Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSoD randomly, bad_pool_header


  • Please log in to reply
12 replies to this topic

#1 Lucidolph

Lucidolph

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 08 June 2015 - 06:24 PM

Hi everyone.

My PC has been crashing lately saying bad_pool_header, seems to be getting more common.. When I go on a game it seems to get it quite quick.. Here are all the details I'm able to provide..

 

· OS - Windows 7
· x64 - 64bit
· What was original installed OS on system? Windows 7
· OS came pre-installed on system
· 3years old, Samsung Series 5 - 530U, 13.3inch Ultrabook

· Age of OS installation - 3years, haven't touched it

· Specs - http://www.amazon.co.uk/Samsung-13-3-inch-Ultrabook-Processor-Integrated/dp/B008HZEJDE

· System Manufacturer / Dell?
· Exact model number - np530u3b-a04de

 

2 zips attached as requested, thanks in advance!

 

I FORGOT TO MENTION

on startup I always get these 2 error messages..

Both have "RunDLL" as the title of the window at the top of it..

then..

There was a problem starting C:\Users\Amy\AppData\Roaming\winet.dll

There was a problem starting C:\Users\Amy\AppData\Roaming\mshldi.dll

 

My laptop has already crashed again since posting this, in a few mins, I wasn't doing anything - it was idle on the desktop, it's getting really bad

Attached Files


Edited by Lucidolph, 08 June 2015 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:08:47 AM

Posted 08 June 2015 - 06:56 PM

Hi . . .
 
The dumps list mwac.sys as the probable cause - Malwarebytes Web Access Control driver; timestamp = June 2014 -


mwac.sys     Tue Jun 17 22:06:34 2014 (53A0F42A)

Update your Malwarebytes program installation.
 
http://www.sysnative.com/drivers/driver.php?id=mwac.sys
 
One other item of interest to me in the dumps is the driver for your Intel Centrino Advanced-N 6230 wifi - timestamp = September 2011 -


NETwNs64.sys Sun Sep 18 05:26:48 2011 (4E75B958)

It is possible that Malwarebytes was named probable cause of the BSODs because it encountered problems with the 4 year old Intel wifi driver while "phoning home".  Please note that it is just a theory and that the Intel wifi driver was not named as a cause or even a contributor to the BSODs. 
 
Check your system manufacturer's support site for a driver update.  If none found, go directly to Intel -
 
http://www.sysnative.com/drivers/driver.php?id=NETwNs64.sys
 
Be sure to create a Windows System Restore point prior to updating drivers - http://www.sysnative.com/forums/windows-7-windows-vista-tutorials/10909-windows-system-restore-create-restore-point-windows-10-8-1-8-7-vista.html
 
Regards. . .
 
jcgriff2
 
 
Windbg Output
 

Spoiler

Edited by jcgriff2, 08 June 2015 - 09:49 PM.

Microsoft MVP 2009-2015

#3 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:08:47 AM

Posted 08 June 2015 - 07:10 PM

I FORGOT TO MENTION
on startup I always get these 2 error messages..
Both have "RunDLL" as the title of the window at the top of it..
then..
There was a problem starting C:\Users\Amy\AppData\Roaming\winet.dll
There was a problem starting C:\Users\Amy\AppData\Roaming\mshldi.dll

 
I missed that last part when I posted my reply re: the BSODs. 
 
For now, I would suggest using SysInternals AutoRuns to try and stop those entries from starting up.
 
Download AutoRuns from Microsoft TechNet (nothing to install) - https://technet.microsoft.com/en-us/sysinternals/bb963902
 
Extract autoruns.exe to Desktop or Documents folder.  RIGHT-click on autoruns.exe, select "Run as Administrator".
 
Let AutoRuns scan the registry.  Click on "Logon" tab. 
 
Look for an entry/ies beginning with "C:\Users\Amy\AppData\Roaming" - uncheck the box(es).

If you can't find it, save AutoRuns as an ARN file (default file extension).

Zip it up and attach to your next post.

Regards. . .

John

Edited by jcgriff2, 08 June 2015 - 07:11 PM.

Microsoft MVP 2009-2015

#4 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 09 June 2015 - 01:36 PM

I'm having to type this on the iPad because the laptop crashes before I get chance to finish the message ... I have updated mbam by downloading it fresh from the link you provided.. I downloaded the other thing and unchecked the processes and now I don't get those error messages on startup but i still get he crashes.. I ended up downloading an Intel driver finder tool from their site, somewhere from the link you provided.. It said I had 4 out of date drivers, 2 are network ones that sound the exact same but one says "legacy" on it, one is Bluetooth, one is chipset.. After 3hrs I downloaded the legacy network driver and installed it fine.. It took that long because it took about 25times as my laptop crashes during download every time, it hasn't helped.. I gave up on the other one because I just don't have the time for it right now, I did get the chipset one though no problem but it says failed even though the installer said it worked, upon restarting it states I'm still using the old version and I don't know how to update it successfully.. That's where I am at the minute, losing my mind lol... Thanks for your help

#5 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:08:47 AM

Posted 09 June 2015 - 04:35 PM

So what exactly is happening now?

Are these "crashes" BSODs - i.e., you get an actual blue screen?

Boot into Safemode with Networking and see if the crashes continue there.

Press F8 key repeatedly during boot-up.

Try to download the other Intel drivers while in Safemode with Networking.

Regards. . .

jcgriff2


Edited by jcgriff2, 09 June 2015 - 04:37 PM.

Microsoft MVP 2009-2015

#6 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:08:47 AM

Posted 09 June 2015 - 04:37 PM

Also, please create the AutoRuns ARN file, zip it up & attach to your next post.

Please see my previous post for instructions re: ARN file.

Thank you.


Edited by jcgriff2, 09 June 2015 - 04:37 PM.

Microsoft MVP 2009-2015

#7 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 09 June 2015 - 07:29 PM

I totally forgot to try safemode, well it's good to know that it works perfectly on this mode..

 

I only ever get one type of crash, it's BSoD, and it's always "bad_pool_header, with an error code of 0x00000019, not sure if too many zeros, but always ends in 19.. It happen about 5-10minutes into the PC being logged in.

 

I tried to download the drivers, that worked fine - but I couldn't install them because I was in safemode, the services "WindowsInstaller" I believe was disabled and I can't renable in safemode.

 

Here is the file I forgot to attach! Thank you so much for your time and effort

Attached Files



#8 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 10 June 2015 - 10:48 AM

I'm posting this here to make sure it gets read.. The laptop has been on for about 3hrs, with no problems.. I don't think I've done anything, I just went on it this morning and it's not crashed once, I've played games and I've downloaded the drivers but I'm required to restart my laptop to finish the installation but I don't want to incase it doesn't turn on again and the problem won't be fixed.. is there anything I can do whilst it's working to find out the cause? Thanks



#9 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:08:47 AM

Posted 10 June 2015 - 02:26 PM

I totally forgot to try safemode, well it's good to know that it works perfectly on this mode..

 

I only ever get one type of crash, it's BSoD, and it's always "bad_pool_header, with an error code of 0x00000019, not sure if too many zeros, but always ends in 19.. It happen about 5-10minutes into the PC being logged in.

 

I tried to download the drivers, that worked fine - but I couldn't install them because I was in safemode, the services "WindowsInstaller" I believe was disabled and I can't renable in safemode.

 

Here is the file I forgot to attach! Thank you so much for your time and effort

 

The interesting thing about your prior BSODs with 0x19 bugcheck (leading zeroes not needed) is that it is often RAM related -- or other unknown hardware failure affecting RAMs ability to properly hold kernel code.

 

Running emtest86+ is a must here.  Run 1 stick at a time; alternate the slots -

 

http://www.sysnative.com/forums/hardware-tutorials/3909-test-ram-memtest86.html

 

 

I'm posting this here to make sure it gets read.. The laptop has been on for about 3hrs, with no problems.. I don't think I've done anything, I just went on it this morning and it's not crashed once, I've played games and I've downloaded the drivers but I'm required to restart my laptop to finish the installation but I don't want to incase it doesn't turn on again and the problem won't be fixed.. is there anything I can do whilst it's working to find out the cause? Thanks

 

You've got to reboot at some point. Everyone faces the possibility that the system may not boot again.  Now is as good a time as any.

 

I'll look at the new dumps after dinner/later tonight.

 

Regards. . .

 

jcgriff2


Microsoft MVP 2009-2015

#10 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 11 June 2015 - 11:42 AM

Hello again, I had things I needed to do whilst the laptop was up and running, but it eventually crashed as normal after around 12hrs.. Ever since it has been back to normal, BSoD every 10mins or so.. I did the ramtest, ran about 20parses or whatever, took about an hour or so, then it restarted and logged back on and just had a popup saying there were no errors, it was fine... You ask about a dump but I'm unsure which/where.. Thanks!



#11 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 12 June 2015 - 07:58 PM

I can't edit my old post because it's too old I think.. I ran the default win7 memtest earlier, didnt realise, the tool you linked didn't work, but the version without the plus symbol did.. it ran the full 48 passes, took 5hrs, no errors, everything was perfect, I don't think it saved a dump file, it asked to save a .html and I said yes but I don't know where that went.. I have 1stick of 4gb ram..

 

I had to change some setting in my bios for the usb boot to work, as a result I now get an error message briefly upon booting up, it says something about realtek family ethernet controller error or not initialised, check something.. I downloaded what I thought was the latest realtek ethernet controller driver but it hasn't changed anything, but considering you said it could be linked to my network driver, and this error sounded like it was saying the same, it sounds quite likely?

 

Thanks!



#12 Lucidolph

Lucidolph
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 13 June 2015 - 09:26 AM

For now my laptop seemed fixed..

I was advised to do a clean boot.

 

https://support.microsoft.com/en-us/kb/929135

 

For now the problem seems fixed and I haven't noticed any impaired functionality, I have sound, my games work, internet works, my laptop seems faster in general as I normally have 50 processes or so, now I have 17..

 

But it would be nice to know what caused it, and I assume that from this (if it doesn't crash anymore) it will be easy to isolate the cause..

Thank you.



#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:47 AM

Posted 14 June 2015 - 03:22 AM

But it would be nice to know what caused it, and I assume that from this (if it doesn't crash anymore) it will be easy to isolate the cause..

Thank you.

 

The BSODs pointed to a driver by Malwarebytes as jcgriff2 previously mentioned.

Your computer's issues however were probably caused by malware  The entries you mentioned in the OP have suspicious start locations; which is common for malware

winet rundll32.exe "c:\users\amy\appdata\roaming\winet.dll",gotobookmark Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mshldi "c:\windows\system32\rundll32.exe" "c:\users\amy\appdata\roaming\mshldi.dll",richsetcomparebool Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Plus, I imagine programs like "Powersuite Golden Edition" / "Caremon" weren't actually helping matters. Was it a program you were familiar with?

CareMon	CareMon	Start Pending	Auto	Own Process	"c:\program files (x86)\spotmau\powersuite golden edition\powersuite 2012\pccheck\caremon.exe"	Ignore	LocalSystem	0

Edited by thisisu, 14 June 2015 - 03:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users