Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
[SOLVED] BSOD during boot up - Windows 8.1 x64
- Thread starter xarive
- Start date
Sorry for waiting. This is it. View attachment verifier dump.rar
No worries.
Code:0: kd> !verifier Verify Flags Level 0x00000000 STANDARD FLAGS: [X] (0x00000000) Automatic Checks
This appears to be the only flag.
Can you please re-enable it with the options/flags I specified in my earlier instructions?
I did exactly following to the last instruction. However, I re-enable it again and grab 2 logs again. View attachment verifier dump 2.rar Here. Thanks!
No need, I'm subscribed. Just a little busy.
It's the same driver throwing the bug check again for the same reason as I analyzed above. I am curious now, considering after we renamed this driver you lost connection. Can you do me a quick favor and run Malwarebytes? There's a pretty terrible (terrible as in nothing special) trojan that drops a kernel-mode driver with the same name, and I am curious to see if this is actually it.
https://www.malwarebytes.org/mwb-download/
If nothing turns up, press Win Key + R to open the run box, and then type services.msc. Once you've done that, check for the existence of the 'NDISRD' service. You can sort it alphabetically. If that doesn't turn up either, I can try and check for it in a kernel dump (C:\Windows and named MEMORY.DMP - Too large to natively upload, so you can upload to OneDrive and then paste link in your next post).
If nothing turns up at all, I'll keep digging til this is solved.
It's the same driver throwing the bug check again for the same reason as I analyzed above. I am curious now, considering after we renamed this driver you lost connection. Can you do me a quick favor and run Malwarebytes? There's a pretty terrible (terrible as in nothing special) trojan that drops a kernel-mode driver with the same name, and I am curious to see if this is actually it.
https://www.malwarebytes.org/mwb-download/
If nothing turns up, press Win Key + R to open the run box, and then type services.msc. Once you've done that, check for the existence of the 'NDISRD' service. You can sort it alphabetically. If that doesn't turn up either, I can try and check for it in a kernel dump (C:\Windows and named MEMORY.DMP - Too large to natively upload, so you can upload to OneDrive and then paste link in your next post).
If nothing turns up at all, I'll keep digging til this is solved.
Last edited:
View attachment mwblogs.txt Here's the Malwarebytes log. All detected items had been quarantined. Uploading memory.dump to One Drive. Will update you later.
Just potentially unwanted programs like Baidu, nothing that would probably throw this bug check. I'll wait for kernel-dump.
Here. Kernel dump. http://1drv.ms/1EN4e13
Okay, the good news is you don't have the dropped trojan malware:
As it turns out, it's just this WinpkFilter LightWeight Filter driver I thought it was in the first place in post #4. The problem is renaming/breaking this driver also breaks your internet at the same time. Let's try something different this time. If you get to Network Connections (where you can right click your various network adapters and select properties): Control Panel > Network and Internet > Network and Sharing Center > left-hand side "Change adapter settings" > Right-click your LAN/Wireless and uninstall 'WinpkFilter LightWeight Filter'.
Again before doing so consider making a restore point, just in case.
Code:
4: kd> !reg findkcb \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES
Found KCB = ffffc00129334820 :: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES
Code:
4: kd> !ms_readkcb ffffc00129334820
Key node Services ÿÿÿnk contains 0 key values and 550 subkeys.
[*] Subkeys (550):
...trimmed...
[260] 0xFFFFC0012F6AF08C | ndisrd
Code:
4: kd> !ms_readknode 0xFFFFC00129227000 0xFFFFC0012F6AF08C
Key node ndisrd contains 12 key values and 1 subkeys.
[*] Values (12):
[ 0] 0xFFFFC0012F6AF0E4 | Type | 0x00000001 (REG_DWORD)
[ 1] 0xFFFFC0012F6AF13C | Start | 0x00000001 (REG_DWORD)
[ 2] 0xFFFFC0012F6AF15C | ErrorControl | 0x00000001 (REG_DWORD)
[ 3] 0xFFFFC0012F6AF184 | Tag | 0x0000001E (REG_DWORD)
[ 4] 0xFFFFC0012F6AF1A4 | ImagePath | \SystemRoot\system32\DRIVERS\ndisrd.sys (REG_EXPAND_SZ) \\ Here's our filepath to the driver
[ 5] 0xFFFFC0012F6AF224 | DisplayName | @oem13.inf,%ndisrd_Desc%;WinpkFilter LightWeight Filter (REG_SZ)
[ 6] 0xFFFFC0012F6AF2C4 | Group | NDIS (REG_SZ)
[ 7] 0xFFFFC0012F6AF2F4 | Description | @oem13.inf,%ndisrd_Desc%;WinpkFilter LightWeight Filter (REG_SZ) \\ This is the driver description
[ 8] 0xFFFFC0012F6AF394 | NdisMajorVersion | 0x00000006 (REG_DWORD)
[ 9] 0xFFFFC0012F6AF3BC | NdisMinorVersion | 0x00000001 (REG_DWORD)
[10] 0xFFFFC0012F6AF3E4 | DriverMajorVersion | 0x00000001 (REG_DWORD)
[11] 0xFFFFC0012F6AF414 | DriverMinorVersion | 0x00000000 (REG_DWORD)As it turns out, it's just this WinpkFilter LightWeight Filter driver I thought it was in the first place in post #4. The problem is renaming/breaking this driver also breaks your internet at the same time. Let's try something different this time. If you get to Network Connections (where you can right click your various network adapters and select properties): Control Panel > Network and Internet > Network and Sharing Center > left-hand side "Change adapter settings" > Right-click your LAN/Wireless and uninstall 'WinpkFilter LightWeight Filter'.
Again before doing so consider making a restore point, just in case.
Last edited:
Okay, the good news is you don't have the dropped trojan malware:
Code:4: kd> !reg findkcb \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES Found KCB = ffffc00129334820 :: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES
Code:4: kd> !ms_readkcb ffffc00129334820 Key node Services ÿÿÿnk contains 0 key values and 550 subkeys. [*] Subkeys (550): ...trimmed... [260] 0xFFFFC0012F6AF08C | ndisrd
Code:4: kd> !ms_readknode 0xFFFFC00129227000 0xFFFFC0012F6AF08C Key node ndisrd contains 12 key values and 1 subkeys. [*] Values (12): [ 0] 0xFFFFC0012F6AF0E4 | Type | 0x00000001 (REG_DWORD) [ 1] 0xFFFFC0012F6AF13C | Start | 0x00000001 (REG_DWORD) [ 2] 0xFFFFC0012F6AF15C | ErrorControl | 0x00000001 (REG_DWORD) [ 3] 0xFFFFC0012F6AF184 | Tag | 0x0000001E (REG_DWORD) [ 4] 0xFFFFC0012F6AF1A4 | ImagePath | \SystemRoot\system32\DRIVERS\ndisrd.sys (REG_EXPAND_SZ) \\ Here's our filepath to the driver [ 5] 0xFFFFC0012F6AF224 | DisplayName | @oem13.inf,%ndisrd_Desc%;WinpkFilter LightWeight Filter (REG_SZ) [ 6] 0xFFFFC0012F6AF2C4 | Group | NDIS (REG_SZ) [ 7] 0xFFFFC0012F6AF2F4 | Description | @oem13.inf,%ndisrd_Desc%;WinpkFilter LightWeight Filter (REG_SZ) \\ This is the driver description [ 8] 0xFFFFC0012F6AF394 | NdisMajorVersion | 0x00000006 (REG_DWORD) [ 9] 0xFFFFC0012F6AF3BC | NdisMinorVersion | 0x00000001 (REG_DWORD) [10] 0xFFFFC0012F6AF3E4 | DriverMajorVersion | 0x00000001 (REG_DWORD) [11] 0xFFFFC0012F6AF414 | DriverMinorVersion | 0x00000000 (REG_DWORD)
As it turns out, it's just this WinpkFilter LightWeight Filter driver I thought it was in the first place in post #4. The problem is renaming/breaking this driver also breaks your internet at the same time. Let's try something different this time. If you get to Network Connections (where you can right click your various network adapters and select properties): Control Panel > Network and Internet > Network and Sharing Center > left-hand side "Change adapter settings" > Right-click your LAN/Wireless and uninstall 'WinpkFilter LightWeight Filter'.
Again before doing so consider making a restore point, just in case.
Okay. I've do exactly what you told me. Except for getting an error message saying that 'WinpkFilter not installed or failed to load' , my internet access is not lost or whatsoever.
With that said, rename the driver as I noted above:
Navigate to C:\Windows\System32\Drivers and find and rename ndisrd.sys to ndisrd.old, and then restart the computer.
Consider creating a restore point however before doing so, just in case - Create a Restore Point in Windows 8 - Windows 8 - Windows 8
ndisrd.sys (Mionet driver or WinpkFilter high performance packet filtering framework) called KeAcquireSpinLockAtDpcLevel at the improper IRQL. It's only supposed to be called at DISPATCH_LEVEL (2), but was instead called by ndistd.sys at PASSIVE_LEVEL (0):
Code:5: kd> !irql Debugger saved IRQL for processor 0x5 -- 0 (LOW_LEVEL)
KeAcquireSpinLockAtDpcLevel is bad practice, it assumes the IRQL is at dispatch IRQL. The proper function should be KeAcquireSpinLockForDpc which performs the appropriate checks on the IRQL before trying to acquire the lock, preventing such problems.
Just my little addition.
OK. Will keep you updated
Hi Patrick, I've not encounter any BSOD so far. I just found out that the root of the BSOD was an application called as RealSpeed.exe from Realtek which is said to boost up the internet speed. For now I've uninstalled the application. What I've want to ask you is any other internet speed booster application other than RealSpeed Realtek?
Sorry, my mistake. I just found out that recently I hit up with BSOD again. View attachment 10803
P/S: Will upload the verifier report soon.
P/S: Will upload the verifier report soon.
Sorry, my mistake. I just found out that recently I hit up with BSOD again. View attachment 10803
P/S: Will upload the verifier report soon.
I've enabled the verifier but no crash report so far. Will keep you updated, Patrick.
Has Sysnative Forums helped you? Please consider donating to help us support the site!