Repeatedly reboots randomly

Laptop repeatedly reboots randomly and gives a system error message that when reported to Microsoft indicates a driver is requesting the reboot. I have updated all drivers but no difference. Have heard of similar problems caused by blaster worm but AVG scans do not pick up any viruses. I have run out of options and ideas....its down to get some help or get out the credit card for a new computer. I have attached Hijackthis log in case it makes sense to anyone. A huge thank you for looking.

 

http://forums.majorgeeks.com/showthread.php?t=35246

 

You might have to debug as Adryn suggested since this sounds like a corrupt/incompatible driver issue which re-install wouldn't generally resolve.

I'd also suggest this:

(notice the space before ,3)

Once the System Properties > Advanced tab comes up, click on Settings under the 'Startup and Recovery' section and look for 'Automatically restart' option under System Failure section, remember you want this option UNchecked!
This will leave the Blue Screen of Death on the screen instead of automatically rebooting the laptop. You can write down the error you see on the screen if debugging seems to advanced, etc.

Blaster/Sasser type worms had a pre-set time (countdown) which was 60 seconds, do you see the same exact pattern? Also can you boot the system in Safe Mode?
If Safe Mode works fine, I doubt this is a virial infection. I'd look more into a faulty driver possibility.

Additionally:

This is a typical invalid entry which I'd suggest you have HJT fix:

These are possibly missing as well but I'd browse to these locations prior to having HJT fix them:

This is could be a false detection which this version of HJT is known for, again check this as it is likely NOT missing!!:

Anyhow, just a suggestion that may help.

~TL

 

Ran the debugging tool~results were:
Warning: Unable to verify timestamp for avg7rsxp.sys
Error: Module load completed but symbols could not be loaded for avg7rsxp.sys
Probably caused by avg7rsxp.sys (avg7rsxp+2328)

Now that I know it is related in some way to AVG Antivirus software, I'm unsure of the best next step. Uninstall and reinstall?
Thanks,
Laara

 

sounds like a plan, or switch antivirus.

I find updates to the application from time to time cause that problem. I've had AVG, Avast, and Etrust, and Panda do that to me at one time or another.

 

Thanks for everything, you have been real help!
Laara

 

Hi again,
The Adrynalyne link did fix the problem for a short time. Now the same random reboots occur but the source of the problem is different. The minidump file shows that ntoskrnl.exe is now the issue. I'm stumped for a solution. Searched on the internet but no useful info. I have attached the minidump info for clues.

Thanks for any pointers you can throw my way,
LaaraMicrosoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini092507-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.061219-0316
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Tue Sep 25 06:52:23.327 2007 (GMT-7)
System Uptime: 0 days 22:32:57.927
Loading Kernel Symbols
......................................................................................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8058fba6, efc06bc0, 0}

Probably caused by : ntoskrnl.exe ( nt!CmpNotifyChangeKey+bd )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8058fba6, The address that the exception occurred at
Arg3: efc06bc0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!CmpNotifyChangeKey+bd
8058fba6 8931 mov dword ptr [ecx],esi

TRAP_FRAME: efc06bc0 -- (.trap 0xffffffffefc06bc0)
ErrCode = 00000002
eax=e3a841d8 ebx=e163fb60 ecx=00000000 edx=00000000 esi=e14788e0 edi=0000038e
eip=8058fba6 esp=efc06c34 ebp=efc06c40 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!CmpNotifyChangeKey+0xbd:
8058fba6 8931 mov dword ptr [ecx],esi ds:0023:00000000=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 80591088 to 8058fba6

STACK_TEXT:
efc06c40 80591088 e42af020 e112b8b0 0000000e nt!CmpNotifyChangeKey+0xbd
efc06cfc 80590e42 000002e4 00000000 00000000 nt!NtNotifyChangeMultipleKeys+0x38d
efc06d34 804de7ec 000002e4 000002e8 00000000 nt!NtNotifyChangeKey+0x2c
efc06d34 7c90eb94 000002e4 000002e8 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0162fb00 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!CmpNotifyChangeKey+bd
8058fba6 8931 mov dword ptr [ecx],esi

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4587f45f

SYMBOL_NAME: nt!CmpNotifyChangeKey+bd

FAILURE_BUCKET_ID: 0x8E_nt!CmpNotifyChangeKey+bd

BUCKET_ID: 0x8E_nt!CmpNotifyChangeKey+bd

Followup: MachineOwner
---------