computer suddenly restarts

I ran winbg and have posted it below. From reading other posts I think the problem is fwdrv.sys but I don't know what that is. Any suggestions?

Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Program Files\Debugging Tools for Windows (x86)\Mini021509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sun Feb 15 20:19:08.828 2009 (GMT-5)
System Uptime: 0 days 8:55:35.391
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
....................
Unable to load image fwdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for fwdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for fwdrv.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {0, 2, 8, 0}

*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for AGRSM.sys
*** ERROR: Module load completed but symbols could not be loaded for AGRSM.sys
Probably caused by : fwdrv.sys ( fwdrv+11b24 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
+105106
00000000 ?? ???

PROCESS_NAME: firefox.exe

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from a9fa8b24 to 00000000

FAILED_INSTRUCTION_ADDRESS:
+105106
00000000 ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f8a12714 a9fa8b24 00000000 00000016 f8a1281c 0x0
f8a12754 f88674ba ff37f210 00000016 f8a1281c fwdrv+0x11b24
f8a1279c a9f2d86c ff37f210 00000016 f8a1281c aswTdi+0x44ba
f8a12838 a9f37d35 ff35a370 1dacd343 00003500 tcpip!UDPDeliver+0x1be
f8a12890 a9f2cef5 82a92f40 97cc9804 1dacd343 tcpip!UDPRcv+0x164
f8a128f0 a9f2cb19 00000020 82a92f40 a9f2d592 tcpip!DeliverToUser+0x18e
f8a1296c a9f2c836 a9f6c8f0 82a92f40 8278d06e tcpip!DeliverToUserEx+0x95e
f8a12a24 a9f5adcc 82a92f40 8278d082 0000006b tcpip!IPRcvPacket+0x6cb
f8a12a58 f7c9624b 82a92f40 8278d06e 0000007f tcpip!IPRcv+0x27
f8a12a90 f7c962ff 0cabb1e5 8278d000 8278d060 wanarp!WanReceiveCommon+0x17d
f8a12abc a9fa44a6 0cabb1e5 8278d000 8278d060 wanarp!WanNdisReceive+0x23
f8a12af4 a9fa46ae 0cabb1e5 82782ba0 00000000 fwdrv+0xd4a6
f8a12b24 f8258ef2 0cabb1e5 ffb998c8 ffb98064 fwdrv+0xd6ae
f8a12b8c f75a001d 00000000 82bb53a8 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x1ff
f8a12ba0 f75a01b4 82ce39b8 82bb53a8 00000001 psched!PsFlushReceiveQueue+0x15
f8a12bc4 f75a05f9 82b99660 00000000 82ce39b8 psched!PsEnqueueReceivePacket+0xda
f8a12bdc f8258c40 82b99658 ffb3bdc0 82559888 psched!ClReceiveComplete+0x13
f8a12c2c f75b6b80 00a60668 f8a12c6c 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
f8a12c60 f75b6e3c 02559888 ffb998c8 82559888 ndiswan!IndicateRecvPacket+0x2bb
f8a12c94 f75b72e9 82559888 ffb98008 00000080 ndiswan!ProcessPPPFrame+0x193
f8a12cb0 f75b4d6b 8209a270 ffb98008 82bd9f40 ndiswan!ReceivePPP+0x76
f8a12cd4 f8253888 00000003 8252d3ca 00000080 ndiswan!ProtoWanReceiveIndication+0x106
f8a12cf8 a8be8c1e f8a12d20 02534130 00000003 NDIS!NdisMWanIndicateReceive+0x54
f8a12d30 804f16c0 00000000 020c4848 00000001 asyncmac!AsyncPPPCompletionRoutine+0x128
f8a12d60 f770e106 82d4c164 82d4c0f0 82d4c102 nt!IopfCompleteRequest+0xa2
00000000 00000000 00000000 00000000 00000000 AGRSM+0x105106


STACK_COMMAND: kb

FOLLOWUP_IP:
fwdrv+11b24
a9fa8b24 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: fwdrv+11b24

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwdrv

IMAGE_NAME: fwdrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3cbaab4f

FAILURE_BUCKET_ID: 0xD1_CODE_AV_NULL_IP_fwdrv+11b24

BUCKET_ID: 0xD1_CODE_AV_NULL_IP_fwdrv+11b24

Followup: MachineOwner
---------

 

From a quick scan are you running Kerio firewall?..
Try the old uninstall/reinstall (make sure you are not connected when you disable the firewall) on the kerio firewall.
Is it updated?
I notice the proxy server is it configured for the K firewall?

A few ideas and ?
P

 

if you do have kerio, is that fwdrv.sys file in the right directory C:\WINDOWS\system32\drivers ?
if not you may want to make sure it's not malware...could be something going on with antivirus software trying to delete it.

 

Thanks for the replies.

Yes I am running Kerio and it is up to date. I will try uninstalling/reinstalling.

I have no idea what you mean about the proxy server:-o

I checked the directory and the driver is there.

 

OOps I meant that for another post..LOL
gotta stop posting when I am sleepy...

As thesmokinggun says
a possible malware, if it exists in ANY OTHER folder than C:\WINDOWS\system32\drivers.