Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD (0x19_20 svchost.exe)


  • Please log in to reply
3 replies to this topic

#1 Rajneeshsaraswat

Rajneeshsaraswat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 23 July 2010 - 07:42 AM

I got this when i ran bugcheck anaysis via debugging tool.
from this i can assume there is something wrong with terminal server.
but canyone please explainn me what exactly happen and how i can rectify it.


*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 86d70b38, The pool entry we were looking for within the page.
Arg3: 86d70ea0, The next pool entry.
Arg4: 0a6d0008, (reserved)

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffde00c). Type ".hh dbgerr001" for details

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: 86d70b38 Nonpaged pool

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 8089c8ff to 8087c4a0

STACK_TEXT:
8c0054d4 8089c8ff 00000019 00000020 86d70b38 nt!KeBugCheckEx+0x1b
8c00553c f762b4f4 86d70b40 00000000 8c005558 nt!ExFreePoolWithTag+0x477
8c00554c f3f1da7d 86d70b40 8c005d90 f3f1dead termdd!IcaStackFreePool+0x10
8c005558 f3f1dead 86f35848 86d70b40 871ae9e8 TDTCP!_TdInBufFree+0xd
8c005d90 f762c265 86d70b40 00000000 87598968 TDTCP!TdInputThread+0x253
8c005dac 80920843 86f35848 00000000 00000000 termdd!_IcaDriverThread+0x4d
8c005ddc 8083fe9f f762c218 87a32ba8 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
termdd!IcaStackFreePool+10
f762b4f4 ff056c0263f7 inc dword ptr [termdd!gAllocFreed (f763026c)]

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: termdd!IcaStackFreePool+10

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: termdd

IMAGE_NAME: termdd.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69640

FAILURE_BUCKET_ID: 0x19_20_termdd!IcaStackFreePool+10

BUCKET_ID: 0x19_20_termdd!IcaStackFreePool+10

Followup: MachineOwner
---------

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:07 AM

Posted 23 July 2010 - 12:32 PM

Happened once?
Actually, your error happens not because of svchost.exe, but termdd.sys

Your computer may be infected.

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Rajneeshsaraswat

Rajneeshsaraswat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 26 July 2010 - 01:51 AM

Ya. May be u r right but i cannot disable the antivirus without Change request and for that i have to make sure that this problem is due to this only so that i can pinout the cause to my manger. Moreover i can't install DDS software without any approval as it is on production environment.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:07 AM

Posted 26 July 2010 - 10:41 AM

You have to start new topic at malware forum and post all your questions there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users