Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen of death - faulty drivers?


  • Please log in to reply
14 replies to this topic

#1 replica

replica

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 07 October 2009 - 09:08 AM

Hi,

I have been suggested to post my problem here - please see the last message on this thread http://www.bleepingcomputer.com/forums/t/255287/slow-pc-with-occasional-blue-screen-crashings/

Basically the blue screen I get is currently linked to the driver uze1nzk0.sys which says its AVZ monitoring device driver but I can't find AVZ on my PC. This happened when I run verifier.exe from Run and after reboot it identified this file mentioned above. I couldn't log in to Windows normally so i had to delete all verifier settings in Safe mode and boot to Windows usual mode as always.

Some of the earlier blue screen shot:

Blue screens information:

BCCode : 10000050 BCP1 : E25C0000 BCP2 : 00000000 BCP3 : 805BC7B9
BCP4 : 00000001 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

BCCode : c2 BCP1 : 00000007 BCP2 : 00000CD4 BCP3 : 04040202
BCP4 : E1CCC4A8 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Followed later by: DRIVER_IRQL_NOT_LESS_OR_EQUAL or something.

Cheers,
replica

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 07 October 2009 - 09:31 AM

Some info on AVZGuard: http://www.wilderssecurity.com/archive/ind...p/t-187868.html

To be honest...if you did not install the referenced program at some time...I would guess malware.

From what I see, AVZGuard seems to have been a legitimate program, http://www.dslreports.com/forum/remark,17201621.

The problem may come from an unremoved entry...you did a search of your system for uze1nzk0.sys?

Louis

#3 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 07 October 2009 - 09:37 AM

Yes it is under C:\WINDOWS\system32\drivers folder. I agree it may be a leftover since there is a possibility I downloaded AVZGuard at some stage a couple of years ago. Otherwise it is a malware indeed. Should I just delete this file in a normal way as right click and choose Delete option?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 07 October 2009 - 12:57 PM

Well...if you have 1 leftover file from a program that no longer is on the system...my guess would be that you have more.

I would do a search of my C: (all files/folders, including system/hidden) looking for anything with AVZ in it. Then I would review the items found, before deleting anything.

I would then do the same thing for the registry.

There are probably easier ways, but what I would do is easy enough for me.

Louis

#5 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 07 October 2009 - 03:44 PM

There is nothing which has "AVZ" on the hard drive. There are some entries in the registry though. In any case I'd much appreciate a concrete step-by-step instruction on how to deal with the original problem. Cheers.

#6 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 12 October 2009 - 12:26 PM

So I guess there is no answer to it then?

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 12 October 2009 - 03:32 PM

Well...let's look at it.

You claim that you receive some sort of message about a driver file...a file which you claim does not exist on your system.

IMO, you need to state the exact error message as it appears...and tell us when it appears.

It could possibly be a registry prompt for a startup item which is no longer on your system...it's hard to say based on what info you have supplied thus far.

For the error code you provided, this is the standard summary re such errors:

"0x00000050: PAGE_FAULT_IN_NONPAGED_AREA
Requested data was not in memory. An invalid system memory address was referenced. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop message, as may other hardware problems (e.g., incorrect SCSI termination or a flawed PCI card)."

You further state that there are registry entries for this program/driver which is not installed on your system.

As I see it, you have two options regarding such.

a. You can delete the entries or disable them if, in fact, they are reflected as startup items.

b. You can ignore them.

If you want to delete/disable...and there truly are registry entries which are startup prompts...you can do so by using the program AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx. The Logon tab of that program should contain all startup items that you would be interested in.

OTOH, if there are no startup items found which fit what you are looking for...I am curious as to what the registry entries are that refer the originally described program.

Louis

#8 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 12 October 2009 - 08:13 PM

Hey, thanks for replying back.

'You claim that you receive some sort of message about a driver file...a file which you claim does not exist on your system"

Not true. Please read above. The file uze1nzk0.sys does exist in the system and it is placed under the /drivers folder. The description of this file refers/mentions it has got something to do with AVZ monitoring driver/device and AVZ indeed is not present on the hard drive (although there are some leftovers in registry).

The error message IRQL_NOT_LESS_OR_EQUAL and blue screen regarding driver appears on Windows restart after running verifier.exe from Run.

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 13 October 2009 - 08:06 AM

Did you try the Autoruns program, as suggested?

Louis

#10 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 13 October 2009 - 12:52 PM

Yep, I did that and deleted the mentioned driver from auto-run list.

My registry though contains mentioning of "AVZ" in following locations for instance:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVZRK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVZSG

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVZRK

ImagePath for the latter refers to: \??\C:\WINDOWS\system32\Drivers\uze1nzk0.sys

So it refers to the file I just deleted from auto-run.

#11 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 13 October 2009 - 12:58 PM

Sorry, when using Auto-run utility I disabled/deleted some invalid references or the mentioned driver - what do I need to do to save the new settings now so next time the system is on it picks up what I changed?

Edited by replica, 13 October 2009 - 12:58 PM.


#12 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 13 October 2009 - 02:35 PM

If you disable/delete from Autoruns, the impact is immediate.

Are these registry entries you mention...listed on the Logon tab of Autoruns?

Or did you do a manual search of the registry?

In any case, I suggest deleting them :thumbsup:.

Louis

#13 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 13 October 2009 - 02:50 PM

I typed in "regedit" and did manual search on "AVZ%" within registry. How do I delete those without impacting the registry itself?

Edited by replica, 13 October 2009 - 02:51 PM.


#14 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 13 October 2009 - 02:59 PM

Nothing wrong with impacting the registry...as long as you don't do something wrong :thumbsup:.

First step: Back up the registry, using ERUNT Registry Backup Tool - http://www.snapfiles.com/get/erunt.html.

After that is done, then just repeat the steps you took during your manual search. When the Find function pauses on an item, just hit the Delete key on the keyboard...then Edit/Find Next...and so on.

After you've removed your three items...exit the registry.

Start/Run...type chkdsk /r and hit Enter.Type Y in response to onscreen query and hit Enter. Reboot.

The chkdsk command will execute and when it is complete it will boot into XP.

Louis

#15 replica

replica
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 16 October 2009 - 12:00 PM

Error on deleting. Those registry entries/folders can't be removed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users