When you start your computer, the error 0xc000007b occurs, mentioning the name of the AVG driver. Here is the full error message verbatim:
Windows failed to start. A recent hardware or software change might be the cause. File: \Windows\system32\drivers\avgVmm.sys Status: 0xc000007b The operating system couldn't be loaded because a critical system driver is missing or contains errors.
AvgVmm.sys belongs to AVG Antivirus software.
Cause
The error 0xc000007b
(“STATUS_INVALID_IMAGE_FORMAT”) usually denotes a corrupt file.
# for hex 0xc000007b / decimal -1073741701 : STATUS_INVALID_IMAGE_FORMAT ntstatus.h # {Bad Image} # The application or DLL %hs is not a valid Windows image. # Please check this against your installation diskette.
Resolution
To resolve the issue, rename the AVG drivers and/or disable the AVG services via Windows Recovery Environment. This enables you to start Windows successfully.
(After three unsuccessful boot attempts, the OS takes you to the Recovery Options page. If that doesn’t happen, access the Windows Recovery Options by booting from the Windows 10/11 USB setup disk. You can create a bootable Windows 10/11 USB Setup disk using the method described in this article.)
Access the Windows Recovery Environment. In Windows RE, click Troubleshoot → Advanced options → Command Prompt.
Find out the drive letter of your Windows installation by typing bcdedit
. If Windows is installed on C:\
drive, it might be assigned D:\
in Windows RE, depending upon your disk layout. In some cases, the OS drive-letter (as seen from WinRE) may remain the same. The output of the bcdedit
command shows the Windows drive letter as Windows RE sees it.
Once you get the drive letter of your Windows installation (e.g., E:\
), run the following commands:
cd /d e:\windows\system32\drivers ren avgVmm.sys avgVmm.sys_old
The above command renames the AVG driver so that it doesn’t load with Windows. If you receive a similar error about another module, rename that as well. FYI, here’s the list of the other AVG driver files.
(Important: Renaming avgArDisk.sys and avgKbd.sys without removing the corresponding UpperFilters registry entries causes the INACCESSIBLE_BOOT_DEVICE Blue screen error.)
windows\system32\drivers\avgArDisk.sys windows\system32\drivers\avgArPot.sys windows\system32\drivers\avgbidsdriver.sys windows\system32\drivers\avgbidsh.sys windows\system32\drivers\avgbuniv.sys windows\system32\drivers\avgElam.sys windows\system32\drivers\avgKbd.sys windows\system32\drivers\avgMonFlt.sys windows\system32\drivers\avgNetHub.sys windows\system32\drivers\avgRdr2.sys windows\system32\drivers\avgRvrt.sys windows\system32\drivers\avgSnx.sys windows\system32\drivers\avgSP.sys windows\system32\drivers\avgStm.sys windows\system32\drivers\avgVmm.sys
Disable the AVG Services (Optional)
Additionally, using the following steps, you can set the startup type of the AVG services to “Disabled”. Doing so will prevent Windows from attempting to load the AVG drivers (in futile), as we’ve renamed the driver files earlier.
In the Windows RE Command Prompt, type:
Copy "E:\Windows\System32\Config\SYSTEM" "E:\Windows\System32\Config\SYSTEM.BAK" reg load HKLM\SYSTEM2 E:\Windows\System32\Config\SYSTEM Regedit.exe
In the Registry Editor window, set the “Start” value data to “4” in each of the following keys:
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\AVG Antivirus HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\AVG Tools HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgArDisk HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgArPot HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgbIDSAgent HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgbidsdriver HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgbidsh HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgbuniv HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgElam HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgKbd HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgMonFlt HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgNetHub HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgRdr HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgRvrt HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgSnx HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgSP HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgStm HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\avgVmm HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet001\Services\AVGWscReporter
(FYI, the value data of “4” means the Service is Disabled. “0” denotes Boot start, “2” is Automatic, “3” is “Manual”)
Then, go to:
HKEY_LOCAL_MACHINE\system2\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318} and HKEY_LOCAL_MACHINE\system2\ControlSet001\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}
Edit the UpperFilters multi-string value and remove the references to avgArDisk and avgKbd, respectively.
Exit the Registry Editor.
In the Command Prompt window, type:
reg unload HKEY_LOCAL_MACHINE\SYSTEM2
Exit Windows RE and restart Windows. None of the AVG drivers and services should load now. You can now uninstall AVG. If you need the program, you may reinstall it.
(This article is based on AVG Antivirus Free – Version 22.12.3264 – Build 22.12.7758.766).
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!