# BSOD (nwifi.sys)



## lukini (Apr 27, 2007)

I read the post about not supporting Windows 7. This is happening on Windows 7, but PLEASE just try to help me as if I was using Vista. If anything you suggest is irreversible or could harm my system being that it isn't Vista, just say so beforehand. Now with that said, here is everything I know:

I have recently started getting these BSODs (DRIVER_IRQL_NOT_LESS_OR_EQUAL). I know that nwifi.sys is Microsoft's native wifi driver. That fits perfectly with the 3 times this has happened as they were all while I was on wireless and Firefox was open.
Also, each time this happened, I noticed another thing in common.

The first time it happened, I clicked the scrollbar within the flash player on Aplia.com which I use for one of my classes. This scrollbar is part of the flash object. the moment I clicked it, my sound skipped and I got the BSOD about 1 sec later.

The second and third times this happened, I was on Youtube and I just finished watching a video. I left that page to go back to the main Youtube page. When it was about to navigate away from the page, I got the same BSOD.

So I have a really good feeling that this is related to the wifi driver (obviously) combined with Adobe Flash Player. Before you ask, I don't have any .dmp files to check and this is random, but reproducible.


----------



## lukini (Apr 27, 2007)

bump...I'd like this to be solved, even though it isn't of great importance...I just want to use flash player while on wireless.

however, if I do receive help, be warned that I REALLY can't go through with any advice as my OS just decided to stop loading at the desktop...my life is just going great right now


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

Vista & Windows 7 very similar. I run both here and the transition was seamless. So, any instructions given here for BSODs will work on Windows 7 x86 or x64.

Can you boot into SAFEMODE? If not, use Win 7 DVD. 

If you can get into system, then follow THESE instructions to gather system info & dump files. Attach the resulting zips to your next post.

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

I can get to safe mode fine. I will get back to you tomorrow...like I stated, I'm a student.


----------



## lukini (Apr 27, 2007)

ok...a class and assignment were canceled for this week, so I have enough time to do this today. I attached the zip from the .bat/autoruns. It doesn't have any dxdiag info on my GPU or soundcard because I am in safe mode, but I highly doubt they are the problems as their drivers are the most up-to-date.

Now for the bad news...perfmon /report says:



> Error:
> 
> An error occured while attempting to generate the report.
> 
> ...


So I just manually went into perfmon but found no reports.

EDIT: I just remembered...how do I get to the Windows 7 safe mode boot menu? I have a Vista/Win7 dual boot configuration.


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

There were no dump files countained in the zip attachment. Check c:\windows\minidump and see if there are any files. Also check and see if a full kernel dump file is there - c:\windows\memory.dmp If c: is not the Windows 7 OS drive - substitute the correct drive letter.

Your outdated Kaspersky installtion could very likely be the source of the problem. Internet Security Suites cause problems in Vista and Windows 7. 
Remove it using the Kaspersky Removal Tool - http://support.kaspersky.com/faq/?qid=208279463

Download it and SAVE it to your desktop. Close all Windows, then RIGHT-click on the KRT icon and run as administrator. When complete - re-boot.

Reset the Windows Firewall to its default settings - 
START | type FirewallSettings.exe into the start search box | click on FirewallSettings.exe above | select the Advanced Tab | click on "Restore Defaults" | Click Apply, OK

Please let me know how you make out.

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

> There were no dump files countained in the zip attachment. Check c:\windows\minidump and see if there are any files. Also check and see if a full kernel dump file is there - c:\windows\memory.dmp If c: is not the Windows 7 OS drive - substitute the correct drive letter.


That is actually what I meant when I said I had no .dmp files in my first post...Don't know why either.

Now before I do this, I have 2 questions:

1. How do I get to the safe mode boot menu for Windows 7? I am dual booting and it is not the primary OS. I would like to not have to improperly shut down the OS to get to it each time...

2. What should I get to replace Kaspersky that is free and is tested with Windows 7?


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

Apologies - I missed or forgot your "no dumps" statement.

Safemode for Windows 7 - select Win 7 OS then tap F8 key. That should bring up safemode menu.

For anti-virus, use AVG 8 - I have it on Windows 7 systems here - http://free.avg.com/download-avg-anti-virus-free-edition

I haven't found any reason yet for the inability to produce mini kernel dump files.

Was there a full kenel dump -- \windows\memory.dmp ? Size would be ~ 300-500+ MB. Not something you can zip & attach here.

No problems on Vista side?

Run the driver verifier - maybe it will isolate something. You may want to run on Vista side 1st b/c no dumps in Windows 7. Although if you can se BSOD, it should name the driver -

START | type *cmd.exe* | right-click on cmd.exe uptop under programs | Run as Administrator | type *verifier* & hit enter - the Verifier screen will appear | do the following:

```
[font=lucida console]
1. Select 2nd option - Create custom settings (for code developers)
2. Select 2nd option - Select individual settings from a full list.
3. Check the boxes
[indent]• Special Pool 
• Pool Tracking 
• Force IRQL checking
• Deadlock Detection[/indent]
4. Select last option - Select driver names from a list 
5. Click on the Provider heading - sorts list by Provider
6. Check ALL boxes where Microsoft is not the Provider
7. Click on Finish 
8. Re-boot
[/font]
```
If the Driver Verifier (DV) finds a violation, it will result in a BSOD. You may have to boot into SAFEMODE (select Last Known Good Configuration) or perform a system recovery (try Vista system restore 1st) to log back on. To see the status of Verifier - type *verifier* - select the last option on the first screen - "Display information about the currently verified drivers..". To turn Driver Verifier off - *verifier /reset* then re-boot.

If you get a BSOD, see if dump file created - mini kernel \windows\minidump or full kernel \windows\memory.dmp

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

I don't have any dmp files whatsoever. There is no minidump folder and no memory.dmp file...there wasn't even a result when I did a search in C:\windows for ".dmp"

As for Vista, it is working fine. No problems and I never really had any (I just picked up Win7 to try because of the performance and the superbar). I have a minidump folder on Vista, but it is empty...and it should be as I have never gotten a BSOD on it.

I tried F8 before I posted that, but I must not have been quick enough. Anyway, I changed the boot options in Vista and set Win7 to safe mode with networking.

I will get to removing Kaspersky today along with the verifier. Do you still want me to do it on Vista first?


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

Go into Win 7 and see if you can create a user dump in Task Manager. The dump itself is useless to us, but I want to see if the dump producing capability is there at all.

Task Manager - click on Processes tab; show processes from all users; select a low-memory file above, RIGHT-click on it, select "Create a Dump File".

Please let me know results.

jcgriff2

.


----------



## lukini (Apr 27, 2007)

ok, removed Kaspersky and Win7 isn't freezing anymore. It successfully created a dmp file, however I needed to use the task manager with more access (I don't know if it is admin, it just has the shield like UAC).

I am downloading AVG now.


----------



## jcgriff2 (Sep 30, 2007)

Yes, the UAC would have kicked in when you clicked on 'show processes...'

What was the size of dump file?

Didn't see your prior post. Good call on change in Vista boot options.

You can go ahead and run verifier on Windows 7. If it BSODs, check for dump - but please write down bugcheck and 1st parm of BSOD hex code -

STOP 0x0000008e (0x00000002 <--- these 1st 2 definitely
probably caused by abc123.sys <--- and this driver name if shown

.


----------



## lukini (Apr 27, 2007)

the size of the dump file is 13.5 MB

As for the verifier, no BSOD.


----------



## jcgriff2 (Sep 30, 2007)

That's actually disappointing news!

Yet you're still having Win 7 BSODs - and assumption is nwifi.sys?

And no BSODs in Vista..?


----------



## lukini (Apr 27, 2007)

vista is fine. I should know if I am getting BSODs this weekend, as I am on wireless.

Also, it is not an assumption....the nwifi.sys is from the BSOD I got like 2 days before the freezing started. It specifically stated it in the BSOD.

And as I said in the first post, it only happens when I am on wireless and using a flash player. Any ideas on what to do? I can always try uninstalling and reinstalling Flash.


----------



## jcgriff2 (Sep 30, 2007)

Understand Vista is fine, but these Windows 7 drivers are >> Vista SP2 even what SP3 may be.

The driver named on a BSOD screen is nothing more than a *probable* cause. Most times it IS NOT the cause - and 99.99999% NOT when a Microsoft driver is named. The verifier should have flushed something out. Well, more to go through...

The files say you're using Ethernet - not wifi ? Or do you use wifi at times? Any BSODs while on Ethernet?


```
[font=lucida console]
Network Card(s):           2 NIC(s) Installed.
                           [01]: Broadcom 440x 10/100 Integrated Controller
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    Yes
                                 DHCP Server:     12x.xxxxxxxxx
                                 IP address(es)
                                
                           [02]: Broadcom 802.11n Network Adapter
                                 Connection Name: Wireless Network Connection
                                 Status:          Media disconnected

[/font]
```
Your Broadcom Ethernet -

```
[font=lucida console]

BCM43XX      Broadcom 802.11 Networ Broadcom 802.11 Networ Kernel   
        10/23/2008 11:24:18 PM 
  C:\Windows\system32\DRIVERS\bcmwl6.sys               

bcm4sbxp     Broadcom 440x 10/100 I Broadcom 440x 10/100 I Kernel        
    [COLOR=Red] 11/21/2006[/COLOR] 6:25:43 AM
  C:\Windows\system32\DRIVERS\bcm4sbxp.sys             

[/font]
```
.

There may be an update for the wifi NIC as well. 

.


----------



## lukini (Apr 27, 2007)

I only use wifi when I am in the library or at home really. And right now I am in a hotel in Missouri, so I am on wifi. I am connected through ethernet all of the rest of the time.

I have never gotten a BSOD while on ethernet, just the 3 times on wireless. And I have avoided using any flash players while on wireless since I posted this thread.

It says ethernet because I was in my dorm room when I ran all of that, so I was using ethernet. We have T1 on campus, so I have no reason to ever use wifi while in my room.


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

That's fine - just wanted to inquire about wifi. I would update the Ethernet 
driver, otherwise you'll be looking at more BSODs ion near future.

Whether using Flash or not it always runs in the background by default.
Look for app w/ name like FlashUtil10b.exe in Task Manager or MS SysInternals Process Explorer - http://live.sysinternals.com/procexp.exe

How do you avoid using Flash? Avoiding certain web sites or do you kill the app? The latter is what I do when I need add'l resources.

You can un-install Flashplayer, then go to http://www.adobe.com/go/EN_US-H-GET-FLASH & install latest.

If that fails, you can d/l stand-alone version - http://www.adobe.com/support/flashplayer/downloads.html

I am unaware of any widespread problems with Windows 7 x86 & Flashplayer. I have Windows 7 x86 and also x64 here and have never had an issue with Flashplayer. 

I think Kaspersky could be good for this. Your install appears to me that it may be outdated, not sure. Regardless, these Internet Security suites are #1 collective BSOD software cause. McAfee, NIS, KIS - the culprits in the 1st 3 Windows 7 BSOD cases I handled months ago. Always #1 suspect in Vista. KIS shouldn't be used in Vista let alone Windows 7. Too many BSODs and appcrashes. 

```
[font=lucida console]
Module Name:       KLIF
Display Name:      Kaspersky Lab Driver
Driver Type:       File System 
Link Date:         11/21/2008 5:00:41 AM

Module Name:       KLIM6
Display Name:      Kaspersky Anti-Virus NDIS 6 Filter
Driver Type:       Kernel 
Link Date:         7/9/2008 9:28:09 AM
[/font]
```
.



I suggest that you remove KIS from the system. Use the removal tool -
http://support.kaspersky.com/faq/?qid=208279463

Re-boot upon completion; Reset Windows Firewall to default settings.

Is KIS required by your school?

Glad to hear you are in college - stay with it... you'll never regret your education.

Regards. . .

jcgriff2


*EDIT:* Driver Verifier was running while wifi on, right? You should let verifier continue to run. That stress-test is ongoing. Conditions change.

.
.


----------



## lukini (Apr 27, 2007)

I don't see a flash .exe in task manager.

When I said "avoiding" I mean that I do not go to any usual sites that use flash objects. NoScript takes care of any other site I might come across.

I already removed Kaspersky in an earlier post and I am running AVG now. My college doesn't require it...I just picked it from the suggested list when I got Win7 because I used them in the past and I knew they were good.

Yes, the verifier was turned on while on wifi and it is still on while I type. I assume it is why everything is slightly slower when I open it the first time or maybe that is just AVG getting used to the system.

I will remove flash and reinstall it later. If needed, I can just start using flash players and see if I get BSODs. I'll also update the ethernet driver. bcm4sbxp.sys was the one right?

EDIT: I went into the device manager to find the driver for later and I noticed that it now says 


> Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged


Should I be worried, or is it from the verifier? They are all USB, DVD drive, and modem (aka not microsoft).


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

I saw the "NoScript" in WERCON error reporting - did you write/ install it to stop Flash?

I found this in the Event Viewer - it has to do w/ BIOS -

```
Event[60]:
  Log Name: System
  Source: Microsoft-Windows-Kernel-Power
  Date: 2009-04-07T13:38:15.435
  Event ID: 89
   Description: 
ACPI thermal zone ACPI\ThermalZone\THM_ has been enumerated.             
_PSV = 0K             
_TC1 = 0             
_TC2 = 0             
_TSP = 0ms             
_AC0 = 0K             
_AC1 = 0K             
_AC2 = 0K             
_AC3 = 0K             
_AC4 = 0K             
_AC5 = 0K             
_AC6 = 0K             
_AC7 = 0K             
_AC8 = 0K             
_AC9 = 0K             
_CRT = 377K             
_HOT = 0K             
_PSL - see event data.
```

And this -

```
Event[61]:
  Log Name: System
  Source: Microsoft-Windows-Kernel-Power
  Date: 2009-04-07T13:38:14.016
  Event ID: 41
  Level: Critical
   Description: 
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
```

I also found references to the driver *cmbatt.sys* - your battery? Is it always in - wifi or etherent? Is AC line always plugged in?


```
Event[10466]:
  Log Name: Application
  Source: Windows Error Reporting
  Date: 2009-01-23T21:41:01.000
  Event ID: 1001
  Description: 
Fault bucket , type 0
Event Name: PnPDeviceProblemCode

Problem signature:
P1: x86
P2: ACPI\ACPI0003
P3: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
P4: 0000001F
P5: [COLOR=Red]CmBatt.sys[/COLOR]
P6: 6.1.7000.0
P7: 12-13-2008
P8: 
P9: 
P10:
```


```
System Locale:             ja;Japanese
Input Locale:              en-us;English (United States)
```
System Locale = Japanese? 

Where did you download your copy of Windows 7 from?

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

I have had NoScript for a long time and didn't change it when this happened. I just stated that I don't have to worry about coming across flash players on random sites.

I'm on vista right now. It is CmBatt on vista, so I assume it is the same.

The battery is always in and I always have the AC line in when when I'm using ethernet. It isn't always in when I'm on wifi, but all 3 BSODs happened while I was using the cord.

It is the English Windows 7 straight from the Microsoft site. I just have the locale set to Japanese for some Japanese encoded .exe files.

What does the first event mean?

Also, can I get some feedback on why those drivers appear incomplete or damaged now. That is why I am using Vista. I couldn't use my mouse and I didn't want to interfere with them because I didn't know if it had to do with the verifier.


----------



## usasma (Apr 11, 2009)

I may be a bit late, but there are issues (that I'd previously dismissed) with Vista SP1 and memory dump files.

This article should point the way to making the system able to generate memory dump files automatically. http://support.microsoft.com/kb/949052


----------



## lukini (Apr 27, 2007)

Windows 7 isn't listed in the "applies to" section though.


----------



## jcgriff2 (Sep 30, 2007)

The batch script you ran includes WMI recoveros/ pagefile info showing page file allocation (base size) as 3369 MB; installed RAM = 3 GB. This is fine, but let's check again - 

Download zip; extract batch file, right-click on batch icon, Run as Administrator. Notepad will open; paste output into next post.

http://www.techsupportforum.com/att...mic_recoveros_pagefile_02-04-09_jcgriff2_.zip

Regards. . .

jcgriff2

.


----------



## usasma (Apr 11, 2009)

Windows 7 functions very similarly to Windows Vista. As with most beta software, you've gotta work with what you've got 

I haven't heard of missing memory dump files in Win7 - but with the similarity to Vista it's possible. It also depends upon the build that you may be using. 7000 is the stablest beta build out. The leaked builds after that may/may not be stable. It depends on what was done to them.


----------



## jcgriff2 (Sep 30, 2007)

I don't quite understand the locale change to Japanese and what effect, if any it has here. 

If after all we've been thru here, it may be time to re-install Windows 7.

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

@usasma: It is a legal copy of Win7, so it is build 7000.

@jcgriff2: Don't worry about the locale thing really. It is a minor change to the operating system. Just basically makes non-unicode programs to use Japanese encoding.

I am going to run the batch file you posted sometime today. Also, don't think I am in bad shape at all. I just haven't been using win7 because it says I am missing the drivers. So can you please tell me if it is safe to install them or if it is an effect of the driver verifier?

Win7 is running fine now. I just haven't had the chance to see if it will BSOD while using flash on wifi.


----------



## lukini (Apr 27, 2007)

why did you make it an archived hidden system file...took a while to run it because of that:



> AutoReboot=TRUE
> Caption=
> DebugFilePath=%SystemRoot%\MEMORY.DMP
> DebugInfoType=3
> ...


----------



## jcgriff2 (Sep 30, 2007)

lukini said:


> why did you make it an archived hidden system file...took a while to run it because of that:


Hi - 

That was a mistake on my part - my apologies to you. I usually don't have directories or files w/ R-H-S-A attributes; usually R-H-C to keep the kiddies here away from playing with them. I then change them b4 upload. This time I obviously did not change the attributes, except for "C" and somehow changed it or copied to a directory w/ system attributes.

The output looks fine. Virtual is a little high, I think @ 199MB current usage considering you have 3GB RAM. But you may have had an app running that writes to the page file.

The driver verifier does not alter the system. It runs a stress-test on drivers and does not let up until you use the command mentioned in prev post - *verifier /reset*; re-boot.

I do hope the BSODs have quieted for you. 

Regards. . .

jcgriff2

.


----------



## lukini (Apr 27, 2007)

ok then. That explains why programs open a little slower though. Not very noticeably, but that is probably why.

And now that I think about it, I think the drivers were like that right after I uninstalled Kaspersky. Could that cause several drivers to be "damaged or incomplete" in the registry?

Anyway, I'll start using Windows 7 again soon and come back if I still get BSODs while on wireless.

Oh yeah, one question...how good is the firewall built into Win7? Good enough to warrant not getting a respected firewall online to use instead?


----------



## usasma (Apr 11, 2009)

Rumor has it that the Win7 RC will be released in early May.

As for the firewall, I started using the Windows firewall when I gave up using XP (I used the Sygate Personal Firewall - last freeware version for XP).

I tried this program to help manage the Windows Firewall in Vista and it worked well for me: http://www.sphinx-soft.com/Vista/order.html

But after a while I just gave up on managing the firewall and let it do it's own thing. I must state that I monitor my connections frequently using the log function of my router. If I find anything offensive there, I block it at the router - so the firewall isn't as important to me as it may be to others.


----------

