How do I solve multiple different BSODs?

3

I have upgraded my PC and changed the motherboard, HDD, DVD, and the RAM (3 times) ... Now after installing the Windows 7 Ultimate, I get BSOD with different Errors each time ... Some times MEMORY_MANAGEMENT, other times BAD_SYSTEM_CONFIG_INFO I have analyzed the Dump file online at OSR Online and got this result:

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
nt!memcpy+130
828888d0 8b448efc        mov     eax,dword ptr [esi+ecx*4-4]

EXCEPTION_RECORD:  89f1b54c -- (.exr 0xffffffff89f1b54c)
ExceptionAddress: 828888d0 (nt!memcpy+0x00000130)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

CONTEXT:  89f1b130 -- (.cxr 0xffffffff89f1b130)
eax=00000004 ebx=aa47def8 ecx=00000001 edx=00000000 esi=00000000 edi=aa47def8
eip=828888d0 esp=89f1b614 ebp=89f1b61c iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
nt!memcpy+0x130:
828888d0 8b448efc        mov     eax,dword ptr [esi+ecx*4-4] ds:0023:00000000=????????
Resetting default scope

DEFAULT_BUCKET_ID:  NULL_DEREFERENCE

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

READ_ADDRESS: GetPointerFromAddress: unable to read from 829b2718
Unable to read MiSystemVaType memory at 82992160
 00000000 

FOLLOWUP_IP: 
klmouflt+60bf
9510e0bf ??              ???

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from 828e3f97 to 828888d0

STACK_TEXT:  
89f1b61c 828e3f97 aa47def8 00000000 00000004 nt!memcpy+0x130
89f1b63c 9510e0bf 89f1b670 856aac78 847ce000 nt!RtlCopyUnicodeString+0x32
WARNING: Stack unwind information not available. Following frames may be wrong.
89f1b680 9510e172 847ce000 856aac78 00000000 klmouflt+0x60bf
89f1b698 829ed728 856aac78 847ce000 c000035f klmouflt+0x6172
89f1b6c4 82a88a14 bd0d5952 89f1b7bc 89f1b840 nt!IopLoadDriver+0x7ed
89f1b784 82a88a14 00000018 00000000 89f1b7f8 nt!CmOpenKey+0x264
00000000 00000000 00000000 00000000 00000000 nt!CmOpenKey+0x264


SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  klmouflt+60bf

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: klmouflt

IMAGE_NAME:  klmouflt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ac61e77

STACK_COMMAND:  .cxr 0xffffffff89f1b130 ; kb

FAILURE_BUCKET_ID:  0x7E_klmouflt+60bf

BUCKET_ID:  0x7E_klmouflt+60bf

Followup: MachineOwner
---------

I really need help. I have changed my RAM 3 times now and nothing happened. I`m starting to think that the motherboard is corrupted!!

Anyone got a clue why this is happening?

windows-7
bsod
asked on Super User Jan 22, 2011 by sikas • edited Aug 26, 2011 by Tamara Wijsman

4 Answers

3

Given how much klmouflt.sys appears in your analysis, I would suspect it's Kaspersky, NOT a hardware issue. Drivers are more often the problem than hardware. I would suggest you look for an update to Kaspersky or uninstall it and see if the system becomes more stable.

answered on Super User Jan 22, 2011 by Multiverse IT • edited Jan 22, 2011 by Multiverse IT
1

To add to Multiverse IT: your issue is a Kaspersky mouse filter driver, if you cannot boot your computer into Windows or Safe mode you will need to edit your registry. The best way to do this is through another computer. Remove your hard drive and attach it via USB enclosure to a different computer running Windows.

Open up regedit, highlight HKEY_LOCAL_MACHINE, and go to File -> Load Hive...

Find the registry file named SYSTEM on your computer's hard drive. It is normally located Windows\system32\config (on F: or wherever it got mounted.)

Next, type in the name you want to attach the hive as, I suggest RemoteOS-HKLM-System

Next, navigate to the following registry key: HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\Select and look for the value named Current

Make a note of this value (it is usually 1) and then go to HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\ControlSet00X where X is the value you just made a note of, HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\ControlSet00X\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}

The last part of key name is a CLSID the part that's different from its surroundings is the end of the first 8 characters 6F, you'll know you're in the right place if the (Default) value is Mice and other pointing devices.

Next, check for values named UpperFilters and LowerFilters for klmouflt you should see it in the UpperFilter value along with mouclass. Delete klmouflt but leave mouclass.

Next, highlight the key HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System and go to File -> Unload Hive.

Safely Eject your computer's hard drive from your friend's computer, reinstall the hard drive and then try to boot to Windows. You ought to be able to at this point.

Next, remove Kaspersky via the Windows Add/Remove Programs utility appwiz.cpl.

Next, remove Kaspersky using the Kaspersky Removal tool.

Finally, reinstall Kaspersky or another antivirus.

answered on Super User Jan 22, 2011 by OmnipotentEntity
0

Are you able to run it in Safe Mode or apply a system restore? If you can, try the latter and see if you're able to boot up with out getting a BSOD.

answered on Super User Jan 22, 2011 by w7pro
0

It was either a corrupted RAM or incompatible with the Motherboard. I bought another RAM, Kingston this time, and it worked well with me. Thanks all for the support.

answered on Super User Feb 12, 2014 by sikas

User contributions licensed under CC BY-SA 3.0