So I found on my Windows 7 x64 SP1 machine any device driver I tried to uninstall, Device Manager just froze…going on five minutes I thought this is a bit ridiculous. Restarted the machine twice and still had the same issue. Tried several different devices, problem applied to everyone I tried. Better find out what’s going on.
So what I did is I launched ResMon.exe which has a really simple way of telling us what is causing a program to hang. I did this by right clicking the .exe and selecting Analyze Wait Chain
So here I can see thread 2084 is waiting on DcomLaunch service with Process ID 764
Finding the mmc.exe process with PID 4668 in Process Explorer (http://live.sysinternals.com/procexp.exe) we right click it and select Properties. In the Threads tab we can see why it’s frozen:
I also looked at threads in the relevant SvcHost.exe however I’m not clear what’s going on here.
So this time I launch Process Monitor (http://live.sysinternals.com/ProcMon.exe) I repeat the process again – finding the hung thread in MMC.exe using ResMon. Then I create a filter in ProcMon to only view that thread, in this case TID is 5940:
The ProcMon log reminds me of something obvious…why didn’t I check setupapi.dev.log??? A great thing about ProcMon is you often find apps write log files somewhere, even if you didn’t know about it….
However looking at the log doesn’t give me much of a clue. No errors or anything out of the ordinary. So I go to last MMC.exe event in the ProcMon log, right clicked it and chose Properties. Then on the Stack tab:
Whenever I see 3rd party DLLs involved I tend to rate them as high risk, and will try to rule them out first. ino_fltr.sys is part of CA Etrust Anti-Virus. So I disabled it temporarily (be very cautious whenever disabling Anti-Virus, and be sure to re-enable it afterwards)
In this case I disabled 3 services used by the Anti-Virus
I restarted my machine, and voila – I can uninstall device drivers now. After uninstalling my device driver I re-enabled the services and ensured they were started.
Strange things which I will probably never know the answer to:
- After re-enabling Anti-Virus could not reproduce the problem – any device driver uninstalled almost instantly
- Tested on multiple devices with same Windows 7 image and same Anti-Virus software could not reproduce the problem again.