AvgVmm.sys Error 0xc000007b During Boot

When you start your computer, the error 0xc000007b occurs, mentioning the name of the AVG driver. Here is the full error message verbatim:

Windows failed to start. A recent hardware or software change might be the cause.

File: \Windows\system32\drivers\avgVmm.sys
Status: 0xc000007b

The operating system couldn't be loaded because a critical system driver is missing or contains errors.

avg error 0xc000007b

AvgVmm.sys belongs to AVG Antivirus software.

Cause

The error 0xc000007b (“STATUS_INVALID_IMAGE_FORMAT”) usually denotes a corrupt file.

# for hex 0xc000007b / decimal -1073741701 :
  STATUS_INVALID_IMAGE_FORMAT                                   ntstatus.h
# {Bad Image}
# The application or DLL %hs is not a valid Windows image.
# Please check this against your installation diskette.

Resolution

To resolve the issue, rename the AVG drivers and/or disable the AVG services via Windows Recovery Environment. This enables you to start Windows successfully.

(After three unsuccessful boot attempts, the OS takes you to the Recovery Options page. If that doesn’t happen, access the Windows Recovery Options by booting from the Windows 10/11 USB setup disk. You can create a bootable Windows 10/11 USB Setup disk using the method described in this article.)

Access the Windows Recovery Environment. In Windows RE, click Troubleshoot → Advanced options → Command Prompt.

Find out the drive letter of your Windows installation by typing bcdedit. If Windows is installed on C:\ drive, it might be assigned D:\ in Windows RE, depending upon your disk layout. In some cases, the OS drive-letter (as seen from WinRE) may remain the same. The output of the bcdedit command shows the Windows drive letter as Windows RE sees it.

Once you get the drive letter of your Windows installation (e.g., E:\ ), run the following commands:

cd /d e:\windows\system32\drivers
ren avgVmm.sys avgVmm.sys_old

The above command renames the AVG driver so that it doesn’t load with Windows. If you receive a similar error about another module, rename that as well. FYI, here’s the list of the other AVG driver files.

(Important: Renaming avgArDisk.sys and avgKbd.sys without removing the corresponding UpperFilters registry entries causes the INACCESSIBLE_BOOT_DEVICE Blue screen error.)

windows\system32\drivers\avgArDisk.sys
windows\system32\drivers\avgArPot.sys
windows\system32\drivers\avgbidsdriver.sys
windows\system32\drivers\avgbidsh.sys
windows\system32\drivers\avgbuniv.sys
windows\system32\drivers\avgElam.sys
windows\system32\drivers\avgKbd.sys
windows\system32\drivers\avgMonFlt.sys
windows\system32\drivers\avgNetHub.sys
windows\system32\drivers\avgRdr2.sys
windows\system32\drivers\avgRvrt.sys
windows\system32\drivers\avgSnx.sys
windows\system32\drivers\avgSP.sys
windows\system32\drivers\avgStm.sys
windows\system32\drivers\avgVmm.sys

Disable the AVG Services (Optional)

Additionally, using the following steps, you can set the startup type of the AVG services to “Disabled”. Doing so will prevent Windows from attempting to load the AVG drivers (in futile), as we’ve renamed the driver files earlier.

In the Windows RE Command Prompt, type:



Copy "E:\Windows\System32\Config\SYSTEM"  "E:\Windows\System32\Config\SYSTEM.BAK"

reg load HKLM\SYSTEM2  E:\Windows\System32\Config\SYSTEM

Regedit.exe

In the Registry Editor window, set the “Start” value data to “4” in each of the following keys:

HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\AVG Antivirus
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\AVG Tools
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgArDisk
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgArPot
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgbIDSAgent
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgbidsdriver
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgbidsh
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgbuniv
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgElam
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgKbd
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgMonFlt
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgNetHub
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgRdr
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgRvrt
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgSnx
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgSP
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgStm
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\avgVmm
HKEY_LOCAL_MACHINE\SYSTEM2\ControlSet0001\Services\AVGWscReporter

(FYI, the value data of “4” means the Service is Disabled. “0” denotes Boot start, “2” is Automatic, “3” is “Manual”)

Then, go to:

HKEY_LOCAL_MACHINE\system2\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}

and

HKEY_LOCAL_MACHINE\system2\ControlSet001\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}

Edit the UpperFilters multi-string value and remove the references to avgArDisk and avgKbd, respectively.

Exit the Registry Editor.

In the Command Prompt window, type:

reg unload HKEY_LOCAL_MACHINE\SYSTEM2

Exit Windows RE and restart Windows. None of the AVG drivers and services should load now. You can now uninstall AVG. If you need the program, you may reinstall it.

(This article is based on AVG Antivirus Free – Version 22.12.3264 – Build 22.12.7758.766).


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Comment