BSOD when trying to boot in safe mode - Windows 7 x86

That particular dump happened when I put the machine into sleep mode and is somehow tied to running SysnativeBSODCollectionApp.exe. I thought the machine went into sleep mode but apparently it shut down because when I hit the power button to wake it actually restarted. I've seen this happen before when running the collection app.

I subsequently renamed the Pxhelp20.sys file as suggested but booting into safe mode again resulted in same BSOD.

A new dump (with Pxhelsp20.sys renamed) is here:

MEMORY.zip - Google Drive
 
The old dump certainly has some power IRP problems when shutting down the CD drive, the IRP was never completed by the FDO, some third party driver mentioned by Xer.

Code: 
0: kd> !irp 87047638
Irp is active with 6 stacks 5 is current (= 0x87047738)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
>[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)]
            0 e1 87b71030 00000000 00000000-00000000    pending
	       \Driver\cdrom
			Args: 00015400 00000001 00000004 00000003
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-88e04808    

			Args: 00000000 00000000 00000000 00000000
0: kd> !drvobj \Driver\cdrom
Driver object (8709e8e8) is for:
 \Driver\cdrom
Driver Extension List: (id , addr)
(8cd42425 8789b638)  
Device Object list:
8875a6a8  87b71030  
0: kd> !devobj 8875a6a8
Device object (8875a6a8) is for:
 CdRom1 \Driver\cdrom DriverObject 8709e8e8
Current Irp 00000000 RefCount 0 Type 00000002 Flags 00002052
Vpb 88750748 Dacl 8f0b37c4 DevExt 8875a190 DevObjExt 8875a780 Dope 8876a158 
ExtensionFlags (0x00000800)  DOE_DEFAULT_SD_PRESENT
Characteristics (0x00000101)  FILE_REMOVABLE_MEDIA, FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) 88791018*** ERROR: Module load completed but symbols could not be loaded for PxHelp20.sys
 \Driver\PxHelp20
Device queue is not busy.
0: kd> !devobj 87b71030
Device object (87b71030) is for:
 CdRom0 \Driver\cdrom DriverObject 8709e8e8
Current Irp 00000000 RefCount 2 Type 00000002 Flags 00002050
Vpb 87bbe638 Dacl 8e135a3c DevExt 87cf4cc0 DevObjExt 87b71108 Dope 87bbe5f0 
ExtensionFlags (0x00000800)  DOE_DEFAULT_SD_PRESENT
Characteristics (0x00000101)  FILE_REMOVABLE_MEDIA, FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) 87e74018 \Driver\PxHelp20
Device queue is not busy.
0: kd> !lmi PxHelp20
Loaded Module Info: [pxhelp20] 
         Module: PxHelp20
   Base Address: 8cf46000
     Image Name: PxHelp20.sys
   Machine Type: 332 (I386)
     Time Stamp: 4dcc15ec Thu May 12 18:16:28 2011
           Size: 9520
       CheckSum: 15341
Characteristics: 30e stripped 
Debug Data Dirs: Type  Size     VA  Pointer
                 MISC   110,     0,    9520  [Debug data not mapped]
                  FPO   290,     0,    9630  [Debug data not mapped]
    Symbol Type: NONE     - PDB not found from image header.
    Load Report: no symbols loaded
0: kd> !devstack 87b71030 
  !DevObj   !DrvObj            !DevExt   ObjectName
> 87b71030  \Driver\cdrom      87cf4cc0  CdRom0
  87e74018  \Driver\PxHelp20   87e740d0  
  8612c930  \Driver\ACPI       86107260  
  8616f610  \Driver\atapi      8616f6c8  IdeDeviceP1T0L0-1
!DevNode 86165500 :
  DeviceInst is "IDE\CdRomATAPI_iHAS124___B_______________________AL0H____\5&33e30520&0&1.0.0"
  ServiceName is "cdrom"


//This looks like the thread which initiated the IRP

0: kd> !thread 8909dc90  
THREAD 8909dc90  Cid 0004.0c40  Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
    c6c83a8c  SynchronizationEvent
Not impersonating
DeviceMap                 8e008840
Owning Process            860c83b0       Image:         System
Attached Process          N/A            Image:         N/A
Wait Start TickCount      3148659        Ticks: 38664 (0:00:10:03.162)
Context Switch Count      39             IdealProcessor: 3             
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!PopIrpWorker (0x83663c5c)
Stack Init c6c83fd0 Current c6c83970 Base c6c84000 Limit c6c81000 Call 0
Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
ChildEBP RetAddr  Args to Child              
c6c83988 836ccefd 8909dc90 00000000 8f300120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
c6c839c0 836cbd57 8909dd50 8909dc90 c6c83a8c nt!KiSwapThread+0x266
c6c839e8 836c55af 8909dc90 8909dd50 00000000 nt!KiCommitThreadWait+0x1df
c6c83a64 8ccfbcea c6c83a8c 00000000 00000000 nt!KeWaitForSingleObject+0x393
c6c83ab8 8ccff1ca 87cf48b0 00b417a8 c6c83b14 Wdf01000!FxIoTarget::SubmitSync+0x216 (FPO: [Non-Fpo])
c6c83af0 91456916 00000020 87b417a8 87cf48b0 Wdf01000!imp_WdfRequestSend+0x1fe (FPO: [4,5,4])
c6c83b34 91456790 00000004 87ab6200 87ab6248 cdrom!DeviceSendPowerProcessRequest+0x15b (FPO: [Non-Fpo])
c6c83b48 8cd0fb58 7830b4b8 00000004 8cd63d88 cdrom!DeviceEvtD0Exit+0x83 (FPO: [Non-Fpo])
c6c83b6c 8cd102d3 c6c83c10 8cd0ee18 87ab6248 Wdf01000!FxPkgPnp::PowerGotoDxIoStopped+0xb3 (FPO: [0,1,4])
c6c83b74 8cd0ee18 87ab6248 00001000 8cd63d60 Wdf01000!FxPkgPnp::PowerGotoDNotZeroIoStopped+0xd (FPO: [Non-Fpo])
c6c83c10 8cd0e2e5 87ab6248 0000031c 87ab6368 Wdf01000!FxPkgPnp::PowerEnterNewState+0x15c (FPO: [Non-Fpo])
c6c83c38 8cd0e0e1 87ab6248 c6c83c64 c6c83ca8 Wdf01000!FxPkgPnp::PowerProcessEventInner+0x167 (FPO: [2,3,4])
c6c83c70 8cd0816b 87ab6248 8cd080d6 8795c5b0 Wdf01000!FxPkgPnp::PowerProcessEvent+0x185 (FPO: [1,7,4])
c6c83c78 8cd080d6 8795c5b0 87ab6248 c6c83cb4 Wdf01000!FxPkgFdo::DispatchDeviceSetPower+0x89 (FPO: [0,0,0])
c6c83c88 8cd04d85 87ab6248 c6c83ca8 87cf4c04 Wdf01000!FxPkgFdo::_DispatchSetPower+0x28 (FPO: [Non-Fpo])
c6c83cb4 8ccff52e 87047638 87b71030 87047638 Wdf01000!FxPkgPnp::Dispatch+0x1ad (FPO: [1,3,4])
c6c83cdc 8ccff39f 02b71030 87047638 87b71030 Wdf01000!FxDevice::Dispatch+0x155 (FPO: [Non-Fpo])
c6c83cf8 83663fad 87b71030 87047638 00000000 Wdf01000!FxDevice::DispatchWithLock+0x77 (FPO: [Non-Fpo])
c6c83d50 8385b45b 82410470 ec781b16 00000000 nt!PopIrpWorker+0x351
c6c83d90 836ff9c9 83663c5c 82410470 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

//Not getting much from the lock either.

0: kd> dt nt!_KEVENT c6c83a8c -r
   +0x000 Header           : _DISPATCHER_HEADER
      +0x000 Type             : 0x1 ''
      +0x001 TimerControlFlags : 0 ''
      +0x001 Absolute         : 0y0
      +0x001 Coalescable      : 0y0
      +0x001 KeepShifting     : 0y0
      +0x001 EncodedTolerableDelay : 0y00000 (0)
      +0x001 Abandoned        : 0 ''
      +0x001 Signalling       : 0 ''
      +0x002 ThreadControlFlags : 0x4 ''
      +0x002 CpuThrottled     : 0y0
      +0x002 CycleProfiling   : 0y0
      +0x002 CounterProfiling : 0y1
      +0x002 Reserved         : 0y00000 (0)
      +0x002 Hand             : 0x4 ''
      +0x002 Size             : 0x4 ''
      +0x003 TimerMiscFlags   : 0 ''
      +0x003 Index            : 0y0
      +0x003 Processor        : 0y00000 (0)
      +0x003 Inserted         : 0y0
      +0x003 Expired          : 0y0
      +0x003 DebugActive      : 0 ''
      +0x003 ActiveDR7        : 0y0
      +0x003 Instrumented     : 0y0
      +0x003 Reserved2        : 0y0000
      +0x003 UmsScheduled     : 0y0
      +0x003 UmsPrimary       : 0y0
      +0x003 DpcActive        : 0 ''
      +0x000 Lock             : 0n262145
      +0x004 SignalState      : 0n0
      +0x008 WaitListHead     : _LIST_ENTRY [ 0x8909dd50 - 0x8909dd50 ]
         +0x000 Flink            : 0x8909dd50 _LIST_ENTRY [ 0xc6c83a94 - 0xc6c83a94 ]
         +0x004 Blink            : 0x8909dd50 _LIST_ENTRY [ 0xc6c83a94 - 0xc6c83a94 ]

The new dump file has saved practically nothing of any use, can't even get a stack trace.
 
I agree - it definitely appears that Roxio is somehow involved.

Update your Roxio installation to the latest version or remove completely.
 
jcgriff2 said:
I agree - it definitely appears that Roxio is somehow involved.

Update your Roxio installation to the latest version or remove completely.
Click to expand...

I've removed all Roxio the best I can through control panel > programs and features as well as used MicrosoftFixit.ProgramInstallUninstall.RNP.134545903243642.2.1.Run.exe but the BSOD remains.

NirSoft DriverView still shows the following drivers Sonic Solutions (Roxio) drivers:

SahdIa32.sys
SaibIa32.sys
c2scsi.sys
SaibVd32.sys

I'm guessing that these continue to be a problem. I haven't found a way to remove these drivers. Any suggestions on how to remove them would be greatly appreciated. Thanks!

Tom
 
Try this command from an elevated command prompt and then paste here the content of DriversInfo.txt that should appear on your desktop, possibly inside hide and code forum tags or at least code tag only:
(sc queryex SahdIa32 && sc qc SahdIa32 && sc queryex SaibIa32 && sc qc SaibIa32 && sc queryex c2scsi && sc qc c2scsi && sc queryex saibvd32 && sc qc saibvd32) > "%userprofile%\desktop\DriversInfo.txt"
Click to expand...

Next step could be to use the sc delete command, after approval by moderators/admins.
 
xilolee said:
Try this command from an elevated command prompt and then paste here the content of DriversInfo.txt that should appear on your desktop, possibly inside hide and code forum tags or at least code tag only:
(sc queryex SahdIa32 && sc qc SahdIa32 && sc queryex SaibIa32 && sc qc SaibIa32 && sc queryex c2scsi && sc qc c2scsi && sc queryex saibvd32 && sc qc saibvd32) > "%userprofile%\desktop\DriversInfo.txt"
Click to expand...

Next step could be to use the sc delete command, after approval by moderators/admins.
Click to expand...

Here's the output:

SERVICE_NAME: SahdIa32
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SahdIa32
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\Drivers\SahdIa32.sys
LOAD_ORDER_GROUP : Filter
TAG : 2
DISPLAY_NAME : HDD Filter Driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: SaibIa32
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: SaibIa32
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\Drivers\SaibIa32.sys
LOAD_ORDER_GROUP : PnP Filter
TAG : 5
DISPLAY_NAME : Volume Filter Driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: c2scsi
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: c2scsi
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\c2scsi.sys
LOAD_ORDER_GROUP : SCSI Miniport
TAG : 64
DISPLAY_NAME : c2scsi
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: saibvd32
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: saibvd32
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\Drivers\SaibVd32.sys
LOAD_ORDER_GROUP :
TAG : 5
DISPLAY_NAME : Virtual Disk Driver
DEPENDENCIES :
SERVICE_START_NAME :


I found the following by haven't tried it. Please let me know if it is an advisable (relatively safe) thing to try:

"Drivers have a corresponding service entry in the registry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services). Each of the keys that represents a driver has a "Start" value of type REG_DWORD that specifies the startup type from the driver." The table below is pasted as HTML:

<table border="1" cellpadding="2" cellspacing="2"> <tbody>
<tr> <td valign="top">MSinfo32.exe Start Mode</td> <td valign="top">Startup Type</td> <td valign="top">Value</td> <td valign="top">Description</td> </tr>
<tr> <td valign="top">Boot</td> <td valign="top">SERVICE_BOOT_START</td> <td valign="top">0x00000000</td> <td valign="top">Drivers that need to be loaded by the boot loader to successfully boot the system.</td> </tr>
<tr> <td valign="top">System</td> <td valign="top">SERVICE_SYSTEM_START</td> <td valign="top">0x00000001</td> <td valign="top">The driver is not required for system start, but identifies a device that the associated bus driver cannot enumerate.</td> </tr>
<tr> <td valign="top">Auto</td> <td valign="top">SERVICE_AUTO_START</td> <td valign="top">0x00000002</td> <td valign="top">The driver is started automatically, but is not required at system boot time.</td> </tr>
<tr> <td valign="top">Manual</td> <td valign="top">SERVICE_DEMAND_START</td> <td valign="top">0x00000003</td> <td valign="top">The driver is started on demand by either the service control manager or the PnP manager. This setting is used when the driver is not required at boot time.</td> </tr>
<tr> <td valign="top">Disabled</td> <td valign="top">SERVICE_DISABLED</td> <td valign="top">0x00000004</td> <td valign="top">The driver does not start in this case.</td> </tr>
</tbody> </table>
 
You could use sc delete (from an elevated command prompt) with each driver, like this:
sc delete SahdIa32 && sc delete SaibIa32 && sc delete c2scsi && sc delete SaibVd32
Click to expand...
Or you can separate commands and try one by one.
Then restart the machine.

But I'd wait moderators/admins approval, like I said in my previous reply.
 
I haven't heard from the moderators/admins yet. In your opinion, wouldn't it be safer to create a restore point and change the registry as outlined in my post #26 rather than use sc delete?
 
Imo, it's safer to use those commands and then you can delete those files without problems.
You can use the usual precautions: system image and system restore.
 
xilolee said:
Imo, it's safer to use those commands and then you can delete those files without problems.
You can use the usual precautions: system image and system restore.
Click to expand...

Unfortunately, Control Panel > Backup and Restore crashes Windows Explorer on my machine, so I can't get to the point of creating a system image. My backup software can do this, but I think creating a restore point is a more desirable option. However, I'm not sure if a restore point will undo the changes using the sc command. I do believe it will undo the changes to the registry modifying the drivers to be disabled. I'd appreciate your advise on this situation.
 
I'm not sure I completely understood your concern...

If you intend to "kill" those 4 drivers, the SC command should be the safer option (then restart pc and delete those 4 drivers manually, put them in recycle bin, check if you have deleted the correct files, then you can leave them in recycle bin some days or remove them completely).

A complete backup with your preferred software AND a system restore point are always a good "safety net".
 
My concern is that I feel it is easier (and safer) to recover using a restore point rather than to restore my entire drive from backup. I consider my system backup to primarily be intended for disaster recovery, but it can do file and folder recovery in addition to disk recovery if I need to.
 
My concern is just that I feel it's quicker and easier (and perhaps safer) to recover from a restore point rather than to recover the entire system from my disk backup. I look at my disk backup as being for disaster recovery.
 
My concern is just that I feel it's quicker and easier (and perhaps safer) to recover from a restore point rather than to recover the entire system from my disk backup. I look at my disk backup as being for disaster recovery. (Sorry if this shows up as a duplicate post from restarting my browser).
 
As far as I'm aware, yes, a fully-inclusive restore point will revert any changes made via SC. If you want to double check if these services have any dependencies, simply run the command "sc enumdepend <service name>" from CMD. There likely won't be any dependencies (you should see [SC] EnumDependentServices: entriesread = 0), and it should be pretty safe to delete these services. The drivers that were listed, SahdIa32.sys, SaibIa32.sys, c2scsi.sys, and SaibVd32.sys, are all either Sonic or Roxio drivers; nothing system dependent. You can also manually export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key from RegEdit before deleting the services for manual restoration.
 
Last edited:
tjsepka said:
The response I got to running the sc enumdepend on each of the files was:

[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
Click to expand...

Sorry if this was unclear, did you run the command against the driver names (e.g. saibvd32.sys) instead of the service names (saibvd32)? I suppose it doesn't matter if they're deleted now. Have you tried re-entering safe mode since the system repair? It will be even more difficult to troubleshoot if the SafeMode crash is no longer generating kernel dumps.
 
Back
Top