Need help with Bad_Pool_Header and BSOD

[Jason_7]

My system has been experiencing a few hickups as of late. Most notably random shutdowns that lead to a blue screen telling me windows is shutting down due to a bad pool header.

I have taken several steps such as resetting windows 10, updating drivers, rolling back drivers etc etc but the problem persists. I don't see a place to upload dump or diagnostic files so let me know if info in there would be of any help.

Thank you,
Jason

 

[johnbl]

note: check your motherboard vendor for windows 10 driver updates as well as for BIOS updates.

generally there are two major causes for a corrupted pool header.
bad ram or BIOS ram settings (update BIOS and run memtest to confirm ram is ok)
and drivers that are corrupting another drivers memory: start cmd.exe as an admin, run
verifier.exe /standard /all
reboot and wait for the next bugcheck. With luck verifier will find the driver that corrupts the memory and will make a memory dump and name the driver.
note: use
verifier.exe /reset
to turn off verifier functions or your machine will run slowly until you run the command.

you can google whocrashed.exe or bluescreenview.exe these are two tools that attempt to read a memory dump and tell you the name of the driver.
the bugcheck will be in a OEM driver or in windows code, these tools don't help if the bughceck was in windows code. Running verifier will help find the problem while it is in the OEM driver code. makes it more likely that the automated tools will be useful.
if that fails you can put your memory dump on a server like microsoft onedrive or mediafire and post a link. (make sure you give the file public access)

 

[Jason_7]

Checked with ASUS, driver was up to date.
Ran the Memory Diagnostic Utility "The Windows Memory Diagnostic tested the computer's memory and detected no errors"
Ran verifier.exe /standard /all and this resulted in series of crashes and reboots. Logs posted below.
Ran verifier.exe /reset and restarted machine.
Uninstalled Logitech Gaming software
used DDU to remove graphics driver
reinstalled most current graphics driver
Here is the report from WhoCrashed:


--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

Computer name: JASON
Windows version: Windows 10 , 10.0, build: 10240
Windows dir: C:\WINDOWS
Hardware: ASUSTeK COMPUTER INC., SABERTOOTH 990FX
CPU: AuthenticAMD AMD FX(tm)-8150 Eight-Core Processor AMD586, level: 21
8 logical processors, active mask: 255
RAM: 8532623360 bytes total




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Thu 8/27/2015 11:16:03 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\082715-21421-01.dmp
This was probably caused by the following module: hidclass.sys (HIDCLASS+0x2640)
Bugcheck code: 0xC9 (0x220, 0xFFFFF800DE4D2640, 0xFFFFCF805EE98D80, 0xFFFFE000C540FD20)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\hidclass.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Thu 8/27/2015 11:16:03 PM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: lgvirhid.sys (LGVirHid+0x6B8)
Bugcheck code: 0xC9 (0x220, 0xFFFFF800DE4D2640, 0xFFFFCF805EE98D80, 0xFFFFE000C540FD20)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\lgvirhid.sys
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: lgvirhid.sys .
Google query: lgvirhid.sys DRIVER_VERIFIER_IOMANAGER_VIOLATION



On Thu 8/27/2015 11:12:33 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\082715-20171-01.dmp
This was probably caused by the following module: hidclass.sys (HIDCLASS+0x2640)
Bugcheck code: 0xC9 (0x220, 0xFFFFF8017B382640, 0xFFFFCF809AC36D80, 0xFFFFE001B4D98D20)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\hidclass.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Thu 8/27/2015 11:09:35 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\082715-21296-01.dmp
This was probably caused by the following module: hidclass.sys (HIDCLASS+0x2640)
Bugcheck code: 0xC9 (0x220, 0xFFFFF801223F2640, 0xFFFFCF8178E60D80, 0xFFFFE00131917C20)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\hidclass.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Thu 8/27/2015 11:07:31 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\082715-26203-01.dmp
This was probably caused by the following module: hidclass.sys (HIDCLASS+0x2640)
Bugcheck code: 0xC9 (0x220, 0xFFFFF800C4E52640, 0xFFFFCF826C8E4D80, 0xFFFFE00012005C10)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\hidclass.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hid Class Library
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Thu 8/27/2015 10:21:27 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\082715-26953-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x14DD00)
Bugcheck code: 0xA (0xFFFFFFFC, 0x2, 0x1, 0xFFFFF8000D4B896D)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.





http://www.mediafire.com/download/pcy9toi34q99w57/082715-26203-01.dmp
http://www.mediafire.com/download/qvy2f1bwfyk4von/082715-21296-01.dmp
http://www.mediafire.com/download/7sbhp5c391msd01/082715-26953-01.dmp
http://www.mediafire.com/download/j1amutmpbenoqy5/082715-20171-01.dmp
http://www.mediafire.com/download/8dwgjqwactbj5cw/082715-21421-01.dmp

I hope I followed the instructions properly to assist in the resolution of this issue.

Thanks again,
Jason

 

[johnbl]

all but one of the bugcheck were cause by the logitech code, in the last case I could not tell what caused the failure. You would have to provide a kernel memory dump. To allow debugging. Best to remove the old driver and look for a updated version.

the bad driver was Logitech Gamepanel Virtual HID Device Driver\
\SystemRoot\system32\drivers\LGVirHid.sys Fri Apr 24 14:20:53 2015
see if you can get a update from http://support.logitech.com/en_us/home

I would guess that this driver might be the actual cause of the IO violation:
\SystemRoot\System32\drivers\LGSHidFilt.Sys Thu May 30 08:16:33 2013
looks like a logitech setpoint driver (look for a update or remove it)

I could not look at the internal lgshidfilt.sys error log on the minidump. They are only saved in the case of a kernel memory dump.

it is the only one that does not have a date that matches the rest of the logitech files.
(it is two years older than all of the other files)

the bugcheck was because a driver other than the driver owner completed a routine for the driver. (not good)
here is the error text:
IRP_MJ_SYSTEM_CONTROL has been completed by someone other than the ProviderId.
This IRP should either have been completed earlier or should have been passed
down.


BIOS is current, but there is a network driver and sound driver update here:
https://www.asus.com/Motherboards/SABERTOOTH_990FX/HelpDesk_Download/

machine info:
BIOS Version 1604
BIOS Starting Address Segment f000
BIOS Release Date 10/16/2012
Manufacturer ASUSTeK COMPUTER INC.
Product SABERTOOTH 990FX
Version Rev 1.xx
Processor Version AMD FX(tm)-8150 Eight-Core Processor
Processor Voltage 8dh - 1.3V
External Clock 200MHz
Max Speed 3600MHz
Current Speed 3600MHz

 

[Jason_7]

Thank you for the links to the updated network and audio drivers. They have both been installed.

all but one of the bugcheck were cause by the logitech code, in the last case I could not tell what caused the failure. You would have to provide a kernel memory dump. To allow debugging. Best to remove the old driver and look for a updated version

I suspected it was the Logitech Driver that was forcing the shutdowns with verifier running so to the best of my ability I have removed anything and everything regarding logitech setpoint and logitech gaming software. After testing several different versions of the Logitech Gaming Software for my system I have yet to find one that doesn't cause this same issue. Setpoint seems to run without issue but I removed it anyways for testing purposes.

I have also attempted to create a Kernel Memory dump by going into the Advanced System Settings > Start Up and Recovery options. I changed the option to Kernel and the file can be found at %SystemRoot%\MEMORY.DMP.

Once this was completed I ran verifier again with only setpoint. No issues reported. Then again with the Logitech Gaming software installed and no setpoint which crashed my system:

http://www.mediafire.com/download/s10pvyf8i2l8duf/MEMORY.DMP

On Fri 8/28/2015 5:38:58 AM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: lgvirhid.sys (LGVirHid+0x6B8)
Bugcheck code: 0xC9 (0x220, 0xFFFFF801A1762640, 0xFFFFCF810B134D80, 0xFFFFE001E40D04D0)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION
file path: C:\WINDOWS\system32\drivers\lgvirhid.sys
Bug check description: This is the bug check code for all Driver Verifier
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: lgvirhid.sys .
Google query: lgvirhid.sys DRIVER_VERIFIER_IOMANAGER_VIOLATION

Thanks again for taking time to help me resolve this issue. It is greatly appreciated!

 

[johnbl]

maybe look here if you have a Logitech g15
http://support.logitech.com/en_us/product/g15-keyboard#download
----
I would also remove the asus probe utility:
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012
--------
ok, here is the deal.

you have several Logitech files see below:
\SystemRoot\system32\drivers\LGBusEnum.sys Fri Apr 24 14:21:00 2015
C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys Tue Jun 09 09:52:10 2015
\SystemRoot\system32\drivers\LGJoyXlCore.sys Fri Apr 24 14:20:57 2015
\SystemRoot\System32\drivers\LGSHidFilt.Sys Thu May 30 08:16:33 2013
\SystemRoot\system32\drivers\LGVirHid.sys Fri Apr 24 14:20:53 2015
\SystemRoot\system32\DRIVERS\LHidFilt.Sys Tue Jun 09 12:25:40 2015

Look at the dates of the files, you have one file that is built 2 years before the others.
lghidfilt.sys (2013)
Here is what the internal error log for that file shows:
269: FxRequest::GetDeviceControlOutputMemoryObject - WDFREQUEST 0x0000307EF4A5D198 IOCTL output buffer length is zero, 0xc0000023(STATUS_BUFFER_TOO_SMALL)
270: FxRequest::GetDeviceControlOutputMemoryObject - WDFREQUEST 0x0000307EF4C4B198 IOCTL output buffer length is zero, 0xc0000023(STATUS_BUFFER_TOO_SMALL)
271: FxRequest::GetDeviceControlOutputMemoryObject - WDFREQUEST 0x0000307EF4BF5198 IOCTL output buffer length is zero, 0xc0000023(STATUS_BUFFER_TOO_SMALL)
272: FxRequest::GetDeviceControlOutputMemoryObject - WDFREQUEST 0x0000307EF4B39198 IOCTL output buffer length is zero, 0xc0000023(STATUS_BUFFER_TOO_SMALL)


just over and over.

I would suspect you are getting a mix of builds for the Logitech software.

there were other logs that looked like you had a g15 that did not understand low power states.

I think the windows plug and play is installing a driver automatically for you and is causing the problem. I would disable the plug and play, uninstall the drivers and reinstall the Logitech software, reboot then reenable the winodows plug and play.

how to remove a driver from the driverstore: ttps://technet.microsoft.com/en-us/library/Cc730875.aspx


I would also expect that Logitech support is getting hit with this problem and might have easy, clear instructions on how to resolve it.

 

[Jason_7]

I would also remove the asus probe utility:
\SystemRoot\SysWow64\drivers\AsIO.sys Wed Aug 22 02:54:47 2012

Honestly I thought I had already removed the asus probe, thank you for catching this.

you have several Logitech files see below:
\SystemRoot\system32\drivers\LGBusEnum.sys Fri Apr 24 14:21:00 2015
C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys Tue Jun 09 09:52:10 2015
\SystemRoot\system32\drivers\LGJoyXlCore.sys Fri Apr 24 14:20:57 2015
\SystemRoot\System32\drivers\LGSHidFilt.Sys Thu May 30 08:16:33 2013
\SystemRoot\system32\drivers\LGVirHid.sys Fri Apr 24 14:20:53 2015
\SystemRoot\system32\DRIVERS\LHidFilt.Sys Tue Jun 09 12:25:40 2015

I saw those too but was unable to remove them.

I think the windows plug and play is installing a driver automatically for you and is causing the problem. I would disable the plug and play, uninstall the drivers and reinstall the Logitech software, reboot then reenable the winodows plug and play.

how to remove a driver from the driverstore: ttps://technet.microsoft.com/en-us/library/Cc730875.aspx

And that would be why.... I'll get on this now.

I would also expect that Logitech support is getting hit with this problem and might have easy, clear instructions on how to resolve it.

They don't, at least not anywhere I can find. Then again my search skills probably arent the greatest. I will take these steps and move forward. This finally feels like progress is being made. I still havent heard back from a logitech rep. Perhaps you should apply there lol.

Thanks again ill post my findings after following these steps.

 

[johnbl]

I installed the logitech software on my machine, I found the driver on my hard drive but it does not get loaded into memory. I have a logitech mouse but a generic keyboard. You might try a different keyboard and see if you still get the driver loaded.

--------------
I now have 3 copies on my machine: 3 locations (see below)
C:\>dir /s lgshidfilt.sys
Directory of C:\Program Files\Logitech Gaming Software\Drivers\LGSHidFilter

05/30/2013 09:16 64,280 LGSHidFilt.sys
1 File(s) 64,280 bytes

Directory of C:\RecoveryImage\Drivers\Regular\lgsfmouhid.inf_amd64_7704a84ec2ea5556

Directory of C:\Windows\System32\DriverStore\FileRepository\lgsfmouhid.inf_amd64_7704a84ec2ea5556
all had the same size and date:
05/30/2013 09:16 64,280 LGSHidFilt.sys
1 File(s) 64,280 bytes

you have several Logitech files see below:
\SystemRoot\system32\drivers\LGBusEnum.sys Fri Apr 24 14:21:00 2015
C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys Tue Jun 09 09:52:10 2015
\SystemRoot\system32\drivers\LGJoyXlCore.sys Fri Apr 24 14:20:57 2015
\SystemRoot\System32\drivers\LGSHidFilt.Sys Thu May 30 08:16:33 2013
\SystemRoot\system32\drivers\LGVirHid.sys Fri Apr 24 14:20:53 2015
\SystemRoot\system32\DRIVERS\LHidFilt.Sys Tue Jun 09 12:25:40 2015

I saw those too but was unable to remove them.

I think the windows plug and play is installing a driver automatically for you and is causing the problem. I would disable the plug and play, uninstall the drivers and reinstall the Logitech software, reboot then reenable the winodows plug and play.

how to remove a driver from the driverstore: ttps://technet.microsoft.com/en-us/library/Cc730875.aspx

And that would be why.... I'll get on this now.

I would also expect that Logitech support is getting hit with this problem and might have easy, clear instructions on how to resolve it.

They don't, at least not anywhere I can find. Then again my search skills probably arent the greatest. I will take these steps and move forward. This finally feels like progress is being made. I still havent heard back from a logitech rep. Perhaps you should apply there lol.

Thanks again ill post my findings after following these steps.

[/quotemsg]

 

[johnbl]

https://www.asus.com/Motherboards/SABERTOOTH_990FX/HelpDesk_Download/
two windows 10 driver updates for the sound and lan cards. No BIOS update.

I would install these two drivers, there must be a reason they updated them for this older machine.
Maybe they were doing something incorrectly.

you might also want to run malwarebytes scan. Just to see what uninstallmonitor.exe is.
it came up as Win32.Adware.iObit.A some sort of adware.
also to check on sihost.exe

 

[johnbl]

there were also errors reported on your USB 3.0 hub (asmedia USB 3.0) the hub reset. You might want to plug your devices into a USB 2.0 hub.
(often there are bugs in BIOS related to early USB 3.0 support, I tend to find they just work when the BIOS is dated after march of 2013, before that depends on a bunch of factors)

looks like a Logitech USB Headset Speed: Full
plugged into a asmedia usb 3 port. Firmware 110930_010253
-----------
you might want to figure out what assysctrlservice.exe does on your machine
(ASUS System Control Service)
as well as ASUS Com Service (atkexComSvc.exe)

I would remove these and make sure they are not scheduled to run as a task or they might come back later.