XP laptop BSOD

Code:

Stop: 0x0000008E (0xC0000005 , 0x805A382C , 0xEDB5F938 , 0x00000000)

That's the code I keep getting. Thought it was malware, but all my logs came up clean and computer keeps crashing. I do not have a restore disk as I bought the computer used from a friend.

Attached the dump file, any help is appreciated.

 

caronna.org says:

General troubleshooting for 0x8E BSOD's XP.

Manually removing Haxdoor.

Try attaching the dump again, please.

 

I guess I have it posted in another location.
Here's a link to that thread's download.

http://forums.majorgeeks.com/attachment.php?attachmentid=153374&d=1295628577

 

Ok, I think we have something:

Code:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\RoLY\Desktop\Mini011911-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.100216-1514
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Wed Jan 19 15:54:40.649 2011 (UTC + 0:00)
System Uptime: 0 days 0:06:57.219
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 805a28c0, edc8a938, 0}

Probably caused by : ntoskrnl.exe ( nt!CmpParseKey+54f )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805a28c0, The address that the exception occurred at
Arg3: edc8a938, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!CmpParseKey+54f
805a28c0 ff5604          call    dword ptr [esi+4]

TRAP_FRAME:  edc8a938 -- (.trap 0xffffffffedc8a938)
ErrCode = 00000000
eax=e2088140 ebx=ffffffff ecx=86f71318 edx=00000000 esi=ffffffff edi=d5555aec
eip=805a28c0 esp=edc8a9ac ebp=edc8ab78 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!CmpParseKey+0x54f:
805a28c0 ff5604          call    dword ptr [esi+4]    ds:0023:00000003=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME: [B][COLOR="Blue"] registrybooster[/COLOR][/B]

LAST_CONTROL_TRANSFER:  from 805686e5 to 805a28c0

STACK_TEXT:  
edc8ab78 805686e5 ffffffff 00014ae8 867119f0 nt!CmpParseKey+0x54f
edc8ac00 805684ca 000003bc edc8ac40 00000040 nt!ObpLookupObjectName+0x119
edc8ac54 80568e60 00000000 86fbd680 80567801 nt!ObOpenObjectByName+0xeb
edc8ad50 804de7ec 0671c288 0002001b 03d7e884 nt!NtOpenKey+0x1c8
edc8ad50 7c90e514 0671c288 0002001b 03d7e884 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
03d7e8c4 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!CmpParseKey+54f
805a28c0 ff5604          call    dword ptr [esi+4]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpParseKey+54f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b7aa747

FAILURE_BUCKET_ID:  0x8E_nt!CmpParseKey+54f

BUCKET_ID:  0x8E_nt!CmpParseKey+54f

Followup: MachineOwner
---------

registrybooster

I regard this software as ransom/scare-ware, even if it worked as claimed (after paying for it), it would have no detectable benefits and may make later installations of software fail or work incorrectly/partially.

I'd try running it first to undo any alterations made using it (if you can and if you paid for it) then uninstall it.

 

Sorry for the delay in posting, been away from both computers over the weekend.

Thanks for the tip! I found and removed every instance of RegistryBooster on the computer and booted into normal mode...

CRASH

I've attached the minidump from this crash.

 

Well, this one looks like it points towards an AVG component, AVGIDSAgent.exe. Uninstall AVG using the tool here. AVG has in recent years become more bloated and problematic, either reinstall a freshly downloaded version or install Avast!, Avira or MSE.

Code:

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805a382c, The address that the exception occurred at
Arg3: edf0a938, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!CmpParseKey+54f
805a382c ff5604          call    dword ptr [esi+4]

TRAP_FRAME:  edf0a938 -- (.trap 0xffffffffedf0a938)
ErrCode = 00000000
eax=e20de140 ebx=ffffffff ecx=8699c128 edx=00000000 esi=ffffffff edi=d8755aec
eip=805a382c esp=edf0a9ac ebp=edf0ab78 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!CmpParseKey+0x54f:
805a382c ff5604          call    dword ptr [esi+4]    ds:0023:00000003=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  [COLOR="Blue"][B]AVGIDSAgent.exe[/B][/COLOR]

LAST_CONTROL_TRANSFER:  from 80567725 to 805a382c

STACK_TEXT:  
edf0ab78 80567725 ffffffff 00014ae8 86c8e238 nt!CmpParseKey+0x54f
edf0ac00 8056750a 00000474 edf0ac40 00000040 nt!ObpLookupObjectName+0x119
edf0ac54 80567e82 00000000 86fbd650 80566d01 nt!ObOpenObjectByName+0xeb
edf0ad50 804de7ec 0262f604 00020019 0262f4f8 nt!NtOpenKey+0x1c8
edf0ad50 7c90e514 0262f604 00020019 0262f4f8 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0262f538 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!CmpParseKey+54f
805a382c ff5604          call    dword ptr [esi+4]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpParseKey+54f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b7a9b6a

FAILURE_BUCKET_ID:  0x8E_nt!CmpParseKey+54f

BUCKET_ID:  0x8E_nt!CmpParseKey+54f

Followup: MachineOwner
---------

 

So far so good. 30 minutes and no crash. I'll keep an eye on it and post a dumpfile should it crash again.

Thanks so much for the help, really can't afford a new laptop right now.

 

Killing AVG fixed it right up!

Thank you so much.

 

No worries, Bob - let's keep our fingers crossed a little longer though