# BSOD - Pool_Corruption



## monk67 (Dec 15, 2011)

Hello,

Would anyone be able to help me with the debugging results below? How do I fix the pool-corruption?

I would greatly appreciate any help!!!!!!



Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 8054c007}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+156 )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054c007, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: services.exe

LAST_CONTROL_TRANSFER: from 8054c11e to 8054c007

STACK_TEXT: 
b091ac10 8054c11e 8787ce28 00000000 8787cc48 nt!ExDeferredFreePool+0x156
b091ac50 804edf23 8787cc48 00000000 88767d48 nt!ExFreePoolWithTag+0x489
b091ac6c 8056ec2e 8787cc48 88767d30 88baf560 nt!IopFreeIrp+0xf2
b091aca4 805678a7 8869bae8 88b81480 00100001 nt!IopCloseFile+0x2b8
b091acd4 80567a4f 8869bae8 00000001 88baf560 nt!ObpDecrementHandleCount+0xd4
b091acfc 80567ac0 e1f098f8 88767d48 00002ba4 nt!ObpCloseHandleTableEntry+0x14d
b091ad44 80567b0a 00002ba4 00000001 00000000 nt!ObpCloseHandle+0x87
b091ad58 804de7ec 00002ba4 02b7ecf4 7c90e514 nt!NtClose+0x1d
b091ad58 7c90e514 00002ba4 02b7ecf4 7c90e514 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b7ecf4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+156

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054c007, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: services.exe

LAST_CONTROL_TRANSFER: from 8054c11e to 8054c007

STACK_TEXT: 
b091ac10 8054c11e 8787ce28 00000000 8787cc48 nt!ExDeferredFreePool+0x156
b091ac50 804edf23 8787cc48 00000000 88767d48 nt!ExFreePoolWithTag+0x489
b091ac6c 8056ec2e 8787cc48 88767d30 88baf560 nt!IopFreeIrp+0xf2
b091aca4 805678a7 8869bae8 88b81480 00100001 nt!IopCloseFile+0x2b8
b091acd4 80567a4f 8869bae8 00000001 88baf560 nt!ObpDecrementHandleCount+0xd4
b091acfc 80567ac0 e1f098f8 88767d48 00002ba4 nt!ObpCloseHandleTableEntry+0x14d
b091ad44 80567b0a 00002ba4 00000001 00000000 nt!ObpCloseHandle+0x87
b091ad58 804de7ec 00002ba4 02b7ecf4 7c90e514 nt!NtClose+0x1d
b091ad58 7c90e514 00002ba4 02b7ecf4 7c90e514 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b7ecf4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+156

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054c007, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: services.exe

LAST_CONTROL_TRANSFER: from 8054c11e to 8054c007

STACK_TEXT: 
b091ac10 8054c11e 8787ce28 00000000 8787cc48 nt!ExDeferredFreePool+0x156
b091ac50 804edf23 8787cc48 00000000 88767d48 nt!ExFreePoolWithTag+0x489
b091ac6c 8056ec2e 8787cc48 88767d30 88baf560 nt!IopFreeIrp+0xf2
b091aca4 805678a7 8869bae8 88b81480 00100001 nt!IopCloseFile+0x2b8
b091acd4 80567a4f 8869bae8 00000001 88baf560 nt!ObpDecrementHandleCount+0xd4
b091acfc 80567ac0 e1f098f8 88767d48 00002ba4 nt!ObpCloseHandleTableEntry+0x14d
b091ad44 80567b0a 00002ba4 00000001 00000000 nt!ObpCloseHandle+0x87
b091ad58 804de7ec 00002ba4 02b7ecf4 7c90e514 nt!NtClose+0x1d
b091ad58 7c90e514 00002ba4 02b7ecf4 7c90e514 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b7ecf4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP: 
nt!ExDeferredFreePool+156
8054c007 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+156

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+156

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name


----------



## loda117 (Aug 6, 2010)

how much RAM you have in this computer and what configuration 

run memtest on single stick of RAM at a time with memtest (make sure to have only have one stick installed in your computer at a time to run test ) run it for 18 passes

Memtest86+ - Advanced Memory Diagnostic Tool


----------



## monk67 (Dec 15, 2011)

Hi loda117,

I have a Dell Dimensions 2400 32 bit 
Intel (R) 
PentiumR 4 CPU 2.66 GHz
2.66 GHz,1.12 GB of RAM

My brother-in-law installed a stick of 1GB of Dell memory in July 2008. So I guess I have two sticks??? 

Do I have to remove one stick and then run the diagnostic, then switch sticks?

Thanks for your help!!!


----------



## monk67 (Dec 15, 2011)

Also, I get the BSOD when I'm watching NetFlix.


----------

