SOLVED SYSTEM_THREAD_EXCEPTION_NOT_HANDLED HIDCLASS.SYS

[whatdoesthebsodsays]

Hi,

I have this BSOD error every time i boot up the computer. Dump information has been uploaded. This issue has been grinding my head for months or even years now. Initially it was just BSOD and reboot now its permanent BSOD cycle.

Thanks!

 

[Trouble]

IDK.... Looks to me like something is causing a problem with your Human Interface Device subsystem

BugCheck 1000007E, {ffffffffc0000005, fffff80166d0981d, ffffb880a18c5f78, ffffb880a18c57b0}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : HIDCLASS.SYS ( HIDCLASS!HidpCallDriver+7c )

I'm thinking maybe a game controller?? Maybe one of these
LGVirHid.sys 6/13/2016
LGJoyXlCore.sys 6/13/2016
LGBusEnum.sys 6/13/2016

ffffb880`a18c51f0 fffff800`ec022818Unable to load image \SystemRoot\system32\drivers\LGBusEnum.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for LGBusEnum.sys
*** ERROR: Module load completed but symbols could not be loaded for LGBusEnum.sys
LGBusEnum+0x2818
ffffb880`a18c51f8 fffff800`ec022818 LGBusEnum+0x2818
ffffb880`a18c5200 fffff800`ec022818 LGBusEnum+0x2818

 

[whatdoesthebsodsays]

I uninstalled the whole logitech drivers and no BSOD on startup! That's one BSOD off the list! Thank you so much! Now I'm afraid restarting the computer would bring another BSOD... I guess I'll see tmrrw.

 

[whatdoesthebsodsays]

speak of the devil. New BSOD PAGE_FAULT_BEYOND_END_OF_ALLOCATION.
Your help would be greatly appreciated!

 

[whatdoesthebsodsays]

Decided to debug myself here are the bugcheck analysis:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_BEYOND_END_OF_ALLOCATION (cd)
N bytes of memory was allocated and more than N bytes are being referenced.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffff858c359b1000, memory referenced
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation
Arg3: fffff80280fdc76b, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

Debugging Details:
------------------


Could not read faulting driver name

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10.0.14393.1715 (rs1_release_inmarket.170906-1810)

DUMP_TYPE: 2

BUGCHECK_P1: ffff858c359b1000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff80280fdc76b

BUGCHECK_P4: 0

READ_ADDRESS: fffff80281220338: Unable to get MiVisibleState
ffff858c359b1000

FAULTING_IP:
nt!memcpy+2b
fffff802`80fdc76b 488941f8 mov qword ptr [rcx-8],rax

MM_INTERNAL_CODE: 0

CPU_COUNT: 8

CPU_MHZ: 95a

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0xCD

PROCESS_NAME: GameMon64.des

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: WINDOWSPC

ANALYSIS_SESSION_TIME: 09-14-2017 00:42:45.0867

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

TRAP_FRAME: ffff8b80233ac390 -- (.trap 0xffff8b80233ac390)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffff858c359b1008
rdx=000005f3ed9fb5a8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80280fdc76b rsp=ffff8b80233ac528 rbp=fffff80281296dd0
r8=0000000000000018 r9=0000000000000000 r10=00000000000008a0
r11=ffff858c359b0ff0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!memcpy+0x2b:
fffff802`80fdc76b 488941f8 mov qword ptr [rcx-8],rax ds:ffff858c`359b1000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80280ffaaae to fffff80280fd08b0

STACK_TEXT:
ffff8b80`233ac098 fffff802`80ffaaae : 00000000`00000050 ffff858c`359b1000 00000000`00000002 ffff8b80`233ac390 : nt!KeBugCheckEx
ffff8b80`233ac0a0 fffff802`80ed5f7d : 00000000`00000002 00000000`00000000 ffff8b80`233ac390 ffff858c`359b1000 : nt!MiSystemFault+0x10004e
ffff8b80`233ac190 fffff802`80fd9efc : ffff0000`0000027f ffffb608`788bd840 00000000`00000000 ffff8b80`00001f80 : nt!MmAccessFault+0x27d
ffff8b80`233ac390 fffff802`80fdc76b : fffff80f`46c3d5f6 00000000`00000000 c0000022`00000000 00000000`00000000 : nt!KiPageFault+0x13c
ffff8b80`233ac528 fffff80f`46c3d5f6 : 00000000`00000000 c0000022`00000000 00000000`00000000 ffffb608`85e9def0 : nt!memcpy+0x2b
ffff8b80`233ac530 00000000`00000000 : c0000022`00000000 00000000`00000000 ffffb608`85e9def0 00000000`00000000 : dump_wmimmc+0x23d5f6


STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff80280ed56d3 - nt!MiGetFreeOrZeroPage+2e3
[ fa:f8 ]
fffff80280ed5729 - nt!MiGetFreeOrZeroPage+339 (+0x56)
[ fa:f8 ]
2 errors : !nt (fffff80280ed56d3-fffff80280ed5729)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: ONE_BIT_LARGE

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT_LARGE

BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT_LARGE

PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BIT_LARGE

TARGET_TIME: 2017-09-14T07:14:27.000Z

OSBUILD: 14393

OSSERVICEPACK: 1715

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2017-09-06 21:54:57

BUILDDATESTAMP_STR: 170906-1810

BUILDLAB_STR: rs1_release_inmarket

BUILDOSVER_STR: 10.0.14393.1715

ANALYSIS_SESSION_ELAPSED_TIME: 11f3

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:memory_corruption_one_bit_large

FAILURE_ID_HASH: {31545515-196b-fab5-2300-9ce714226f43}

Followup: memory_corruption


It says memory corruption by GameMon64.des. I know this is a gameguard process but it didn't cause BSOD before, any thoughts why?

 

[Trouble]

When I look at your dump file I see some things that are slightly different.
Specifically......

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

Do you still have Driver Verifier turned on?
IF so, you might try turning if off / disabling it and see if that produces any different results.

 

[whatdoesthebsodsays]

after running "verifier /query" I was able to find out that cm_km.sys was still under verifier, I have promptly removed it from the verifier. Googling also shows that this is a Kaspersky Crypto Module driver. I don't even user kaspersky anymore, any ideas on how to get rid of it? Thanks

 

[Trouble]

Look in C:\Windows\System32\Drivers for cm_km.sys and rename it to cm_km.OLD
That should break it and prevent it from trying to load.

 

[whatdoesthebsodsays]

That seems to worked, no BSOD for now. Thanks!

 

[Trouble]

OK.... keep us posted.
IF you get another one just zip it up and attach it here.