Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bad_pool_header


  • Please log in to reply
12 replies to this topic

#1 dabink

dabink

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 December 2015 - 01:30 AM

I was getting bad_pool_header whist my desktop was running Win7.  After upgrading to Win10 bad_pool_header persists intermittently.

 

Systen Info:
OS = Win10
64 bit
Upgraded from Win7
System is 5 years old
Installed Win10 last week - have not tried to reinstall since the BSOD occured with Win7 first

ACER VERITON M498G
Intel i5 CPU 3.2GHz
16 GB RAM
Intel® HD Graphics
Intel Video BIOS
 

Attached Files



BC AdBot (Login to Remove)

 


#2 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 December 2015 - 02:06 AM

After running DRIVER VERIFIER
I was unable to boot into normal Windows or SAFEMODE, I kept getting:
driver_verifier_detected_violation
preparing automatic repair
diagnosing your PC
But I was able to access System Restore.

How do I attaach the minidump.zip file?



#3 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 December 2015 - 11:17 AM

The perfmon report showed an Alps Pointing-device error.  Since this is not a laptop with a touchpad and I could not update the driver, I uninstalled it and deleted the driver from the Device Manager.
 
I'll report back after I rerun the SysnativeFileCollectionApp  & Perfmon


#4 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 December 2015 - 11:36 AM

Here are the new reports.

 

Since Perfmon showed a Microsoft PS/2 mouse error but Device Manager showed that the driver software was already up to date and yet the yellow warning sign is still there, I deleted it from Device Mgr and will reboot now.

Attached Files



#5 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 December 2015 - 07:02 PM

Driver_Verifier_Detected_Violation
Driver verifier ran into a problem and needs to restart.  We'll restart for you.
Preparing automatic repair
diagnosing your PC
Your PC did not start correctly
Restart (loops the above again)
 
Driver verifier ran into a problem and needs to restart.  We'll restart for you.
Preparing automatic repair
diagnosing your PC
Your PC did not start correctly
Advanced Options
Troubleshoot
Advanced Options
System Restore
 
In order to upload minidump.dmp I rebooted as Admin which caused a different BSOD
bad_pool_caller
 
Then:
Scanning and repairing drive ©
followed by an auto reboot into non-admin user
so I can't upload minidump.dmp from the non-admin user
and now I can't reboot as admin


#6 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 AM

Posted 28 December 2015 - 12:55 PM

Hi Dabink,

 

 

Sorry for the delayed response. Do you still need help with this? If yes, then please respond to this thread and I will try my best to reply within 48 hours.

 

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#7 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 December 2015 - 01:17 PM

Hello Pranav,

 

Yes, I stopped using that puter whilst waiting here.  Thank you for your assistance.

 

Best,

Steve



#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 AM

Posted 28 December 2015 - 01:43 PM

Hello Pranav,

 

Yes, I stopped using that puter whilst waiting here.  Thank you for your assistance.

 

Best,

Steve

 

Puter?


Edited by blueelvis, 28 December 2015 - 01:43 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 December 2015 - 02:02 PM

puter = computer sorry for the slang



#10 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 AM

Posted 28 December 2015 - 02:29 PM

Hi dabink ^_^,
 
I have analysed your dump files and below has been provided an analysis of the same for informative purposes :-
 
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request. This may or may not be due to the caller.

Below is the stack revealed by the dump file -

3: kd> knL
 # Child-SP          RetAddr           Call Site
00 ffffd000`51d5b1e8 fffff800`648afde5 nt!KeBugCheckEx
01 ffffd000`51d5b1f0 fffff801`cfdf0ed2 nt!ExFreePool+0x2c5
02 ffffd000`51d5b2d0 fffff801`cfdf1bf2 tcpip!IppCleanupSendState+0x1a
03 ffffd000`51d5b300 fffff801`cff15b1d tcpip!IppInspectBuildHeaders+0x412
04 ffffd000`51d5b5e0 fffff801`d368612d fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x1dd
05 ffffd000`51d5b6a0 00000000`00000008 mwac+0x612d
06 ffffd000`51d5b6a8 ffffe001`00000014 0x8
07 ffffd000`51d5b6b0 ffffe001`ecba0290 0xffffe001`00000014
08 ffffd000`51d5b6b8 ffffe001`ecba02b4 0xffffe001`ecba0290
09 ffffd000`51d5b6c0 ffffe001`ecba02a4 0xffffe001`ecba02b4
0a ffffd000`51d5b6c8 ffffe001`00000011 0xffffe001`ecba02a4
0b ffffd000`51d5b6d0 00000000`00000000 0xffffe001`00000011

 
We can see MalwareBytes driver asking the IPSec kernel driver to construct the IP header for sending data via Internet. Now, with this kind of bugcheck, the current caller may or may not be the cause.

So, let's fix the current visible problem. Kindly follow the below steps -

  • Please uninstall the currently installed MalwareBytes using this tool - http://www.malwarebytes.org/mbam-clean.exe
  • Once you have uninstalled it, make sure that Windows Defender is turned on.
  • If you are still facing problems, I would suggest you to try removing the Netgear Wifi USB device and see if the problem still occurs or not.
  • Kindly update the outdated drivers.

 

Below is the list of 3rd party drivers present on your system -

**************************Sat Dec 19 20:12:46.072 2015 (UTC + 5:30)**************************
eLock2FSCTLDriver.sys        Tue Mar 11 12:31:45 2008 (47D62E59)
eLock2BurnerLockDriver.sys   Tue Mar 11 14:01:09 2008 (47D6434D)
anodlwfx.sys                 Fri Mar  6 15:40:08 2009 (49B0F680)
NTIDrvr.sys                  Wed Mar 25 08:39:39 2009 (49C9A073)
UBHelper.sys                 Mon Apr 27 14:18:19 2009 (49F57153)
mwlPSDFilter.sys             Tue Jun  2 15:37:30 2009 (4A24F9E2)
mwlPSDNServ.sys              Tue Jun  2 15:37:39 2009 (4A24F9EB)
mwlPSDVDisk.sys              Tue Jun  2 15:45:29 2009 (4A24FBC1)
HECIx64.sys                  Fri Sep 18 01:24:16 2009 (4AB293E8)
vsflt53.sys                  Tue Apr 12 17:01:35 2011 (4DA43817)
SASKUTIL64.SYS               Wed Jul 13 02:30:01 2011 (4E1CB5D1)
SASDIFSV64.SYS               Fri Jul 22 04:33:00 2011 (4E28B024)
IntcDAud.sys                 Tue Aug 23 18:42:57 2011 (4E53A759)
GEARAspiWDM.sys              Fri May  4 01:26:17 2012 (4FA2E2E1)
tsvadpcm.sys                 Sun Aug  5 18:54:11 2012 (501E73FB)
NetgearUDSMBus.sys           Mon Aug 13 12:33:29 2012 (5028A6C1)
NetgearUDSTcpBus.SYS         Mon Aug 13 12:35:54 2012 (5028A752)
cbfs3.sys                    Sat Nov 10 14:19:57 2012 (509E1535)
igdkmd64.sys                 Tue Nov 27 05:56:05 2012 (50B4089D)
mcaudrv_x64.sys              Wed Dec  4 12:42:31 2013 (529ED5DF)
mwac.sys                     Wed Jun 18 07:36:34 2014 (53A0F42A)
mcvidrv.sys                  Thu Oct 23 12:56:34 2014 (5448ADAA)
HWiNFO64A.SYS                Sun Nov 23 21:54:07 2014 (54720A27)
iaStorAV.sys                 Thu Feb 19 17:38:39 2015 (54E5D247)
e1i63x64.sys                 Fri Mar 27 01:54:57 2015 (55146B19)
A6210.sys                    Thu May 28 19:58:52 2015 (55672624)
MBAMSwissArmy.sys            Wed Jul 29 09:56:01 2015 (55B855D9)
mbam.sys                     Tue Aug 11 23:05:19 2015 (55CA3257)
Smb_driver_Intel.sys         Sat Sep 26 01:16:28 2015 (5605A494)
SbieDrv.sys                  Thu Oct 22 23:38:31 2015 (5629261F)
RTKVHD64.sys                 Fri Oct 23 12:55:56 2015 (5629E104)
intelppm.sys                 Fri Oct 30 07:39:51 2015 (5632D16F)
eLock2FSCTLDriver.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
eLock2BurnerLockDriver.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
tsvadpcm.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
NetgearUDSTcpBus.SYS - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
 
 
Let me know in case of any problem ^_^
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#11 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 29 December 2015 - 08:03 PM

After uninstalling malwarebytes the bad_pool_header error returned
 
I use the Netgear Wifi USB device to access the local router, and I recall I had trouble updating the Netgear driver after my Win10 upgrade.  
 
Fortunately, Netgear has a recent driver update and now I am not getting the bad_pool_header error and I can now login as Admin.  :bounce:
 
I also updated the manufacturers BIOS.
 
Updating the drivers is quite problematic, since there are so many and they are not device drivers.  Is it really necessary since I don't have or use many of those programs anyway?
 
Also, can I reinstall malwarebytes?
 
Your advice works a treat.  :bowdown:


#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 AM

Posted 02 January 2016 - 03:43 AM

After uninstalling malwarebytes the bad_pool_header error returned
 
I use the Netgear Wifi USB device to access the local router, and I recall I had trouble updating the Netgear driver after my Win10 upgrade.  
 
Fortunately, Netgear has a recent driver update and now I am not getting the bad_pool_header error and I can now login as Admin.  :bounce:
 
I also updated the manufacturers BIOS.
 
Updating the drivers is quite problematic, since there are so many and they are not device drivers.  Is it really necessary since I don't have or use many of those programs anyway?
 
Also, can I reinstall malwarebytes?
 
Your advice works a treat.  :bowdown:


Hi Dabink ^_^,

I am not sure what you are trying to say. In the last line, you said that my advice worked but in the first line, you mention that the BSOD is still occurring or returned. Could you please explain what you mean to say?

These USB devices have their fair share of problems with the operating systems starting from Windows 8.

If you are still facing BSODs, please run the Sysnative BSOD app and upload a freshly generated ZIP file so that it could be analyzed :)


Let me know in case of any problems.

-Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 02 January 2016 - 07:27 PM

Sorry.  In my previous post I gave you a history of what I did which has worked.

1. I uninstalled malwarbytes, but it did not fix the BSOD problem

2. Instead of unplugging the Netgear Wifi USB device I updated the driver to a very recent update.

3.  I updated the BIOS from the manufacturer.

 

So far I have not had the BSOD return.  Thank you very much.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users