amd Is it safe to remove a faulty *.sys file to bypass a BSOD and re-install it upon boot?

[mr cheese]

So after a botched installation of AMD QuickStream (courtesy of AMD Catalyst update), there is a faulty file causing repeated B(in my case G)SOD's.

The file is appexDrv.sys, and it is causing IRQL errors on every boot except safe mode.

And thanks to AMD making great catalyst installers /s I can't fix the file in Safe Mode.

 

I'm wondering if I cant kind of "drag it to the Recycling Bin" (lol jk delete it) at this point so I can get my computer back and install it in Clean Boot.

 

This will probably break something. Can I just?

 

Excerpt from a minidump:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff800308e42b0}

*** WARNING: Unable to verify timestamp for appexDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for appexDrv.sys
Probably caused by : appexDrv.sys ( appexDrv+b000 )
Followup:     MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800308e42b0, address which referenced memory

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.17107.1000 (WinBuild.160101.0800)

SYSTEM_MANUFACTURER:  Hewlett-Packard

SYSTEM_PRODUCT_NAME:  HP Pavilion dv6 Notebook PC

SYSTEM_SKU:  A3G60AV

SYSTEM_VERSION:  0790100000205710000620100

BIOS_VENDOR:  Insyde

BIOS_VERSION:  F.23

BIOS_DATE:  09/04/2013

BASEBOARD_MANUFACTURER:  Hewlett-Packard

BASEBOARD_PRODUCT:  182D

BASEBOARD_VERSION:  55.25

DUMP_TYPE:  2

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff800308e42b0

READ_ADDRESS: fffff80030cd4388: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KeWaitForSingleObject+2b0
fffff800`308e42b0 483901          cmp     qword ptr [rcx],rax

CPU_COUNT: 4

CPU_MHZ: 768

CPU_VENDOR:  AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 10

CPU_STEPPING: 1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  System

ANALYSIS_SESSION_HOST:  JAKE-BRICKD

ANALYSIS_SESSION_TIME:  03-17-2018 13:27:25.0628

ANALYSIS_VERSION: 10.0.16299.91 amd64fre

TRAP_FRAME:  ffffef8f7eaac610 -- (.trap 0xffffef8f7eaac610)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8002f6793c8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800308e42b0 rsp=ffffef8f7eaac7a0 rbp=ffffef8f7eaac821
 r8=fffff78000000008  r9=fffff780000003b0 r10=0000000000000000
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KeWaitForSingleObject+0x2b0:
fffff800`308e42b0 483901          cmp     qword ptr [rcx],rax ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80030a446e9 to fffff80030a32130

STACK_TEXT:  
ffffef8f`7eaac4c8 fffff800`30a446e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffef8f`7eaac4d0 fffff800`30a40bbc : ffffdf01`c7571840 ffffef8f`00000000 ffffdf01`c7571840 fffff800`0000000c : nt!KiBugCheckDispatch+0x69
ffffef8f`7eaac610 fffff800`308e42b0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x47c
ffffef8f`7eaac7a0 fffff800`2f65b000 : fffff800`2f6793c0 fffff800`00000000 ffffef8f`7eaaca00 fffff800`2f658700 : nt!KeWaitForSingleObject+0x2b0
ffffef8f`7eaac880 fffff800`2f6793c0 : fffff800`00000000 ffffef8f`7eaaca00 fffff800`2f658700 00000000`00000000 : appexDrv+0xb000
ffffef8f`7eaac888 fffff800`00000000 : ffffef8f`7eaaca00 fffff800`2f658700 00000000`00000000 00000000`c0000001 : appexDrv+0x293c0
ffffef8f`7eaac890 ffffef8f`7eaaca00 : fffff800`2f658700 00000000`00000000 00000000`c0000001 fffff800`2f659280 : 0xfffff800`00000000
ffffef8f`7eaac898 fffff800`2f658700 : 00000000`00000000 00000000`c0000001 fffff800`2f659280 fffff800`2f652ae0 : 0xffffef8f`7eaaca00
ffffef8f`7eaac8a0 00000000`00000000 : 00000000`c0000001 fffff800`2f659280 fffff800`2f652ae0 fffff800`2f650000 : appexDrv+0x8700


THREAD_SHA1_HASH_MOD_FUNC:  9248d2768d19ef514e0d3b37acef6c7ac2fe686d

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  9fe305821825c72b0448eaf65f237a7200789737

THREAD_SHA1_HASH_MOD:  255c999161ef48f3a4a70a54b18c26a606c49bc4

FOLLOWUP_IP: 
appexDrv+b000
fffff800`2f65b000 85c0            test    eax,eax

FAULT_INSTR_CODE:  2d75c085

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  appexDrv+b000

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: appexDrv

IMAGE_NAME:  appexDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4efbc40e

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  b000

FAILURE_BUCKET_ID:  AV_appexDrv!unknown_function

BUCKET_ID:  AV_appexDrv!unknown_function

PRIMARY_PROBLEM_CLASS:  AV_appexDrv!unknown_function

TARGET_TIME:  2018-03-06T23:02:51.000Z

OSBUILD:  17107

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-02-20 18:55:08

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.17107.1000

ANALYSIS_SESSION_ELAPSED_TIME:  2458

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_appexdrv!unknown_function

FAILURE_ID_HASH:  {c9c211e4-f70b-8ec5-ba35-8bbc1ac2f7c1}

3 Minidumps attached, each from the same computers on different days

 

022618-68062-01.dmp

030618-28140-01.dmp

030718-28890-01.dmp

 

First Post on the subject

Edited March 17, 2018 by DaJakerBoss
just adding context

[Jarno.]

You can just test this by first backupping the file to another device then just remove the original file at your computer. IF the computer doesnt boot anymore. Just use a linux live cd to put the original file back from the backup.

 

If you're not sure how to do this, then its probably better to not remove the file

[mr cheese]

19 minutes ago, Jarno. said:

You can just test this by first backupping the file to another device then just remove the original file at your computer. IF the computer doesnt boot anymore. Just use a linux live cd to put the original file back from the backup.

 

If you're not sure how to do this, then its probably better to not remove the file

I guess i could just try that. I have 2 versions of Windows 10 (Stable and Insider - Fast) and Ubuntu. I'm covered in the recovery area.

 

Thanks for responding. You're the first person to respond to my more "advanced" posts.

[Jarno.]

2 minutes ago, DaJakerBoss said:

I guess i could just try that. I have 2 versions of Windows 10 (Stable and Insider - Fast) and Ubuntu. I'm covered in the recovery area.,

 

Thanks for responding. You're the first person to respond to my more "advanced" posts.

You're welcome, let me know how it goes.

[mr cheese]

1 minute ago, Jarno. said:

You're welcome, let me know how it goes.

One more thing. Indexed the faulty Windows drive and found a copy of appexDrv.sys in a Windows.old

 

What do you thing about replacing these?

[Jarno.]

Did you do a windows upgrade before this issue first occured? Windows.old is folder which Windows stores all files which are necressary to rollback to an older version. Looking at the path of the files they seems to be related to drivers indeed so it might be worth a try.

 

[mr cheese]

Just now, Jarno. said:

Did you do a windows upgrade before this issue first occured? Windows.old is folder which Windows stores all files which are necressary to rollback to an older version. Looking at the path of the files they seems to be related to drivers indeed so it might be worth a try.

 

Yes I am in Insider - Fast Ring so I update sometime between 7 and 1 days before the GSOD

[Jarno.]

Then its very likely that the upgrade has something to do with it. Either try to replace those files or to rollback windows.

 

Edit: After you got back in older windows 10 or after recovery of the files. Make sure that you block driver upgrade for the GPU. By either using group policy or disabling driver updates in general. This is somewhat different between pro and home version.

[mr cheese]

4 minutes ago, Jarno. said:

Then its very likely that the upgrade has something to do with it. Either try to replace those files or to rollback windows.

well i updated the drivers after a successful update

[Jarno.]

2 minutes ago, DaJakerBoss said:

well i updated the drivers after a successful update

So that driver upgrade broke something? Did you get the driver from AMD site or just upgraded with windows updates/device manager?

[mr cheese]

1 minute ago, Jarno. said:

So that driver upgrade broke something? Did you get the driver from AMD site or just upgraded with windows updates/device manager?

*ahem* wrong button sorry

I got the driver from AMD's site

Hung on AMD QuickStream

[Jarno.]

hm i see, if this doesnt work either then im pretty much out of idea's for the time being. You could reinstall windows at that partition but that will probably break grub in progress which you have to fix then.. Based at your earlier commend i assume that you're dual booting right?

[mr cheese]

8 hours ago, Jarno. said:

hm i see, if this doesnt work either then im pretty much out of idea's for the time being. You could reinstall windows at that partition but that will probably break grub in progress which you have to fix then.. Based at your earlier commend i assume that you're dual booting right?

Triple booting in the sketchiest way possible

[mr cheese]

On 3/17/2018 at 2:47 PM, Jarno. said:

hm i see, if this doesnt work either then im pretty much out of idea's for the time being. You could reinstall windows at that partition but that will probably break grub in progress which you have to fix then.. Based at your earlier commend i assume that you're dual booting right?

So I tried replacing the appexDrv.sys with the one located in Windows.old ans got no result.

 

Now I am extremely disappointed because when I deleted the appexDrv.sys entirely,

the computer booted.

 

All this time and energy and ALL I HAD TO PRESS WAS THE DELETE KEY.

[Jarno.]

On 18-3-2018 at 8:52 PM, DaJakerBoss said:

So I tried replacing the appexDrv.sys with the one located in Windows.old ans got no result.

 

Now I am extremely disappointed because when I deleted the appexDrv.sys entirely,

the computer booted.

 

All this time and energy and ALL I HAD TO PRESS WAS THE DELETE KEY.

 

Oh wow thats a shame indeed. Good that deleing it worked though but if i remember correctly that was my first suggestion Place all files back with a live CD in case it doesn't work.