Solved

PC - Blue Screen

Posted on 2009-05-04
34
965 Views
Last Modified: 2012-05-06
Here is a question i posted a couple of weks ago.

"hi i have this acer desktop pc with windows xp home. some one recently tried to install avg internet security 8.5, but they did not uninstall the previous anti virus. Every time i switch it on it gets to the desktop screen and looks and sounds like its running the start up objects, after about a minute the computer restarts. I have managed to boot with the UBCD (ultimate boot CD) and am currently running a spyware scan (just in case), does anyone have any ideas on what might be causing the problem."

i turned out to be a confliction between AVG internet security and a fax modem driver that was no longer needed, i deleted the driver but was still having the same problem so i installed AVG free instead of the internet security and everything was fine until yesterday. The computer gets to the desktop screen and after about a minute the dreaded blue screen appears with the following message:

PAGE_FAULT_IN_NONPAGED_AREA

Technical Information:

*** STOP: 0x00000050 (0xEFAFD4A5, 0x00000000, 0x8053CE32, 0x00000000)

-----------------------------------------------------

Any Ideas on what the problem could be?
0
Comment
Question by:welsh45sprog
  • 10
  • 8
  • 7
  • +7
34 Comments
 
LVL 7

Expert Comment

by:dineesh
ID: 24294291
Hi,

Boot from XP installation CD -> go to recovery

and run a check disk on your OS drive.

regards
Dinesh
0
 
LVL 6

Expert Comment

by:mosidiot
ID: 24294315
Hmm.. Ok, try to delete all your pagefile and readd your pagefile by going system properties > advance > performance settings > advance > virtual memory change > select no paging file, click ok and restart your computer...

After you restart, follow the same step above to readd the page, this time choose system managed size.

If this still doesn't solve your problem, run a registry scan (search free registry cleaner in google and you will get a load of it), and run driver cleaner from http://www.drivercleaner.net/ to fully clean your modem..
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294343
First, if you think its caused by AVG, can you turn it off to let you look for solution?
Could you take a look at the events logs if there's something unusual?

0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294370
I don't know if a dump file have been generated (usually when we get those BSOD we have one)?   There's a tool called WinDbg to help you with this
0
 

Author Comment

by:welsh45sprog
ID: 24294385
i dont think it is caused by avg this time, the problem first occured when the user installed avg internet security 8.5, this time they tried to update mozila firefox and got this message.
0
 

Author Comment

by:welsh45sprog
ID: 24294392
would you like me to post the last dump file that was created?
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294397
i don't know the size of theses files, but if its not too huge, yeah, i could give it a look...
0
 

Author Comment

by:welsh45sprog
ID: 24294477
here is the dump file.

i have also deleted and re-added the pagefile and that has made no difference.
Mini050409-08.txt
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294535
according to your dump file, it seems to be related to ntkrpamp.exe and crash at 1 minute 26 second.
I'll try to find some informations about this...
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294680
Did you installed new hardware lately?
Do you have any software to monitor the temperature of your PC?

I don't know if my previous message is right because WinDebug give me an error on eLock2FSCTLDriver.sys.  Does it ring a bell to you?
0
 

Author Comment

by:welsh45sprog
ID: 24294753
no new hardware installed and no software to monitor the temperature.

As for that driver, doesn't ring any bells sorry.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24294775
Please send us a HijackThis log from your system:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

I think it could be a conflict between 2 antiviruses, and most likely AVG is not completely uninstalled yet. I suggest using AVG Remover to completely clean your PC from AVG, its available from: http://www.avg.com/download-tools

Hope it helps.
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294777
Ok... here's the dump (converted to text).  

The problem is caused by eLock2FSCTLDriver.sys, and from what i've understood on the net, its something that come with your Acer...


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.
 
 

Loading Dump File [c:\Mini050409-08.dmp]

Mini Kernel Dump File: Only registers and stack trace are available
 

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path.           *

* Use .symfix to have the debugger choose a symbol path.                   *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 0n2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Mon May  4 08:36:25.937 2009 (GMT-4)

System Uptime: 0 days 0:01:26.500

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 0n2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

...............................................................

...............................................

Loading User Symbols

Loading unloaded module list

.........

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck 10000050, {efafd4a5, 0, 8053ce32, 0}
 

***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 

*** WARNING: Unable to verify timestamp for eLock2FSCTLDriver.sys

*** ERROR: Module load completed but symbols could not be loaded for eLock2FSCTLDriver.sys

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

Probably caused by : eLock2FSCTLDriver.sys ( eLock2FSCTLDriver+11332 )
 

Followup: MachineOwner

---------
 

----- 32 bit Kernel Mini Dump Analysis
 

DUMP_HEADER32:

MajorVersion        0000000f

MinorVersion        00000a28

KdSecondaryVersion  00000000

DirectoryTableBase  051d8020

PfnDataBase         81800000

PsLoadedModuleList  8055d720

PsActiveProcessHead 805638b8

MachineImageType    0000014c

NumberProcessors    00000001

BugCheckCode        10000050

BugCheckParameter1  efafd4a5

BugCheckParameter2  00000000

BugCheckParameter3  8053ce32

BugCheckParameter4  00000000

PaeEnabled          00000001

KdDebuggerDataBlock 8054d2e0

SecondaryDataState  00000000

ProductType         00000001

SuiteMask           00000110

MiniDumpFields      00000dff 
 

TRIAGE_DUMP32:

ServicePackBuild      00000300 

SizeOfDump            00010000 

ValidOffset           0000fffc 

ContextOffset         00000320 

ExceptionOffset       000007d0 

MmOffset              00001068 

UnloadedDriversOffset 000010a0 

PrcbOffset            00001878 

ProcessOffset         000024c8 

ThreadOffset          00002728 

CallStackOffset       00002980 

SizeOfCallStack       00000bbc 

DriverListOffset      000037d0 

DriverCount           0000006f 

StringPoolOffset      000058c8 

StringPoolSize        00000f58 

BrokenDriverOffset    00000000 

TriageOptions         00000041 

TopOfStack            f78e2444 

DebuggerDataOffset    00003540 

DebuggerDataSize      00000290 

DataBlocksOffset      00006820 

DataBlocksCount       00000001 

  8053c000 - 8053cfff at offset 00006830

  Max offset 7830, e7d0 from end of file
 
 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Mon May  4 08:36:25.937 2009 (GMT-4)

System Uptime: 0 days 0:01:26.500

start    end        module name

804d7000 806e4000   nt        Fri Feb 06 05:32:51 2009 (498C11D3)

806e4000 80704d00   hal       Sun Apr 13 14:31:27 2008 (4802517F)

b9308000 b931e000   eLock2FSCTLDriver  Tue Jun 06 06:36:29 2006 (44855AAD)

b9936000 b994a480   wdmaud    Sun Apr 13 15:17:18 2008 (48025C3E)

b9a13000 b9a3f180   mrxdav    Sun Apr 13 14:32:42 2008 (480251CA)

b9ae8000 b9af7900   Cdfs      Sun Apr 13 15:14:21 2008 (48025B8D)

ba4d0000 ba4ded80   sysaudio  Sun Apr 13 15:15:55 2008 (48025BEB)

ba570000 ba573900   ndisuio   Sun Apr 13 14:55:57 2008 (4802573D)

bf800000 bf9c2e00   win32k    Mon Feb 09 06:13:13 2009 (49900FC9)

bf9c3000 bf9d4600   dxg       Sun Apr 13 14:38:27 2008 (48025323)

bf9d5000 bfe1e100   nv4_disp  Wed Jul 12 17:04:00 2006 (44B563C0)

f3dbc000 f3dd3900   dump_atapi  Sun Apr 13 14:40:29 2008 (4802539D)

f3dd4000 f3df7180   Fastfat   Sun Apr 13 15:14:28 2008 (48025B94)

f3df8000 f3e45f00   avgldx86  Fri Apr 10 06:37:14 2009 (49DF215A)

f3e46000 f3e6b500   ipnat     Sun Apr 13 14:57:10 2008 (48025786)

f3e6c000 f3edb280   mrxsmb    Fri Oct 24 07:21:07 2008 (4901AFA3)

f3f04000 f3f2ee80   rdbss     Sun Apr 13 15:28:38 2008 (48025EE6)

f3f2f000 f3f50d00   afd       Thu Aug 14 06:04:35 2008 (48A40333)

f3f51000 f3f78c00   netbt     Sun Apr 13 15:20:59 2008 (48025D1B)

f3f79000 f3f91e00   avgtdix   Mon Apr 06 09:42:27 2009 (49DA06C3)

f3f92000 f3fea480   tcpip     Fri Jun 20 07:51:09 2008 (485B99AD)

f3feb000 f3ffd600   ipsec     Sun Apr 13 15:19:42 2008 (48025CCE)

f663f000 f6662a80   portcls   Sun Apr 13 15:19:40 2008 (48025CCC)

f6663000 f6aa1000   RtkHDAud  Tue Jun 06 00:09:22 2006 (4484FFF2)

f6afa000 f6afc900   Dxapi     Fri Aug 17 16:53:19 2001 (3B7D843F)

f6bae000 f6c0bf00   update    Sun Apr 13 14:39:46 2008 (48025372)

f6c41000 f6c70e80   rdpdr     Sun Apr 13 14:32:50 2008 (480251D2)

f6c95000 f6c97280   rasacd    Fri Aug 17 16:55:39 2001 (3B7D84CB)

f6c99000 f6ca9e00   psched    Sun Apr 13 14:56:36 2008 (48025764)

f6caa000 f6cc0580   ndiswan   Sun Apr 13 15:20:41 2008 (48025D09)

f6cc1000 f6cd4900   parport   Sun Apr 13 14:40:09 2008 (48025389)

f6cd5000 f6ce8f00   VIDEOPRT  Sun Apr 13 14:44:39 2008 (48025497)

f6ce9000 f70a9980   nv4_mini  Wed Jul 12 17:09:43 2006 (44B56517)

f70aa000 f70e5c80   yk51x86   Wed Jun 14 10:21:43 2006 (44901B77)

f70e6000 f7108700   ks        Sun Apr 13 15:16:34 2008 (48025C12)

f7109000 f7131000   HDAudBus  Thu May 26 11:46:29 2005 (4295EF55)

f7131000 f7154200   USBPORT   Sun Apr 13 14:45:34 2008 (480254CE)

f7165000 f7168c80   mssmbios  Sun Apr 13 14:36:45 2008 (480252BD)

f719d000 f71b6b80   Mup       Sun Apr 13 15:17:05 2008 (48025C31)

f71b7000 f71e3980   NDIS      Sun Apr 13 15:20:35 2008 (48025D03)

f71e4000 f7270600   Ntfs      Sun Apr 13 15:15:49 2008 (48025BE5)

f7271000 f7287880   KSecDD    Sun Apr 13 14:31:40 2008 (4802518C)

f7288000 f7299f00   sr        Sun Apr 13 14:36:50 2008 (480252C2)

f729a000 f72b9b00   fltmgr    Sun Apr 13 14:32:58 2008 (480251DA)

f72ba000 f72d3a80   nvatabus  Wed Jun 28 20:38:52 2006 (44A3211C)

f72d4000 f72eb900   atapi     Sun Apr 13 14:40:29 2008 (4802539D)

f72ec000 f7301d00   nvraid    Wed Jun 28 20:39:01 2006 (44A32125)

f7302000 f7327700   dmio      Sun Apr 13 14:44:45 2008 (4802549D)

f7328000 f7346880   ftdisk    Fri Aug 17 16:52:41 2001 (3B7D8419)

f7347000 f7357a80   pci       Sun Apr 13 14:36:43 2008 (480252BB)

f7358000 f7385d80   ACPI      Sun Apr 13 14:36:33 2008 (480252B1)

f7487000 f7490180   isapnp    Sun Apr 13 14:36:40 2008 (480252B8)

f7497000 f74a6100   ohci1394  Sun Apr 13 14:46:18 2008 (480254FA)

f74a7000 f74b4080   1394BUS   Sun Apr 13 14:46:18 2008 (480254FA)

f74b7000 f74c1580   MountMgr  Sun Apr 13 14:39:45 2008 (48025371)

f74c7000 f74d3180   CLASSPNP  Sun Apr 13 15:16:21 2008 (48025C05)

f74d7000 f74e3c80   VolSnap   Sun Apr 13 14:41:00 2008 (480253BC)

f74e7000 f74efe00   disk      Sun Apr 13 14:40:46 2008 (480253AE)

f75b7000 f75c5000   AmdK8     Mon Jun 19 02:37:31 2006 (4496462B)

f75c7000 f75d1480   imapi     Sun Apr 13 14:40:57 2008 (480253B9)

f75d7000 f75e6600   cdrom     Sun Apr 13 14:40:45 2008 (480253AD)

f75e7000 f75f5100   redbook   Sun Apr 13 14:40:27 2008 (4802539B)

f75f7000 f7606c00   serial    Sun Apr 13 15:15:44 2008 (48025BE0)

f7607000 f7613d00   i8042prt  Sun Apr 13 15:17:59 2008 (48025C67)

f7617000 f7623880   rasl2tp   Sun Apr 13 15:19:43 2008 (48025CCF)

f7627000 f7631200   raspppoe  Sun Apr 13 14:57:31 2008 (4802579B)

f7637000 f7642d00   raspptp   Sun Apr 13 15:19:47 2008 (48025CD3)

f7647000 f764f900   msgpc     Sun Apr 13 14:56:32 2008 (48025760)

f7657000 f7660f00   termdd    Sun Apr 13 14:38:36 2008 (4802532C)

f7667000 f7670e80   NDProxy   Sun Apr 13 14:57:28 2008 (48025798)

f7677000 f7685880   usbhub    Sun Apr 13 14:45:36 2008 (480254D0)

f7687000 f7695b00   drmk      Sun Apr 13 14:45:12 2008 (480254B8)

f76b7000 f76bf780   netbios   Sun Apr 13 14:56:01 2008 (48025741)

f76d7000 f76e1e00   Fips      Sun Apr 13 14:33:27 2008 (480251F7)

f76e7000 f76ef700   wanarp    Sun Apr 13 14:57:20 2008 (48025790)

f7707000 f770d180   PCIIDEX   Sun Apr 13 14:40:29 2008 (4802539D)

f770f000 f7713d00   PartMgr   Sun Apr 13 14:40:48 2008 (480253B0)

f77af000 f77b3300   usbohci   Sun Apr 13 14:45:34 2008 (480254CE)

f77b7000 f77be600   usbehci   Sun Apr 13 14:45:34 2008 (480254CE)

f77bf000 f77c0000   fdc       unavailable (00000000)

f77c7000 f77cca00   mouclass  Sun Apr 13 14:39:47 2008 (48025373)

f77cf000 f77d5000   kbdclass  Sun Apr 13 14:39:46 2008 (48025372)

f77d7000 f77dba80   TDI       Sun Apr 13 15:00:04 2008 (48025834)

f77df000 f77e3580   ptilink   Fri Aug 17 16:49:53 2001 (3B7D8371)

f77e7000 f77eb080   raspti    Fri Aug 17 16:55:32 2001 (3B7D84C4)

f77f7000 f77fc000   flpydisk  Sun Apr 13 14:40:24 2008 (48025398)

f7807000 f780c200   vga       Sun Apr 13 14:44:40 2008 (48025498)

f780f000 f7813a80   Msfs      Sun Apr 13 14:32:38 2008 (480251C6)

f7817000 f781e880   Npfs      Sun Apr 13 14:32:38 2008 (480251C6)

f781f000 f78237a0   OsaFsLoc  Thu Apr 13 12:15:33 2006 (443E7925)

f7827000 f782c280   avgmfx86  Tue Feb 24 04:31:56 2009 (49A3BE8C)

f782f000 f7833500   watchdog  Sun Apr 13 14:44:59 2008 (480254AB)

f7897000 f789a000   BOOTVID   Fri Aug 17 16:49:09 2001 (3B7D8345)

f789b000 f789e680   UBHelper  Fri Dec 17 04:00:25 2004 (41C2A029)

f797b000 f797ed80   serenum   Sun Apr 13 14:40:12 2008 (4802538C)

f797f000 f7981780   ndistapi  Sun Apr 13 14:57:27 2008 (48025797)

f7987000 f7988b80   kdcom     Fri Aug 17 16:49:10 2001 (3B7D8346)

f7989000 f798a100   WMILIB    Fri Aug 17 17:07:23 2001 (3B7D878B)

f798b000 f798c700   dmload    Fri Aug 17 16:58:15 2001 (3B7D8567)

f79c1000 f79c2800   NTIDrvr   Tue Dec 21 15:33:14 2004 (41C8888A)

f79c3000 f79c4100   swenum    Sun Apr 13 14:39:52 2008 (48025378)

f79c5000 f79c6280   USBD      Fri Aug 17 17:02:58 2001 (3B7D8682)

f79c9000 f79caf00   Fs_Rec    Fri Aug 17 16:49:37 2001 (3B7D8361)

f79cb000 f79cc080   Beep      Fri Aug 17 16:47:33 2001 (3B7D82E5)

f79cd000 f79ce080   mnmdd     Fri Aug 17 16:57:28 2001 (3B7D8538)

f79cf000 f79d0080   RDPCDD    Fri Aug 17 16:46:56 2001 (3B7D82C0)

f79d1000 f79d2100   dump_WMILIB  Fri Aug 17 17:07:23 2001 (3B7D878B)

f7a4f000 f7a4fd00   pciide    Fri Aug 17 16:51:49 2001 (3B7D83E5)

f7aed000 f7aedd00   dxgthk    Fri Aug 17 16:53:12 2001 (3B7D8438)

f7baa000 f7baab80   Null      Fri Aug 17 16:47:39 2001 (3B7D82EB)

f7bd2000 f7bd2c00   audstub   Fri Aug 17 16:59:40 2001 (3B7D85BC)
 

Unloaded modules:

b98e8000 b9913000   kmixer.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7b34000 f7b35000   drmkaud.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7557000 f7564000   DMusic.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f3b1b000 f3b29000   swmidi.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

b9913000 b9936000   aec.sys 

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f798d000 f798f000   splitter.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f76c7000 f76d0000   processr.sys

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f77ff000 f7804000   Cdaudio.SYS

    Timestamp: unavailable (00000000)

    Checksum:  00000000

f7973000 f7976000   Sfloppy.SYS

    Timestamp: unavailable (00000000)

    Checksum:  00000000

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck 10000050, {efafd4a5, 0, 8053ce32, 0}
 

***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y <symbol_path> argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

Probably caused by : eLock2FSCTLDriver.sys ( eLock2FSCTLDriver+11332 )
 

Followup: MachineOwner

---------
 

Finished dump check

Open in new window

0
 
LVL 10

Expert Comment

by:cdebel
ID: 24294810
(if you want to get this tool to check debug files, here's a link: http://support.microsoft.com/kb/315271/).

Its difficult for me to interpret this file since its the first time i use it.  I'm not sure if the error message about eLock2FSCTLDriver.sys is only mentionned because it couldn't load the symbols or not...

Anyway, someone more experienced might give you some help.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24295329
The problem appears to be related to the sudio driver system. There are many sys files, all related to the audio drivers, that are being unloaded.

Boot into safe mode and see if the bsod still occurrs. If not, uninstall all the audio drivers, reboot and let windows detect the hardware. If it no longer BSOD's, then that was the problem. It should re-install it all automatically. If not, you may have to go to the MFG website and download and install.
0
 

Author Comment

by:welsh45sprog
ID: 24295374
here is a hijack this log file.
hijackthis.log
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24297058
You have a very interesting log... it seems that AVG antivirus file(s) are not running as background processes but they are installed as services and are scheduled to run at bootup.

Bootup Process:
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

Services:
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

It might be wise to download another Internet Security program such as Kaspersky Internet Security trial or Comodo Internet Security free before uninstalling AVG completely using the AVG Removal tool.

Hope it helps.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 7

Expert Comment

by:sfarazmand
ID: 24298706
You may want to try booting into safe mode and removing any antivirus products that remailn as well as antispyware.  Use the MS install cleanup to get rid of any files. http://support.microsoft.com/kb/290301

Also while in safe mode, after the install cleanup check for any program folders under c:\program files as well as you application data folders.

Do not install any other antivirus products until you've cleaned everything up. You may also want to try Avira (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html)
0
 

Expert Comment

by:chilter
ID: 24303035
I have the same problem.  Also will not start in safe mode so difficult/impossible to disable avg etc.  Can get to dos promt via xp cd in repair mode but that is all.
0
 

Expert Comment

by:crazy72
ID: 24303068
Chilter
in this case you can boot from a ERD cd with win pe environment and attach your windows installation.
Attach a usb key with the avgremover and run it.
Alternative: you can disable avg services also using xp cd repair. At moment i'm out but it's enough you look for avg services on internet to find their names.

A lot of people using Acer Desktop are having the same problem, at the moment i'm not sure if it's more a Acer problem or an AVG problem.

0
 

Author Comment

by:welsh45sprog
ID: 24303450
i can get into safe mode, what is the best option to try. Get rid of AVG? or something else?
0
 
LVL 16

Accepted Solution

by:
warturtle earned 500 total points
ID: 24303595
Yes, I feel that firstly you should download another Internet Security Suite and then use AVG Remover as mentioned in my previous post to get rid of AVG completely. You've still got some components of AVG left on your PC and its best to complete uninstall any program, because it could create trouble.

After AVG is removed completely, install the downloaded internet security suite and scan with it. Hopefully, there should be no more problems.
0
 
LVL 10

Expert Comment

by:cdebel
ID: 24304300
welsh45sprog... have you tried flubbster solution?

And about warturtle comment, Antivirus programs usually load themselve as SERVICE, not as a background task when you are logged under some user.  This way scheduled scan can be performed even when the user is not logged in!  
And what is loaded at the bootup is the icon to place on the tray bar (beside the clock of Windows).

So it's just plain normal...
0
 
LVL 4

Expert Comment

by:Kelly_W
ID: 24304326
Hello,
In your original post it says that they did not uninstall the original antivirus.  Has that been uninstalled as of yet?
Thank you,
Kelly W.
0
 

Author Comment

by:welsh45sprog
ID: 24304393
hi

i have not tried flubbster's solution, i will try that next. @ Kelly_W, yes the previous antivirus has been uninstalled.
0
 

Author Comment

by:welsh45sprog
ID: 24304955
I have not tried flubbsters solution yet, but i have completely uninstalled AVG and installed comodo internet security and am no longer suffering from the BSOD, should i go back and try AVG or should i just stick with comodo IS?
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24305003
Comodo is good as a free internet security solution (includes antivirus + antispyware + anti-rootkit + firewall), whereas AVG only provides anti-virus + anti-spyware+anti-rootkit for free. You might have to download a seperate firewall with AVG. I think its good.
0
 

Author Comment

by:welsh45sprog
ID: 24305435
ok, i'm going to run scans on it over the next 24 hrs before i accept a solution for this question
0
 

Expert Comment

by:chilter
ID: 24306038
My laptop is an Acer with avg which seems to be the problem.  However it will not run in any mode after pressing F8.  Have tried them all and only way to get a Dos prompt is by running the repair mode from XP CD.  Thanks CRAZY72 for the advice but is there any way of uninstalling AVG friom the DOS prompt.
ERD cd with win pe environment .  Explain please
Thanks
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24306231
Hello chilter,

You can download the AVGInstaller on a USB drive, then goto the USB drive using the command prompt and then do:

avgsetupfile.exe /UNINSTALL /HIDE

That should silently uninstall AVG from your PC.
0
 

Expert Comment

by:chilter
ID: 24306685
Thanks everyone.   Got it started in safe mode and uninstalled AVG.  Everything now works fine again.  It would seem there is a conflict between Acer and AVG.  I also have an Aspire 1 whith XP (not Acer OEM) and AVG which works fine so suspect that somewhere in Acers add ons to XP there is a problem.

Anyway fingers crossed.  Tried Avira antivirus but did not like the MIME file so have Avast instead.  Any other good antivirus out there?
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24307479
Good, Good! Amongst the free antiviruses that exist there are quite a few options like - Comodo (I installed this on my cousins netbook), PC Tools antivirus, Panda Antivirus, Avira, AVG(which was incompatible with your system) and Avast.

Among the paid ones - Kaspersky (my favorite), PC Tools Internet Security (this is on my notebook, got this for free in a special deal), ZoneAlarm Internet Security and others.

You need to have an antivirus + firewall + anti-malware on your PC - so you can either have Comodo Internet Security (its free)  + MalwareBytes Anti-Malware free

or

Avast/Avira/other antivirus + free ZoneAlarm or other firewall + MalwareBytes Anti-Malware.
0
 

Author Closing Comment

by:welsh45sprog
ID: 31577505
Thanks for all the help guys, looks like i'm not the only one who found this question helpful, hopefully others will to. My PC is now working fine.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24335435
Glad to be of some assistance and thanks for the feedback :-)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
This article may be useful for troubleshooting your PC. Power Supply - no lights or fans running If you have no lights or fans running then either you power is bad, turned off (check switch) or the power supply needs to be replaced. That's a r…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now