BSOD on XP-pro Code: 027, Kaspersky at fault?

Hi

A client has been plagued by a recurring BSOD either during or shortly after boot.

The analysis from the minidump is below.  I think I did this right...

If seems to me that a Kasperky-based file kltdi.sys is at fault, based on the dump analysis, but I can't see how, or what exactly to do other than removing the file.

Can anyone confirm my conclusions or add any additional input to clarify my approach to take care of this?  I'm not very experienced in dump analysis. Thanks so much.

The dump analysis is below and the dump file attached


file is attached

************************


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\Mini0513.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\windows\symbols
Executable search path is: f:\I386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon May 13 13:35:09.562 2013 (UTC - 5:00)
System Uptime: 0 days 0:02:55.218
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
...............
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for netbt.sys
*** WARNING: Unable to verify timestamp for mrxsmb.sys
Unable to load image nlem32nt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nlem32nt.sys
*** ERROR: Module load completed but symbols could not be loaded for nlem32nt.sys
Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------

1: kd> !analyze -y

Unknown option '-y'
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, a7c01258, a7c00f54, 8a5a9b20}

Probably caused by : kltdi.sys ( kltdi+1391 )

Followup: MachineOwner
---------
Mini0513.dmp
Mark LitinOwnerAsked:
Who is Participating?
 
Rob MinersConnect With a Mentor Commented:
You have two Antivirus Programs installed. I would uninstall both and install Microsoft Security Essentials.

http://www.microsoft.com/download/en/details.aspx?id=5201

kltdi.sys Kaspersky

mfetdik.sys McAfee

nlem32nt.sys driver, which supports the USB thumb drive under pre-Windows 2000 operating systems.

Since the system is running Windows XP, the NLEM32NT.SYS driver is not necessary. Boot into Windows Safe Mode, and then rename c:\Windows\System32\NLEM32NT.SYS to NLEM32NT.OLD. Restart the computer.

http://forum.sysinternals.com/nlem32ntsys-causes-reboots_topic7012.html
0
 
Mark LitinOwnerAuthor Commented:
Thanks for the excellent observation and suggestions.  l'm surprised that Kaspersky would have permitted installation with another AV present.

I'll make these changes and write back.

Thanks!
0
 
Mark LitinOwnerAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for mlitin's comment #a39163361

for the following reason:

Thanks.  Evidently, Kaspersky allowed itself to be installed with remnants of McAfee still there.  I removed Kaspersky and renamed the MacAfee file, and all was better.

Thanks for the tip.
0
 
Mark LitinOwnerAuthor Commented:
Kaspersky and McAfee remnant were in fact the bad guys.

Thanks for the the tip!
0
 
Rob MinersCommented:
Your welcome and it's good to see that your up and running :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.