Ready to jump off a klif.sys....
April 22, 2009 12:58 AM Subscribe
I'm getting a Blue Screen of Death on startup (Windows XP Pro) which says that the "problem" (whatever it may be) is being caused by a file called klif.sys. Googling around indicates it's a Kaspersky file, and I do indeed have their anti-virus software installed on my system. But I haven't found any solutions, and I can't get past this BSOD. Is there any hope for me? (More details inside.)
A few days ago, Windows informed me that it needed to restart after installing some updates. (I don't recall what they were exactly, but I think most had to do with Office 2007. Not sure though.) I powered down my computer and went to bed. The next day, when I turned it on, my computer informed me that the file NTOSKRNL.EXE was missing or corrupt. I thought this was strange but couldn't get past this error message by trying "Last Known Good Configuration" or "Safe Mode."
So I followed some online solutions which explained how to restore that file from the original Windows CD, using the Windows Recovery Console. I then got a new message, telling me that still another file, ntfs.sys, was missing or corrupt. So I tried fixing that file, too.
At that point, Windows really jammed me up - it gave me no discernable error messages whatsoever, and just kept restarting after basically getting nowhere during the boot process. (Safe Mode and Last Known Good Config still would not work.) So I took what may have been a foolhardy step - I tried letting the Windows CD automatically "repair" my installation of Windows.
(Side note: One thing I didn't think about until later is the fact that my installation had all the latest patches and updates, meaning it was Windows XP Service Pack 3, but my CD only had as far as Service Pack 1a. Yikes?)
Well, needless to say, this repair feature didn't work. That's when I started getting the klif.sys BSOD, which I reproduce below the dashed lines in full. (At one point, Windows started telling me that yet a different file, system.sav, was corrupt, but I could not figure out how to try repairing that file. In any event, we're back to the klif.sys BSOD for no apparent reason now.)
As I mentioned above, klif.sys is apparently a file that is produced by Kaspersky. However, I can't touch that software or anything else on my system because, as I say, I can't get past this BSOD. The information contained in the BSOD itself is totally unhelpful (and I checked - my system's BIOS doesn't offer any of those memory settings that I can see).
In case any of this is helpful: It's a Dell laptop running Windows XP Pro. I had plenty of free hard drive space. Though the computer is almost six years old, the hard drive is less than two years old. Kaspersky Anti-Virus was up-to-date and as far as I know, I had no viruses or malware infecting my system. (If I did, they were clever enough to defeat Kaspersky.)
Are there any solutions which do not involve me wiping everything out and doing a fresh install of Windows? Obviously this is a scenario I'd like to avoid if possible. Thanks.
--------------------------------------------------
BSOD Below
--------------------------------------------------
A problem has been detected and Windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: klif.sys
The driver unloaded without cancelling pending operations.
If this is the first time you’ve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information:
*** STOP: 0x000000D4 (0xF66DD938, 0x000000FF, 0x00000001, 0x80512922)
klif.sys
A few days ago, Windows informed me that it needed to restart after installing some updates. (I don't recall what they were exactly, but I think most had to do with Office 2007. Not sure though.) I powered down my computer and went to bed. The next day, when I turned it on, my computer informed me that the file NTOSKRNL.EXE was missing or corrupt. I thought this was strange but couldn't get past this error message by trying "Last Known Good Configuration" or "Safe Mode."
So I followed some online solutions which explained how to restore that file from the original Windows CD, using the Windows Recovery Console. I then got a new message, telling me that still another file, ntfs.sys, was missing or corrupt. So I tried fixing that file, too.
At that point, Windows really jammed me up - it gave me no discernable error messages whatsoever, and just kept restarting after basically getting nowhere during the boot process. (Safe Mode and Last Known Good Config still would not work.) So I took what may have been a foolhardy step - I tried letting the Windows CD automatically "repair" my installation of Windows.
(Side note: One thing I didn't think about until later is the fact that my installation had all the latest patches and updates, meaning it was Windows XP Service Pack 3, but my CD only had as far as Service Pack 1a. Yikes?)
Well, needless to say, this repair feature didn't work. That's when I started getting the klif.sys BSOD, which I reproduce below the dashed lines in full. (At one point, Windows started telling me that yet a different file, system.sav, was corrupt, but I could not figure out how to try repairing that file. In any event, we're back to the klif.sys BSOD for no apparent reason now.)
As I mentioned above, klif.sys is apparently a file that is produced by Kaspersky. However, I can't touch that software or anything else on my system because, as I say, I can't get past this BSOD. The information contained in the BSOD itself is totally unhelpful (and I checked - my system's BIOS doesn't offer any of those memory settings that I can see).
In case any of this is helpful: It's a Dell laptop running Windows XP Pro. I had plenty of free hard drive space. Though the computer is almost six years old, the hard drive is less than two years old. Kaspersky Anti-Virus was up-to-date and as far as I know, I had no viruses or malware infecting my system. (If I did, they were clever enough to defeat Kaspersky.)
Are there any solutions which do not involve me wiping everything out and doing a fresh install of Windows? Obviously this is a scenario I'd like to avoid if possible. Thanks.
--------------------------------------------------
BSOD Below
--------------------------------------------------
A problem has been detected and Windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: klif.sys
The driver unloaded without cancelling pending operations.
If this is the first time you’ve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information:
*** STOP: 0x000000D4 (0xF66DD938, 0x000000FF, 0x00000001, 0x80512922)
klif.sys
Response by poster: I can boot from the Windows CD, and I could completely reinstall XP. But as I think you're saying, that would completely wipe out all my data, wouldn't it? Or are you suggesting something different from what I was trying to avoid when I said this:
posted by DavidNYC at 1:13 AM on April 22, 2009
Are there any solutions which do not involve me wiping everything out and doing a fresh install of Windows? Obviously this is a scenario I'd like to avoid if possible.I realize this is a lengthy post and that bit was easy to miss, but perhaps we are talking about two different things?
posted by DavidNYC at 1:13 AM on April 22, 2009
The fact that all these files are going bad sounds to me like your hard drive is dying- I had the exact same problems, Windows couldn't find more and more files until it finally couldn't find the kernel.
Install Windows to a new hard drive and then backup the one you've got now.
posted by dunkadunc at 1:15 AM on April 22, 2009
Install Windows to a new hard drive and then backup the one you've got now.
posted by dunkadunc at 1:15 AM on April 22, 2009
Best answer: I'm all but certain the majority of your problem is the fact that the disc you used to repair with has SP1a on it. You need to get your install up to SP3. You've got three options:
1. Does Safe Mode work (hit F8 repeatedly during boot until you've got a menu with Safe Mode as an option)? If so, install SP3 in there. Use Safe Mode with Networking if you need to download it.
2. Do you have access to an XP Pro disc with SP2 or higher? Repair the install with it and try again. Make sure the first thing you do is install SP3 if you used a SP2 disc.
3. If you have a working PC with a CD burner, a blank CD and some time you can create a SP3 install CD by slipstreaming SP3 into your SP1a disc.
posted by Xuff at 1:15 AM on April 22, 2009
1. Does Safe Mode work (hit F8 repeatedly during boot until you've got a menu with Safe Mode as an option)? If so, install SP3 in there. Use Safe Mode with Networking if you need to download it.
2. Do you have access to an XP Pro disc with SP2 or higher? Repair the install with it and try again. Make sure the first thing you do is install SP3 if you used a SP2 disc.
3. If you have a working PC with a CD burner, a blank CD and some time you can create a SP3 install CD by slipstreaming SP3 into your SP1a disc.
posted by Xuff at 1:15 AM on April 22, 2009
If you have another PC (or access to one) get a USB laptop hard drive enclosure, put the drive in there and get your important files off first. Once that is done, you can experiment....
However, you may find nuking it and reinstalling to be the quickest and most reliable route, especially if you can't get into safe mode and a reinstall hasn't really worked.
Also would tend to agree based on my experiences that your HDD is dying.
posted by BishopsLoveScifi at 1:20 AM on April 22, 2009
However, you may find nuking it and reinstalling to be the quickest and most reliable route, especially if you can't get into safe mode and a reinstall hasn't really worked.
Also would tend to agree based on my experiences that your HDD is dying.
posted by BishopsLoveScifi at 1:20 AM on April 22, 2009
Response by poster: To Xuff:
1) I cannot get into Safe Mode.
2) The SP1a disc is the highest I've got - as I say, I've had this computer for a while.
3) I do have access to a working PC with a burner, fortunately. I'll try that slipstreaming idea.
I'll be pretty bummed if this drive is failing... it's less than two years old, and my prior drive was in fine working order (just too small) after four years when I replaced it. But what Dunc and Bishops are saying makes sense.
Bishops, do you have any recommendations for a USB hard drive enclosure?
posted by DavidNYC at 1:41 AM on April 22, 2009
1) I cannot get into Safe Mode.
2) The SP1a disc is the highest I've got - as I say, I've had this computer for a while.
3) I do have access to a working PC with a burner, fortunately. I'll try that slipstreaming idea.
I'll be pretty bummed if this drive is failing... it's less than two years old, and my prior drive was in fine working order (just too small) after four years when I replaced it. But what Dunc and Bishops are saying makes sense.
Bishops, do you have any recommendations for a USB hard drive enclosure?
posted by DavidNYC at 1:41 AM on April 22, 2009
Best answer: A Ubuntu Live CD should let you get into your system to recover your files, and maybe recover your XP installation. Here's a how to
posted by Duke999R at 2:04 AM on April 22, 2009
posted by Duke999R at 2:04 AM on April 22, 2009
As a complete guess, the a library the online access scanner uses is corrupt. Try deleting it using a boot cd. If that fails, backup your data then reinstall.
posted by devnull at 6:04 AM on April 22, 2009
posted by devnull at 6:04 AM on April 22, 2009
You probably have to suck it up and reinstall Windows; otherwise, even if you get it apparently working correctly, you'll never know when a BSOD will pop up on you due to some forgotten corrupted file. If you want to save your files, you can do as Duke999R says above, or you can reinstall Windows on the same drive in a different folder (ie: C:\WINXP instead of C:\WINDOWS) and boot off that installation long enough to recover your files to external media. Then, reformat and reinstall.
Note that, as mentioned above, this may be the beginnings of a hard drive failure. Perhaps you should consider installing a brand new hard disk at the same time.
posted by Simon Barclay at 6:09 AM on April 22, 2009
Note that, as mentioned above, this may be the beginnings of a hard drive failure. Perhaps you should consider installing a brand new hard disk at the same time.
posted by Simon Barclay at 6:09 AM on April 22, 2009
You would think by now that one could just reinstall Windows without nuking the HD like Mac OSX has done for years... Anyway. Yes what you are experiencing is severe directory corruption. Abandon all hope of resurrecting this drive and buy a new drive, they are much cheaper than the time you've already spent... Install, and then start copying off the old drive.
posted by Gungho at 6:31 AM on April 22, 2009
posted by Gungho at 6:31 AM on April 22, 2009
You would think by now that one could just reinstall Windows without nuking the HD like Mac OSX has done for years...
You can- it's quite simple: You just select the option to install on the hard drive without formatting.
The problem here is that on one reboot, the kernel was OK and a virus scan file was missing, and after each reboot less and less worked, until the kernel was corrupt and then to the point where even the bootloader didn't work.
I'm voting that the drive is pretty much screwed at this point.
posted by dunkadunc at 6:44 AM on April 22, 2009
You can- it's quite simple: You just select the option to install on the hard drive without formatting.
The problem here is that on one reboot, the kernel was OK and a virus scan file was missing, and after each reboot less and less worked, until the kernel was corrupt and then to the point where even the bootloader didn't work.
I'm voting that the drive is pretty much screwed at this point.
posted by dunkadunc at 6:44 AM on April 22, 2009
I'm voting that the drive is pretty much screwed at this point
There's really not enough evidence for this, yet. I second Duke999R's suggestion about using Ubuntu Live (Knoppix worked for me, too). That'll let you back up your files, or possibly recover your windows install without reinstalling.
posted by logicpunk at 7:15 AM on April 22, 2009
Best answer: WAIT!!!
Before you try anything else, you should give spinrite a try! You may find out that you won't have to do anything else. Spinrite is the best hard drive maintenance & recovery software out there, and it can tell you the difference between a hard drive with just a few bad bits, and a drive that is in imminent danger of crashing.
The great thing about spinrite is that you can try it for 30 days, and if it doesn't fix your problem, you can get a full refund, no problem.
I would seriously consider using spinrite before doing something as drastic as reformatting or reinstalling.
posted by tdreyer at 7:43 AM on April 22, 2009
Before you try anything else, you should give spinrite a try! You may find out that you won't have to do anything else. Spinrite is the best hard drive maintenance & recovery software out there, and it can tell you the difference between a hard drive with just a few bad bits, and a drive that is in imminent danger of crashing.
The great thing about spinrite is that you can try it for 30 days, and if it doesn't fix your problem, you can get a full refund, no problem.
I would seriously consider using spinrite before doing something as drastic as reformatting or reinstalling.
posted by tdreyer at 7:43 AM on April 22, 2009
Response by poster: A huge thank you to EVERYONE who posted on this thread. In case anyone stumbles across this later, here's what I did:
1) I disabled the various Kaspersky services using the method odinsdream suggested. Unfortunately, I just got another BSOD - this one telling me to run CHKDSK /F on my drive.
2) I slipstreamed myself a Windows XP SP3 disk as Xuff advised. I then attempted to run a repair using this updated CD. Still no love - same BSOD as before.
3) I tried running CHKDSK in the Windows Recovery Console. That version of CHKDSK doesn't recognize the /F operator, but it does permit /R for repairs (apparently). It took a very long time to run but sadly... same BSOD as before.
So I concluded that my disk (or at least, this installation of Windows) was beyond hope, as several people theorized. I then turned to Duke999R's terrific, outside-the-box (well, for me, anyway!) idea to create an Ubuntu boot disk and try rescuing my files from there. That was extremely easy to do (and probably should have been my first step, just for safety's sake). Ubuntu recognized my drive (so I didn't have to go through any rigmarole at Duke's link) and I was able to copy everything (about 50 gigs worth of data) to a USB drive without a hitch.
Now I have to decide what to do next. I think I will try Spinrite, as tdryer suggested, to see whether or not my hard disk really is in serious danger. I've "marked as best" the particular comments whose advice I followed, but all the suggestions here were terrifically helpful. Thanks once again to everyone.
posted by DavidNYC at 10:45 PM on April 23, 2009
1) I disabled the various Kaspersky services using the method odinsdream suggested. Unfortunately, I just got another BSOD - this one telling me to run CHKDSK /F on my drive.
2) I slipstreamed myself a Windows XP SP3 disk as Xuff advised. I then attempted to run a repair using this updated CD. Still no love - same BSOD as before.
3) I tried running CHKDSK in the Windows Recovery Console. That version of CHKDSK doesn't recognize the /F operator, but it does permit /R for repairs (apparently). It took a very long time to run but sadly... same BSOD as before.
So I concluded that my disk (or at least, this installation of Windows) was beyond hope, as several people theorized. I then turned to Duke999R's terrific, outside-the-box (well, for me, anyway!) idea to create an Ubuntu boot disk and try rescuing my files from there. That was extremely easy to do (and probably should have been my first step, just for safety's sake). Ubuntu recognized my drive (so I didn't have to go through any rigmarole at Duke's link) and I was able to copy everything (about 50 gigs worth of data) to a USB drive without a hitch.
Now I have to decide what to do next. I think I will try Spinrite, as tdryer suggested, to see whether or not my hard disk really is in serious danger. I've "marked as best" the particular comments whose advice I followed, but all the suggestions here were terrifically helpful. Thanks once again to everyone.
posted by DavidNYC at 10:45 PM on April 23, 2009
Response by poster: One final note here: Luckily, my hard drive (which I purchased from a company called CMS Products) is still covered by a three-year warranty, so it looks like they'll replace it for me. Because of that, I decided not to purchase Spinrite. As great a program as it appears to be, I can't justify the $90 cost at this time.
Also, I plugged my old 30 gig hard drive back into my computer in the meantime. I re-installed Windows using a brand new slipstreamed SP3 disk, per Xuff. What a breeze! SO much better than using SP1 and suffering through a million updates. Plus, it was really nice having almost all of my usual configuration choices already set!
I also added RyanVM's update pack to the installation in NLite. I think it helped - there were only a handful of updates to download once Windows finished installing.
posted by DavidNYC at 2:34 AM on April 25, 2009
Also, I plugged my old 30 gig hard drive back into my computer in the meantime. I re-installed Windows using a brand new slipstreamed SP3 disk, per Xuff. What a breeze! SO much better than using SP1 and suffering through a million updates. Plus, it was really nice having almost all of my usual configuration choices already set!
I also added RyanVM's update pack to the installation in NLite. I think it helped - there were only a handful of updates to download once Windows finished installing.
posted by DavidNYC at 2:34 AM on April 25, 2009
This thread is closed to new comments.
posted by gfrobe at 1:04 AM on April 22, 2009