Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD - Bad Pool Header / ntkrnlpa.exe


  • Please log in to reply
9 replies to this topic

#1 mcg19771

mcg19771

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 January 2012 - 03:03 AM

Hoping for some help with two recent BSODs which indicate Bad Pool Header error. I have a Gateway GM5626 and am running Windows Vista Home Premium SP2.

On both occasions, I was browsing the internet using Google Chrome. One one occasion I was playing Words with Friends on Facebook and on the other occasion I was viewing a video on YouTube. Both occasions had BSODs which listed Bad Pool Header.

The steps I have taken:
1) Ran a full scan using Malwarebytes. Quarantined and deleted pup.cnet.adware.bundle.
2) Ran full scan on Norton with no issues noted.
3) Ran WinDbg. The following is the dump file analysis report:

Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18533.x86fre.vistasp2_gdr.111025-0338
Machine Name:
Kernel base = 0x81e08000 PsLoadedModuleList = 0x81f1fc70
Debug session time: Sat Jan 7 00:41:57.836 2012 (GMT-6)
System Uptime: 0 days 13:20:01.565
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols

Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 87088988, 87089200, 90f0045}

Page a59a7 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 87088988, The pool entry we were looking for within the page.
Arg3: 87089200, The next pool entry.
Arg4: 090f0045, (reserved)

Debugging Details:
------------------

Page a59a7 not present in the dump file. Type ".hh dbgerr004" for details

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: 87088988 Nonpaged pool

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 81ef5184 to 81ed5b3f

STACK_TEXT:
d7d429d4 81ef5184 00000019 00000020 87088988 nt!KeBugCheckEx+0x1e
d7d42a4c 81ef69c0 87088990 00000000 d7d42a68 nt!ExFreePoolWithTag+0x17f
d7d42a5c 82988ab8 87088990 d7d42a80 82988bc4 nt!ExFreePool+0xf
d7d42a68 82988bc4 85b10bb8 87088990 85b10b58 fltmgr!ExFreeToPagedLookasideList+0x1e
d7d42a80 82989217 87088990 87cc06a0 87088990 fltmgr!DoFreeContextMemory+0x64
d7d42a98 829893de 87088990 87088990 d7d42abc fltmgr!DoFreeContext+0x5d
d7d42aa8 8299969d 87088990 87cc0678 c24e576c fltmgr!DoReleaseContext+0x42
d7d42abc 829a6199 87cc06a4 8708899c ffffffff fltmgr!FltpDeleteContextList+0x125
d7d42adc 829a63ba 87cc0678 c24e5738 00000000 fltmgr!CleanupStreamListCtrl+0x1b
d7d42af0 8204e5b6 87cc067c 2f753498 00000000 fltmgr!DeleteStreamListCtrlCallback+0x5a
d7d42b30 8a8b32a1 c24e5738 c24e5648 c24e5738 nt!FsRtlTeardownPerStreamContexts+0x135
d7d42b4c 8a8acb65 00000703 c24e5670 00000000 Ntfs!NtfsDeleteScb+0x1f4
d7d42b64 8a82608b 855f9930 c24e5738 00000000 Ntfs!NtfsRemoveScb+0xc0
d7d42b80 8a828b3d 855f9930 c24e5648 00000000 Ntfs!NtfsPrepareFcbForRemoval+0x59
d7d42bd8 8a8ac9d9 855f9930 868dd0d8 ca0f2008 Ntfs!NtfsTeardownFromLcb+0x29d
d7d42c28 8a825186 855f9930 ca0f20f8 010f2298 Ntfs!NtfsTeardownStructures+0xed
d7d42c50 8a89ee14 855f9930 ca0f20f8 ca0f2298 Ntfs!NtfsDecrementCloseCounts+0xad
d7d42cb0 8a8b2a4b 855f9930 ca0f20f8 ca0f2008 Ntfs!NtfsCommonClose+0x4da
d7d42d44 81eade22 00000000 00000000 88833d78 Ntfs!NtfsFspClose+0x117
d7d42d7c 81fddfe2 00000000 2f753268 00000000 nt!ExpWorkerThread+0xfd
d7d42dc0 81e46efe 81eadd25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+17f
81ef5184 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+17f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4ea6b87e

FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+17f

BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+17f

Followup: MachineOwner
---------


Any help would be greatly appreciated... thanks!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:57 PM

Posted 08 January 2012 - 07:03 AM

Let's try this.

Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html .

Double-click BlueScreenView.exe file.

When autoscan is done (screen comes up), click Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt.

Open BSOD.txt, copy all content and paste it into your next reply.

Louis

#3 mcg19771

mcg19771
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 08 January 2012 - 08:58 PM

Here's a follow up with info from Blue Screen View...

==================================================
Dump File : Mini010712-01.dmp
Crash Time : 1/7/2012 12:43:50 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x87088988
Parameter 3 : 0x87089200
Parameter 4 : 0x090f0045
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+ee9c0
Stack Address 3 : fltmgr.sys+2ab8
Computer Name :
Full Path : C:\Windows\Minidump\Mini010712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 158,752
==================================================

==================================================
Dump File : Mini010212-01.dmp
Crash Time : 1/2/2012 1:00:52 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x864fb228
Parameter 3 : 0x864fba58
Parameter 4 : 0x09060045
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+9323
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+ee9c0
Stack Address 3 : Ntfs.sys+16ede
Computer Name :
Full Path : C:\Windows\Minidump\Mini010212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,544
==================================================

Thanks for checking into this.. much appreciated!

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:57 PM

Posted 09 January 2012 - 11:35 AM

Thanks.

Let's try a different route.'

Please click the following link, http://images.malwareremoval.com/vino/VEW.exe . This link is a direct download to a tool we are going to use. Download the tool, save it to your desktop.

1.Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.

2.In the "Select log to query" section, check both Application and System.

3.In the "Select type to list" section, check Error. This is the only item in that group that should be checked, we are not interested in the others.

4.In the "Number or dates of events" section, check Date of events... then enter the From and To dates. From 01 01 2012 to 09 01 2012.

5.Press the Run button.

When the process completes, it only takes a few seconds..., Notepad will open with a report file named: VEW.txt.

6. Select entire contents of log, press Copy, saving it to the clipboard. Paste into your next post.

Louis

#5 mcg19771

mcg19771
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 January 2012 - 05:35 PM

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 10/01/2012 4:29:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/01/2012 11:03:42 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 08/01/2012 11:03:42 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 08/01/2012 7:23:08 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 08/01/2012 7:23:07 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 08/01/2012 2:33:15 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 08/01/2012 2:33:14 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:52:01 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:51:59 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:51:32 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:51:32 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:49:57 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:49:54 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 8:38:59 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\MILES\DOWNLOAD APPS\UNCONFIRMED 56228.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 07/01/2012 8:26:49 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\MILES\DOWNLOAD APPS\AIDA32EE_393.EXE.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 07/01/2012 7:27:32 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 7:27:29 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 7:27:07 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\MILES\DOWNLOAD APPS\UNCONFIRMED 16445.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 07/01/2012 5:25:27 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 07/01/2012 5:25:26 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 06/01/2012 6:40:22 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 06/01/2012 6:40:21 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 05/01/2012 8:48:03 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 05/01/2012 8:48:03 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 04/01/2012 5:25:48 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 04/01/2012 5:25:48 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 03/01/2012 5:53:01 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 03/01/2012 5:53:00 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 02/01/2012 9:45:05 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program converter.exe version 5.9.0.179 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 17f4 Start Time: 01ccc9978ab544fb Termination Time: 2527

Log: 'Application' Date/Time: 02/01/2012 6:00:02 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 02/01/2012 6:00:01 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 02/01/2012 12:22:12 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 02/01/2012 12:22:12 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/01/2012 9:02:48 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 08/01/2012 9:02:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 08/01/2012 2:49:02 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 08/01/2012 12:38:26 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 07/01/2012 7:54:07 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 07/01/2012 7:54:07 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 07/01/2012 7:33:10 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 07/01/2012 7:33:10 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 07/01/2012 7:12:01 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 07/01/2012 7:12:01 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 07/01/2012 6:44:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 07/01/2012 6:44:56 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 07/01/2012 6:43:45 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 12:41:18 AM on 1/7/2012 was unexpected.

Log: 'System' Date/Time: 06/01/2012 5:23:59 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 06/01/2012 5:23:59 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 06/01/2012 6:08:11 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 06/01/2012 4:43:51 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 06/01/2012 4:43:51 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 05/01/2012 6:27:59 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/01/2012 6:27:59 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 05/01/2012 4:55:52 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/01/2012 3:24:15 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/01/2012 3:24:15 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 04/01/2012 3:57:33 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 04/01/2012 3:57:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 04/01/2012 3:04:13 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 04/01/2012 3:04:13 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 03/01/2012 4:52:26 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2012 4:52:26 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2012 6:47:19 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2012 6:47:19 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 02/01/2012 9:51:34 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 02/01/2012 5:02:04 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/01/2012 5:02:04 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 02/01/2012 7:02:18 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/01/2012 7:02:18 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 02/01/2012 7:00:56 AM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

Log: 'System' Date/Time: 02/01/2012 7:00:45 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 12:58:39 AM on 1/2/2012 was unexpected.

Log: 'System' Date/Time: 02/01/2012 5:57:02 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/01/2012 5:57:02 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 01/01/2012 9:34:18 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/01/2012 9:34:18 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 01/01/2012 4:58:17 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/01/2012 4:58:17 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 01/01/2012 12:43:39 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/01/2012 12:43:39 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ShowAnalyzerMaster service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 01/01/2012 12:42:09 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease xxx.xxx.x.x for the Network Card with network address 0019D171DA46 has been denied by the DHCP server xxx.xxx.x.x (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/01/2012 12:42:07 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 6:40:46 PM on 12/31/2011 was unexpected.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:57 PM

Posted 11 January 2012 - 10:39 AM

http://technet.microsoft.com/en-us/library/cc726889(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc726889(WS.10).aspx

Are you on a home network?

Those "access denied" errors worry me.

Louis

#7 mcg19771

mcg19771
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 12 January 2012 - 07:51 PM

Yes, I have a home network set up. I did the steps listed on the microsoft page to include ipconfig /release and ipconfig /renew, and it does show an IPv6 address listed as "preferred."

Should this help resolve the initial issue?

Thanks!

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:57 PM

Posted 13 January 2012 - 09:49 AM

What malware defense programs are installed?

Have you scanned for malware?

None of the data you have provided...point to anything that I can interpret properly as a "cause."

From http://www.aumha.org/a/stop.htm:

"0x00000019: BAD_POOL_HEADER
A pool header issue is a problem with Windows memory allocation. Device driver issues are probably the msot common, but this can have diverse causes including bad sectors or other disk write issues, and problems with some routers."


IMO, the file listed as causing the BSOD...is generally just the point where a problem is detected by Windows and not the cause of the BSOD.

Louis

#9 mcg19771

mcg19771
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 13 January 2012 - 06:10 PM

Yes, I use Malwarebytes along with the typical Norton Internet Security scans. When I first posted, I noted that I had listed "pup.cnet.adware.bundle" which I quarantined and deleted. I ran Malwarebytes again today and had the same adware listed which I again removed and deleted. It was listed as the file "cnet2_mp3tagv249asetup_exe.exe."

I haven't had any BSODs since I posted, so maybe the issue has been resolved. Any other thoughts? Thanks for your help.. I do appreciate it.

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:57 PM

Posted 14 January 2012 - 03:33 PM

No BSODs is good news...if you have any, just add the data to this post.

I would watch the system for a few days before feeling relieved, just my habit :).

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users