Windows 7 BSOD BAD_POOL_HEADER

[killit]

Hi, I have been having a bad pool header bsod lately. I have been trying the process of elimination to find out why but no luck yet. So here is the crash dump file hoping some with more knowledge than me to help analyze it. Thank you

 

[kemical]

Looking at your dump now, back shortly..

 

[kemical]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff800034557d0, ffffffffffffd, fffff800034557d0}

Probably caused by : Pool_Corruption ( nt!ExFreePool+503 )

Followup:     Pool_corruption

Hi,
the above means a driver is causing memory corruption (virtual) although I can't see anything named in the dump file.

Looking at your current drivers and one driver literally jumped off the page:
BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility. Please either update the flash utility or uninstall. You can find a later version on your moBos support page:
Link Removed

Try running the Link Removed. This stress your drivers on start up and if any are bsod prone then they will likely bsod there and then. This produces a dump with the culprits name attached so worth doing.

Please attach any new dump files.

 

[killit]

Thanks hope its fixed will

 

[kemical]

Thanks hope its fixed will

Hi,
did you run the verifier or just remove the driver i outlined?

If the bsod continues then try the verifier.

 

[killit]

Hi,
did you run the verifier or just remove the driver i outlined?

If the bsod continues then try the verifier.

Both but can't find any results of the verifier

 

[kemical]

So when you run the verifier does the machine actually blue screen on start up? In fact have you had any blue screens at all?

Post any new dump files please.

 

[Neemobeer]

The pool entry is within the memory address range of ntkrnlmp.exe which is part of the kernel. The pool header is at the beginning address of the memory allocated to a driver. If the driver before it wrote to more memory than allocated it would override the header of the next driver. The driver before the kernel is hal which it's unlikely it did that. This could be due to physical memory problems. I would run memtest86 for at least 10 full passes.

 

[kemical]

Both but can't find any results of the verifier

Any news?

 

[killit]

Any news?

No bsod yet just some some weird crash on restarting the screen went blue with white lines no text or anything else currently running the memtest86 test with 10 pass will update when done

 

[kemical]

Yeah i'll be surprised if it's the actual memory, personally i feel it's more of a driver issue but still see how your scans go.

 

[killit]

Yeah i'll be surprised if it's the actual memory, personally i feel it's more of a driver issue but still see how your scans go.

Hi tryed the memtest86 but it turn off my computer halfway through test i think do to over heating will try it again tonight.
I did make it get the bsod by turning off csrss.exe in task manager.

 

[Neemobeer]

There should only be one csrss.exe process running per logged in user, if there are more then it's probably a malicious process

 

[killit]

There should only be one csrss.exe process running per logged in user, if there are more then it's probably a malicious process

there only one running i got the bsod by turning off the only one

 

[killit]

there only one running i got the most recent bsod by turning off the only one

 

[kemical]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa8008ee2b10, fffffa8008ee2df0, fffff80003589600}

ETW minidump data unavailable
Probably caused by : csrss.exe

Followup:     MachineOwner

Hi,
as you already know the above was created due to you turning off the csrss.exe process. I did take the opportunity to have a quick look through the dump file as it displays other helpful data too.
I see that this driver is still in the system. If you have an application for flashing the bios please remove.

BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility.

I see your running Bullguard:

BdSpy.sys Wed Sep 23 09:06:34 2015: BullGuard File Monitor, part of the Bullguard security suite. We ask users to remove any third party AV suites and just use Windows Defender or Link Removed until the source of the bsod is found. You can always install it again but it just cuts down on the variables.

You mentioned that the machine possibly overheated when using memtest86?

It doesn't usually create a huge amount of heat so are you overclocking? If so please return to default values.

If you try running memtest86 again and the same thing happens try running one the one stick and test them individually.

Please post any new dump files.

 

[Neemobeer]

csrss.exe is the client side interface of the Win32 system console and some GUI functionality. It's marked as a critical process so yes killing it will cause a bsod.

 

[kemical]

At least that's confirmed then...

 

[killit]

hi new bsof just happen now but not a bad pool header i update my gup drivers last night

 

[kemical]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 109, {a3a039d89cf9eb03, b3b7465eef76ba29, fffff8000359b900, 1}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!SeQuerySecurityDescriptorInfo+0 )

Followup:     MachineOwner

This bugcheck is generated when the kernel detects that critical kernel code or

data have been corrupted. There are generally three causes for a corruption:

1) A driver has inadvertently or deliberately modified critical kernel code

or data. See Link Removed

2) A developer attempted to set a normal kernel breakpoint using a kernel

debugger that was not attached when the system was booted. Normal breakpoints,

"bp", can only be set if the debugger is attached at boot time. Hardware

breakpoints, "ba", can be set at any time.

3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.

Hi,
please remove these drivers:
BS_I2cIo.sys Mon Dec 11 07:48:39 2006: BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility.

I see your running Bullguard:

BdSpy.sys Wed Sep 23 09:06:34 2015: BullGuard File Monitor, part of the Bullguard security suite. We ask users to remove any third party AV suites and just use Windows Defender or Link Removed until the source of the bsod is found. You can always install it again but it just cuts down on the variables.

Did you use the DDU when updating your graphics card?

You mentioned that the machine possibly overheated when using memtest86?

It doesn't usually create a huge amount of heat so are you overclocking? If so please return to default values.

If you try running memtest86 again and the same thing happens try running one the one stick and test them individually.