously Windows Xp home edition with SP3 installed and I have 1 Gb of Ram and... That's all I can think of.

I also took a Micrsoft Debugging Tool as it may help.
Here it is:

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: e18cbbd8, The pool entry we were looking for within the page.
Arg3: e18cc6b0, The next pool entry.
Arg4: bb5bacd6, (reserved)

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 805637f0

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: e18cbbd8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 8054c4c1 to 8053380e

STACK_TEXT:
f79ced10 8054c4c1 00000019 00000020 e18cbbd8 nt!KeBugCheckEx+0x1b
f79ced60 804f507e e18cbbe0 00000000 8055f854 nt!ExFreePoolWithTag+0x2be
f79ced8c 805166c1 e1693f70 00000000 86fbf020 nt!MiSegmentDelete+0x16f
f79cedac 8057aeff 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9e
f79ceddc 804f88ea 80514f8b 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2be
8054c4c1 83f801 cmp eax,1

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2be

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: e18cbbd8, The pool entry we were looking for within the page.
Arg3: e18cc6b0, The next pool entry.
Arg4: bb5bacd6, (reserved)

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 805637f0

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: e18cbbd8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 8054c4c1 to 8053380e

STACK_TEXT:
f79ced10 8054c4c1 00000019 00000020 e18cbbd8 nt!KeBugCheckEx+0x1b
f79ced60 804f507e e18cbbe0 00000000 8055f854 nt!ExFreePoolWithTag+0x2be
f79ced8c 805166c1 e1693f70 00000000 86fbf020 nt!MiSegmentDelete+0x16f
f79cedac 8057aeff 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x9e
f79ceddc 804f88ea 80514f8b 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2be
8054c4c1 83f801 cmp eax,1

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2be

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48025eab

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+2be

Followup: MachineOwner
---------

Any Help or input will be greatly appreciated, Thanks :thumbsup:

Regards,
Extremeboy

Edited by extremeboy, 20 June 2008 - 07:39 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:49 AM

Posted 21 June 2008 - 07:37 AM

Your link states that the pool header is corrupt - this is a fancy way of saying there's a problem with what's stored in your memory. So, the problems can be due to bad memory (either physical or virtual), with the Windows OS (unlikely IMO), with a driver that's writing/reading to memory (most likely - due to the blame being put there in the memory dump analysis), or from a bunch of other stuff within the system that may not be working right.

I'd suggest enabling Driver Verifier (for all unsigned drivers) to see if it can catch it on the next BSOD. Here's a link on how to use it: http://support.microsoft.com/kb/244617

Once it's setup, just wait for the next BSOD. If the BSOD screen doesn't identify it, then run another dump analysis on the new dump file. That should (most likely) identify the driver. If it doesn't (or it doesn't fix the problem), then you'll have to enable it for all drivers (and this may significantly slow down your system).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 21 June 2008 - 07:49 AM

Thanks Usasma once again,
I'll try the following and get back to you soon.

Regareds,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 22 June 2008 - 01:11 PM

Hi Usasma,
Had a quick question before we move on.
I opened Verifier.exe, then I clicked Create standard settings to choose what type of drivers to verify and pressed next. Then I clicked on the Automatically select unsigned drivers and pressed Next. There was a list of unsigned drivers that was needed to be vertified. Now should I press Finish and reboot my computer or did I do something wrong. Just wanted to make sure incase I made a mistake. My parents will be very mad if I messed up there computer...

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:49 AM

Posted 23 June 2008 - 08:31 AM

Click on Finish and reboot. It'll either give you a BSOD right away, or it won't. If it does, the dump file should contain the name of the driver. If it doesn't, then just wait for the next BSOD to get a fresh memory dump with it.

Don't forget to go back into Driver Verifier after we're done and "Delete existing settings" in order to stop it from running.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 23 June 2008 - 03:57 PM

Hi again,
I have Click on Finish and reboot. There was no BSODs, however one thing I noticed after the reboot was it took signficantly longer for My computer to startup. It took approximatly 40-60 seconds longer than before...
I'll wait for the next BSOD and tell you.

Don't forget to go back into Driver Verifier after we're done and "Delete existing settings" in order to stop it from running.

What do you mean be after we're done, do I do it now or wait until the next BSOD appears?
Thanks,

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:49 AM

Posted 24 June 2008 - 04:55 AM

Driver Verifier loads extra diagnostic stuff - so your system may be less responsive when using it. That's why it's recommended to select all unsigned drivers rather than all drivers - the slowdown with all drivers is very dramatic!!!

You'll remove the settings after we've figured out what the problem is.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 08 July 2008 - 07:39 PM

Hi Usasma,
After a few weeks I still don't see any BSOD's. Is it ok if I use Driver Verifier after we're done and "Delete existing settings". There were a few strange things happening now. If anyone can help it will be greatly appreciated.
svchost.exe is being very annoying, its hogging alot of resources and it is slowing down my computer dramatically.
This is a laptop BTW. Every time the computer boots up its very hot and I am worried. Also my skype's microphone plugin doesn't work anymore, since I last used the driver Vertifier.
Any help will be greatly appreciated.
Thanks for any inputs.

Edit:I have cleaned my history,temp,cookies etc etc etc...I also have ran some online scans and AVG 8.0 scan. I defragged my computer and everything as I described above is still there. The scans found nothing. My computer had SP3,Ram= 1GB, 1.73GHz and MIcrosfot XP Home Edition, Thanks.


Regards,
Extremeboy

Edited by extremeboy, 08 July 2008 - 07:45 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:49 AM

Posted 09 July 2008 - 07:57 AM

Since you're not getting BSOD's, Driver Verifier is of no use to you (and it's probably a reason for the slowdown). Go ahead and delete the existing settings and reboot. If you need it in the future, you can always re-run it.

Good luck!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 09 July 2008 - 08:06 PM

Thanks usasma,
Thanks for helping me once again :thumbsup:

Edit: Seems everything is back to normal after I deleted Delete existing settings, maybe the svchost.exe issue was related to this...Not sure why but I am glad that everything is good, Thanks

Edited by extremeboy, 09 July 2008 - 08:22 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 14 July 2008 - 03:10 PM

Hi Usasma,
I just got a BSOD today not sure what it was related to though.
I read some information on the Microsoft page: http://support.microsoft.com/kb/314063
The error code was
IRQL_NOT_LESS_OR_EQUAL
*** STOP: 0x0000000A (0x0000001C,0x00000002,0x00000001,0x8053C56D)

Read the resolution part but didn't know if I should proceed with it, so wanted to make sure.
Also the strange is it happened when I was on MSN. I was checking my e-mail and then all of a sudden it says that MSN needs to close so I click the"Don't Send" button after a clicked that,immediatly a blue screen came up with the above message....
Thanks,

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 56,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:49 AM

Posted 14 July 2008 - 04:20 PM

Random question: Was your original install on this system...a clean install of XP or an upgrade/clean-em-up routine :thumbsup:?

When is the last time you feel this system performed normally, with a minimum of problems?

Louis

#13 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 14 July 2008 - 07:12 PM

Well my dad bought this computer in around 2005, that time everything was fine. The first time I ever expereince the BSOD was in 2007 around novemeber/december.

Was your original install on this system...a clean install of XP or an upgrade/clean-em-up routine

Not sure because I never used this computer until this year I always used my computer until I accidently destroyed it...
Probably it was installed on this system.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy
  • Topic Starter

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 27 July 2008 - 12:16 PM

Hi,

Sorry to bother you again but this time I think its a bit more sever.
I was running Superantispyware an hour ago, it was scanning in the C:\System Volume Information\_restore{BEF1E788-B95B-4F2A-8EA8-408591345474} and C:\System Volume Information\_restore{F65DC4AF-2467-4A41-8A30-DFB0E2D7DB17}
A Warning sign appeared saying that something in the C:\System Volume Information is corrupt and unreadable, after another minute the warning sign appeared again saying that C:\System Volume Information is corrupt and unreadable, run chkdsk utility.

Then while it was still scanning I got another BSOD.
It was related to Memory_Managment

The stop message was *** STOP: 0x0000001A(0x00000780,0xc0326ED4,0x8202080B0)

Read some information here: http://support.microsoft.com/kb/282504

After the BSOD it shut down my computer I turned it on and then after everything was loaded a screen poped up saying One of your disk needs to be checked
So I think it was running chkdsk.

the message was:

Chkdsk vertifying files(stage 1 of 3)
Verifying complete
Chkdsk vertifying indexes(stage2 of 3)
Vertifying complete


I forgot what was the last stage but it went through very fast and it restart my computer, I was going to run chckdsk agin but I think it already ran chkdsk.

Any thoughts or input will be greatly appreciated
Thanks :thumbsup:
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:49 AM

Posted 27 July 2008 - 12:26 PM

I suggest running chkdsk /r, if your system boots.

Start/Run...type in chkdsk /r, answer Yes, hit OK. Reboot. Let chkdsk run to completion, it will reboot when done.

Something was amiss with your files/hard drive...my guess would be file corruption (but that's just a guess). There's probably some detail posted in Event Viewer.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users