Assistance requested for BSOD; PAGE FAULT IN NONPAGED AREA - Vista SP2 x86

J

JacquieDV

Member
Joined
May 26, 2014
Posts
15
Help.

View attachment 8668View attachment PERFMON.zip


  • OS Name Microsoft® Windows Vista™ Ultimate
  • Version 6.0.6002 Service Pack 2 Build 6002
  • System Manufacturer Dell Inc.
  • System Model Dell DXP061
  • System Type X86-based PC
  • Processor Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz, 2128 Mhz, 2 Core(s), 2 Logical Processor(s)
  • BIOS Version/Date Dell Inc. 2.5.3, 11/22/2007
  • MotherBoard: Genuine Dell Dimension 9200 / XPS 410 Desktop (DT) Motherboard Systemboard Mainboard, Compatible Dell Part Numbers: CT017, WG885, JH484, WJ668
  • SMBIOS Version 2.3
  • Boot Device \Device\HarddiskVolume3
  • Hardware Abstraction Layer Version = "6.0.6002.18005"
  • Time Zone US Mountain Standard Time
  • Installed Physical Memory (RAM) 4.00 GB
  • Total Physical Memory 3.00 GB
  • Available Physical Memory 943 MB
  • Total Virtual Memory 6.19 GB
  • Available Virtual Memory 3.82 GB
  • Page File Space 3.29 GB
  • Page File C:\pagefile.sys
  • Power Supply: 350 W atx 12V

:banghead:

Please help. My head is starting to hurt.

Thank you sincerely in advance.








Jacquie
 
Hi Jacquie,

The attached DMP file is of the PAGE_FAULT_IN_NONPAGED_AREA (50) bug check.

This indicates that invalid system memory has been referenced.

Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).

Another common cause is the installation of a faulty system service.

Antivirus software can also trigger this error, as can a corrupted NTFS volume.


There's a ton of potential software corruption I see, so please enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users

Regards,

Patrick
 
I tried uploading a memory dump file but got an error message that the file type is invalid. How can I get this to you?
 
Assuming you're talking about the MEMORY.DMP file, this will need to be uploaded 3rd party as it is too large. Use Mediafire, Google Drive, or Onedrive please, and then paste the link to the file in your next reply.

Regards,

Patrick
 
Code: 
 STANDARD FLAGS:
    [X] (0x00000000) Automatic Checks
    [ ] (0x00000001) Special pool
    [ ] (0x00000002) Force IRQL checking
    [ ] (0x00000008) Pool tracking
    [ ] (0x00000010) I/O verification
    [ ] (0x00000020) Deadlock detection
    [ ] (0x00000080) DMA checking
    [ ] (0x00000100) Security checks
    [ ] (0x00000800) Miscellaneous checks

  ADDITIONAL FLAGS:
    [ ] (0x00000004) Randomized low resources simulation
    [ ] (0x00000040) Enhanced I/O checking
    [ ] (0x00000200) Force pending I/O requests
    [ ] (0x00000400) IRP logging

It seems only one of the many Driver Verifier flags are checked. Please go back and check the following:

Code: 
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Misc. checks

Regards,

Patrick
 
I'm sorry, Patrick. I'm planning on running the Driver Verifier after I finish up a couple of things...in the interim, I sent you the output from "BlueScreenView." I realize it's only a piece of what you're looking for, but I did program the Driver Verifier as you requested. Not sure how the timing will work out here but I guess the goal is to cause the BSOD again.
 
Correct, no rush! As soon as you can edit the verifier settings and get the system to crash, upload and paste the link to the crash dump that's generated.

Regards,

Patrick
 
The reason it was crashing so much is because it was constantly finding a driver in violation.

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (D5)

This indicates that a driver has referenced memory which was earlier freed.

Code: 
1: kd> k
ChildEBP RetAddr  
dbd80a58 8389aad4 nt!MmAccessFault+0x157
dbd80a58 816b7691 nt!KiTrap0E+0xdc
WARNING: Stack unwind information not available. Following frames may be wrong.
dbd80ae0 5ab7f1df [COLOR=#ff0000]ATMFD+0x7691[/COLOR]
dbd80b14 816b40ae 0x5ab7f1df
dbd80b44 81588c74 [COLOR=#ff0000]ATMFD+0x40ae[/COLOR]
dbd80b60 81588998 win32k!PDEVOBJ::DestroyFont+0x65
dbd80b84 8154ac21 win32k!RFONTOBJ::vDeleteRFONT+0x33
dbd80bbc 8154ada2 win32k!vRestartKillRFONTList+0x7b
dbd80bf0 814ffcd7 win32k!PFTOBJ::bUnloadWorkhorse+0x115
dbd80c1c 814ff8d9 win32k!vCleanupPrivateFonts+0x4d
dbd80c34 814fc06e win32k!NtGdiCloseProcess+0x16c
dbd80c54 814fbbad win32k!GdiProcessCallout+0x145
dbd80c70 83a4c5ee win32k!W32pProcessCallout+0x5d
dbd80cdc 839fff83 nt!PspExitThread+0x4a0
dbd80cf4 838ba142 nt!PsExitSpecialApc+0x22
dbd80d4c 83897a32 nt!KiDeliverApc+0x1dc
dbd80d4c 77055d14 nt!KiServiceExit+0x56
04edf6e4 00000000 0x77055d14

Verifier caught ATMFD.dll referencing invalid memory. This is the Windows NT Open Type/Type 1 Font DLL. It's really strange to see a Windows font DLL causing a bug check.

Please try navigating to C:\Windows\System32\ and deleting the FNTCACHE.DAT file. Restart afterwards.

Regards,

Patrick
 
OK. I did as you said and deleted that file.

Here's a possibly-related issue. I have noticed in the recent days that the computer often goes into a state of sleep despite the fact that I have specifically disallowed sleep in the power management options. Is there anything in that memory dump that might help to explain this?

Jacquie
 
Nope, but you may not have disabled all types of sleep (such as Hibernation). Ensure you have everything disabled such as hard disk going to sleep, etc. You can do this through advanced power options.

Regards,

Patrick
 
Hi, Patrick. First of all, thank you for your help. I haven't experienced any additional BSODs, so obviously something is fixed. However, I re-read this thread today, and I couldn't help but notice a comment of yours...

"There's a ton of potential software corruption I see, so please enable Driver Verifier:"

While I am not looking for additional problems, I am wondering if there were any specific things that prompted your comment. My PC is still quite sluggish, and I'm still looking for ways to optimize its performance.

Any insight you can lend would be hugely appreciated. Otherwise, thank you again for your expertise!

Regards,

Jacquie
 
Sure thing, Jacquie.

From the original crash dump, especially since it was Vista, the device drivers are older in general, so there's a lot of room for out of date drivers that I may have not been automatically familiar with because the up to date dates differ on Vista than they do 7/8. In general, just taking a quick look through, here's in my opinion completely unnecessary software that you can remove:

1. CrypKey - Although it serves an actual purpose, it's so old I really wouldn't recommend using it.

2. Roxio - Useless + extremely old.

3. Raw Disk from EldoS.

4. OpenedFilesView from NirSoft.

5. Arcsoft, the drivers are from 2005.

Regards,

Patrick
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top