BSOD Ndis.sys - Triggers when computer is idle.

Hells · Aug 5, 2013

BSOD occuring when windows defender quick scan is running and when computer is left idle for a couple of minutes. Gives a "Attempted execute of no execute memory (ndis.sys)" Bluescreen.

I tried using the SF Diagnostic tool but it gives me the error where it cant find the path. I have tried opening permissions and running it in UAC but still no luck (as adviced in the tutorial). The computer I am sitting at has quite restrictive company policies running so that might be why. I must admitt I am in the dark and at a loss when it comes to fixing it.

Best I could do is pull the mindump file from last crash (there are tons more, but im guessing they contain somewhat the same error and information). I have had verifier.exe running for about 48 hours now, but I am not sure what it does exactly, im guessing it has something to do with the dumps or am I wrong?

Hoping for any help or guidance for what to do next.

Thank you.

usasma · Aug 6, 2013

Please provide at least the last 10 memory dumps (the last 25 or more would be better). Often the problem driver will only give peeks at it's existence in some (but not all) of the memory dumps.

Please also provide the following:

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it). Please don't rename the memory dumps as it makes it more difficult to identify which dump is from which date/time period.

If you're having difficulties with the format, please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "msinfo32 /nfo %USERPROFILE%\Desktop\TEST.NFO" (without the quotes) and press Enter. Then navigate to Desktop to retrieve the TEST.NFO file. If you have difficulties with making this work, please post back. Then zip up the .nfo file and upload/attach the .zip file with your next post.

systeminfo:
Please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "systeminfo.exe >%USERPROFILE%\Desktop\systeminfo.txt" (without the quotes) and press Enter. Then navigate to Desktop to retrieve the syteminfo.txt file. If you have difficulties with making this work, please post back. Then zip up the .txt file and upload/attach the .zip file with your next post.

This appears to be a networking related error.
From your description I'd suspect malware (free scans here: Free Online AntiMalware Resources)
From the memory dumps I'd first suspect your ZoneAlarm (please uninstall it to test) - as it has a history of problems, and your version's drivers date from 2008 (so they're probably not compatible with Win8).

I don't see any antivirus program in the dumps, so it may be that it's not involved. But, when removing the ZoneAlarm firewall, make sure that you check in the Action Center to ensure that the Windows Firewall is turned on. If you don't have antivirus, then make sure that Windows Defender is also turned on (in the Action Center also).

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

HECIx64.sys Tue Oct 19 19:33:43 2010 (4CBE2AD7)
Intel Management Engine Interface
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys

Analysis:
The following is for informational purposes only.

Code:

[font=lucida console]**************************Mon Aug  5 07:45:31.212 2013 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\SF_05_08_2013.dmp]
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Built by: [B]9200[/B].16628.amd64fre.win8_gdr.130531-1504
System Uptime:[B]0 days 1:59:03.907[/B]
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
Probably caused by :[B]ndis.sys ( ndis!ndisDummyIrpHandler+50 )[/B]
BugCheck [B]FC, {fffff88001957db0, 80000004214bd963, fffff8800ed961b0, 2}[/B]
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x000000FC]ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)[/url]
Arguments: 
Arg1: fffff88001957db0, Virtual address for the attempted execute.
Arg2: 80000004214bd963, PTE contents.
Arg3: fffff8800ed961b0, (reserved)
Arg4: 0000000000000002, (reserved)
BUGCHECK_STR:  0xFC
DEFAULT_BUCKET_ID: [B][COLOR=RED]VERIFIER_ENABLED_VISTA_MINIDUMP[/COLOR][/B]
PROCESS_NAME:  MsMpEng.exe
FAILURE_BUCKET_ID: [B]0xFC_VRFK_ndis!ndisDummyIrpHandler[/B]
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
[/font]

3rd Party Drivers:
The following is for information purposes only.
Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.

Code:

[font=lucida console]**************************Mon Aug  5 07:45:31.212 2013 (UTC - 4:00)**************************
[COLOR=RED][B]vna.sys                Mon Dec 29 07:10:44 2008 (4958BE44)[/B][/COLOR]
[COLOR=RED][B]vnaap.sys              Mon Dec 29 07:10:44 2008 (4958BE44)[/B][/COLOR]
[COLOR=RED][B]HECIx64.sys            Tue Oct 19 19:33:43 2010 (4CBE2AD7)[/B][/COLOR]
ctxusbm.sys            Fri Feb  3 09:36:13 2012 (4F2BF0DD)
vsdatant.sys           Mon Aug 13 09:50:44 2012 (50290634)
intelppm.sys           Mon Nov  5 22:55:02 2012 (50988A16)
nvlddmkm.sys           Thu Jan 24 16:14:57 2013 (5101A451)
AMPPAL.sys             Wed Feb 13 06:49:57 2013 (511B7DE5)
e1c63x64.sys           Thu Feb 21 00:31:49 2013 (5125B145)
NETwew00.sys           Thu Feb 21 17:58:25 2013 (5126A691)
dump_storahci.sys      Fri Mar  1 21:15:44 2013 (513160D0)
[/font]

BSOD Ndis.sys - Triggers when computer is idle.

Hells

New Member

My Computer

System One

usasma

Mr. Cranky Pants

My Computer

System One