locked
bad pool header RRS feed

  • Question

  • Hey I have a new lenevo z50

    4i3,8gb ram,4gb graphic card,1tb running W8.1

    And every day chrome or firefox freezes and reboots itself, say's bad pool header

    Is it win 8.1 problem or kaspersky? i had macafee, had to uninstall to make way for kaspersky

    HELP!

    The dump files can be found here

    https://onedrive.live.com/redir?resid=66697D9C65212F29!463&authkey=!AHYTf_vlHJllRw0&ithint=folder%2cdmp

    thank you

    • Edited by benedictrg Friday, October 3, 2014 5:28 AM
    Friday, October 3, 2014 5:09 AM

Answers

  • Bendictrg

    Literally all of these were related to Kaspersky.  I would remove it and use the built in defender until Kaspersky, who is usually an OS behind, releases a new version

    Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\New folder\093014-22593-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*F:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*F:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17238.amd64fre.winblue_gdr.140723-2018
    Machine Name:
    Kernel base = 0xfffff800`8580e000 PsLoadedModuleList = 0xfffff800`85ad8350
    Debug session time: Mon Sep 29 22:36:48.917 2014 (UTC - 7:00)
    System Uptime: 1 days 20:32:37.843
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................................
    Loading User Symbols
    Loading unloaded module list
    ......................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 19, {d, ffffe0013c31053f, 33952923ae14dd70, 2e33952923ae14a2}
    
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    *** WARNING: Unable to verify timestamp for klflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for klflt.sys
    Probably caused by : Pool_Corruption ( nt!ExFreePool+99 )
    
    Followup: Pool_corruption
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 000000000000000d, 
    Arg2: ffffe0013c31053f
    Arg3: 33952923ae14dd70
    Arg4: 2e33952923ae14a2
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x19_d
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80085aa3ced to fffff80085961ca0
    
    STACK_TEXT:  
    ffffd001`f874ea48 fffff800`85aa3ced : 00000000`00000019 00000000`0000000d ffffe001`3c31053f 33952923`ae14dd70 : nt!KeBugCheckEx
    ffffd001`f874ea50 fffff800`85aa3a14 : ffffe001`40fb5850 ffffe001`3b37f5a0 00000000`00000000 00000000`00000002 : nt!ExFreePool+0x99
    ffffd001`f874ead0 fffff801`70815bce : fffff801`708b2110 00000000`00000000 ffffd001`f874ebe8 00000000`69716c6b : nt!ExFreePoolWithTag+0x744
    ffffd001`f874eba0 fffff801`708b2110 : 00000000`00000000 ffffd001`f874ebe8 00000000`69716c6b ffffe001`3c231a20 : klif+0x15bce
    ffffd001`f874eba8 00000000`00000000 : ffffd001`f874ebe8 00000000`69716c6b ffffe001`3c231a20 fffff801`708cbf51 : klflt+0xd110
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExFreePool+99
    fffff800`85aa3ced cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!ExFreePool+99
    
    FOLLOWUP_NAME:  Pool_corruption
    
    IMAGE_NAME:  Pool_Corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    IMAGE_VERSION:  6.3.9600.17238
    
    MODULE_NAME: Pool_Corruption
    
    BUCKET_ID_FUNC_OFFSET:  99
    
    FAILURE_BUCKET_ID:  0x19_d_nt!ExFreePool
    
    BUCKET_ID:  0x19_d_nt!ExFreePool
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x19_d_nt!exfreepool
    
    FAILURE_ID_HASH:  {26ec571f-9df1-2f7e-a60a-2144f95f5f9f}
    
    Followup: Pool_corruption
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by benedictrg Friday, October 3, 2014 12:07 PM
    Friday, October 3, 2014 11:16 AM

All replies

  • Bendictrg

    Literally all of these were related to Kaspersky.  I would remove it and use the built in defender until Kaspersky, who is usually an OS behind, releases a new version

    Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\New folder\093014-22593-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*F:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*F:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17238.amd64fre.winblue_gdr.140723-2018
    Machine Name:
    Kernel base = 0xfffff800`8580e000 PsLoadedModuleList = 0xfffff800`85ad8350
    Debug session time: Mon Sep 29 22:36:48.917 2014 (UTC - 7:00)
    System Uptime: 1 days 20:32:37.843
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................................
    Loading User Symbols
    Loading unloaded module list
    ......................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 19, {d, ffffe0013c31053f, 33952923ae14dd70, 2e33952923ae14a2}
    
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    *** WARNING: Unable to verify timestamp for klflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for klflt.sys
    Probably caused by : Pool_Corruption ( nt!ExFreePool+99 )
    
    Followup: Pool_corruption
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 000000000000000d, 
    Arg2: ffffe0013c31053f
    Arg3: 33952923ae14dd70
    Arg4: 2e33952923ae14a2
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x19_d
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80085aa3ced to fffff80085961ca0
    
    STACK_TEXT:  
    ffffd001`f874ea48 fffff800`85aa3ced : 00000000`00000019 00000000`0000000d ffffe001`3c31053f 33952923`ae14dd70 : nt!KeBugCheckEx
    ffffd001`f874ea50 fffff800`85aa3a14 : ffffe001`40fb5850 ffffe001`3b37f5a0 00000000`00000000 00000000`00000002 : nt!ExFreePool+0x99
    ffffd001`f874ead0 fffff801`70815bce : fffff801`708b2110 00000000`00000000 ffffd001`f874ebe8 00000000`69716c6b : nt!ExFreePoolWithTag+0x744
    ffffd001`f874eba0 fffff801`708b2110 : 00000000`00000000 ffffd001`f874ebe8 00000000`69716c6b ffffe001`3c231a20 : klif+0x15bce
    ffffd001`f874eba8 00000000`00000000 : ffffd001`f874ebe8 00000000`69716c6b ffffe001`3c231a20 fffff801`708cbf51 : klflt+0xd110
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExFreePool+99
    fffff800`85aa3ced cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!ExFreePool+99
    
    FOLLOWUP_NAME:  Pool_corruption
    
    IMAGE_NAME:  Pool_Corruption
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    IMAGE_VERSION:  6.3.9600.17238
    
    MODULE_NAME: Pool_Corruption
    
    BUCKET_ID_FUNC_OFFSET:  99
    
    FAILURE_BUCKET_ID:  0x19_d_nt!ExFreePool
    
    BUCKET_ID:  0x19_d_nt!ExFreePool
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x19_d_nt!exfreepool
    
    FAILURE_ID_HASH:  {26ec571f-9df1-2f7e-a60a-2144f95f5f9f}
    
    Followup: Pool_corruption
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by benedictrg Friday, October 3, 2014 12:07 PM
    Friday, October 3, 2014 11:16 AM
  • Thanks a lot for the reply

    I heard kaspersky was the best anti-virus agent out there, so for the first time in my life i shelled you 15$ to get a proper anti virus..and this is what i get. :(

    So you say i still can go ahead and uninstall kaspersky and defender will do a good as kaspersky does?

    And on the long run, what happens if i didn't uninstall kaspersky and i'm okay with the reboot.Does it hamper the performance of the system?  

    Thank you,

    Benedict


    • Edited by benedictrg Friday, October 3, 2014 12:09 PM
    Friday, October 3, 2014 12:07 PM
  • BRG

    IMHO it is one of the three worst malware applications along with McAfee and Symantec.  After doing more than 10,000 BSODS I have seen those 3 more times than I care to admit.

    Almost anything else will work.  Defender causes the least number of issues, and is a good lightweight malware app.  If you need more features there is AVG, Avira, ESET (which I use) and many others.


    Wanikiya and Dyami--Team Zigzag

    Friday, October 3, 2014 12:11 PM