Tech Support Forum banner
Not open for further replies.
1 - 4 of 4 Posts

· Registered
5 Posts
Discussion Starter · #1 ·
Hello, attached are the results of my BSOD reports - note that I could not get the perfmon to run so no results are attached for that. Here are additional details:

Windows 7
32 Bit
Windows pre-installed
Age of system - 3-4 years
I'm unsure where to find the additional data you need - sorry I am not techie at all.

Thanks in advance for your assistance!


· Registered
444 Posts
[COLOR=Red]BugCheck 1000008E[/COLOR], {[COLOR=SeaGreen]c0000006[/COLOR], 82c47e93, a329b9b8, 0}

Probably caused by : [COLOR=Red]kl1.sys[/COLOR] ( kl1+e4935 )
This bugcheck indicates a exception happened in Kernel Mode, which the exception handler wasn't able to handle.

kd> [COLOR=SeaGreen]lmvm kl1[/COLOR]
start    end        module name
88c15000 89137000   kl1      T (no symbols)           
    Loaded symbol image file: kl1.sys
    Image path: \SystemRoot\system32\DRIVERS\kl1.sys
    Image name: kl1.sys
    Timestamp:        [COLOR=Red]Fri Mar 04 09:17:22 2011[/COLOR] (4D70AE22)
    CheckSum:         00026AFA
    ImageSize:        00522000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your Kaspersky Unified Driver seems to be causing problems, please find a updated version of the program, or remove the program with the Kaspersky Removal Tool.

kd> [COLOR=SeaGreen]!error c0000006[/COLOR]
Error code: (NTSTATUS) 0xc0000006 (3221225478) - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
Using the first parameter and the !error extension, we can see that a instruction or driver routine was called, to page some form of required data into physical memory, however, this wasn't achieved due to a I/O problem.

kd> [COLOR=SeaGreen]knL[/COLOR]
 # ChildEBP RetAddr  
00 a329ba34 88cf9935 nt!memcpy+0x33
WARNING: Stack unwind information not available. Following frames may be wrong.
01 a329baa8 88cfda4f kl1+0xe4935
02 a329bb00 88cfd4b2 kl1+0xe8a4f
03 a329bb24 88c1773e kl1+0xe84b2
04 a329bb78 82c45c29 kl1+0x273e
05 a329bb90 82e39bf9 nt!IofCallDriver+0x63
06 a329bbb0 82e3cde2 nt!IopSynchronousServiceTail+0x1f8
07 a329bc4c 82e83764 nt!IopXxxControlFile+0x6aa
08 a329bc80 8da4c25e nt!NtDeviceIoControlFile+0x2a <<< User Mode only?
09 a329bd04 82c4c8ba klif+0x3425e
0a a329bd04 774c7094 nt!KiFastCallEntry+0x12a
0b 13f0f234 00000000 0x774c7094
nt!memcpy is a C function used to move data between two memory buffers. This is where the crash occurred.

[COLOR=SeaGreen].trap 0xffffffffa329b9b8[/COLOR]
ErrCode = [COLOR=Red]00000000[/COLOR]
eax=1b6a8f58 ebx=003c8f58 ecx=000463d6 edx=00000000 esi=1b590000 edi=87672000
eip=82c47e93 esp=a329ba2c ebp=a329ba34 iopl=0         nv up ei pl nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010212
82c47e93 f3a5           [COLOR=Orange] rep movs[/COLOR] dword ptr [COLOR=Red]es:[edi][/COLOR],dword ptr [COLOR=Red][esi][/COLOR]
The exception code for the trap frame indicates a divide by 0 error, which is commonly related to device driver problems.

es: edi register is used to point to the destination register, or destination operand. esi register contains the source operand. The movs instruction is used to move strings, and is prefixed with the rep, which is named Repeat String Operation Prefix.

After the operation, since the DF flag has been set to 0, the ESI and EDI should be incremented by 1. The repeating operation stops when the ecx register is 0. This instruction can also be suspended by a exception like in this case.

nt!IopXxxControlFile is used to sent a control code request to a file object, to perform a certain operation.

nt!IofCallDriver is used to sent a IRP to a driver of a device object.

· Registered
5 Posts
Discussion Starter · #3 ·
Thank you so much for your response! I have removed the Kaspersky program - other than that, were there other issues that showed up in the report - again, sorry but I don't understand the results. I appreciate your time and assistance!
1 - 4 of 4 Posts
Not open for further replies.