BSOD when trying to boot in safe mode - Windows 7 x86

The dump isn't very helpful, again nothing saved.
Given that it's the same virtual address being referenced. I'm going to take a guess and say that it's a buggy driver miscalculating its pointer.
Does this BSOD only happen in safe mode?
Have we tried driver verifier?
 
Here's the output from chkdsk /r:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk C:.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x48fc2.
Cleaning up instance tags for file 0x4fd75.
525312 file records processed. File verification completed.
1033 large file records processed. 0 bad file records processed. 0 EA records processed. 47 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
639816 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
525312 file SDs/SIDs processed. Cleaning up 3551 unused index entries from index $SII of file 0x9.
Cleaning up 3551 unused index entries from index $SDH of file 0x9.
Cleaning up 3551 unused security descriptors.
Security descriptor verification completed.
57253 data files processed. CHKDSK is verifying Usn Journal...
33642584 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
525296 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
174202884 free clusters processed. Free space verification is complete.
Windows has made corrections to the file system.

976567295 KB total disk space.
278994292 KB in 253657 files.
162104 KB in 57254 indexes.
0 KB in bad sectors.
599363 KB in use by the system.
4096 KB occupied by the log file.
696811536 KB available on disk.

4096 bytes in each allocation unit.
244141823 total allocation units on disk.
174202884 allocation units available on disk.

Internal Info:
00 04 08 00 89 be 04 00 cf dd 07 00 00 00 00 00 ................
51 aa 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 Q.../...........
38 72 42 00 50 01 40 00 d8 2f 40 00 00 00 40 00 8rB.P.@../@...@.

Windows has finished checking your disk.
Please wait while your computer restarts.
 
xilolee said:
Jared said:
Have we tried driver verifier?
Click to expand...
Not yet :banghead:
Click to expand...

Yes, it was run. Eventually an Acronis driver (snapman.sys, if I remember correctly) was identified. Acronis is now uninstalled (it wasn't easy!). I'll run it again. The BSOD still continued after I completely removed it. A memory dump link and SysnativeBSODCollectionApp update is just above in this thread with chkdsk /r results, as recommended.
 
Jared said:
The dump isn't very helpful, again nothing saved.
Given that it's the same virtual address being referenced. I'm going to take a guess and say that it's a buggy driver miscalculating its pointer.
Does this BSOD only happen in safe mode?
Have we tried driver verifier?
Click to expand...

Yes, only when trying to boot in safe mode. Driververfier is being re-run right now.
 
There is still a Sonic Solutions (Roxio) that I haven't been able to get rid of:

sahdia32.sys

It's listed for both my internal and external USB drives.

I posted some things I was able to find on my system about this driver earlier in this thread.

I find this key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles
(It's listed in other places, too, but I thought this entry might be of significance).

Its entry is:
%SystemPath%\system32\DRIVERS\sahdia32.sys

Hopefully some of the things I've found help.
 
Last edited:
Jared said:
The dump isn't very helpful, again nothing saved.
Given that it's the same virtual address being referenced. I'm going to take a guess and say that it's a buggy driver miscalculating its pointer.
Does this BSOD only happen in safe mode?
Have we tried driver verifier?
Click to expand...

Just for clarification, I get the BSOD before ever getting into safe mode. It crashes while loading drivers.
 
I found this in MSinfo:
Acronis Virtual Disk Bus - ROOT\ACRONISDEVICES\0000 - Failure using the VxD loader.
Click to expand...
You can try to search it and remove it from device manager.

In your %Path% there are:
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\VHStoDVD\DLLShared\
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\13.0\DLLShared\
C:\Program Files\Acronis\TrueImageHome\
Click to expand...

You can set your path from an elevated command prompt (I removed those entries):
set path=C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;c:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft Network Monitor 3\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Imaging\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Windows Live\Shared;C:\ProgramData\Oracle\Java\javapath;C:\system\Nmap;C:\system\smartmontools\bin;C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;
Click to expand...
But I noticed you have installed aomei backupper (right?), hence maybe the path was changed; in this case, you can add also acronis path or, if you prefer, post here your new path and I'll adjust it.

You have also this environment variable:
EMC_AUTOPLAY C:\Program Files\Common Files\Roxio Shared\
Click to expand...

After changing path, reboot and see if your machine accepts it...
If it doesn't, this is your old path (I've found it in SetEnvironmentVar.txt, i.e. one of your logs):
Read More:
 
The BSOD behavior hasn't changed after doing the best I could to make the changes you outlined. I've inserted some answers below (also in blue). The BSOD occurs after the driver ambakdrv.sys is on the screen. The driver loading pauses for a while at this point and then the BSOD appears. Is there a way to know which driver is being loaded after ambakdrv.sys?

xilolee said:
I found this in MSinfo:
Acronis Virtual Disk Bus - ROOT\ACRONISDEVICES\0000 - Failure using the VxD loader.
Click to expand...
You can try to search it and remove it from device manager.

I'm unable to delete in regedit. It just says Cannot delete ACRONISDEVICES: Error while deleting key. I, able to click on the Control and LogConf subkeys, but when I click on the Properties key I get:

Properties cannot be opened.
Anerror is preventing this key from being opened.
Details: Access is denied.


In your %Path% there are:
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\VHStoDVD\DLLShared\
C:\Program Files\Common Files\Roxio Shared\DLLShared\
C:\Program Files\Common Files\Roxio Shared\13.0\DLLShared\
C:\Program Files\Acronis\TrueImageHome\
Click to expand...

You can set your path from an elevated command prompt (I removed those entries):
set path=C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;c:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft Network Monitor 3\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Imaging\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Windows Live\Shared;C:\ProgramData\Oracle\Java\javapath;C:\system\Nmap;C:\system\smartmontools\bin;C:\Windows;C:\Windows\system32;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;
Click to expand...
But I noticed you have installed aomei backupper (right?), hence maybe the path was changed; in this case, you can add also acronis path or, if you prefer, post here your new path and I'll adjust it.

I think I need to modify the proper entry in registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment for this to have this chane be persistent.

 You have also this environment variable:
EMC_AUTOPLAY C:\Program Files\Common Files\Roxio Shared\
Click to expand...

I think I need to delete the proper entry in registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment for this to have this chane be persistent.

After changing path, reboot and see if your machine accepts it...
If it doesn't, this is your old path (I've found it in SetEnvironmentVar.txt, i.e. one of your logs):
Read More:
Click to expand...
 
Sorry, I thought it could be changed permanently from the elevated command prompt, instead I found the best way to set the environment variables is from Control Panel\System and Security\System - advanced system settings, environment variables.

The same is true for your EMC_AUTOPLAY variable, even though I'm not sure on what it will happen after you removed it...

IMO, it should be considered a bug the fact that it doesn't correctly work from an elevated command prompt.
 
Last edited:
tjsepka said:
Is there a way to know which driver is being loaded after ambakdrv.sys?
Click to expand...
Open msconfig (click start, in the searchbox or in the run window type msconfig), go to boot tab, select boot log and safe boot - network, click ok, restart windows, wait for the bsod, start windows normally, run this command from an elevated command prompt:
move C:\Windows\ntbtlog.txt "%userprofile%\desktop\SafeModeBootLog.txt"
Click to expand...
(Or just go to c:\windows and copy/move the log on your desktop, or leave it there)
Then post its content (or directly the file, if it's too long) here because we can also see it...
 
Last edited:
xilolee said:
tjsepka said:
Is there a way to know which driver is being loaded after ambakdrv.sys?
Click to expand...
Open msconfig (click start, in the searchbox or in the run window type msconfig), go to boot tab, select boot log and safe boot - network, click ok, restart windows, wait for the bsod, start windows normally, run this command from an elevated command prompt:
move C:\Windows\ntbtlog.txt "%userprofile%\desktop\SafeModeBootLog.txt"
Click to expand...
(Or just go to c:\windows and copy/move the log on your desktop, or leave it there)
Then post its content (or directly the file, if it's too long) here because we can also see it...
Click to expand...

I was aware of that file, but it hadn't occurred to me that the load order in safe mode would be the same as in normal mode (or am I mistaken?). I had in my mind that the drivers loaded in safe mode might not be the same, or possibly a subset, of the ones that are loaded in normal mode. :banghead:

It's attached.
 

Attachments

tjsepka said:
The BSOD occurs after the driver ambakdrv.sys is on the screen.
Click to expand...

After it there's c2scsi.sys.
Can you guess whose it is? :smile9:

Open regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot and check if that one is present as a sub-key or as a value...
If it's there, try to rename it.
 
Last edited:
Ah, that's why I didn't see your suggestion.

A search of the registry turns up these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\c2scsi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\c2scsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\c2scsi

I deleted it from the current control set so we'll see what happens after I reboot (I took the normal precautions first). I'll see how much more I can try this evening, but I'll be leaving town until Saturday August 6th and won't have a chance to get back to this thread until then. Any other suggestion you might come up with in the mean time would be greatly appreciated.
 
Back
Top