Constant reboots - bugcheck 0x1000007f

By grt3kl · 14 replies
Mar 16, 2009
  1. Greetings, everyone.
    I've visited these forums several times for other computer problems I've had, but this is my first post. I ended up posting this here because, unlike a lot of other forums, topics here seem to get real answers.

    Here's my issue:
    I have been dealing with constant reboots for nearly 4 months on my work laptop. I updated virtually every driver, ran the memory test at startup, replaced the motherboard, uninstalled all programs that I thought could be responsible, and I can't even remember what else.

    I attached the two most recent crash dump files. I have at least 50 more of them if needed. Also, here is the record that gets added to the system event viewer every time this happens:
    The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini031609-02.dmp

    It all started where the laptop would just randomly reboot. When Windows would begin to initialize (the wallpaper would load and the lovely logon chime would begin), the laptop would then reboot again. Sometimes this happened 4 or 5 times before Windows finally loaded. After playing around for awhile, I figured out that this was only happening when my laptop was in the docking station. Undocked, it never seemed to happen. I tried a few other docking stations and the laptop did the same thing with all of them. This is when my company replaced the motherboard. After the replacement, everything worked fine...for about two days.

    This went on for at least a month. If I didn’t reboot, it only crashed once in a while. So, once I finally got it booted up (it took 17 tries one day), I was usually good to go. I decided to troubleshoot the thing more and determined that the crashing on startup was only occurring when I was connected via Ethernet. Knowing this now, the whole docking station thing probably had nothing to do with the docking station and everything to do with the Ethernet connectivity. When I unplugged the Ethernet cord, it booted up fine. I thought, “Oh, I’ll just make a habit of plugging it in after Windows loads.” So, I did that. I plugged the Ethernet cord in and the laptop rebooted. It didn’t always happen immediately like that, but it was usually within a few minutes.

    So, for about 2 months, I connected to the network using wireless only. No Ethernet at all. It still rebooted, but only once in a while - maybe once or twice a week. I do want make a note, though. When I say it “reboots randomly,” it’s not like I’m just sitting here looking at the screen and it reboots. It seems to always be triggered by something I do. Like, I’ll click and icon, press a key, etc., and it will reboot.

    I installed XP SP3, uninstalled and reinstalled all wired and wireless network drivers, ran another memory test, and checked everything I could think of. With Ethernet plugged in, I docked my laptop (which was on standby) this morning and it rebooted. I typed up this whole thing and it rebooted (this is version 2, which I typed in Word for the sake of AutoSave). I’m at the end of my string. My company wants to reformat this thing – they’re practically forcing me to hand it over. I would like to avoid this by all means, so please offer any suggestions you might have.

    Thanks a lot!
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    1. How often, can you run long enough to run some tests?

    2. Does it do this in Safe Mode?

  3. grt3kl

    grt3kl TS Rookie Topic Starter

    Right now, it's only happening occasionally. If it goes the way it has been going for the last week or so, it will happen about once a day. So I should definitely be able to run some tests.

    I haven't tested it extensively in Safe Mode. I've gone into Safe Mode to run virus scans, spyware scans, etc., but I haven't really left it in that state for a long period of time. I suppose that might be a good approach. I should note that I unchecked virtually all startup programs in msconfig>startup, but that didn't seem to resolve anything.
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    Mike, grt3kl, if you guys don't mind I did look at the minidumps and both are 0x7F and the first was ANALYSIS_INCONCLUSIVE (Unknown Module), EXCEPTION_DOUBLE_FAULT and the Bucket ID was ZEROED_STACK.

    The second one identified the driver Teefer.sys which belongs to Sygate Personal Firewall.

    grt3kl, you are in good hands with mflynn.
  5. grt3kl

    grt3kl TS Rookie Topic Starter

    Thanks, Route44. I am very glad to hear that I'm in good hands. I remember one of the techs here mentioning something about Teefer.sys, but that was months ago and I can't recall what he said. I do know that the second crash today occurred after I clicked on an error message related to SMC.exe, which I know is part of Sygate Personal Firewall (Symantec Protection Agent - same thing?). Unfortunately, I have to have that installed, as it's part of my company's security policy.

    I attached a few more crash dump files in case they are needed.

    Thanks again, mflynn and Route44!
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Do they require "a" Firewall or specifically Sygate?

    I assume this is your computer but used to connect to the company Server or is this your computer at the office?

    It could be that Sygate needs to be uninstalled and reinstalled, but don't do that yet.

    This could be caused by a conflict with your virus scanner or other Malware/virus protections or even Malware that you have.

    So lets do the below it will tell us about the items above and confirm you are clean.

    So do the below....

    Do the TechSpot 8 steps:

    Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

    Most importantly update MalwareBytes (MBAM) and SuperAntiSpyware (SAS)!

    Before you scan with either MalwareBytes or SuperAntiSpyWare do the Extra Configs below these have become most important lately

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

  7. grt3kl

    grt3kl TS Rookie Topic Starter

    My company requires the specific Sygate firewall that I have installed. It’s a laptop that I use both at home and work, but it is owned by my company.

    I did uninstall and reinstall Sygate about a week ago. I am running McAfee VirusScan Enterprise +AntiSpyware Enterprise 8.5.0i. I ran a full virus scan last week and it came back clean. My JRE is Version 5.0 Update 9 (1.5.09). The programs I write use this version of the JRE and I cannot update it to a newer version.

    I followed the 8 steps and made sure to configure the extra settings you mentioned. Last night, I also ran Memtest86+. It went through 7 passes and came back with 0 errors.

    Thanks again for all your help!
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok those look good. Other than the fact Temp cleaning was behind!

    Humor me and do the below.

    Deeper Temp clean....

    Run ATF-Cleaner Temp and Registry, repeatedly until no more found.

    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.


    Finally lets get some unnecessary Services out of the way.

    Do the below...

    Clean and tweak services

    In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.

    Nothing is un-installed or deleted only disabled from running!

    They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

    Disabled uses no memory (RAM) and no CPU cycles.
    Manual uses the RAM but a small amount of CPU.
    Auto and not started they use even more RAM and CPU.
    Auto and started even more RAM and CPU ..

    Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.

    Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!

    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    DNS Client
    Fast User switching
    Health Key and Certificate Management Service
    Indexing service
    Net logon
    Net.TCP Port Sharing
    NetMeeting Remote Desktop Sharing
    IPsec services
    QoS RSVP
    Remote Registry
    Uninterruptable power supply
    Universal Plug and play
    Web Client
    Windows media player Network Sharing

    IF you are using a wired network card and "NOT" using wireless on this computer then you can
    also disable

    Wireless Zero configuration

    Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

    In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

    This is not to be confused with Wired Auto Config do not disable that!

    This will do all of the above for you except those needed by Wireless (Laptop).

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.
    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.

    @echo off
    sc config Alerter start= disabled
    sc stop Alerter
    sc config AeLookupSvc start= disabled
    sc stop AeLookupSvc
    sc config ClipBook start= disabled
    sc stop ClipBook
    sc config Dfs start= disabled
    sc stop Dfs
    sc config FastUserSwitchingCompatability start= disabled
    sc stop FastUserSwitchingCompatability
    sc config TrkWks start= disabled
    sc stop TrkWks
    sc config TrkSvr start= disabled
    sc stop TrkSvr
    sc config DNSCache start= disabled
    sc stop DNSCache
    sc config ERSvc start= disabled
    sc stop ERSvc
    sc config HidServ start= disabled
    sc stop HidServ
    sc config PolicyAgent start= disabled
    sc stop PolicyAgent
    sc config CiSvc start= disabled
    sc stop CiSvc
    sc config IsmServe start= disabled
    sc stop IsmServ
    sc config kdc start= disabled
    sc stop kdc
    sc config LicenseService start= disabled
    sc stop LicenseService
    sc config Messenger start= disabled
    sc stop Messenger
    sc config Netlogon start= disabled
    sc stop Netlogon
    sc config NetTcpPortSharing start= disabled
    sc stop NetTcpPortSharing
    sc config mnmsrvc start= disabled
    sc stop mnmsrvc
    sc config NetDDE start= disabled
    sc stop NetDDE
    sc config NetDDEdsdm start= disabled
    sc stop NetDDEdsdm
    sc config NtLmSsp start= disabled
    sc stop NtLmSsp
    sc config SysmonLog start= disabled
    sc stop SysmonLog
    sc config RSVP start= disabled
    sc stop RSVP
    sc config SSDPSRV start= disabled
    sc stop SSDPSRV
    sc config upnphost start= disabled
    sc stop upnphost
    sc config WMPNetworkSvc start= disabled
    sc stop WMPNetworkSvc
    sc config WmiApSrv start= disabled
    sc stop WmiApSrv
    sc config WmdmPmSN start= disabled
    sc stop WmdmPmSN
    sc config RemoteRegistry start= disabled
    sc stop RemoteRegistry
    sc config RemoteAccess start= disabled
    sc stop RemoteAccess
    sc config SCardSvr start= disabled
    sc stop SCardSvr
    sc config TlnSvr start= disabled
    sc stop TlnSvr
    sc config UPS start= disabled
    sc stop UPS
    sc config WebClient start= disabled
    sc stop WebClient
    sc config DNSCache start= disabled
    sc stop DNSCache
    sc config RpcSs start= Automatic
    sc start RpcSs
    sc config RpLocator start= Automatic
    sc start RpcLocator
    sc config MSIServer start= Automatic
    sc start MSIServer
    If you use a Domain Server at work (if you have trouble Logging in) then run Control panel Admin Tools Services and set Net Logon back to Start Automatically and then click the Start to start it. Your Compant IT person can confirm what you need here.


    Run these two to do a special and deeper Malware scan. If these pass you are confirmed clean of Malware.

    Download ComboFix

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Download SDFix to Desktop.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.


    EDIT: You may get some errors if you do not have one of the services listed above. These can be ignored. You should notice a boost in startup/shutdown and general use by trimming these unneeded services.
  9. grt3kl

    grt3kl TS Rookie Topic Starter

    Sorry about the Temp cleaning being behind... :)

    Alright, I ran ATF-Cleaner and KCleaner several times each. I created a new restore point. I ran Disk Cleanup and had it clear all previous restore points. I ran your SC script but omitted the Net logon part, as I do need that. So far, I haven't seen any negative effects from disabling all those services.

    Finally, I ran ComboFix, HJT, and SDFix following your detailed directions (logs attached). Everything seemed to go as planned. It was extremely difficult to get SDFix on this computer, though! Apparently, the security policy here doesn't allow this file to be downloaded. I had to call someone from home to download it, rename it as a JPG file, and email it to me. Then, before it let me download it, I still had to run "sc pause mcshield" to let it come through. Ugh...

    With that being said, though, I think I did everything correctly. Please let me know what you think. Again, thanks so much for all your help. This has been a great experience so far.
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    I doubt it was blocked by IT! But this often happens when Malware itself knowing that SAS is a powerful cleanup tool takes steps to specifically block SAS.

    In any case both of these found issues so do the below

    Uninstall combofix
    combofix /u
    click OK

    Then redownload combofix and rename it 12cbf34 while downloading it to the desktop. Or after downloading rename it.

    Then run it under new name.

    Also run SAS again to see a clean log!

    NOTE: Understand I am only cleaning the slate so to speak and hopefully to even fix the unknown issue. But if it does not fix it it will surely be easier to work on the specific Dump knowing all else is right with the OS!

  11. grt3kl

    grt3kl TS Rookie Topic Starter


    I successfully uninstalled ComboFix using your directions. I downloaded it again, renamed it, and ran it again. I also ran SAS when it was done (it came back clean!).

    Attached are the new log files. Thanks.
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    OK good!

    One question occurred to me, does this happen more at the Office than home or more/less or about the same?

    These are last 2 cleanup steps before directly addressing the mini dumps and BTW have they lessened or improved any!

    If you get nothing else from these steps you should definately notice faster in general and quicker startups and shutdowns.

    Autoruns/Runscanner cleanup

    Make sure hidden files and folders are shown. Open Windows Explorer click Tools or View and then Folder Options-View.

    Choose Show hidden files and folders, uncheck Hide protected operating system files and click OK.

    Download install and run AutoRuns

    Run it let it scan, then when it says ready at bottom left corner, make sure the EVERYTHING Tab is selected and then click File at top and then Find.

    Type in the find box file not found and hit enter and delete all lines that have file not found.

    When you reach the bottom the go back to top and click the first entry under The Everything Tab (to begin the search from that point) and search again in case any were missed.

    This is a bunch of old stuff that M$ thought you might or would need that no longer exist, or for computers that are assumed to have SCSI or AMD processors but do not, or that you have Intel but do not!

    After the file not found search scroll back to the top and highlight the very first entry so you are searching from the top and click Find and search for anything you want, if needed.

    Then look carefully through all the Everything entries and delete anything that you may have had but uninstalled and thought were gone. If you are sure delete these also.


    Then get install and run:

    Click Scan computer
    Double click all Red lines to select, then click Item fixer and remove them.

    Then click Extra stuff again select all Red lines. Then click back to Malware hunting and Click the Item fixer again and remove these.

    Same as already said on AutoRuns stuff that was assumed to be need but you do not have.

    None of these items can run as the file is missing so most of the improvement you may see comes as a quicker startup as windows no longer searches or tries to load some of these. But some have noticed a faster shutdown also.

    Reboot and recheck with both AutoRuns and RunScanner.


    Download Dial-A-Fix (DAF)

    Have XP CD available in case DAF needs a file.

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here 1 at a time do the below

    Flush DNS
    Process Idle Tasks
    Repair Permissions
    Reset WMI/WBEM
    Watch for any File not found or other errors and make note as this may lead to the fix!

    Reboot retest!

  13. grt3kl

    grt3kl TS Rookie Topic Starter

    I really don't use the laptop much outside of the office, so I can't say. It's actually never happened outside of the docking station, though, so I doubt it would happen at home. The last time the computer crashed was when I was making my first post here, so it's been two days. As much as I want to think that it's completely fixed, there have been times in the past where it didn't happen for several days at a time. I've got my fingers crossed, though...

    I ran Autoruns and RunScnanner, following your directions. Everything seemed to go well. I rebooted and ran each of them again. It did seem like Windows started up a little quicker...

    I then downloaded and ran Dial-A-Fix. I did all of the things you mentioned but did not notice any errors. I rebooted and ran it again. Again, no errors at all.

    Let me know what you think. Thanks!
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    OK I guess we wait for now!

    I found 2 other possibilities if it does happen again.

    First Windows Defender has caused this, if it happens again uninstall Defender long enough to confirm it is the cause.

    Realtek HD Audio drivers have caused this, the cure was the very latest drivers
    Latest HD Audio drivers,: CODECs

    I would run ComboFix once more just to install the Recovery Console.

    When convenient I would first do a chkdsk
    chkdsk c: /f /r
    click Ok

    It will need exclusive access and request to do it on next boot. So reboot to allow.

    Then Defrag.

    Good luck.

    Consider the below...

    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    Run CCleaner (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner Temp and Registry, repeatedly until no more found.

    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    Yes! Even if you use system restore and other backups Registry and Images.
    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.
    Look at

    Run SpyBot ocassionally and use the Immunize function.

    I highly reccomend Hostman: Hostman

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

  15. grt3kl

    grt3kl TS Rookie Topic Starter

    I had this thread open and was going to write a response sometime today to let you know that everything has been working fine. Then, just as I'm about to walk away from my desk to grab lunch, it rebooted. If I recall correctly, I was in the process of connecting to a network share in Windows Explorer when it happened. The event description looks the same as the old ones:

    The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini032009-01.dmp.

    Should I have them reformat this thing or is there still troubleshooting to do?

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...