I have upgraded my PC and changed the motherboard, HDD, DVD, and the RAM (3 times) ... Now after installing the Windows 7 Ultimate, I get BSOD with different Errors each time ... Some times MEMORY_MANAGEMENT
, other times BAD_SYSTEM_CONFIG_INFO
I have analyzed the Dump file online at OSR Online and got this result:
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!memcpy+130
828888d0 8b448efc mov eax,dword ptr [esi+ecx*4-4]
EXCEPTION_RECORD: 89f1b54c -- (.exr 0xffffffff89f1b54c)
ExceptionAddress: 828888d0 (nt!memcpy+0x00000130)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: 89f1b130 -- (.cxr 0xffffffff89f1b130)
eax=00000004 ebx=aa47def8 ecx=00000001 edx=00000000 esi=00000000 edi=aa47def8
eip=828888d0 esp=89f1b614 ebp=89f1b61c iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!memcpy+0x130:
828888d0 8b448efc mov eax,dword ptr [esi+ecx*4-4] ds:0023:00000000=????????
Resetting default scope
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: GetPointerFromAddress: unable to read from 829b2718
Unable to read MiSystemVaType memory at 82992160
00000000
FOLLOWUP_IP:
klmouflt+60bf
9510e0bf ?? ???
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 828e3f97 to 828888d0
STACK_TEXT:
89f1b61c 828e3f97 aa47def8 00000000 00000004 nt!memcpy+0x130
89f1b63c 9510e0bf 89f1b670 856aac78 847ce000 nt!RtlCopyUnicodeString+0x32
WARNING: Stack unwind information not available. Following frames may be wrong.
89f1b680 9510e172 847ce000 856aac78 00000000 klmouflt+0x60bf
89f1b698 829ed728 856aac78 847ce000 c000035f klmouflt+0x6172
89f1b6c4 82a88a14 bd0d5952 89f1b7bc 89f1b840 nt!IopLoadDriver+0x7ed
89f1b784 82a88a14 00000018 00000000 89f1b7f8 nt!CmOpenKey+0x264
00000000 00000000 00000000 00000000 00000000 nt!CmOpenKey+0x264
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: klmouflt+60bf
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: klmouflt
IMAGE_NAME: klmouflt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ac61e77
STACK_COMMAND: .cxr 0xffffffff89f1b130 ; kb
FAILURE_BUCKET_ID: 0x7E_klmouflt+60bf
BUCKET_ID: 0x7E_klmouflt+60bf
Followup: MachineOwner
---------
I really need help. I have changed my RAM 3 times now and nothing happened. I`m starting to think that the motherboard is corrupted!!
Anyone got a clue why this is happening?
Given how much klmouflt.sys appears in your analysis, I would suspect it's Kaspersky, NOT a hardware issue. Drivers are more often the problem than hardware. I would suggest you look for an update to Kaspersky or uninstall it and see if the system becomes more stable.
To add to Multiverse IT: your issue is a Kaspersky mouse filter driver, if you cannot boot your computer into Windows or Safe mode you will need to edit your registry. The best way to do this is through another computer. Remove your hard drive and attach it via USB enclosure to a different computer running Windows.
Open up regedit, highlight HKEY_LOCAL_MACHINE
, and go to File -> Load Hive...
Find the registry file named SYSTEM on your computer's hard drive. It is normally located Windows\system32\config
(on F:
or wherever it got mounted.)
Next, type in the name you want to attach the hive as, I suggest RemoteOS-HKLM-System
Next, navigate to the following registry key: HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\Select
and look for the value named Current
Make a note of this value (it is usually 1
) and then go to HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\ControlSet00X
where X is the value you just made a note of, HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System\ControlSet00X\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
The last part of key name is a CLSID
the part that's different from its surroundings is the end of the first 8 characters 6F
, you'll know you're in the right place if the (Default)
value is Mice and other pointing devices
.
Next, check for values named UpperFilters
and LowerFilters
for klmouflt
you should see it in the UpperFilter
value along with mouclass
. Delete klmouflt
but leave mouclass
.
Next, highlight the key HKEY_LOCAL_MACHINE\RemoteOS-HKLM-System
and go to File -> Unload Hive.
Safely Eject your computer's hard drive from your friend's computer, reinstall the hard drive and then try to boot to Windows. You ought to be able to at this point.
Next, remove Kaspersky via the Windows Add/Remove Programs utility appwiz.cpl
.
Next, remove Kaspersky using the Kaspersky Removal tool.
Finally, reinstall Kaspersky or another antivirus.
Are you able to run it in Safe Mode or apply a system restore? If you can, try the latter and see if you're able to boot up with out getting a BSOD.
It was either a corrupted RAM or incompatible with the Motherboard. I bought another RAM, Kingston this time, and it worked well with me. Thanks all for the support.
User contributions licensed under CC BY-SA 3.0