This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 36%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Hi,
recently, after the last windows 10 update ever, my pc went to reboot as normal but failed with a message that mentions “klelam.sys”.
Ive searched multiple sites and found that this file belongs to the Kaspersky AV suite that i uninstalled nearly 2 years ago. Ive been using Defender since then with zero issues after multiple reboots.
I cannot start windows in any form of safe mode.
i can start the RE but the find/repair options do not work.
i cannot select option 8 (‘do not use elam’) from the RE menu options as the pc just hangs.
ive run multiple virus scans and removed a few bits of malware that the various tools identified.
ive searched the pc and cannot find klelam.sys but there are a number of elam.sys (which i think are the windows default files).
Ive used the 3 bcdedit commands to recreate the boot files just in case.
I have run various repair tools from companies like easus, amoei, etc with no success as the error remains.
i have searched the system hive (mounted into Hirems windows recovery toolset) and cannot see any keys referencing Elam other than backup location so presume there are no policies set that would force the use of klelam.sys over Elam.sys
I have a hidden EFI partition of 300mb
boot drive is c
windows is located at c:\windows
i can read all of my NTFS c drive (including the files on the EFI partition which is formatted as fat32 and another 500mb system partition which is formatted to NTFS) in the RE
I really do not want to blow away the drive and reinstall windows as i have a few hundreds apps that would need reinstalling as i create music.
my question is how do i force the boot loader to use the default elam.sys file and remove references to klelam.sys when i cant boot windows to run an in place upgrade?
klelam.sys is as you indicate a driver associated to Kaspersky Security, and it is usually located in the C:\Windows\System32\Drivers folder, are you able to locate that file in there to delete it?
If not, you indicate you can access the recovery environment, have you tried performing a system restore to a date before your system would not boot up, or are you able to access Safe Mode?
Hi @DaveM121
thanks for the suggestion but I missed detailing that I cannot:
uninstall recent updates or
Roll back to a previous restore point (even though I use them religiously every change I make it seems there is not a single one in the relevant folder)
I have searched the entire registry - no mention of klelam.sys
i have searched the entire c drive - ditto.
this is what is infuriating, there isn’t a klelam.sys file in existence nor referenced anywhere (but there is an Elam.sys) yet boot fails with the same error ‘a file is missing - klelam.sys, please locate and reboot’ or words to the effect.
I’ve reset the Amd bios to system defaults and will try to reset the nvram just in case there is something in there.
anyone else got any suggestion on how to force Elam.sys into the boot to replace klelam.sys references?
thanks
