1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Analysis of BSOD screen?

Discussion in 'Windows XP Help' started by barebear, Jan 1, 2007.

  1. barebear

    barebear Established Techie7 Member

    I'm running XP Pro SP2 fully updated

    I received the following info on a BSOD:

    Problem seems to be caused by file win32k.sys

    Page fault in non-paged area

    Technical Information:

    Stop 0x00000050 ( 0xBC0D64A0, 0x00000000, 0xBF8363E5, 0x00000001

    Win32k.sys address BF8363E5 base at BF800000, Date Stamp 43446a58


    Please advise what may have caused the problem and what steps to take to correct the problem
     
  2. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    0x00000050: PAGE_FAULT_IN_NONPAGED_AREA

    Some links here for particular situations:

    http://www.aumha.org/win5/kbestop.php


    Also for more detail:

    Check your Event Viewer via Administrative Tools.

    Open the System as well as Application tabs and look for red X errors that coincide with your problem. Details here:

    http://support.microsoft.com/kb/308427




    Also if your blue screen is showing a memory dump do the following:



    Go to start | search (type in) .dmp
    Note the location of your .dmp files.
    If no .dmp files check for minidump.
    Remember this location and the path that leads to it.

    Then:

    1) Download and install the

    Debugging Tools from Microsoft

    All you need do is download and install this. Make no attempt to start or run it.

    2) Download and install this

    debugwiz

    This is a DOS based batch file that will command the above Microsoft Tools.

    3) Open the Wiz & Browse to, or paste in the path to, your .dmp file.

    4) After the Wiz creates a Text document attach it back to this thread.


    If you are looking for links on how to interpret this data for yourself try here first:

    http://www.wd-3.com/archive/registercontext.htm
     
  3. barebear

    barebear Established Techie7 Member

    was at aumha earlier today ,didn't find anything directly relating--they want $24.for a subscription for a yea; debug to show answers to a specific issue

    event viewer shows error 1003 perhaps once/twice a day.

    Have debugging tools & debug wiz installed for a long time, never could really understand the results.

    Text file attached.

    Writing this from my backup system--running Memtest 86 on rig which generated the info.

    Thank you so much for responding--hope you can help me through this
     

    Attached Files:

  4. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    Did you check out this link:

    You receive a Stop 0x00000050 error on a Blue Screen {KB 894278} Win 2000, Win XP, Server 2003 (with concurrent 1003/System entry in Event Viewer: possible Rootkit spyware infestation)

    http://support.microsoft.com/?kbid=894278&sd=RMVP
     
  5. barebear

    barebear Established Techie7 Member

    Had seen article today when I started trying to figure out the issue, but didn't look for:
    This error message is caused by a kernel driver that is installed by the following known rootkit spyware programs:
    • Msupd5.exe
    • Reloadmedude.exe

    because I run Rootkit Revealer, F-Secure Blacklight,and Rootkit Buster weekly---my problem has been recurring for several months at random intervals of between 12 and 72 hrs. I also nightly run Webroot SpySweeper which is set to sweep for rootkits, and run V-Com System Suite 7 Pro antivirus (Trend Micro),along w/ several otheranti-spyware progs. Also am behind a Linksys BEFSR41 router

    Am running Memtest on the problem rig right now; after 4hrs will stop and advise results (930PM PST).

    As soon as thats done, will check Windows for presence of
    Msupd5.exe
    Reloadmedude.exe
    and advise if found or not.

    Please advise any other steps to take?
     
  6. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    At this point I think you are doing the best you can.

    If MemTest comes clean and • Msupd5.exe and • Reloadmedude.exe are not found then we can go from there.

    If you have multiple dumps it might also be informative to compare them.
     
  7. barebear

    barebear Established Techie7 Member

    I will advise you as soon as MemTest completes 1 full pass ---when thats done I'll check for everything in http://support.microsoft.com/?kbid=894278&sd=RMVP
    and advise you of Memtest results along with all details of findings from following instructions for all procedures in MS support article.
    Memtest now 47% complete of 1 pass at 6:21 PM PST
     
  8. barebear

    barebear Established Techie7 Member

    MemTest ran 3hrs 45min w/ no errors.

    Msupd5.exe and Reloadmedude.exe were not present in the System32/drivers folder, or anywhere in the Windows folder.

    I sent you the 1 dump file I had, will send you any others if/when I get them.
    Per the advice of an MS MVP on another help site, I'm boosting my VDimm core voltage (referred to as DDR reference voltage in the bios) from 2.6 to 2.7 ----he feels that 2.6 is too low for the Mushkin Black High Performance level II PC3200 ram (1024 MB 2 x 512 DDR-SDRAM) that I'm running. He feels it needs closer to 3.0 to run w/o it being unstable. The max my bios will set it to is 2.9

    Please advise your thoughts re the voltage boost, and the next step(s) you want me to take
     
  9. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    It sounds like you are getting good advise. I am not too familiar with voltage issues. This page refers to your error although it was written for Windows 2000:
    Stop 0x00000050

    http://www.microsoft.com/technet/pr...serv/reskit/prork/prhd_exe_duol.mspx?mfr=true
     
  10. barebear

    barebear Established Techie7 Member

    Per the article.....

    Have not installed any hardware for at least a year.

    my spontaneous reboot happens intermittently anywhere between 12 and 72 hrs or more, usually happens when I'm away from the computer.

    Doubt anti-virus has anything to do with it, but can't disable it for as long as it would take to see if that stops the reboot---I'd be a sitting duck?! Also, have been running System Suite anti-virus for years previous w/ never a problem.

    Don't think I have a buggy service---how to check that?--please advise.

    Have run chkdsk /f frequently--no issues noted.

    It will take up to 4 days to see if the voltage boost solves the problem--will advise results and send you any .dmp files if there is/are crash events.

    Please advise re how to check for a buggy service, how to run safely w/o antivirus to see if its the problem (I'm HEAVILY on the internet and even my router is not enough to make me feel safe) and any other things you want me to do.

    Thanks again for all the time/help!
     
  11. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    Does every reboot create a dump log?

    When you are away from your computer are any programs running in the background?

    Have you turned off the Auto-restart feature via Right clicking My Computer then click Properties then Advanced then Startup and Recovery > Settings?

    One test you could try is start in Safe Mode with Networking. This will allow you to go on-line but will only load basic drivers. Your graphics will be very limited. But this would test whether or not it is a driver issue.

    Also as a diagnostic you can Run... msconfig > startup

    and stop all entries save your anti virus. Here you can also go to Services and stop all Non-Microsoft services (again save your anti virus).
     
  12. barebear

    barebear Established Techie7 Member

    dump log created only by intermittent spontaneous reboot-- a reboot I initiate
    doesn't ever create one.

    only program other than antivirus, antispyware, ad blocker and mail checker is the Stanford Folding At Home (entire file including exec. is by default installed on my D: (secondary IDE slave HD w/ no OS---just data)

    I turned off the Auto-restart about 3 days ago when I realized my efforts weren't solving the problem and that I'd need the BSOD data to get any online help

    I found a video card driver update and installed it. Am going to hold off changing the VDimm voltage till I see if that update stops the intermittent spontaneous reboots----that will take a good 4 days; if no spontaneous reboot after 4 days, I should be home free.

    If I do get a reboot event, I'll try the VDimm voltage boost and wait to see if that solves it.

    If not, then it'll be Safe Mode w/ networking and depending on your call after we see the results of that, we can tinker w/ MSconfig and/or the services (again per your call)

    Do be aware that I have scheduled 3 different spyware scans every night, as well as a scheduled backup of Firefox, and also run scheduled Smart Backup (which is CRITICAL for me--it backs up the My Documents folder I created on my D: to a USB HD--common sense dictates not using the My Documents on the C:; if it dies, all is lost.)

    In case it helps so that you can see what processes are running, I've attached a HJT log I just created (all the normal stuff running all the time)--theres nothing in it that worries me, but feel free to comment about anything that doesn't look right to you, and I'll try to tell you about it.

    Will keep you updated on all events/findings as they happen per my comments
    re driver update and ( if need) voltage change

    Wait to hear back from you about HJT and your thoughts about my plan of action.

    I'm also attaching a .jpg of Startup Manager so you can see whats running there --let me know if any ?
     

    Attached Files:

    Last edited: Jan 2, 2007
  13. barebear

    barebear Established Techie7 Member

    For now, I can say that neither Driver Genius and especially not Windows Update are able to find all available updates, let alone the big majority of them.
    When I went item by item through Device Manager, I found multiple NVidia NForce,Radeon, AMD, and other updates by going to the specific manufacturers sites.

    And then, after downloading/installing the updates, I found that they weren't showing up in Device Manager-----I had in multiple instances to do "install from a specific location" and browse to the downloaded items to get them installed.

    The updating has so far definitely helped in terms of everything being a bit faster (reboots, program opening, Ghost burning, program operations are noticeably faster), and on reboots my tray icons appear in the proper order.

    Will, as stated previously, keep you informed as to developments re spontaneous reboots (it'll be blue screens w/ error details and .dmp files since auto restart is disabled), and anything else of note----it'll be a good 96 hrs w/ no issues before I'll begin to feel things are fixed, and a week will clinch it.
     
  14. barebear

    barebear Established Techie7 Member

    Since my last post, the computer had been running w/ no Event Viewer errors or BSOD up to the time I went to bed

    last night, but I found a BSOD when I got up this AM.

    I'm pretty sure I know the cause--I incorrectly reconfigured one of my programs that is scheduled to run

    automatically at a certain time every night. It is a backup utility that backs up my My Documents folder from my

    D: (secondary IDE slave HD) to a USB connected HD.

    What I had done was to incorrectly set the locations of the source and destinations folders--I didn't have a

    source destination folder entered and on top of that had the destination configured as G:\Backup instead of

    G:\Backup\ .

    Since correcting that about 4 hrs ago, no error messages or BSOD, but it now will be at least another 5 days till

    I can be reasonably sure that the issue is resolved ( based on the interval histories of Event Viewer errors and

    BSOD's up to now).

    I will continue to report the developments regarding the resolution of this matter but, unless I get a BSOD or

    Event Viewer error messages in the interim, it will be 5 days till my next post.
    Attached are the complete data shown under Technical info from last night's BSOD---unlike the BSOD I originally

    wrote about, it is just numbers w/o any text.

    Following the BSOD info I have attached the text of both the mini-dump and user.dmp files Windows developed from

    the BSOD. I researched Aumha and the MS Knowledge base, but the only article that seemed to fit the nature of my

    BSOD (i.e. no text, just numbers in the Technical Information area of the BSOD) was KB834450, which is not how

    this BSOD happened --- I was asleep.

    I am not technically sophisticated enough to analyze the .dmp file data and its specific indications.

    Please advise with comments about the file data as well as if it appears I'm right re my statement above about

    what I think was the cause of the BSOD.

    Thank you so much again for your time and help!
     

    Attached Files:

  15. Steve_AMD

    Steve_AMD Techie7 New Member

    Probably irrelevant, but i get a fault "IN A NON PAGED AREA" .

    I have a Creative SoundBlaster Audigy 2 Platinum soundcard with the External box.

    If i turn the volume up on the external box when headphones aren't plugged in, i get the BSOD in a non paged area.

    If the headphones are plugged in, theres no error.

    I dont really care about the error - i just dont turn the volume up without headphones attached.

    But Still,

    Just in case you've got or thinking of getting an Audigy 2 platinum with the ext. box. Theres a phenomenon for you to try.

    Best Regards,

    Steve.
     
  16. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    In general your main error is a graphics issue.

    1000008E, {c0000005

    However your Dr. Watson is concerned with an Internet issue regarding the reading of some memory.

    If you get more dumps please post. These logs are often most informative in their comparison.

    Sorry I cannot be more specific at this point. :eek:
     
  17. barebear

    barebear Established Techie7 Member

    Jephree,

    Thanks so much for getting back to me. I totally understand that you can't be more specific at this point; I do want to know if my analysis makes any sense to you as far as being a logical possibility--please comment?

    I sent my last post at 245 PM PST; it is now 10:30 PM, and the computer has run fine--no Event Viewer messages, BSOD--I've been at work most of that time, but have used it intensely this AM after getting the BSOD till 2:45PM.

    I of course will provide any further dump logs.

    If the rig makes it through all its scheduled maintenance tonight (including the running of the backup program that I think triggered the BSOD because of incorrect settings), that would be an indication that the reconfiguration of the backup program may have resolved the problem. It'll still take 5-7 days of no problems before I'm relatively sure of that though.

    I wonder if your comment " Internet issue regarding the reading of some memory" could have any relation to the fact that the back up was supposed to be to an external drive. What do you think?

    I wonder what sort of graphics issue is possibly present per your analysis?--I went to great lengths doing multiple checks at mutiple sites (starting with the involved manufacturers sites ) to ensure that I was getting the the latest drivers for every component in Device Manger (including enabling the showing and checking of "hidden items". If the card were a problem, wouldn't it show up much more often?

    Any hunches as to the potential source of the video problem--presuming there actually is one?

    Thanks again for getting back to me--look forward to hearing back from you with your thoughts.

    I will advise you Sun. AM when I first get to the computer whether things went ok or not overnight.
     
    Last edited: Jan 7, 2007
  18. barebear

    barebear Established Techie7 Member

    Steve_AMD

    Thanks for contacting me!

    Thats really a unique phenomenom. Those Audigy units are super complex and the fact that a certain component configuration ( headphones plugged in or not ) triggers it is not overly surprising.

    My sound configuration is much less sophisticated per the attached .jpg
     

    Attached Files:

  19. jephree

    jephree ¨*·.¸ «.·°·..·°·.» ¸.·*¨

    Your analysis makes sense.

    I am curious why your dump logs failed but your Dr. Watson points to these issues just prior to crashing:

    If you go to start > Search

    explorer.txt

    Does anything come up?
     
  20. barebear

    barebear Established Techie7 Member

    Jephree,

    No ( and I did a full search of C: including checking the first 3 "search" options ).

    Whats the next move?