TechSpot

Random BSOD bad pool caller, help! (minidump included)

By alexandros1313
Mar 24, 2009
Topic Status:
Not open for further replies.
  1. Hi, I've recently upgraded to Windows Vista Home Premium and I'm having a problem with a random BSOD. It happens randomly, during gaming, web surfing, Word processing etc. I have the minidump file but I don't know how to use it, so I'd like to ask for your help. Please tell me if the minidump mentions what is causing the crash, I have had no luck troubleshooting the crash on my own. Thank you in advance!
     
  2. mflynn

    mflynn TS Rookie Posts: 2,793

    You say "upgraded". That means to me that you had XP and slipped in the Vista disk started the install and chose Upgrade. Or booted from Vista CD and done basically the same.

    In that case I would update the Major drivers. Mainly the Video and Audio drivers. Also when you upgrade in this way it leaves a large amount of registry entries that only applied to the former OS.

    But to rule out other issues do the below in order given.

    First do deep clean of Temps and Registry....

    CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Download the Comodo System Cleaner which also has Comodo's excellent Registry cleaner.
    http://download.comodo.com/csc/download/setups/CSC_Setup_1.1.64941.33_2k_xp_vista_server2003_x32.exe

    Run its disk and Registry cleaners.

    When the above is finished...

    Rule out Malware do the below, even if you have no Malware the logs will give us a view of your system.

    Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall). Of course you have CCleaner from above.

    Most importantly update MalwareBytes (MBAM) and SuperAntiSpyware (SAS)!

    Before you scan with either MalwareBytes or SuperAntiSpyWare do the Extra Configs below these have become most important lately

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

    Mike
     
  3. alexandros1313

    alexandros1313 TS Rookie Topic Starter

    Thank you for the reply Mike. Sorry, I actually misphrased the part about upgrading. I installed Vista normally, on a formatted drive, I didn't upgrade from XP in that sense. I just meant that I switched to Vista. System restore is turned off, I already have CCleaner. I uploaded the Superantispyware log, I will post the mbam log later. So, was there anything inside the minidump that could point out the source of the problem?

    Ok, a a few minutes I had another crash but with a different message: IRQL EQUAL OR LESS. MInidump included. Please, someone help, I have no idea what could be causing the problem.
     
  4. mflynn

    mflynn TS Rookie Posts: 2,793

    I do not even look at Dumps (someone else can) until, Temps and Registry are cleaned and Malware checked and removed.

    One of these is the fix 98% of the time. But even if not, you need a clean slate to properly diag a mini dump!

    So run Post # 2 from top to bottom.

    Get me the logs!

    Mike
     
  5. Route44

    Route44 TechSpot Ambassador Posts: 12,155   +34

    Mike, the error code is 0xD1 and the faulting driver is inspect.sys which belongs to COMODO firewall. Don't know how much of a help this is, but I didn't think it could hurt.
     
  6. mflynn

    mflynn TS Rookie Posts: 2,793

    Thanks Jim! But I still want to see the Malware scans because the Malware may be trying to close or tamper with Comodo.

    So Alex before doing the full Post #2, as in my last post turn off Comodo Firewall long enough to do the scans then back on!

    Mike
     
  7. alexandros1313

    alexandros1313 TS Rookie Topic Starter

    Thanks for the help guys, I appreciate it. Ok, I ran the Malware Bytes program and it found nothing. I have uploaded the log. I also did all the cleaning you mentioned Mike, if there is anything else I should do, let me know.
     
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    OK do this and I will be satisfied you have no Malware.

    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Then do the below..

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.
    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.
    Code:
    @echo off
    sc config Alerter start= disabled
    sc stop Alerter
    
    sc config AeLookupSvc start= disabled
    sc stop AeLookupSvc
    
    sc config ClipBook start= disabled
    sc stop ClipBook
    
    sc config Dfs start= disabled
    sc stop Dfs
    
    sc config FastUserSwitchingCompatability start= disabled
    sc stop FastUserSwitchingCompatability
    
    sc config TrkWks start= disabled
    sc stop TrkWks
    
    sc config TrkSvr start= disabled
    sc stop TrkSvr
    
    sc config DNSCache start= disabled
    sc stop DNSCache
    
    sc config ERSvc start= disabled
    sc stop ERSvc
    
    sc config HidServ start= disabled
    sc stop HidServ
    
    sc config PolicyAgent start= disabled
    sc stop PolicyAgent
    
    sc config CiSvc start= disabled
    sc stop CiSvc
    
    sc config IsmServe start= disabled
    sc stop IsmServ
    
    sc config kdc start= disabled
    sc stop kdc
    
    sc config LicenseService start= disabled
    sc stop LicenseService
    
    sc config Messenger start= disabled
    sc stop Messenger
    
    sc config Netlogon start= disabled
    sc stop Netlogon
    
    sc config NetTcpPortSharing start= disabled
    sc stop NetTcpPortSharing
    
    sc config mnmsrvc start= disabled
    sc stop mnmsrvc
    
    sc config NetDDE start= disabled
    sc stop NetDDE
    
    sc config NetDDEdsdm start= disabled
    sc stop NetDDEdsdm
    
    sc config NtLmSsp start= disabled
    sc stop NtLmSsp
    
    sc config SysmonLog start= disabled
    sc stop SysmonLog
    
    sc config RSVP start= disabled
    sc stop RSVP
    
    sc config SSDPSRV start= disabled
    sc stop SSDPSRV
    
    sc config upnphost start= disabled
    sc stop upnphost
    
    sc config WMPNetworkSvc start= disabled
    sc stop WMPNetworkSvc
    
    sc config WmiApSrv start= disabled
    sc stop WmiApSrv
    
    sc config WmdmPmSN start= disabled
    sc stop WmdmPmSN
    
    sc config RemoteRegistry start= disabled
    sc stop RemoteRegistry
    
    sc config RemoteAccess start= disabled
    sc stop RemoteAccess
    
    sc config SCardSvr start= disabled
    sc stop SCardSvr
    
    sc config TlnSvr start= disabled
    sc stop TlnSvr
    
    sc config UPS start= disabled
    sc stop UPS
    
    sc config WebClient start= disabled
    sc stop WebClient
    
    sc config DNSCache start= disabled
    sc stop DNSCache
    
    sc config RpcSs start= Automatic
    sc start RpcSs
    
    sc config RpLocator start= Automatic
    sc start RpcLocator
    
    sc config MSIServer start= Automatic
    sc start MSIServer
    exit
    exit
    Reboot and try to Invoke a Dump! If it does do a dump then Uninstall Comodo Firewall as Jim mentioned this to be a possible problem.

    After uninstalling the Comodo Firewall then turn on the Windows Firewall. Run long enough to tell if this fixed it.

    If it does you may can reinstall the Comodo Firewall later and it will correct the problem.

    The Comodo Firewall is an excellent choice!

    But properly configured an used behind a Router the Vista FW is way better than the XP FW!

    Better control of vista FW http://majorgeeks.com/download5578.html

    Activate outgiong (2 way) for Vista FW http://www.lockergnome.com/blade/2009/03/09/vista-firewall-allows-inbound-outbound-blocking/

    Mike
     
  9. alexandros1313

    alexandros1313 TS Rookie Topic Starter

    Ok, I did all the stuff you said and I uploaded the logs. Could you tell me what the problem was for the first minidump? That dump was created after the bad_pool_caller error that I keep getting. I don't know how to analyze logs, so I'm at a loss. Thank you.
     
  10. mflynn

    mflynn TS Rookie Posts: 2,793

    Did you uninstall Comodo yet?

    Mike
     
  11. alexandros1313

    alexandros1313 TS Rookie Topic Starter

    I did, I'll let you know how it goes over the next couple of days.
     
     
  12. mflynn

    mflynn TS Rookie Posts: 2,793

    Ok does it look like it is fixed? Would it have done it by now usually? How often does it occur?

    And did you turn on the windows firewall and look at the links i provided?

    Mike
     
  13. Route44

    Route44 TechSpot Ambassador Posts: 12,155   +34

    F.Y.I. it was the same COMODO driver in your first attached minidump. it appears it couldn't be loaded and was preventing other drivers from doing the same.
     
  14. alexandros1313

    alexandros1313 TS Rookie Topic Starter

    Thanks for the info, Route44 and mflynn, I hope that Comodo was indeed the source of the problem. The problem was totally random, so it may take a couple of days until I'm sure it won't appear again. I'll let you know what happens guys, thanks!

    EDIT: Update on the situation. It's been 5 days since I uninstalled Comodo and there have been no crashes. I installed Vista Firewall COntrol, the program that Mike suggested, and it works great. Thank you both for your help!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.