BSOD when opening certain websites

Painz

Member
Joined
Aug 22, 2013
Posts
15
Hi all! My sister's computer recently had a bsod(blue screen of death) and she's not exactly computer savvy so she asked me to try and fix it. I googled her problem and found that sfc /scannow had helped many people. I than tried it on her computer and sure enough it fixed it. The weird thing is that it happened again the next night and when I did sfc /scannow again the bsod happened again in about 3 hours. I than kept trying sfc /scannow hoping it would fix the problem if I spammed it enough times(about 3 or 4) :/ Than it eventually reached the point where it said "Windows Resource Protection found corrupt files but was unable to fix some of them." Can someone please help me/her? The problem also only occurs when I open either Yahoo or your "How to post BSOD" page. I don't know if this is related but my issue seems pretty similar( http://www.sevenforums.com/bsod-help-support/196367-bsod-page-fault-nonpaged-area.html ). If someone can help me it'd be truly appreciated. Thanks!

OS - Home Premium Windows 7
· x64
· What was original installed OS on system? Windows
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? It's OEM

· Age of system (hardware) 3 years
· Age of OS installation - have you re-installed the OS? No

· CPU: Intel Core i3-2310 CPU @ 2.10GHz 2.10 GHz
· Video Card: Intel(R) HD Graphics Family
· MotherBoard: AMIBIOS
· Power Supply - brand & wattage (if laptop, skip this one) Skipped

· System Manufacturer Samsung
· Exact model number (if laptop, check label on bottom) NP-RC512-W01US

View attachment 4991

NOTE: For some reason I could not post the Perfmon.html and AutoRun.arn, if someone can help me w that it'd be great.
 
Hi,

We have two consistent bugchecks and I can see a few are verifier enabled:

BAD_POOL_HEADER (19)

This indicates that a pool header is corrupt.

If we run a !poolval on the pool pointer being freed (2nd parameter of the bugcheck), we get the following:

Code:
1: kd> !poolval fffff900c2448000
Pool page fffff900c2448000 region is Unknown

Validating Pool headers for pool page: fffff900c2448000

[COLOR=#ff0000][B]Pool page [ fffff900c2448000 ] is __inVALID.[/B][/COLOR]

There appears to be pool corruption, although it's UNKNOWN.

If we check the verifier settings, we can see that Special Pool was enabled:

Code:
1: kd> !verifier

Verify Level 92b ... enabled options are:
[COLOR=#ff0000][I][B]    Special pool[/B][/I][/COLOR]
    Special irql
    All pool allocations checked on unload
    Deadlock detection enabled
    Security checks enabled
    Miscellaneous checks enabled

and did not catch a driver, therefore I am going to assume at this point we are dealing with a hardware issue, most likely memory. The second consistent bugcheck further supports this:

PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

Usual causes are a bug in a device driver, hardware related memory issues, corrupt NTFS volume, anti-virus software.

Before going onto hardware diagnostics though, please temporarily remove and replace Norton with Microsoft Security Essentials for troubleshooting purposes:

Norton removal tool - https://support.norton.com/sp/en/us...B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

MSE - Microsoft Security Essentials - Microsoft Windows

If after removing it you are still crashing, begin hardware diagnostics starting with a Memtest for NO less than ~8 passes (several hours):

Memtest86+:

Download Memtest86+ here:

Memtest86+ - Advanced Memory Diagnostic Tool

Which should I download?

You can either download the pre-compiled ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).

How Memtest works:

Memtest86 writes a series of test patterns to most memory addresses, reads back the data written, and compares it for errors.

The default pass does 9 different tests, varying in access patterns and test data. A tenth test, bit fade, is selectable from the menu. It writes all memory with zeroes, then sleeps for 90 minutes before checking to see if bits have changed (perhaps because of refresh problems). This is repeated with all ones for a total time of 3 hours per pass.

Many chipsets can report RAM speeds and timings via SPD (Serial Presence Detect) or EPP (Enhanced Performance Profiles), and some even support changing the expected memory speed. If the expected memory speed is overclocked, Memtest86 can test that memory performance is error-free with these faster settings.

Some hardware is able to report the "PAT status" (PAT: enabled or PAT: disabled). This is a reference to Intel Performance acceleration technology; there may be BIOS settings which affect this aspect of memory timing.

This information, if available to the program, can be displayed via a menu option.

Any other questions, they can most likely be answered by reading this great guide here:

FAQ : please read before posting

-------------------------------------------------------------------------------------------------------------

Chkdsk:

Chkdsk:
There are various ways to run Chkdsk~


Method 1:

Start > Search bar > Type cmd (right click run as admin to execute Elevated CMD)

Elevated CMD should now be opened, type the following:

chkdsk x: /r

x implies your drive letter, so if your hard drive in question is letter c, it would be:

chkdsk c: /r

Restart system and let chkdsk run.

Method 2:


Open the "Computer" window
Right-click on the drive in question
Select the "Tools" tab
In the Error-checking area, click <Check Now>.

If you'd like to get a log file that contains the chkdsk results, do the following:

Press Windows Key + R and type powershell.exe in the run box

Paste the following command and press enter afterwards:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

This will output a .txt file on your Desktop containing the results of the chkdsk.

If chkdsk turns out okay, run Seatools -

SeaTools | Seagate

You can run it via Windows or DOS. Do note that the only difference is simply the environment you're running it in. In Windows, if you are having what you believe to be device driver related issues that may cause conflicts or false positive, it may be a wise decision to choose the most minimal testing environment (DOS).

Run all tests EXCEPT: Fix All, Long Generic, and anything Advanced.

Regards,

Patrick
 
I skipped Memtest and went straight ahead onto Chkdsk. The problem I have with Memtest is that I don't know how to put it nor use it on a USB(I already checked FAQ). Can you help me with this?
 
I have a question with the Memtest. Is it suppose to start immediately after the reboot? I inserted the USB and the laptop just continues to open normally.
 
Also for SeaTools/Seagate, can you give me a direct link to the download? I don't have a CD with me and can't download it without having to burn it on one.
 
K my sister is using her laptop and the only times it seems to BSOD is when she goes on a website that starts with "h". I don't know if that helps but it's better than nothing .__.
 
Hi,

I have a question with the Memtest. Is it suppose to start immediately after the reboot? I inserted the USB and the laptop just continues to open normally.​

No, you have to go into the BIOS and change the boot priority to USB #1 so it boots from USB.

Also for SeaTools/Seagate, can you give me a direct link to the download? I don't have a CD with me and can't download it without having to burn it on one.

Let me know if this works - http://www.seagate.com/files/www-co...ed/downloads/SeaToolsforWindowsSetup-1208.exe

K my sister is using her laptop and the only times it seems to BSOD is when she goes on a website that starts with "h". I don't know if that helps but it's better than nothing .__.​

Eh, I'd hold off on worrying about that right now. That's likely not the trigger of the BSOD, just what it appears to be around the times of the crash.

Regards,

Patrick
 
That is incredibly strange and I personally have no idea what to tell you. Can you in the meantime though run the rest of the diagnostics? If they turn up clean we'll have to get to the bottom of the strange URL issue.

Regards,

Patrick
 
Please zip up the dumps -- copy from \windows\minidump to \documents, then zip & attach.

Then please continue with hardware diagnostics per Patrick's instructions.
 
In the absence of Autoruns and MSInfo, I took a quick look at the System Event Log: I'm seeing what looks like 2-3 AV's (or remnants of) loaded - Symantec, Kingsoft and MSE or Defender as well as Windows own firewall; and there are (to me) a few other oddities also logged:
Event[5]:
Log Name: System
Source: i8042prt
Date: 2013-08-23T12:23:59.006
Event ID: 12
Task: N/A
Level: Information
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: June-PC
Description:
The ring buffer that stores incoming mouse data has overflowed (buffer size is configurable via the PS/2 mouse properties in device manager).
Event[38]:
Log Name: System
Source: Microsoft-Windows-Kernel-Tm
Date: 2013-08-23T12:06:55.338
Event ID: 4
Task: N/A
Level: Warning
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: June-PC
Description:
The TransactionManager (TmId={DEE375D1-0C07-11E3-8A7A-806E6F6E6963}, LogPath=\SystemRoot\System32\Config\TxR\{dee375cf-0c07-11e3-8a7a-806e6f6e6963}.TM) has failed to advance its log tail, due to the transaction (UOW={DEE37612-0C07-11E3-8A7A-E811325C0E52}, Description='') being unresolved for some time. The transaction must be forced to resolve in order for the TransactionManager to continue to provide transactional services. Forcing the incorrect outcome may cause data corruption in any subordinate ResourceManagers or Transactionmanagers.
Event[145]:
Log Name: System
Source: Microsoft-Windows-Wininit
Date: 2013-08-23T11:56:16.682
Event ID: 11
Task: N/A
Level: Warning
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: June-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
The crashes are font related. Probably a buffer overflow vulnerability in Windows.

Code:
2: kd> k
Child-SP          RetAddr           Call Site
fffff880`0bdb0ae8 fffff800`03302be0 nt!KeBugCheckEx
fffff880`0bdb0af0 fffff800`03282cae nt! ?? ::FNODOBFM::`string'+0x4518f
fffff880`0bdb0c50 fffff960`000c2364 nt!KiPageFault+0x16e
fffff880`0bdb0de0 fffff960`000c22ab win32k!sfac_GetLongGlyphIDs+0x84
fffff880`0bdb0e30 fffff960`000c21da win32k!sfac_GetWinNTGlyphIDs+0xbb
fffff880`0bdb0ea0 fffff960`000c20aa win32k!fs_WinNTGetGlyphIDs+0x6a
fffff880`0bdb0ef0 fffff960`000c1e08 win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x252
fffff880`0bdb0fb0 fffff960`000b9173 win32k!bLoadGlyphSet+0xf8
fffff880`0bdb0fe0 fffff960`000b9312 win32k!bReloadGlyphSet+0x24b
fffff880`0bdb16a0 fffff960`000b926a win32k!ttfdQueryFontTree+0x66
fffff880`0bdb16f0 fffff960`001060bb win32k!ttfdSemQueryFontTree+0x5a
fffff880`0bdb1730 fffff960`00105f67 win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`0bdb17b0 fffff960`000c005a win32k!PFEOBJ::pfdg+0xa3
fffff880`0bdb1810 fffff960`0011a70c win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`0bdb1930 fffff960`000fe39c win32k!RFONTOBJ::bInit+0x548
fffff880`0bdb1a50 fffff960`000fe309 win32k!GreGetRealizationInfo+0x48
fffff880`0bdb1a90 fffff800`03283e13 win32k!NtGdiGetRealizationInfo+0x39
fffff880`0bdb1ae0 00000000`00000000 nt!KiSystemServiceCopyEnd+0x13

See:

BSOD BCCode 50 and 19 ntoskrnl.exe and win32k.sys Solved - Windows 7 Help Forums

BSOD Using Firefox, Win32k.sys related Solved - Windows 7 Help Forums

In these threads, win32k!sfac_GetLongGlyphIDs+0x84 crashes were solved by deleting the font cache (C:\Windows\System32\FNTCACHE.DAT). Better to create a system restore point before deleting the file, in case something goes wrong.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top