Tracking down a driver file that is causing BSOD

Question

Tracking down a driver file that is causing BSOD

I am trying to track down a BSOD that presents itself on a Win7 64 bit machine that happens right as soon as the Windows icon appears. it happens during Safe Mode as well. The last driver that loads is classpnp.sys.

1.) Does that mean that the driver that is failing is the one loading after classpnp.sys? 2.) Does removing the offending driver (once I know what that is) from sys32/drivers all I have to do to move around it? 3.) Can anyone tell me how to figure out which driver would load next (for whatever reason, no dump files are being created and I dont know how to enable it)

The BSOD error is: STOP: 0x0000007E (0xFFFFFFFFC0000005, 0xFFFFF800032D2C33, 0xFFFFF880009A9048, 0xFFFFF880009A88AO)

It happened after installing a trusted app.

CHKDSK is good, memory is good, sfc scannow says everything is good.

windows-7

bsod

asked on Super User Oct 27, 2012 by

John E.

1 Answer

1.) Does that mean that the driver that is failing is the one loading after classpnp.sys?

It usually is, unless classpnp.sys is the last driver loaded.

On my desktop (also win7-amd64), with OS boot information enabled the last displayed loaded drivers are:

...
fvevol.sys
disk.sys
CLASSPNP.SYS
avgrkx64.sys
avgidsha.sys

The last two are from AVG anti virus. Without those classPNP.sys would have been the last one. Unless you also installed AVG this seems to be a dead end.

For the record (or rather, for others who might find this post later)

If you working computer then you can run msconfig, select the 'boot' tab and mark OS boot information. This displays a list of loaded drivers during windows startup. You can also mark the boot log option, which will write a log to %systemroot%\nbtlog.txt (usually C:\Windows\ntbtlog.txt).

Screenshot of MSconfigs boot tab

However since your windows will not even boot in safe mode this might be hard to set. Some work around (e.g. a liveCD, and file or registry editing on the disk might be needed).

2.) Does removing the offending driver (once I know what that is) from sys32/drivers all I have to do to move around it?

If windows needs that driver and you remove it it will fail to boot succesfully. So the general answer is 'it depends on which driver is causing the problems.

My bootlog shows cdrom.sys to be loaded after classPNP and the AVG-sys files. Which might be relative harmless to move around. I repeat: might.

3.) Can anyone tell me how to figure out which driver would load next (for whatever reason, no dump files are being created and I don't know how to enable it)

This the full list of drivers as they are logged into nbtlog.txt on my system. If you installed extra drivers then yours might differ slightly.

 Service Pack 110 27 2012 15:15:08.610
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\ACPI.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\DRIVERS\vmci.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\vmbus.sys
Loaded driver \SystemRoot\system32\drivers\winhv.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\3ware10k.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\drivers\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\PxHlpa64.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\drivers\vmstorfl.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\DRIVERS\avgrkx64.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsha.sys
Loaded driver \SystemRoot\system32\drivers\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgmfx64.sys
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\drivers\mssmbios.sys
Loaded driver \??\C:\Program Files\HWiNFO64\HWiNFO64A.SYS
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgldx64.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmdag.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmpag.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
Loaded driver \SystemRoot\system32\drivers\1394ohci.sys
Loaded driver \SystemRoot\system32\drivers\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\drivers\wmiacpi.sys
Loaded driver \SystemRoot\system32\drivers\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\drivers\swenum.sys
Loaded driver \SystemRoot\system32\drivers\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\vmnetadapter.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\AtiHdmi.sys
Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
Loaded driver \SystemRoot\system32\drivers\HdAudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\drivers\USBSTOR.SYS
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\DRIVERS\vmnetbridge.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \??\C:\Windows\system32\drivers\hcmon.sys
Loaded driver \??\C:\Windows\system32\drivers\vmx86.sys
Loaded driver \??\C:\Windows\system32\drivers\cpuz134_x64.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \??\C:\Windows\system32\drivers\vmnetuserif.sys
Loaded driver \SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\System32\drivers\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\WUDFRd.sys
Loaded driver \SystemRoot\system32\drivers\tdtcp.sys
Loaded driver \SystemRoot\System32\DRIVERS\tssecsrv.sys
Loaded driver \SystemRoot\System32\Drivers\RDPWD.SYS

answered on Super User Oct 27, 2012 by

Hennes • edited Oct 27, 2012 by

Hennes

User contributions licensed under CC BY-SA 3.0