Jump to content

BAD_POOL_HEADER


Recommended Posts

hello, 

since i have installed malwarebytes in my new pc i have been getting BAD_POOL_HEADER shut downs randomly . i analyzed the file online and this is the info >

 

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: ffffe0001dfd94d0, The pool entry we were looking for within the page.
Arg3: ffffe0001dfd94f0, The next pool entry.
Arg4: 0000000004020039, (reserved)

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffff801f934f020: Unable to get special pool info
fffff801f934f020: Unable to get special pool info
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffe0001dfd94d0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: mbamservice.ex

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff801f932d05e to fffff801f91db8a0

STACK_TEXT:
ffffd000`2a256048 fffff801`f932d05e : 00000000`00000019 00000000`00000020 ffffe000`1dfd94d0 ffffe000`1dfd94f0 : nt!KeBugCheckEx
ffffd000`2a256050 fffff800`30a46599 : 00000000`00000008 00000000`00000000 ffffd000`2a256240 00000000`00000002 : nt!ExDeferredFreePool+0x7ee
ffffd000`2a256140 fffff800`30b64efa : ffffe000`1f2f2850 00000000`00000001 00000000`00000000 ffffe000`26e2bbd0 : tcpip!IppInspectBuildHeaders+0x5e9
ffffd000`2a256430 fffff800`34e39135 : 00000000`00000008 ffffd000`00000014 ffffe000`25ee9c40 ffffe000`25ee9c64 : fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x1be
ffffd000`2a2564e0 00000000`00000008 : ffffd000`00000014 ffffe000`25ee9c40 ffffe000`25ee9c64 ffffe000`25ee9c54 : mwac+0x6135
ffffd000`2a2564e8 ffffd000`00000014 : ffffe000`25ee9c40 ffffe000`25ee9c64 ffffe000`25ee9c54 ffffe000`00000011 : 0x8
ffffd000`2a2564f0 ffffe000`25ee9c40 : ffffe000`25ee9c64 ffffe000`25ee9c54 ffffe000`00000011 00000000`00000000 : 0xffffd000`00000014
ffffd000`2a2564f8 ffffe000`25ee9c64 : ffffe000`25ee9c54 ffffe000`00000011 00000000`00000000 00000000`00000000 : 0xffffe000`25ee9c40
ffffd000`2a256500 ffffe000`25ee9c54 : ffffe000`00000011 00000000`00000000 00000000`00000000 ffffe000`00000000 : 0xffffe000`25ee9c64
ffffd000`2a256508 ffffe000`00000011 : 00000000`00000000 00000000`00000000 ffffe000`00000000 ffffe000`00000000 : 0xffffe000`25ee9c54
ffffd000`2a256510 00000000`00000000 : 00000000`00000000 ffffe000`00000000 ffffe000`00000000 00000000`00000000 : 0xffffe000`00000011


STACK_COMMAND: kb

FOLLOWUP_IP:
fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1be
fffff800`30b64efa 85c0 test eax,eax

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1be

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5579e00a

FAILURE_BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1be

BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+1be

Followup: MachineOwner

 

 

 

can you please let me know how to fix this

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download MBAM-clean and save it to your desktop.

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete.



Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked[/b and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.
 
Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.


 

Let me see those logs...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

Zip up and attach the following folder:  C:\Windows\Minidump

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.