Bad Pool Header

[MxADeath]

Hi, first time posting here! I need help with the Bad Pool Header BSOD on my laptop. I have ruled out drivers as they are already all updated. I can start into safe mode fine and checked the memory with no problems. I usually crash somewhere 5-25 mins after bootup and can get to my desktop 100% of the time before it crashes. If you need any logs just walk me through on how to post them on here and I will. Thank You!

EDIT: I ran a clean boot and so far I haven't had any problems... Also I downloaded a blue screen checker tool and all of them point to ntoskrnl.exe and tcpip.sys

 

[johnbl]

A bugcheck involving TCPIP.sys will be caused by a network driver. It can be a wired ethernet, a wireless ethernet or a bluetooth driver.

a bugcheck that indicates a bad pool header can be caused by any device driver in the system. It means a driver modified shared memory that it did not own. Later the system needed that memory and found that it was modified and called a bugcheck. These problems are tricky to find.

The quickest way to find them is to
start cmd.exe as a admin, then run
verifier.exe /standard /all

then change your memory dump type to kernel (rather than mini memory dump) and reboot your machine
https://www.sophos.com/en-us/support/knowledgebase/111474.aspx

then the driver verifier will run and if it finds a problem with a driver it will call a bugcheck and name the driver name.
Hopefully it will catch a driver corrupting memory rather than a driver that is a victim of memory corruption.

you can use bluescreenviewer.exe or whocrashed.exe to take a first stab at looking the the memory dump.
but you put the memory dump file on a server and post a link and someone with a debugger can take a look.

note: turn off verifier when you are done testing or your machine will run slowly.
use
verifier.exe /reset
to turn off the extra driver checking.

 

[MxADeath]

So with the verifier running it crashed on startup and I had to boot into safe mode to turn it off, Blue Screen Viewer now says the culprit is dtsoftbus01.sys and ntoskrnl.exe

EDIT: Here's the file if anyone wants to debug, This was the startup crash with verifier running http://s000.tinyupload.com/index.php?file_id=37302138563898826614

 

[johnbl]

http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys

common problem with daemon tools
maybe they have a newer version
http://www.daemon-tools.cc/eng/downloads

Note: verifier will bugcheck on the FIRST error it finds, you should remove the driver and try to boot with verifier on again in case you have another driver causing problems. Kind of depends on the nature of the error that verifier found. if it indicates it found a driver corrupting memory then it might be the cause.

So with the verifier running it crashed on startup and I had to boot into safe mode to turn it off, Blue Screen Viewer now says the culprit is dtsoftbus01.sys and ntoskrnl.exe

 

[MxADeath]

Ok I will uninstall daemon since I don't use it very often and will run the verifier again and let you know if any more Bugchecks come up

 

[johnbl]

update this driver.
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC
\SystemRoot\system32\DRIVERS\Rt64win7.sys Sat Dec 19 01:11:30 2009
http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

it looks like a network bug to me. But you have old hardware with a lot of old drivers that might be suspect.

google "fwpsconstructipheaderfortransportpacket" might lead to something helpful

I think mbamservice.exe (malwarebytes service) is messing with network packets and you have a old buggy driver.

 

[MxADeath]

Ran Verifier and got another bugcheck with tcpipreg.sys and ntoskrnl.exe, here's the dump file http://s000.tinyupload.com/index.php?file_id=25848697257302057156 I will aslo update that other driver in the process

EDIT: Repaired and installed the driver for the Realtek Ethernet

 

[MxADeath]

http://www.filedropper.com/memory Kernal Memory dump, sorry it took so long

 

[johnbl]

problem still looks like a network driver problem, but it looks like a problem in a wireless network driver.
I would guess:
Intel(R) Centrino(R) Wireless-N 1000
NETwNs64 v0.7

the system indicates that the driver is not connected (media disconnected)
your driver is current \SystemRoot\system32\DRIVERS\NETwsw00.sys Sun Jan 26 06:52:40 2014
but your entire install of windows is out of date, you might want to figure out why your updates are not being applied.

try this link to get the windows updates working: http://windows.microsoft.com/en-us/windows7/open-the-windows-update-troubleshooter


machine info:
Vendor Hewlett-Packard
BIOS Version F.46
BIOS Starting Address Segment 0
BIOS Release Date 08/25/2011
Manufacturer Hewlett-Packard
Product Name HP Pavilion dv6 Notebook PC
Version Rev 1
Manufacturer Hewlett-Packard
Product 3627
Version 18.51
Chassis Type Notebook
Processor ID 7a060100fffbebbf
Processor Version Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Processor Voltage 90h - 1.6V
External Clock 800MHz
Max Speed 2200MHz
Current Speed 2200MHz


very old machine, looks like HP only has xp and vista drivers on the website. you might want to roll back your wireless driver to a older version or remove it and see if you can get windows update to work correctly.

 

[MxADeath]

I have been installing updates from windows from last night and still am installing more, this computer apparently had windows updates turned off for some odd reason, Im installing a couple more updates and then run verifier to see if anything else comes up
EDIT: As for the Wireless driver the reason it may say its Disconnected is that I have the wireless turned off on my computer since I am using LAN

 

[MxADeath]

Update: I have finished installing windows updates and then rebooted and ran verifier, it crashed at log in screen and it still says tcpipreg.sys and ntoskrnl.exe caused it... here's the mindump file http://s000.tinyupload.com/index.php?file_id=12082352273534673012

 

[Paul NZ]

Yup most of your drivers are old / out of date (5-6 yrs old). ie: Your raid/SATA/IDE drivers

Which wont help. Old drivers can and will crash windows

Dont know why its got raid drivers on it

 

[MxADeath]

I just completely uninstalled the Intel wireless drivers after it still crashing after trying to roll it back and so far with verifier running, no bugchecks have happened... how long should I keep verifier running before it is safe to assume everything is normal?

 

[johnbl]

you would just run the verifier while you are hunting down the problem with a driver. If you think it was your wireless driver and you have removed it then you can turn off verifier.

you system does have a unique/odd mix of some old drivers thrown in.
Looks like a bunch of raid controllers are installed for some reason.

IBM ServeRAID Controller Driver
\SystemRoot\system32\DRIVERS\nfrd960.sys Tue Jun 06 14:11:48 2006

Adaptec HostRAID SAS Driver
\SystemRoot\system32\DRIVERS\adp94xx.sys Fri Dec 05 15:54:42 2008

Adaptec Windows SATA Storport Driver
\SystemRoot\system32\DRIVERS\adpahci.sys Tue May 01 10:30:09 2007

Adaptec .NET Ultra320 Driver
SystemRoot\system32\DRIVERS\adpu320.sys Tue Feb 27 16:04:15 2007

the list goes on. lots of old drivers.

that being said, the problem that caused the memory corruption was most likely the intel wireless driver.
or a interaction with that driver and a bug in old windows code that did not have its windows updates applied.

I would run cmd.exe as an admin, then run
sfc.exe /scannow
and confirm that your copy of windows is not corrupted, if it looks ok, turn off the verifier functions and see if the machine is working better.

I just completely uninstalled the Intel wireless drivers after it still crashing after trying to roll it back and so far with verifier running, no bugchecks have happened... how long should I keep verifier running before it is safe to assume everything is normal?

 

[MxADeath]

The scan came back clean and so far everything is normal... I think this problem is solved so Thank You for the help!