Jump to content

BSOD Bad Pool Header


Recommended Posts

I have a recurring similar problem.

I get a BSOD with BAD_POOL_CALLER,  maybe once every few days, sometimes more than once in a day. This has been going on for months.

In event viewer, 100% of the time, the last entry before the BSOD is:-

A service was installed in the system.

Service Name:  MBAMSwissArmy
Service File Name:  C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  

 

I am fully up to date with updates and patches on my win 10 machine, and have run full scans by malwarebytes and by Mcafee in safe mode.

I reported it to support but they wanted me to install all kinds of software, some unsigned, to help them debug it and I don't want to risk that.

Link to post
Share on other sites

factfinder - please start your own topic so that your issue can get the individual attention that it deserves.
As you don't want to run any programs, please do these 3 things in order to provide us with the information to analyze your issues
 

Quote

Upload Dump Files:
NOTE:  If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder.  Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there.  If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP.  If you find it, zip it up and upload it to a free file hosting service.  Then post the link to it in your topic so that we can download it.

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp.  Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html
More info on dump file options here: http://support.microsoft.com/kb/254649

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it).

If you're having difficulties with the format, please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "msinfo32 /nfo %USERPROFILE%\Desktop\TEST.NFO" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the TEST.NFO file.  If you have difficulties with making this work, please post back.  Then zip up the .nfo file and upload/attach the .zip file with your next post.

systeminfo:
Please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "systeminfo.exe >%USERPROFILE%\Desktop\systeminfo.txt" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the syteminfo.txt file.  If you have difficulties with making this work, please post back.  Then zip up the .txt file and upload/attach the .zip file with your next post.
NOTE:    Will not work with Windows XP

 

Link to post
Share on other sites

 

Tne memory dumps appear to be caused by networking components.

While they blame MalwareBytes, there's not certainty that it's to blame.
For example, it can be another driver that uses MalwareByte's memory space and then exits - leaving nothing for the memory dump to blame.
 

I suggest:
- temporarily uninstall MalwareBytes
- then run Driver Verifier using these instructions:  http://www.carrona.org/verifier.html

Analysis:

The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:

**************************Thu Sep  1 17:39:50.732 2016 (UTC - 4:00)**************************

Loading Dump File [C:\Users\john\SysnativeBSODApps\090116-6500-01.dmp]

Windows 10 Kernel Version 10586 MP (8 procs) Free x64

Built by:
10586
.545.amd64fre.th2_release.160802-1857

System Uptime:
3 days 2:51:53.570

*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys

*** WARNING: Unable to verify timestamp for mfewfpk.sys

*** ERROR: Module load completed but symbols could not be loaded for mfewfpk.sys

Probably caused by :
NETIO.SYS ( NETIO!IoctlKfdQueryEnumFilters+bf30 )

BugCheck
C2, {7, 126c, 65006c, ffffe00158ede1c8}

BugCheck Info:

Arguments:

Arg1: 0000000000000007, Attempt to free pool which was already freed

Arg2: 000000000000126c, Pool tag value from the pool header

Arg3: 000000000065006c, Contents of the first 4 bytes of the pool header

Arg4: ffffe00158ede1c8, Address of the block of pool being deallocated

BUGCHECK_STR:  0xc2_7

PROCESS_NAME:  System

FAILURE_BUCKET_ID:
0xc2_7_NETIO!IoctlKfdQueryEnumFilters

CPUID:        "Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz"

MaxSpeed:     2600

CurrentSpeed:
2594

  BIOS Version                  1.03.07RLS1

  BIOS Release Date             03/24/2015

  Manufacturer                  Notebook                        

  Product Name                  P65_P67SG                       

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:

The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Thu Sep  1 17:39:50.732 2016 (UTC - 4:00)**************************
MBfilt64.sys                Thu Jul 30 23:40:32 2009 (4A7267B0)
necbatt.sys                 Wed Jun 19 23:08:55 2013 (51C27247)
FPWinIo.sys                 Thu Aug  8 03:44:50 2013 (52034C72)
SvThANSP.sys                Fri Oct 11 23:08:38 2013 (5258BD36)
semav6msr64.sys             Fri Jan 24 14:22:40 2014 (52E2BD80)
TeeDriverx64.sys            Thu Mar 13 14:21:52 2014 (5321F740)
mwac.sys                    Tue Jun 17 22:07:00 2014 (53A0F444)
HKKbdFltr.sys               Wed Oct 29 04:56:30 2014 (5450ABBE)
HKMouFltr.sys               Wed Oct 29 04:56:30 2014 (5450ABBE)
iaStorA.sys                 Thu Nov  6 14:00:02 2014 (545BC532)
RtsPer.sys                  Wed May  6 03:22:09 2015 (5549C121)
iwdbus.sys                  Mon Jun  8 18:12:39 2015 (55761357)
AirplaneModeHid.sys         Tue Jul 14 05:43:04 2015 (55A4D9A8)
rt640x64.sys                Thu Jul 23 04:53:50 2015 (55B0AB9E)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
ibtusb.sys                  Fri Aug  7 12:51:29 2015 (55C4E211)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
SynTP.sys                   Tue Sep  8 18:46:23 2015 (55EF653F)
Smb_driver_Intel.sys        Tue Sep  8 18:46:55 2015 (55EF655F)
Netwtw02.sys                Thu Sep 24 14:26:09 2015 (56044041)
RTKVHD64.sys                Mon Oct  5 08:51:25 2015 (5612724D)
intelppm.sys                Thu Oct 29 22:09:51 2015 (5632D16F)
igdkmd64.sys                Wed Nov 18 14:28:29 2015 (564CD15D)
nvvad64v.sys                Tue Apr 12 04:46:52 2016 (570CB5FC)
McPvDrv.sys                 Wed Apr 13 01:39:55 2016 (570DDBAB)
mfencbdc.sys                Tue Apr 19 05:15:44 2016 (5715F740)
mfehidk.sys                 Fri Apr 22 11:57:19 2016 (571A49DF)
mfewfpk.sys                 Fri Apr 22 11:57:37 2016 (571A49F1)
mfeavfk.sys                 Fri Apr 22 11:59:02 2016 (571A4A46)
mfefirek.sys                Fri Apr 22 12:00:07 2016 (571A4A87)
cfwids.sys                  Fri Apr 22 12:00:39 2016 (571A4AA7)
mfeaack.sys                 Fri Apr 22 12:03:01 2016 (571A4B35)
mfesapsn.sys                Mon May 30 14:38:04 2016 (574C888C)
NvStreamKms.sys             Fri Jun  3 07:28:21 2016 (575169D5)
nvlddmkm.sys                Thu Aug 11 07:07:38 2016 (57AC5C7A)
[/CODE]


[url=http://www.carrona.org/drivers/driver.php?id=MBfilt64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]MBfilt64.sys[/COLOR][/B][/url]
[color=#777777][color=#4b0082]necbatt.sys[/color] - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.[/color]
[url=http://www.carrona.org/drivers/driver.php?id=FPWinIo.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]FPWinIo.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=SvThANSP.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]SvThANSP.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=semav6msr64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]semav6msr64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]TeeDriverx64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mwac.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mwac.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=HKKbdFltr.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]HKKbdFltr.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=HKMouFltr.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]HKMouFltr.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=iaStorA.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]iaStorA.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=RtsPer.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]RtsPer.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=iwdbus.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]iwdbus.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=AirplaneModeHid.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]AirplaneModeHid.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=rt640x64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]rt640x64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]MBAMSwissArmy.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=ibtusb.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]ibtusb.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mbam.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mbam.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=SynTP.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]SynTP.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Smb_driver_Intel.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=Netwtw02.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]Netwtw02.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]RTKVHD64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=intelppm.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]intelppm.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]igdkmd64.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]nvvad64v.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=McPvDrv.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]McPvDrv.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfencbdc.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfencbdc.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfehidk.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfehidk.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfewfpk.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfewfpk.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfeavfk.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfeavfk.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfefirek.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfefirek.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=cfwids.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]cfwids.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfeaack.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfeaack.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=mfesapsn.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]mfesapsn.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]NvStreamKms.sys[/COLOR][/B][/url]
[url=http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys]http://www.carrona.org/drivers/driver.php?id=[B][COLOR=BLUE]nvlddmkm.sys[/COLOR][/B][/url]

[/INDENT]

 


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.