[SOLVED] BAD_POOL_HEADER 0x00000019 - Windows 8.1 x64

[Shiro Takanashi]

Hello! after scouring the web for quite some time looking for the answer to my dilemma, I managed to actually find this place! so, hopefully you guys can help.


Here's all the basic info on the pc:

OS: Windows 8.1 x64 pro installed by me, on a newly bought harddrive.

Hardware Age- none of the hardware is very old at all, the oldest part probably isn't much more than year old.

Desktop.

Cpu: Amd athlon II x2 270

Gpu: Asus HD7870-DC2-2GD5-V2

Psu: EVGA 500w

Mobo: GA-7ZX (rev. 5.0)


Ram: 2x 4gb corsair vengeance (the blue kind, couldn't find the exact model # just by Googling)


Keep getting a BSOD that looks like this: (info gathered by BlueScreenView)

==================================================
Dump File : 031715-15734-01.dmp
Crash Time : 3/17/2015 1:42:20 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000020
Parameter 2 : ffffe000`058de300
Parameter 3 : ffffe000`058de320
Parameter 4 : 00000000`04020012
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+175525
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+1500a0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\031715-15734-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 9600
Dump File Size : 280,736
Dump File Time : 3/17/2015 1:43:11 PM
==================================================

there are 5 or 6 more that look exactly like this.

What do?

 

[Patrick]

Follow https://www.sysnative.com/forums/bs...ons-windows-10-8-1-8-7-and-windows-vista.html please.

 

[Shiro Takanashi]

Follow https://www.sysnative.com/forums/bs...ons-windows-10-8-1-8-7-and-windows-vista.html please.

Ah, my bad, it seems I forgot a thing or two. I edited and added the perfmon results, however, on running the app downloaded from this website, nothing seems to happen, even when running it as admin and unblocking it under the properties tab.

Edit: upon running memtest for ~10hours, no results were found.

 

[Patrick]

You can attach the dumps manually, just zip them up and attach.

C:\Windows\Minidump is location.

 

[Shiro Takanashi]

Thanks! here's the Bsod dumps.

 

[Patrick]

0: kd> .bugcheck
Bugcheck code 00000019
Arguments 00000000`00000020 ffffe000`04acd790 ffffe000`04acd7b0 00000000`04020002

0: kd> !poolval ffffe000`04acd790
Pool page ffffe00004acd790 region is Nonpaged pool

Validating Pool headers for pool page: ffffe00004acd790

Pool page [ ffffe00004acd000 ] is __inVALID.

Analyzing linked list...
[ ffffe00004acd790 --> ffffe00004acd880 (size = 0xf0 bytes)]: Corrupt region

Corrupted pool region.

0: kd> knL
 # Child-SP          RetAddr           Call Site
00 ffffd000`2acd7258 fffff802`c42af43d nt!KeBugCheckEx
01 ffffd000`2acd7260 fffff800`00e03f09 nt!ExDeferredFreePool+0xcbd
02 ffffd000`2acd7330 fffff800`00f22dea tcpip!IppInspectBuildHeaders+0x5e9
03 ffffd000`2acd7620 fffff800`0363f135 fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x1be
04 ffffd000`2acd76d0 00000000`00000008 mwac+0x6135
05 ffffd000`2acd76d8 ffffd000`00000014 0x8
06 ffffd000`2acd76e0 ffffe000`039131a0 0xffffd000`00000014
07 ffffd000`2acd76e8 ffffe000`039131c4 0xffffe000`039131a0
08 ffffd000`2acd76f0 ffffe000`039131b4 0xffffe000`039131c4
09 ffffd000`2acd76f8 ffffe000`00000011 0xffffe000`039131b4
0a ffffd000`2acd7700 00000000`00000000 0xffffe000`00000011

Looking at frame 04 in the stack, mwac.sys was present (Malwarebytes' web access control kernel driver) before network calls.

0: kd> !pool ffffe000`04acd790
Pool page ffffe00004acd790 region is Nonpaged pool
 ffffe00004acd000 size:  120 previous size:    0  (Allocated)  FMsl
 ffffe00004acd120 size:   30 previous size:  120  (Allocated)  ViMm
 ffffe00004acd150 size:   c0 previous size:   30  (Allocated)  EtwR
 ffffe00004acd210 size:  170 previous size:   c0  (Allocated)  Ntfx
 ffffe00004acd380 size:   80 previous size:  170  (Allocated)  SeTl
 ffffe00004acd400 size:   80 previous size:   80  (Allocated)  Sema
 ffffe00004acd480 size:  110 previous size:   80  (Allocated)  MmCa
 ffffe00004acd590 size:  150 previous size:  110  (Allocated)  File
 ffffe00004acd6e0 size:   90 previous size:  150  (Allocated)  Vad 
 ffffe00004acd770 size:   20 previous size:   90  (Allocated)  ViMm
*ffffe00004acd790 size:   20 previous size:   20  (Free ) *Ipng
        Pooltag Ipng : IP Generic buffers (Address, Interface, Packetize, Route allocations), Binary : tcpip.sys

We can see in the pool tag list regarding the entry that was corrupted, Ipng is *, which is in charge of generic IP buffers.. aka networking stuff. With that said, we can probably assume that it's safe to say Malwarebytes is the problem here.

Get rid of it and let me know how it goes.

 

[Shiro Takanashi]

Thanks! It may be a day or so before I post back, just to make sure that it fixes the problem. the main reason is that its a rather unpredictable bsod, and has happened seemingly at random while ive been browsing the web, gaming, or completely idle, so re-producing the conditions is a little challenging. hopefully removing malware bytes solves it. I greatly appreciate your time and help!

 

[Shiro Takanashi]

Alright, I think that did it! no bluescreens of any kind whatsoever after I did that, and this is on day 3, too. Thanks for all the help! :)

 

[Patrick]

You're welcome.