XP now reboots every nite about 2 am

Win XP Pro system was running fine 7 by 24. My habit is to run Spybot, ad-aware, easycleaner, system mechanic every Sunday & clean her up. Never had a problem in the past. (Don't they all say that)

Upgraded to System Mechanic 9.5 and now the system reboots about 2 am. Not sure if SM is the culprit, but not sure where to look & how to de-bug. I've looked in the events log & see the interrupt about 1:58 and a restart about 5:20 am?

Any help would be appreciated.

 

No System mechanic items are schedulled. How do I find the process or event that caused the re-boot?

 

the IntelDH evnt at 1:19 source is IntelQRTD event 7

the System event last msg B4 re-boot is Browser is
The browser was unable to retrieve a list of servers from the browser master \\PREFERRE-901505 on the network \Device\NetBT_Tcpip_{5AC6B0DB-BDD7-4823-9683-EC073126DEF2}. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and at 1:22 an Application event warning
Detection of product '{646A65DD-23FC-418E-B9F0-E0500FB42CB1}', feature 'GalleryFramework' failed during request for component '{ECD95215-CDCE-4AAB-AFC2-717ECCB8DA52}'

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Now what does all this mean?

 

MS WIn displays msg 'The system has recovered form a serious error' and displays the following detail

BCCode : 1000007f BCP1 : 00000008 BCP2 : BAB38D70 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Tech info about the error is

C:\DOCUME~1\Rosemary\LOCALS~1\Temp\WER708f.dir00\Mini121009-01.dmp
C:\DOCUME~1\Rosemary\LOCALS~1\Temp\WER708f.dir00\sysdata.xml

Content of both files too large to include in this post. How can I post this info.


Any help would be appreciated.

 

Additional info
The 2 application event before the dump:

1:27:42

MS DTC started with the following settings:

Security Configuration (OFF = 0 and ON = 1):
Network Administration of Transactions = 0,
Network Clients = 0,
Inbound Distributed Transactions using Native MSDTC Protocol = 0,
Outbound Distributed Transactions using Native MSDTC Protocol = 0,
Transaction Internet Protocol (TIP) = 0,
XA Transactions = 0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

1:24:01 source gusvs

The description for Event ID ( 0 ) in Source ( gusvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

System event 1:59:56 am

The MS Software Shadow Copy Provider service entered the stopped state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

1:19:01 System event ERROR

Error code 1000007f, parameter1 00000008, parameter2 bab38d70, parameter3 00000000, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

IntelDH event 1:16:26

Source IntelQRTD

Could not attach to EL Acpi driver.

Strangest thing is that hubby's machione started to behave the same way on the same day at the same time.

We both use the same system scrubbing tools.

 

Thanks ARI. For some reason the dmp files are no longer available. I'll post them 2morrow, when I fully expect the system to re-bbot in the middle of the night.


Thanks as alwasy for your help.

 

Click to download tools results in 'page not found'

 

Excuse me...my error I tried to use a later version than 6.8.4.0

Opened log file 'c:debuglog.txt'

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini120909-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Dec 9 01:17:12.215 2009 (GMT-5)
System Uptime: 1 days 0:02:20.237
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

*** ERROR: Module load completed but symbols could not be loaded for ampse.sys


Probably caused by : ampse.sys ( ampse+f1019 )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------




BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: avgcsrvx.exe

LAST_CONTROL_TRANSFER: from 804fb017 to 805023e0

STACK_TEXT:
9b54cffc 804fb017 ffb3b4c0 ffffffff 00000000 nt!KiInsertTreeTimer+0x2
9b54d02c 80535cb7 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x161
9b54d064 805361b4 00000000 896d0430 00000002 nt!ExpWaitForResource+0x2f
9b54d084 8050fef3 80561be0 00000001 00004b67 nt!ExAcquireResourceExclusiveLite+0x8e
9b54d14c 8054913c c072db38 00000002 00000300 nt!MiDeleteSystemPagableVm+0x5d
9b54d190 8054b49a 00000007 e5a7b008 e5b67008 nt!MiFreePoolPages+0x59a
9b54d1d0 8054b95f e5b67000 00000000 9b54d1f0 nt!ExFreePoolWithTag+0x1ba
9b54d1e0 9aa5a019 e5b67000 e5b67000 e5b6a008 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
9b54d1f0 9aa13ff5 e5b67008 e5a7b008 e5b67008 ampse+0xf1019
9b54d270 9aa1449c 00000004 00000458 e1c5cba4 ampse+0xaaff5
9b54d29c 9a9f7930 00000458 e1c5cba4 e5a7b008 ampse+0xab49c
9b54d2c4 9a9f7b92 e5a7b008 e5a7b900 e4dd2230 ampse+0x8e930
9b54d2f4 9aa2c090 e7eafb68 e1c5cba0 e7a82010 ampse+0x8eb92
9b54d320 9aa3c6e6 e5a7b008 e16e2950 00000001 ampse+0xc3090
9b54d344 9aa417f0 00000000 9b00d368 00000000 ampse+0xd36e6
9b54d430 9aa1105c e5a7b008 e16e2950 00000000 ampse+0xd87f0
9b54d458 9a977567 9aa6a624 00000000 00000000 ampse+0xa805c
9b54d490 9aa59ba3 9b54d474 00000004 00000049 ampse+0xe567
00000000 00000000 00000000 00000000 00000000 ampse+0xf0ba3


STACK_COMMAND: kb

FOLLOWUP_IP:
ampse+f1019
9aa5a019 8be5 mov esp,ebp

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: ampse+f1019

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ampse

IMAGE_NAME: ampse.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ae8c420

FAILURE_BUCKET_ID: 0x7f_8_ampse+f1019

BUCKET_ID: 0x7f_8_ampse+f1019

Followup: MachineOwner
---------

eax=ffffffff ebx=8a89c390 ecx=896d0520 edx=9b54d050 esi=896d0430 edi=896d04a0
eip=805023e0 esp=9b54d000 ebp=9b54d02c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
nt!KiInsertTreeTimer+0x2:
805023e0 55 push ebp
ChildEBP RetAddr Args to Child
9b54cffc 804fb017 ffb3b4c0 ffffffff 00000000 nt!KiInsertTreeTimer+0x2 (FPO: [Non-Fpo])
9b54d02c 80535cb7 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x161 (FPO: [Non-Fpo])
9b54d064 805361b4 00000000 896d0430 00000002 nt!ExpWaitForResource+0x2f (FPO: [Non-Fpo])
9b54d084 8050fef3 80561be0 00000001 00004b67 nt!ExAcquireResourceExclusiveLite+0x8e (FPO: [Non-Fpo])
9b54d14c 8054913c c072db38 00000002 00000300 nt!MiDeleteSystemPagableVm+0x5d (FPO: [Non-Fpo])
9b54d190 8054b49a 00000007 e5a7b008 e5b67008 nt!MiFreePoolPages+0x59a (FPO: [Non-Fpo])
9b54d1d0 8054b95f e5b67000 00000000 9b54d1f0 nt!ExFreePoolWithTag+0x1ba (FPO: [Non-Fpo])
9b54d1e0 9aa5a019 e5b67000 e5b67000 e5b6a008 nt!ExFreePool+0xf (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
9b54d1f0 9aa13ff5 e5b67008 e5a7b008 e5b67008 ampse+0xf1019
9b54d270 9aa1449c 00000004 00000458 e1c5cba4 ampse+0xaaff5
9b54d29c 9a9f7930 00000458 e1c5cba4 e5a7b008 ampse+0xab49c
9b54d2c4 9a9f7b92 e5a7b008 e5a7b900 e4dd2230 ampse+0x8e930
9b54d2f4 9aa2c090 e7eafb68 e1c5cba0 e7a82010 ampse+0x8eb92
9b54d320 9aa3c6e6 e5a7b008 e16e2950 00000001 ampse+0xc3090
9b54d344 9aa417f0 00000000 9b00d368 00000000 ampse+0xd36e6
9b54d430 9aa1105c e5a7b008 e16e2950 00000000 ampse+0xd87f0
9b54d458 9a977567 9aa6a624 00000000 00000000 ampse+0xa805c
9b54d490 9aa59ba3 9b54d474 00000004 00000049 ampse+0xe567
00000000 00000000 00000000 00000000 00000000 ampse+0xf0ba3
start end module name
804d7000 806e4000 nt ntkrpamp.exe Tue Aug 04 10:20:04 2009 (4A784394)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 14:31:27 2008 (4802517F)
9a969000 9aa7c000 ampse ampse.sys Wed Oct 28 18:22:24 2009 (4AE8C420)
a2de8000 a2e12180 kmixer kmixer.sys Sun Apr 13 14:45:07 2008 (480254B3)
a3d8a000 a3ddb880 srv srv.sys Thu Dec 11 05:57:07 2008 (4940F203)
a3f48000 a3f4b180 mdmxsdk mdmxsdk.sys Mon Jun 19 17:26:59 2006 (449716A3)
a3f6c000 a3faca80 HTTP HTTP.sys Sun Apr 13 14:53:48 2008 (480256BC)
a4228000 a4254180 mrxdav mrxdav.sys Sun Apr 13 14:32:42 2008 (480251CA)
a4274000 a4276780 CdaC15BA CdaC15BA.SYS Mon Apr 08 04:50:52 2002 (3CB159EC)
a44be000 a44d2480 wdmaud wdmaud.sys Sun Apr 13 15:17:18 2008 (48025C3E)
a481b000 a483d000 amp amp.sys Wed Oct 28 18:22:32 2009 (4AE8C428)
a4849000 a484c900 ndisuio ndisuio.sys Sun Apr 13 14:55:57 2008 (4802573D)
a6ab5000 a6acc900 dump_atapi dump_atapi.sys Sun Apr 13 14:40:29 2008 (4802539D)
a6b6d000 a6be8000 Wdf01000 Wdf01000.sys Thu Nov 02 04:54:18 2006 (4549B23A)
a79a7000 a79a9900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
a7d66000 a7db5b80 avgldx86 avgldx86.sys Sun Sep 20 11:03:04 2009 (4AB64428)
a7e7e000 a7eed280 mrxsmb mrxsmb.sys Fri Oct 24 07:21:07 2008 (4901AFA3)
a7eee000 a7f18e80 rdbss rdbss.sys Sun Apr 13 15:28:38 2008 (48025EE6)
a7f19000 a7f3ad00 afd afd.sys Thu Aug 14 06:04:35 2008 (48A40333)
a7f3b000 a7f62c00 netbt netbt.sys Sun Apr 13 15:20:59 2008 (48025D1B)
a7f63000 a7fb9680 avgtdix avgtdix.sys Mon Nov 02 08:25:10 2009 (4AEEDDB6)
a7fba000 a8012480 tcpip tcpip.sys Fri Jun 20 07:51:09 2008 (485B99AD)
a8013000 a8025600 ipsec ipsec.sys Sun Apr 13 15:19:42 2008 (48025CCE)
a8c6b000 a8c6d880 hidusb hidusb.sys Sun Apr 13 14:45:27 2008 (480254C7)
a8de8000 a8df7900 Cdfs Cdfs.SYS Sun Apr 13 15:14:21 2008 (48025B8D)
a8e82000 a8ea5a80 portcls portcls.sys Sun Apr 13 15:19:40 2008 (48025CCC)
a8ea6000 a8fce400 sthda sthda.sys Mon Apr 07 18:47:43 2008 (47FAA48F)
b9150000 b91adf00 update update.sys Sun Apr 13 14:39:46 2008 (48025372)
b91ae000 b91dde80 rdpdr rdpdr.sys Sun Apr 13 14:32:50 2008 (480251D2)
b91de000 b91eee00 psched psched.sys Sun Apr 13 14:56:36 2008 (48025764)
b91ef000 b9205580 ndiswan ndiswan.sys Sun Apr 13 15:20:41 2008 (48025D09)
b9206000 b9219900 parport parport.sys Sun Apr 13 14:40:09 2008 (48025389)
b921a000 b92cc800 HSF_CNXT HSF_CNXT.sys Thu Apr 26 20:23:01 2007 (46314265)
b92cd000 b93be380 HSF_DPV HSF_DPV.sys Thu Apr 26 20:23:42 2007 (4631428E)
b93bf000 b93e1700 ks ks.sys Sun Apr 13 15:16:34 2008 (48025C12)
b93e2000 b9423500 HSFHWBS2 HSFHWBS2.sys Thu Apr 26 20:23:06 2007 (4631426A)
b9424000 b9447200 USBPORT USBPORT.SYS Sun Apr 13 14:45:34 2008 (480254CE)
b9448000 b9478a00 e1e5132 e1e5132.sys Mon Apr 03 12:51:04 2006 (44315278)
b9479000 b94a1000 HDAudBus HDAudBus.sys Thu May 26 11:46:29 2005 (4295EF55)
b94a1000 b94b4f00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 14:44:39 2008 (48025497)
b94b5000 b966d000 ati2mtag ati2mtag.sys Tue Aug 22 21:53:13 2006 (44EBB509)
b966d000 b966f280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
b9671000 b9673180 i2omgmt i2omgmt.SYS Sun Apr 13 14:41:22 2008 (480253D2)
b9675000 b9678f60 HPZipr12 HPZipr12.sys Fri Oct 21 03:28:57 2005 (435898B9)
b9681000 b9684f00 MODEMCSA MODEMCSA.sys Fri Aug 17 16:57:37 2001 (3B7D8541)
b9691000 b9693f80 mouhid mouhid.sys Fri Aug 17 16:47:57 2001 (3B7D82FD)
b9e44000 b9e52b00 drmk drmk.sys Sun Apr 13 14:45:12 2008 (480254B8)
b9e84000 b9e8de80 NDProxy NDProxy.SYS Sun Apr 13 14:57:28 2008 (48025798)
b9ea4000 b9eb2d80 sysaudio sysaudio.sys Sun Apr 13 15:15:55 2008 (48025BEB)
b9eb4000 b9ec0300 HPZid412 HPZid412.sys Fri Oct 21 03:28:51 2005 (435898B3)
b9ec4000 b9ece480 imapi imapi.sys Sun Apr 13 14:40:57 2008 (480253B9)
ba2b0000 ba2b3d80 serenum serenum.sys Sun Apr 13 14:40:12 2008 (4802538C)
ba553000 ba556b00 usbscan usbscan.sys Sun Apr 13 14:45:34 2008 (480254CE)
ba5a0000 ba5b9b80 Mup Mup.sys Sun Apr 13 15:17:05 2008 (48025C31)
ba5ba000 ba5e6980 NDIS NDIS.sys Sun Apr 13 15:20:35 2008 (48025D03)
ba5e7000 ba673600 Ntfs Ntfs.sys Sun Apr 13 15:15:49 2008 (48025BE5)
ba674000 ba68ab00 KSecDD KSecDD.sys Wed Jun 24 07:18:40 2009 (4A420B90)
ba68b000 ba69cf00 sr sr.sys Sun Apr 13 14:36:50 2008 (480252C2)
ba69d000 ba6bcb00 fltmgr fltmgr.sys Sun Apr 13 14:32:58 2008 (480251DA)
ba6bd000 ba6d4880 SCSIPORT SCSIPORT.SYS Sun Apr 13 14:40:29 2008 (4802539D)
ba6d5000 ba70b000 Si3114r5 Si3114r5.sys Thu Apr 24 02:17:06 2008 (481025E2)
ba70b000 ba722900 atapi atapi.sys Sun Apr 13 14:40:29 2008 (4802539D)
ba723000 ba748700 dmio dmio.sys Sun Apr 13 14:44:45 2008 (4802549D)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Sun Apr 13 14:36:43 2008 (480252BB)
ba779000 ba7a6d80 ACPI ACPI.sys Sun Apr 13 14:36:33 2008 (480252B1)
ba8a8000 ba8b1180 isapnp isapnp.sys Sun Apr 13 14:36:40 2008 (480252B8)
ba8b8000 ba8c2580 MountMgr MountMgr.sys Sun Apr 13 14:39:45 2008 (48025371)
ba8c8000 ba8d4c80 VolSnap VolSnap.sys Sun Apr 13 14:41:00 2008 (480253BC)
ba8d8000 ba8e0e00 disk disk.sys Sun Apr 13 14:40:46 2008 (480253AE)
ba8e8000 ba8f4180 CLASSPNP CLASSPNP.SYS Sun Apr 13 15:16:21 2008 (48025C05)
ba8f8000 ba906080 Lbd Lbd.sys Fri Apr 17 07:51:35 2009 (49E86D47)
ba908000 ba912e80 uagp35 uagp35.sys Sun Apr 13 14:36:40 2008 (480252B8)
ba918000 ba927100 ohci1394 ohci1394.sys Sun Apr 13 14:46:18 2008 (480254FA)
ba928000 ba935080 1394BUS 1394BUS.SYS Sun Apr 13 14:46:18 2008 (480254FA)
ba948000 ba957180 nic1394 nic1394.sys Sun Apr 13 14:51:22 2008 (4802562A)
ba958000 ba961f00 termdd termdd.sys Sun Apr 13 14:38:36 2008 (4802532C)
ba988000 ba996880 usbhub usbhub.sys Sun Apr 13 14:45:36 2008 (480254D0)
ba9d8000 ba9e0700 wanarp wanarp.sys Sun Apr 13 14:57:20 2008 (48025790)
ba9e8000 ba9f6d80 arp1394 arp1394.sys Sun Apr 13 14:51:22 2008 (4802562A)
ba9f8000 baa00780 netbios netbios.sys Sun Apr 13 14:56:01 2008 (48025741)
baa08000 baa12e00 Fips Fips.SYS Sun Apr 13 14:33:27 2008 (480251F7)
baa68000 baa71000 HIDCLASS HIDCLASS.SYS Sun Apr 13 14:45:25 2008 (480254C5)
baa88000 baa95000 WDFLDR WDFLDR.SYS Thu Nov 02 04:54:05 2006 (4549B22D)
baa98000 baaa0e00 intelppm intelppm.sys Sun Apr 13 14:31:31 2008 (48025183)
baaa8000 baab4d00 i8042prt i8042prt.sys Sun Apr 13 15:17:59 2008 (48025C67)
baab8000 baac7c00 serial serial.sys Sun Apr 13 15:15:44 2008 (48025BE0)
baac8000 baad7600 cdrom cdrom.sys Sun Apr 13 14:40:45 2008 (480253AD)
baad8000 baae6100 redbook redbook.sys Sun Apr 13 14:40:27 2008 (4802539B)
baae8000 baaf4880 rasl2tp rasl2tp.sys Sun Apr 13 15:19:43 2008 (48025CCF)
baaf8000 bab02200 raspppoe raspppoe.sys Sun Apr 13 14:57:31 2008 (4802579B)
bab08000 bab13d00 raspptp raspptp.sys Sun Apr 13 15:19:47 2008 (48025CD3)
bab18000 bab20900 msgpc msgpc.sys Sun Apr 13 14:56:32 2008 (48025760)
bab28000 bab2e180 PCIIDEX PCIIDEX.SYS Sun Apr 13 14:40:29 2008 (4802539D)
bab30000 bab34d00 PartMgr PartMgr.sys Sun Apr 13 14:40:48 2008 (480253B0)
bab78000 bab7d080 usbuhci usbuhci.sys Sun Apr 13 14:45:34 2008 (480254CE)
bab80000 bab87600 usbehci usbehci.sys Sun Apr 13 14:45:34 2008 (480254CE)
bab88000 bab8f580 Modem Modem.SYS Sun Apr 13 15:00:18 2008 (48025842)
bab90000 bab96000 kbdclass kbdclass.sys Sun Apr 13 14:39:46 2008 (48025372)
bab98000 bab9ca80 TDI TDI.SYS Sun Apr 13 15:00:04 2008 (48025834)
baba0000 baba4580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
baba8000 babac080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
babb0000 babb5a00 mouclass mouclass.sys Sun Apr 13 14:39:47 2008 (48025373)
babf0000 babf5200 vga vga.sys Sun Apr 13 14:44:40 2008 (48025498)
babf8000 babfca80 Msfs Msfs.SYS Sun Apr 13 14:32:38 2008 (480251C6)
bac00000 bac07880 Npfs Npfs.SYS Sun Apr 13 14:32:38 2008 (480251C6)
bac08000 bac0e180 HIDPARSE HIDPARSE.SYS Sun Apr 13 14:45:22 2008 (480254C2)
bac10000 bac15500 avgmfx86 avgmfx86.sys Tue Oct 13 03:24:03 2009 (4AD42B13)
bac28000 bac2e500 usbprint usbprint.sys Wed Aug 04 02:01:23 2004 (41107BB3)
bac30000 bac36700 USBSTOR USBSTOR.SYS Sun Apr 13 14:45:37 2008 (480254D1)
bac40000 bac47d80 usbccgp usbccgp.sys Sun Apr 13 14:45:38 2008 (480254D2)
bac48000 bac4d440 HPZius12 HPZius12.sys Fri Oct 21 03:22:46 2005 (43589746)
bac50000 bac57000 NuidFltr NuidFltr.sys Fri May 08 04:35:42 2009 (4A03EEDE)
bac98000 bac9c500 watchdog watchdog.sys Sun Apr 13 14:44:59 2008 (480254AB)
bacb8000 bacbb000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
bacbc000 bacbe880 SiWinAcc SiWinAcc.sys Mon Nov 01 15:21:31 2004 (41868CBB)
bad58000 bad5af00 ws2ifsl ws2ifsl.sys Fri Aug 17 16:55:58 2001 (3B7D84DE)
bad5c000 bad5e440 FileDisk FileDisk.SYS Wed Jan 18 17:30:00 2006 (43CEC168)
bad64000 bad66780 ndistapi ndistapi.sys Sun Apr 13 14:57:27 2008 (48025797)
bad80000 bad83c80 mssmbios mssmbios.sys Sun Apr 13 14:36:45 2008 (480252BD)
bad84000 bad86780 Elhid Elhid.sys Thu Jul 13 21:23:27 2006 (44B6F20F)
bada8000 bada9b80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
badaa000 badab100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
badac000 badad700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)
badae000 badaf580 SiRemFil SiRemFil.sys Wed Jan 24 18:17:24 2007 (45B7E904)
badd8000 badd9100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
bae0c000 bae0db00 Elkbd Elkbd.sys Thu Jul 13 21:23:31 2006 (44B6F213)
bae0e000 bae0f100 swenum swenum.sys Sun Apr 13 14:39:52 2008 (48025378)
bae30000 bae31280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
bae38000 bae39f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
bae3a000 bae3b080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
bae3c000 bae3d080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
bae3e000 bae3f900 Elmou Elmou.sys Thu Jul 13 21:23:29 2006 (44B6F211)
bae40000 bae41b80 Elmon Elmon.sys Thu Jul 13 21:23:51 2006 (44B6F227)
bae70000 bae70d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
bae71000 bae71c80 zmNTMon zmNTMon.sys Thu Apr 09 15:18:33 1998 (352D1F09)
baef6000 baef6b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
baf0c000 baf0cd00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
bafc0000 bafc0c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
bf800000 bf9c3d00 win32k win32k.sys Fri Aug 14 09:21:11 2009 (4A8564C7)
bf9c4000 bf9d5600 dxg dxg.sys Sun Apr 13 14:38:27 2008 (48025323)
bf9d6000 bfa19000 ati2dvag ati2dvag.dll Tue Aug 22 21:53:30 2006 (44EBB51A)
bfa19000 bfa60000 ati2cqag ati2cqag.dll Tue Aug 22 21:14:38 2006 (44EBABFE)
bfa60000 bfaa6000 atikvmag atikvmag.dll Tue Aug 22 21:21:15 2006 (44EBAD8B)
bfaa6000 bfcf06c0 ati3duag ati3duag.dll Tue Aug 22 21:38:43 2006 (44EBB1A3)
bfcf1000 bff55fa0 ativvaxx ativvaxx.dll Tue Aug 22 21:33:45 2006 (44EBB079)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Sun Apr 13 20:09:55 2008 (4802A0D3)

Unloaded modules:
9abbc000 9accf000 ampse.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a4115000 a4228000 ampse.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a2de8000 a2e13000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a2de8000 a2e13000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a2de8000 a2e13000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a3425000 a3450000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a43d0000 a43fb000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baf5b000 baf5c000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baa58000 baa65000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baa38000 baa46000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a449b000 a44be000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bae5e000 bae60000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
babe8000 babed000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b9675000 b9678000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:debuglog.txt

 

ampse.sys is in c:\windows\system32\drivers
and in
c:\Program Files\commonfiles\Authentium\AntiVirus5\ampse

not anything I knowingly have downloaded.

Doing some full scans with AVG & Spybot and Adaware now. will post results.

The reboot seems to happen about the time AVG is schedulled to run, maybe a coincidence or not.

 

Another incident of ampse.sys recorded here but with printing probelms I'm not experienced

http://forums.whatthetech.com/System_unstable_reboots_its_own_t108662.html

MBAM was one of the recomendations on that post, will wait for your recommendations before proceeding.

Interesting note.......Google for ampse.sys finds the AVG web site????

 

Interesting entry in the AVG Virus vault ...though the trojan was found after this thread was started. AVG 9.0.709

"Warning "; "Found Tracking cookie.Revsci "; "C:\Documents and Settings\Rosemary\Cookies\rosemary@revsci[1].txt ";" "; "12/4/2009, 2:37:01 AM "

"Infection "; "Trojan horse Generic2_c.BZR "; "C:\Data\Sysclean Utilities\Ad-aware\download-adwarepro.exe ";" "; "12/9/2009, 1:42:24 AM "

 

No response in the Malware forum. Machine still re-booting every night. I need it to stay active 7 by 24.

Any assistance would be appreciated.

 

G'Day "pilotgal8 "

Check your Windows or Microsoft Update settings, in the "Security Center" settings.

If they are set to automatic, the default to update and install is set to 2am, and can be the cause of the shutdown or re-boot.

automatic Update is known to cause other issues and we recommend that it is turned OFF and you discipline yourself to perform "Custom" Updates manually at least once a month.

Custom Updates if "Microsoft Update" is installed, will then give you the option to update the Operating Systems Critical updates as well as any other Microsoft software that you have installed and also give you the option to update any available Software and Hardware Optional updates.

The other cause that may be the issue is the old "MS Blaster or Zotob Worm Infections" click on the hyper-link to read more.

pcbugfixer