Jump to content
Midge

Blue screening and crashing after PURE upgrade

Recommended Posts

My dad, previously running KIS 2009 on his machine, upgraded to the currently downloading version of PURE a couple of weeks ago (not my idea I hasten to add).

 

It behaved OK for around 3-4 days, and then it seems PURE shut itself down with an unrecoverable error, and when he tried to reboot the machine afterwards, the registry was stuffed ("windows XP could not start because the following file is missing or corrupt \WINDOWS\SYSTEM32\CONFIG\SYSTEM").

 

Shortly before this, my dad had noticed a pdm.logger alert relating to a file sskbfd.sys which sounds like a left-over from Webroot's Spysweeper which he used to run a couple of years ago, before I switched him to KIS. Judging by other postings, it seems difficult to rid yourself of this file.

 

Using the microsoft process (article 307545) last night, I took the machine back to the restore point from before PURE was installed. I ran the Kaspersky removal tool to make certain his old version of KIS 2009 was well and truly deleted, and then re-installed PURE. All OK so far - but I then started experiencing random lockups maybe every half hour or so (typically IE going unresponsive as that is what I was using after sorting out the registry issue) and more worryingly, blue screening (different messages). I also had just one case of PURE shutting itself down as my dad had seen, but the registry wasn't corrupted in this case.

 

Obviously, after the re-install, I was getting the same pdm.logger error he'd seen so I setup an exception for the sskbfd.sys file, and it *seemed* like the machine ran for longer without an issue (over an hour) so I left my dad to run a full scan on it, and he's just told me it blue screened when he did! So it may well be the presence of this file is totally unrelated since it would have been there all through KIS being used. He then kicked off another scan which went the distance with no further issues.

 

So it kinda looks like there is some sort of conflict going on, but not sure how to diagnose it - so my first question is whether the engine in PURE is sufficiently different from KIS 2009 for it to be worth putting 2009 back on as a test?

 

The machine itself hardly has anything else installed on it - it's just used for internet and e-mail really.

 

Ideas appreciated! Thanks, Midge.

Edited by Midge

Share this post


Link to post

sskbfd.sys a SpySweeper file. Blue screen is usually a Tech Support issue. Pending possible resolution of this issue here at this forum, please also contact Tech Support, link: http://support.kaspersky.com/helpdesk.html

 

Also, GSI may point to something concrete, so please post your GSI report link, instructions are in the Home User Important topic.

Share this post


Link to post
sskbfd.sys a SpySweeper file. Blue screen is usually a Tech Support issue. Pending possible resolution of this issue here at this forum, please also contact Tech Support, link: http://support.kaspersky.com/helpdesk.html

 

Also, GSI may point to something concrete, so please post your GSI report link, instructions are in the Home User Important topic.

 

Well THAT was a pain! I booted the machine up, loaded and ran GSI, and it got all the way through to trying to upload it to the site "receiving a reply" etc. and then blue screened on me before I got to the point it gives me the upload link. I powered off/on and repeated and it did exactly the same at exactly the same point. There is no driver or error referenced in the message.

 

STOP: 0x0000008E (0xC0000005, 0x805677BB, 0xED4C2C7C, 0x00000000) - first blue screen

STOP: 0x0000008E (0xC0000005, 0x80570376, 0xED699ABC, 0x00000000) - second blue screen

 

On the third attempt, it worked and this is the link:

 

http://www.getsysteminfo.com/read.php?file...119cd080e5ab6a9

 

It found the webroot keyboard file, but somewhat unexpectedly, it has highlighted a Symantec file (Symantec used to be used on this machine years ago but I got rid of it with the Symantec removal tool when I first loaded KIS - at least I THOUGHT I had!!).

 

Filename C:\WINDOWS\system32\drivers\symlcbrd.sys - Symantec Core Component

 

It has also found: Symantec Technical Support Web Controls

 

Midge.

Edited by Midge

Share this post


Link to post

Have unstalled the Technical Support Web Controls stuff, and downloaded and run the latest version of the Norton Removal tool.

 

After I ran the Norton tool, it prompted for a machine restart and when I clicked the button it blue screened yet again.

 

This time is gave the error BAD_POOL_HEADER

0x00000019 (0x00000020, 0xE301BDF0, 0xE301BDF0, 0x0C000205)

 

Anyway, after yet another reboot, GSI is just picking up the webroot file now:

 

http://www.getsysteminfo.com/read.php?file...ebe3efbfdddfa6a

 

Midge.

Share this post


Link to post

There are still some leftovers from Spysweeper there. Please get rid of it.

Filename C:\WINDOWS\system32\drivers\sskbfd.sys - Spy Sweeper SDK

Share this post


Link to post

I will, thanks - just making sure I've got a removal method that works. It's so long since Spysweeper was running I don't even know what version it was.

Share this post


Link to post

Thanks - I'd already tried the Webroot removal tool (including in safe mode) but it wouldn't get rid of the file. I ended up uninstalling the keyboard driver and letting windows re-install it. Then removed the exception I'd previously created in PURE, cleaned the registry up of remaining traces, and deleted the file.

 

The machine had been terribly unstable beforehand so we'll see how it behaves now. I should know within the next day or so and will post up the results.

Edited by Midge

Share this post


Link to post

Been running 2.5 hours without incident (yet!).........this is probably the longest it has been stable so far.

Share this post


Link to post
Been running 2.5 hours without incident (yet!).........this is probably the longest it has been stable so far.

 

........but unfortunately it didn't last! The following day on power up, my dad had a repeat of the original problem. IE went unresponsive and he couldn't reload IE and so rebooted. Registry was then stuffed again!

 

I've just set my Dad up with my spare machine so I should be able to monitor and diagnose it better when I get it back to my house. My intention is to uninstall PURE and stick KIS2009 back on to see if stabilises. At least that way I can prove categorically that the issue is a Kaspersky one.

 

One question I do have and that is whether PURE needs to be re-installed now that the potentially conflicting software has been removed? i.e. could the conflict have corrupted something so just removing the offending software is not enough?

 

Thanks.

 

 

Share this post


Link to post

It's very difficult to draw a firm conclusion with an intermittent issue like this, but it is looking like the problem is pretty much proven not to be ANYTHING to do with Kaspersky.

 

I uninstalled PURE and ran the removal tool too last weekend, and found that I didn't have a spare licence to re-install KIS2009 which is what was running before the upgrade. So I then installed Microsoft Security Essentials so there was some basic protection on there whilst I did a bit of testing each day this week.

 

During this week, I've had one situation where IE has got screwed up (as opposed to going unresponsive) , and a couple of occasions where MSE has had to close down which got me wondering whether PURE wasn't at fault. However, there was no serious instability/blue screening to be pretty certain about that - until this morning!

 

I've just had two blue screens within minutes of each other - different to those previously seen and posted on this thread. One on a normal shutdown and the other when using IE. This time they were 0x0000000A irql_not_less_or_equal, which Microsoft and other postings suggest is incompatible hardware or device driver.

 

So even though I'm struggling to get to the bottom of what this problem is since the machine can run happily for days, the total lack of Kaspersky products means I have to be looking at some intermittent fault on the machine that just happens to have occured within a couple of days of PURE being installed. The incompatible products detected by GSI were obviously a red-herring.

 

So thanks for the help on this, and if I ever get to the root cause, I'll post up my findings.

 

Midge

 

Share this post


Link to post

Hello.

 

Well, I'm not saying you should to that, but perhaps you could think about fresh installing everything. Your GSI indicates that last windows install was 4 years ago, and reinstall should definitely let you install PURE normally, so if you have time maybe you could reconsider it.

Share this post


Link to post

A shot in the dark, might be to check for overheating, maybe dust built up or pet hair, vents plugged?

Edited by rudger79

Share this post


Link to post
A shot in the dark, might be to check for overheating, maybe dust built up or pet hair, vents plugged?

 

Thanks for the ideas guys. One thing we have established is it tends to occur reasonably quickly after boot, (though there have been a small number of exceptions to this such as a couple BSOD on shutdown). So if it survives the first 10 minutes, there is every chance it will run for hours. This tends to point away from an overheat (it's pretty spotless inside for an older machine).

 

At the moment, attention is focusing on the 1G DIMM which was probably the last change to the machine prior to PURE going on. Eventhough it passes Memtest OK, I've had the old 256M DIMM running in its place since yesterday. The machine runs terribly slowly as you'd expect, but it was totally stable throughout the time it was in and I must have restarted it from cold a dozen times. I've just fitted the 1G back in to see whether it goes unstable again.

 

Midge.

 

 

Share this post


Link to post

And the news is that it did go unstable again starting the following morning, so looking strongly like the DIMM eventhough I can't get it to fail Memtest. I'm now back on the 256M while I source a replacement.

 

Thanks again to everyone who offered suggestions/help.

 

Midge.

Share this post


Link to post

Thanks - no, I hadn't come across the site, but I did turn up a Crucial 1G used DIMM on ebay the other day myself, so that is on its way to me. I'll bear this in mind for any other upgrades I do though - they seem reasonably priced.

Edited by Midge

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.