# BSOD - athwnx.sys DRIVER_IRQL_NOT_LESS...



## CiaranDC (Jan 4, 2008)

Hey guys, I'm really stuck with this one. I keep on getting BSODs and they appear to mostly be linked with the driver athwnx.sys, a wireless card driver. I've tried updating it, but the updater keeps on saying its the latest version. 

Here are my details:

· OS - Windows 8.1 64
· OEM version originally installed on computer
· Hardware approx 5 months old
· Have never reinstalled the OS

· CPU - intel i5-4570 (3.2GHz)
· Video Card - GEForce GTX 760
· MotherBoard - ASUS Z87-A
· Power Supply - Corsair 550W
Wireless card - Qualcomm Atheros AR9287 

· System Manufacturer - PCSpecialist.co.uk
· Custom model desktop


One last thing, when I try to run perfmon from CMD (as admin), it comes up with an error exactly the same as this one: Gyazo - 29c1116ff544beb5893ad273c632341b.png

So the zip is the files without that. If there's a way I could run perfmon I can do that immediately.
Thanks so much, I really appreciate this.

CiaranDC


----------



## Patrick (Apr 15, 2012)

Hi,

We have various bug checks:

*DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)*

_This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high._

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses. 


```
0: kd> k
Child-SP          RetAddr           Call Site
fffff802`6f9f0a88 fffff802`6d9e7ae9 nt!KeBugCheckEx
fffff802`6f9f0a90 fffff802`6d9e633a nt!KiBugCheckDispatch+0x69
fffff802`6f9f0bd0 fffff801`250fa0b7 nt!KiPageFault+0x23a
fffff802`6f9f0d60 ffffe001`1df84678 [COLOR=Red]athwnx+0x2290b7[/COLOR]
fffff802`6f9f0d68 ffffd000`00000003 0xffffe001`1df84678
fffff802`6f9f0d70 ffffe001`00008bae 0xffffd000`00000003
fffff802`6f9f0d78 00000000`00000000 0xffffe001`00008bae
```
*athwnx.sys *is the Qualcomm Atheros Extensible Wireless LAN device driver.

 *KERNEL_SECURITY_CHECK_FAILURE (139)* bug check.

_This bug check indicates that the kernel has detected the corruption of a critical data structure._


```
BugCheck 139, {[COLOR=Red]3[/COLOR], fffff800129ef040, fffff800129eef98, 0}
```
The 1st parameter of the bugcheck is 3 which indicates that a LIST_ENTRY was corrupted. Code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down and indicates that an inconsistency has been introduced into a doubly-linked list (detected when an individual list entry element is added to or removed from the list).


```
0: kd> k
Child-SP          RetAddr           Call Site
fffff800`129eed18 fffff800`10966ae9 nt!KeBugCheckEx
fffff800`129eed20 fffff800`10966e10 nt!KiBugCheckDispatch+0x69
fffff800`129eee60 fffff800`10966034 nt!KiFastFailDispatch+0xd0
fffff800`129ef040 fffff800`108e6497 nt!KiRaiseSecurityCheckFailure+0xf4
fffff800`129ef1d0 fffff800`87802efb nt!RtlInsertEntryHashTable+0x127
fffff800`129ef220 fffff800`87bbc6f1 NETIO!KfdClassify+0x1424
fffff800`129ef6a0 fffff800`87b5845d tcpip!WFPDatagramDataShimV4+0x44d
fffff800`129efaa0 fffff800`87b421bb tcpip!ProcessALEForTransportPacket+0x9c88d
fffff800`129efd80 fffff800`87ac2856 tcpip!ProcessAleForNonTcpIn+0x18b
fffff800`129efeb0 fffff800`87ac5824 tcpip!WfpProcessInTransportStackIndication+0xcc6
fffff800`129f0060 fffff800`87ac4f71 tcpip!InetInspectReceiveDatagram+0x264
fffff800`129f0190 fffff800`87ac5a4b tcpip!UdpBeginMessageIndication+0x81
fffff800`129f0350 fffff800`87ac3740 tcpip!UdpDeliverDatagrams+0x19b
fffff800`129f0500 fffff800`87ac19e1 tcpip!UdpReceiveDatagrams+0x290
fffff800`129f08d0 fffff800`87ac0212 tcpip!IppDeliverListToProtocol+0xe1
fffff800`129f0990 fffff800`87ac18a4 tcpip!IppProcessDeliverList+0x62
fffff800`129f0a30 fffff800`87abe434 tcpip!IppReceiveHeaderBatch+0x894
fffff800`129f0b60 fffff800`87ab4bcc tcpip!IppFlcReceivePacketsCore+0x6a9
fffff800`129f0ee0 fffff800`87ab4765 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x31c
fffff800`129f0fc0 fffff800`108e1256 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x155
fffff800`129f10f0 fffff800`87ab4866 nt!KeExpandKernelStackAndCalloutInternal+0xe6
fffff800`129f11e0 fffff800`8789f903 tcpip!FlReceiveNetBufferListChain+0xb6
fffff800`129f1260 fffff800`878af1fd ndis!ndisMIndicateNetBufferListsToOpen+0x123
fffff800`129f1320 fffff800`878a08f6 ndis!ndisMTopReceiveNetBufferLists+0x23d
fffff800`129f13b0 fffff800`89abb13a ndis!NdisMIndicateReceiveNetBufferLists+0xb96
fffff800`129f1590 ffffe000`70515eb0 [COLOR=Red]athwnx+0x25613a[/COLOR]
fffff800`129f1598 00019640`00008d0d 0xffffe000`70515eb0
fffff800`129f15a0 00000000`00000080 0x00019640`00008d0d
fffff800`129f15a8 fffff0df`b721f372 0x80
fffff800`129f15b0 00000000`00000001 0xfffff0df`b721f372
fffff800`129f15b8 ffffe000`6fe0e1a0 0x1
fffff800`129f15c0 00000000`00000000 0xffffe000`6fe0e1a0
```
*athwnx.sys *appears to be caught up in NETBIOS conflicts, however it's not the true cause.

 *BAD_POOL_CALLER (c2)*

_This indicates that the current thread is making a bad pool request._


```
BugCheck C2, {7, 1200, 0, [COLOR=Red]ffffe0016ec8f060[/COLOR]}
```


```
0: kd> !poolval ffffe0016ec8f060
Pool page ffffe0016ec8f060 region is Unknown

Validating Pool headers for pool page: ffffe0016ec8f060

Pool page [ ffffe0016ec8f000 ] is __[COLOR=Red]inVALID[/COLOR].
```
*KMODE_EXCEPTION_NOT_HANDLED (1e)*

_This indicates that a kernel-mode program generated an exception which the error handler did not catch._


```
BugCheck 1E, {ffffffffc0000005, [COLOR=Red]fffff80000d4920d[/COLOR], 0, ffffffffffffffff}
```


```
2: kd> ln fffff80000d4920d
(fffff800`00d50894)   [COLOR=Red]tcpip!TcpLocateTcbSend+0xffffffff`ffff8979[/COLOR]   |  (fffff800`00d509e0)   tcpip!TcpContinueSpuriousRtoDetection
```
The exception occurred in *tcpip!TcpLocateTcbSend*.

*---------------*

Remove and replace avast! with Windows 8's built-in Windows Defender for temporary troubleshooting purposes as it's *very likely *causing NETBIOS conflicts:

*avast! removal -* avast! Uninstall Utility | Download aswClear for avast! Removal

*Windows Defender (how to turn on after removal) - *Windows Defender - Turn On or Off in Windows 8 

Regards,

Patrick


----------



## CiaranDC (Jan 4, 2008)

Thanks patrick, I've uninstalled Avast. I tried to run perfmon /report again but same deal unfortunately. Is there anything else I can do to help illuminate this?

cheers


----------



## Patrick (Apr 15, 2012)

The perfmon really isn't important/anything to create headaches for yourself over, don't worry about it.

Keep me updated on the crashes.

Regards,

Patrick


----------



## CiaranDC (Jan 4, 2008)

Hey, got another BSOD again. Appears to be exactly the same as the last one. I have already removed Avast and redone the jcgriff scan. I attach it below if it can be of any help. Thanks 


CiaranDC


----------



## jcgriff2 (Sep 30, 2007)

See if updating your Qualcomm Atheros AR9287 Wireless Network Adapter driver helps -

```
[FONT=Lucida Console]1: kd>[B] lmvm athwnx[/B]
start             end                 module name
fffff801`84e3a000 fffff801`851c3000   athwnx   T (no symbols)           
    Loaded symbol image file: athwnx.sys
    Image path: athwnx.sys
    Image name: athwnx.sys
    Timestamp:        Mon Apr 01 01:32:05 2013 (51591BD5)[/FONT]
```
Try system manufacturer's support site &/or Atheros -

http://www.atheros.cz/

Regards. . .

jcgriff2

`


----------



## Patrick (Apr 15, 2012)

The Qualcomm Atheros Extensible Wireless LAN device driver is still being blamed.

Check for an update - https://www.asus.com/Motherboards/Z87A/HelpDesk_Download/

Regards,

Patrick


----------



## CiaranDC (Jan 4, 2008)

So I updated the driver from Drivers for Atheros AR9287 and Windows 8

The latest one (November 2013, 10.0.0.274) made my internet connection go to "limited" and I couldn't go online. The next one back (October 2013, 10.0.0.270) i'm using now, but had another BSOD. I've attached the data below.

Should I just keep on rolling back the drivers until I find a stable one? The driver that is the problem seems to have changed from "athwnx.sys" to "athwbx.sys" (I'm using BlueScreenView to see this, but I don't really know what I'm doing.)

Any ideas?


----------

