locked
Bad Pool header RRS feed

  • Question

  • hello recently i had a Bad pool Header blue screen upon a boot up that i left at the log in screen. how can i find the Log File for bad pool header? i want to post it here.
    Friday, March 14, 2014 9:54 PM

Answers

  • Jonathan

    This was related to your Kaspersky killing netio.sys.  I would remove it and use the built in defender or another malware application.  I would stay away from Kaspersky, McAfee, and Norton.

    *

    http://support.kaspersky.com/downloads/utils/kavremover10.zip

    System Uptime: 0 days 6:15:11.101
    
    
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    GetPointerFromAddress: unable to read from fffff8036f5bf150
    GetUlongFromAddress: unable to read from fffff8036f5bf208
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    
    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 0000000000001205, (reserved)
    Arg3: 0000000000000000, Memory contents of the pool block
    Arg4: ffffe00008c1a778, Address of the block of pool being deallocated
    
    Debugging Details:
    ------------------
    
    
    POOL_ADDRESS:  ffffe00008c1a778 Nonpaged pool
    
    FREED_POOL_TAG:  NDnd
    
    BUGCHECK_STR:  0xc2_7_NDnd
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff8036f5043ca to fffff8036f3bfca0
    
    STACK_TEXT:  
    ffffd000`2114c008 fffff803`6f5043ca : 00000000`000000c2 00000000`00000007 00000000`00001205 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`2114c010 fffff800`01641f67 : ffffe000`080665e0 ffffe000`08a8c890 ffffe000`027b3301 fffff800`01aa6646 : nt!ExFreePoolWithTag+0x10fa
    ffffd000`2114c0e0 fffff800`0192bcb4 : ffffe000`0218d402 ffffe000`07ddf180 00000000`00000001 fffff800`01aa71c5 : NETIO! ?? ::FNODOBFM::`string'+0x797c
    ffffd000`2114c130 fffff800`01610501 : ffffe000`027b3320 00000000`00000001 00000000`00000000 00000000`00000000 : tcpip!FlpReturnNetBufferListChain+0xd5c54
    ffffd000`2114c180 fffff800`0160d3e7 : ffffe000`08a8c890 00000000`00000000 00000000`00000000 ffffe000`027b3320 : NETIO!NetioDereferenceNetBufferList+0xb1
    ffffd000`2114c1f0 fffff800`0185a55b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!NetioDereferenceNetBufferListChain+0x2a7
    ffffd000`2114c2b0 fffff800`0185749a : 00000000`00000000 ffffe000`08a8c890 ffffe000`01c12000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x55b
    ffffd000`2114c3e0 fffff800`0198cbd8 : ffffe000`0290c740 00000000`00000000 ffffe000`01c80701 ffffe000`08a8c800 : tcpip!IppFlcReceivePacketsCore+0x68a
    ffffd000`2114c760 fffff800`01a996d5 : ffffe000`08b7fa02 ffffe000`008e2310 ffffd000`2114ca99 ffffd000`21147000 : tcpip!IppInspectInjectReceive+0x148
    ffffd000`2114c7c0 fffff803`6f32a3f9 : 00000000`00000000 ffffe000`00000000 ffffe000`0218d4a0 ffffe000`0218d4a0 : fwpkclnt!FwppInjectionStackCallout+0xe5
    ffffd000`2114c850 fffff800`01aaa6b6 : fffff800`01a995f0 ffffd000`2114ca20 00000000`00000010 00000000`00000001 : nt!KeExpandKernelStackAndCalloutInternal+0xe9
    ffffd000`2114c9a0 fffff800`0131849c : ffffe000`0218d4a0 ffffe000`07ddf0e0 00000000`00000000 ffffe000`07ddf0e0 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x2ea
    ffffd000`2114cae0 ffffe000`0218d4a0 : ffffe000`07ddf0e0 00000000`00000000 ffffe000`07ddf0e0 ffffe000`045f0002 : klwfp+0x449c
    ffffd000`2114cae8 ffffe000`07ddf0e0 : 00000000`00000000 ffffe000`07ddf0e0 ffffe000`045f0002 fffff800`00000001 : 0xffffe000`0218d4a0
    ffffd000`2114caf0 00000000`00000000 : ffffe000`07ddf0e0 ffffe000`045f0002 fffff800`00000001 ffffe000`00000002 : 0xffffe000`07ddf0e0
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETIO! ?? ::FNODOBFM::`string'+797c
    fffff800`01641f67 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  NETIO! ?? ::FNODOBFM::`string'+797c
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETIO
    
    IMAGE_NAME:  NETIO.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7e4
    
    IMAGE_VERSION:  6.3.9600.16384
    
    BUCKET_ID_FUNC_OFFSET:  797c
    
    FAILURE_BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc2_7_ndnd_netio!_??_::fnodobfm::_string_
    
    FAILURE_ID_HASH:  {fc6e9aa1-b899-d40c-eb82-38a4130ba536}
    
    Followup: MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    Saturday, March 15, 2014 11:47 AM

All replies

  • We do need the actual DMP file as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  
    We prefer at least 2 DMP files to spot trends and confirm the cause.

    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask

    Wanikiya and Dyami--Team Zigzag

    Friday, March 14, 2014 10:26 PM
  • https://onedrive.live.com/redir?resid=DF23C02B347E6A32!1609&authkey=!AKhdpxIv2KEQbAo&ithint=folder%2c.dmp

     i think this is the right dmp file. the date modified changed when i switched accounts.

    Thank you

    Saturday, March 15, 2014 3:26 AM
  • Jonathan

    This was related to your Kaspersky killing netio.sys.  I would remove it and use the built in defender or another malware application.  I would stay away from Kaspersky, McAfee, and Norton.

    *

    http://support.kaspersky.com/downloads/utils/kavremover10.zip

    System Uptime: 0 days 6:15:11.101
    
    
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    GetPointerFromAddress: unable to read from fffff8036f5bf150
    GetUlongFromAddress: unable to read from fffff8036f5bf208
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    
    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 0000000000001205, (reserved)
    Arg3: 0000000000000000, Memory contents of the pool block
    Arg4: ffffe00008c1a778, Address of the block of pool being deallocated
    
    Debugging Details:
    ------------------
    
    
    POOL_ADDRESS:  ffffe00008c1a778 Nonpaged pool
    
    FREED_POOL_TAG:  NDnd
    
    BUGCHECK_STR:  0xc2_7_NDnd
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff8036f5043ca to fffff8036f3bfca0
    
    STACK_TEXT:  
    ffffd000`2114c008 fffff803`6f5043ca : 00000000`000000c2 00000000`00000007 00000000`00001205 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`2114c010 fffff800`01641f67 : ffffe000`080665e0 ffffe000`08a8c890 ffffe000`027b3301 fffff800`01aa6646 : nt!ExFreePoolWithTag+0x10fa
    ffffd000`2114c0e0 fffff800`0192bcb4 : ffffe000`0218d402 ffffe000`07ddf180 00000000`00000001 fffff800`01aa71c5 : NETIO! ?? ::FNODOBFM::`string'+0x797c
    ffffd000`2114c130 fffff800`01610501 : ffffe000`027b3320 00000000`00000001 00000000`00000000 00000000`00000000 : tcpip!FlpReturnNetBufferListChain+0xd5c54
    ffffd000`2114c180 fffff800`0160d3e7 : ffffe000`08a8c890 00000000`00000000 00000000`00000000 ffffe000`027b3320 : NETIO!NetioDereferenceNetBufferList+0xb1
    ffffd000`2114c1f0 fffff800`0185a55b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!NetioDereferenceNetBufferListChain+0x2a7
    ffffd000`2114c2b0 fffff800`0185749a : 00000000`00000000 ffffe000`08a8c890 ffffe000`01c12000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x55b
    ffffd000`2114c3e0 fffff800`0198cbd8 : ffffe000`0290c740 00000000`00000000 ffffe000`01c80701 ffffe000`08a8c800 : tcpip!IppFlcReceivePacketsCore+0x68a
    ffffd000`2114c760 fffff800`01a996d5 : ffffe000`08b7fa02 ffffe000`008e2310 ffffd000`2114ca99 ffffd000`21147000 : tcpip!IppInspectInjectReceive+0x148
    ffffd000`2114c7c0 fffff803`6f32a3f9 : 00000000`00000000 ffffe000`00000000 ffffe000`0218d4a0 ffffe000`0218d4a0 : fwpkclnt!FwppInjectionStackCallout+0xe5
    ffffd000`2114c850 fffff800`01aaa6b6 : fffff800`01a995f0 ffffd000`2114ca20 00000000`00000010 00000000`00000001 : nt!KeExpandKernelStackAndCalloutInternal+0xe9
    ffffd000`2114c9a0 fffff800`0131849c : ffffe000`0218d4a0 ffffe000`07ddf0e0 00000000`00000000 ffffe000`07ddf0e0 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x2ea
    ffffd000`2114cae0 ffffe000`0218d4a0 : ffffe000`07ddf0e0 00000000`00000000 ffffe000`07ddf0e0 ffffe000`045f0002 : klwfp+0x449c
    ffffd000`2114cae8 ffffe000`07ddf0e0 : 00000000`00000000 ffffe000`07ddf0e0 ffffe000`045f0002 fffff800`00000001 : 0xffffe000`0218d4a0
    ffffd000`2114caf0 00000000`00000000 : ffffe000`07ddf0e0 ffffe000`045f0002 fffff800`00000001 ffffe000`00000002 : 0xffffe000`07ddf0e0
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETIO! ?? ::FNODOBFM::`string'+797c
    fffff800`01641f67 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  NETIO! ?? ::FNODOBFM::`string'+797c
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETIO
    
    IMAGE_NAME:  NETIO.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7e4
    
    IMAGE_VERSION:  6.3.9600.16384
    
    BUCKET_ID_FUNC_OFFSET:  797c
    
    FAILURE_BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc2_7_ndnd_netio!_??_::fnodobfm::_string_
    
    FAILURE_ID_HASH:  {fc6e9aa1-b899-d40c-eb82-38a4130ba536}
    
    Followup: MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    Saturday, March 15, 2014 11:47 AM
  •   I would stay away from Kaspersky, McAfee, and Norton.

    Wanikiya and Dyami--Team Zigzag

    I did not get errors like mentioned with blue screens, I can honestly tell you Norton does not work to good with windows 8. Yes I did try it as a main security system and I had many issues.I reverted back to a restore of a image. The security that is mentioned by zigzag is true and I tested these. I do use malwarebytes and avast. So far no problems. Avast I use in a highend AMD machine, and malwarebytes in my system. I do not use any other security for  laptop, I use extremely well configured highend systems that can handle these programs. Windows 8.1 will not allow these security software to work properly.

    This is not a windows 8.1 issue this is 3rd party developers need to solve the equation of how to make these work in windows 8.1


    • Edited by colakid Saturday, March 15, 2014 12:29 PM
    Saturday, March 15, 2014 12:24 PM