Solved

BSOD on XP-pro Code: 027, Kaspersky at fault?

Posted on 2013-05-13
5
760 Views
Last Modified: 2013-05-15
Hi

A client has been plagued by a recurring BSOD either during or shortly after boot.

The analysis from the minidump is below.  I think I did this right...

If seems to me that a Kasperky-based file kltdi.sys is at fault, based on the dump analysis, but I can't see how, or what exactly to do other than removing the file.

Can anyone confirm my conclusions or add any additional input to clarify my approach to take care of this?  I'm not very experienced in dump analysis. Thanks so much.

The dump analysis is below and the dump file attached


file is attached

************************


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\Mini0513.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: f:\I386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon May 13 13:35:09.562 2013 (UTC - 5:00)
System Uptime: 0 days 0:02:55.218
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
...............
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
Unable to load image nlem32nt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nlem32nt.sys
*** ERROR: Module load completed but symbols could not be loaded for nlem32nt.sys
Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------

1: kd> !analyze -y

Unknown option '-y'
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------
Mini0513.dmp
0
Comment
Question by:mlitin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
Rob Miners earned 500 total points
ID: 39163314
You have two Antivirus Programs installed. I would uninstall both and install Microsoft Security Essentials.

http://www.microsoft.com/download/en/details.aspx?id=5201

kltdi.sys Kaspersky

mfetdik.sys McAfee

nlem32nt.sys driver, which supports the USB thumb drive under pre-Windows 2000 operating systems.

Since the system is running Windows XP, the NLEM32NT.SYS driver is not necessary. Boot into Windows Safe Mode, and then rename c:\Windows\System32\NLEM32NT.SYS to NLEM32NT.OLD. Restart the computer.

http://forum.sysinternals.com/nlem32ntsys-causes-reboots_topic7012.html
0
 

Author Comment

by:mlitin
ID: 39163361
Thanks for the excellent observation and suggestions.  l'm surprised that Kaspersky would have permitted installation with another AV present.

I'll make these changes and write back.

Thanks!
0
 

Author Comment

by:mlitin
ID: 39170311
I've requested that this question be closed as follows:

Accepted answer: 0 points for mlitin's comment #a39163361

for the following reason:

Thanks.  Evidently, Kaspersky allowed itself to be installed with remnants of McAfee still there.  I removed Kaspersky and renamed the MacAfee file, and all was better.

Thanks for the tip.
0
 

Author Closing Comment

by:mlitin
ID: 39170312
Kaspersky and McAfee remnant were in fact the bad guys.

Thanks for the the tip!
0
 
LVL 14

Expert Comment

by:Rob Miners
ID: 39170328
Your welcome and it's good to see that your up and running :)
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question