Driver Verifier - What to do if a Boot Driver is Flagged and Results in NoBoot Situation

jcgriff2

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)
Staff member
Joined
Feb 19, 2012
Posts
21,541
Location
New Jersey Shore
Hi All. . .

This is something that I have thought about and researched for many years and still have not come up with a good answer/procedure.

We know that when a system BSODs, kernel memory is written to the page file. If no page file exists (i.e., page file is disabled/turned off), Windows will actually create a temporary one.

Upon restart/re-boot of a BSOD'd system, certain Registry entries tells the system a BSOD occurred and to create kernel memory dump files (based on user settings) - usually a full kernel memory dump (\windows\memory.dmp) and a mini kernel memory dump (\windows\minidump\*.dmp) - from the contents of the page file if the user settings are set to "Automatic" or to "Full Kernel Dump".

If Driver Verifier is on and flags a boot driver, thus disabling it - it is possible that the system will not properly re-boot and make it to Desktop.

Currently, the instructions for Driver Verifier state and implore the OP to create a Windows System Restore point, so that if this no-boot situation occurs (caused by Driver Verifier), the OP can then run System Restore from Recovery, which will result in Driver Verifier being turned off (the restore point was created prior to the execution of Driver Verifier) and therefore, the offending driver will no longer be flagged/disabled and usually boot-up then occurs (the reinstatement of the flagged driver is actually caused by changes (a reversion) to the Registry. The disabled/flagged driver's Start entry in HKLM Registry is changed back to start-up.

However, because of restoring the system with System Restore, the Registry entries that were written after the BSOD telling the system to create dumps upon boot-up are also "restored" (reversed/wiped out) and no kernel memory dump is created upon boot-up (after System Restore is run) and we then lose the VERIFIER_ENABLED dumps which more than likely would tell us the name of the offending driver.

Has anyone ever figured a way around this to get the precious VERIFIER_ENABLED dump that would likely give us the answer (the name of the offending driver)?

I never have.

I resorted to using SysInternals LoadOrder, which displays drivers in the order in which they are loaded during boot-up and look in that list for 3rd party drivers and have the OPs update those that I can find updates for. I also use the boot log (nbtlog).

LoadOrder - LoadOrder - Windows Sysinternals
Live LoadOrder - (just the EXE file) - https://live.sysinternals.com/LoadOrd.exe

The output of LoadOrder -
Rich (BB code): 
Boot WdfLoadGroup n/a* Wdf01000 @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000 system32\drivers\Wdf01000.sys
Boot Boot Bus Extender 7 acpiex Microsoft ACPIEx Driver System32\Drivers\acpiex.sys
Boot Boot Bus Extender 2 msisadrv System32\drivers\msisadrv.sys
Boot Boot Bus Extender 3 pci @machine.inf,%pci_svcdesc%;PCI Bus Driver System32\drivers\pci.sys
Boot Boot Bus Extender 10 isapnp System32\drivers\isapnp.sys
Boot Boot Bus Extender 11 vdrvroot @vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator System32\drivers\vdrvroot.sys
Boot Boot Bus Extender n/a* partmgr @%SystemRoot%\system32\drivers\partmgr.sys,-100 System32\drivers\partmgr.sys
Boot Boot Bus Extender n/a* pdc @%SystemRoot%\system32\drivers\pdc.sys,-100 system32\drivers\pdc.sys
Boot System Bus Extender 8 spaceport @spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver System32\drivers\spaceport.sys
Boot System Bus Extender 9 volmgr @volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver System32\drivers\volmgr.sys
Boot System Bus Extender 10 volmgrx @%SystemRoot%\system32\drivers\volmgrx.sys,-100 System32\drivers\volmgrx.sys
Boot System Bus Extender 6 vmbus @%SystemRoot%\system32\vmbusres.dll,-1000 System32\drivers\vmbus.sys
Boot System Bus Extender 17 nvraid System32\drivers\nvraid.sys
Boot System Bus Extender 18 pciide System32\drivers\pciide.sys
Boot System Bus Extender 19 intelide System32\drivers\intelide.sys
Boot System Bus Extender 20 viaide System32\drivers\viaide.sys
Boot System Bus Extender 22 b06bdrv @netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD System32\drivers\bxvbda.sys
Boot System Bus Extender 23 ebdrv @netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD System32\drivers\evbda.sys
Boot System Bus Extender 25 pcmcia System32\drivers\pcmcia.sys
Boot System Bus Extender n/a* mountmgr @%SystemRoot%\system32\drivers\mountmgr.sys,-100 System32\drivers\mountmgr.sys
Boot SCSI Miniport 25 iaStorV @iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7 System32\drivers\iaStorV.sys
Boot SCSI Miniport 33 nvstor System32\drivers\nvstor.sys
Boot SCSI Miniport 34 LSI_SAS System32\drivers\lsi_sas.sys
Boot SCSI Miniport 64 LSI_SAS2 System32\drivers\lsi_sas2.sys
Boot SCSI Miniport 65 LSI_SAS3 System32\drivers\lsi_sas3.sys
Boot SCSI Miniport 66 LSI_SSS System32\drivers\lsi_sss.sys
Boot SCSI miniport 67 3ware System32\drivers\3ware.sys
Boot SCSI Miniport 68 mvumis System32\drivers\mvumis.sys
Boot SCSI Miniport 69 VSTXRAID @vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver System32\drivers\vstxraid.sys
Boot SCSI Miniport 70 megasas System32\drivers\megasas.sys
Boot SCSI Miniport 71 megasr System32\drivers\megasr.sys
Boot SCSI miniport 73 iaStorAV @iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows System32\drivers\iaStorAV.sys
Boot SCSI miniport 74 amdsata System32\drivers\amdsata.sys
Boot SCSI miniport 75 amdxata System32\drivers\amdxata.sys
Boot SCSI miniport 76 amdsbs System32\drivers\amdsbs.sys
Boot SCSI miniport 79 arcsas @arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver System32\drivers\arcsas.sys
Boot SCSI Miniport 80 vsmraid System32\drivers\vsmraid.sys
Boot SCSI Miniport 81 SiSRaid2 System32\drivers\SiSRaid2.sys
Boot SCSI Miniport 82 SiSRaid4 System32\drivers\sisraid4.sys
Boot SCSI Miniport 83 atapi @mshdc.inf,%idechannel.DeviceDesc%;IDE Channel System32\drivers\atapi.sys
Boot SCSI Miniport 84 storahci @mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver System32\drivers\storahci.sys
Boot SCSI Miniport 85 stornvme @stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver System32\drivers\stornvme.sys
Boot SCSI Miniport 86 stexstor System32\drivers\stexstor.sys
Boot SCSI miniport 88 iaStorA System32\drivers\iaStorA.sys
Boot SCSI Miniport 210* ADP80XX System32\drivers\ADP80XX.SYS
Boot SCSI Miniport 259* HpSAMD System32\drivers\HpSAMD.sys
Boot SCSI Class 4 EhStorTcgDrv @ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols System32\drivers\EhStorTcgDrv.sys
Boot SCSI Class n/a* EhStorClass @%SystemRoot%\system32\drivers\EhStorClass.sys,-100 System32\drivers\EhStorClass.sys
Boot FSFilter Infrastructure 1 FltMgr @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 system32\drivers\fltmgr.sys
Boot FSFilter Bottom n/a* FileInfo @%SystemRoot%\system32\drivers\fileinfo.sys,-100 System32\drivers\fileinfo.sys
Boot FSFilter Compression n/a* Wof Windows Overlay File System Filter Driver
Boot FSFilter Anti-Virus n/a* WdFilter @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330 system32\drivers\WdFilter.sys
Boot Filter 1 CLFS @%SystemRoot%\system32\drivers\clfs.sys,-100 System32\drivers\CLFS.sys
Boot Base 1 KSecDD System32\Drivers\ksecdd.sys
Boot Base 17 storvsc System32\drivers\storvsc.sys
Boot Base n/a* pcw Performance Counters for Windows Driver System32\drivers\pcw.sys
Boot File System n/a* Fs_Rec
Boot NDIS Wrapper n/a* NDIS @%SystemRoot%\system32\drivers\ndis.sys,-200 system32\drivers\ndis.sys
Boot Cryptography 2 KSecPkg System32\Drivers\ksecpkg.sys
Boot PNP_TDI 3 Tcpip @%SystemRoot%\system32\tcpipcfg.dll,-50003 System32\drivers\tcpip.sys
Boot NDIS 19 WFPLWFS @%SystemRoot%\System32\drivers\wfplwfs.sys,-6000 system32\DRIVERS\wfplwfs.sys
Boot Extended Base 43 storflt @%SystemRoot%\system32\vmstorfltres.dll,-1000 System32\drivers\vmstorfl.sys
Boot Core* 2* ACPI @acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver System32\drivers\ACPI.sys
Boot PnP Filter* 7* agp440 @machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter System32\drivers\agp440.sys
Boot n/a* n/a* ambakdrv ambakdrv system32\ambakdrv.sys
Boot Core* 4* CNG System32\Drivers\cng.sys
Boot n/a* n/a* disk @disk.inf,%disk_ServiceDesc%;Disk Driver System32\drivers\disk.sys
Boot PNP Filter* 15* edevmon edevmon system32\DRIVERS\edevmon.sys
Boot Early-Launch* 1* eelam eelam system32\DRIVERS\eelam.sys
Boot PnP Filter* 5* fvevol @%SystemRoot%\system32\drivers\fvevol.sys,-100 System32\DRIVERS\fvevol.sys
Boot PnP Filter* 5* gagp30kx @machine.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms System32\drivers\gagp30kx.sys
Boot PnP Filter* 12* hpdskflt @oem46.inf,%service_desc%;HP Filter system32\DRIVERS\hpdskflt.sys
Boot n/a* n/a* hwpolicy @%systemroot%\system32\drivers\hwpolicy.sys,-101 System32\drivers\hwpolicy.sys
Boot n/a* n/a* intelpep @intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver System32\drivers\intelpep.sys
Boot Network* n/a* Mup @%systemroot%\system32\drivers\mup.sys,-101 System32\Drivers\mup.sys
Boot PnP Filter* 8* nv_agp @machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter System32\drivers\nv_agp.sys
Boot PnP Filter* n/a* rdyboost ReadyBoost System32\drivers\rdyboost.sys
Boot * n/a* sbp2port @sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver System32\drivers\sbp2port.sys
Boot PnP Filter* 6* uagp35 @machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter System32\drivers\uagp35.sys
Boot PnP Filter* 9* uliagpkx @machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter System32\drivers\uliagpkx.sys
Boot n/a* n/a* volsnap @volume.inf,%VolumeClassName%;Storage volumes System32\drivers\volsnap.sys
Boot Early-Launch* n/a* WdBoot @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390 system32\drivers\WdBoot.sys
System SCSI CDROM Class 3 cdrom @cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver \SystemRoot\System32\drivers\cdrom.sys
System FSFilter Anti-Virus 2 eamonm eamonm system32\DRIVERS\eamonm.sys
System Base 1 Null
System Base 2 Beep Beep
System Base 32 ehdrv ehdrv \SystemRoot\system32\DRIVERS\ehdrv.sys
System Video 3 BasicRender \SystemRoot\System32\drivers\BasicRender.sys
System Video 4 BasicDisplay \SystemRoot\System32\drivers\BasicDisplay.sys
System File system n/a* Msfs
System File system n/a* Npfs
System PNP_TDI 4 tdx @%SystemRoot%\system32\tcpipcfg.dll,-50004 \SystemRoot\system32\DRIVERS\tdx.sys
System PNP_TDI n/a* AFD @%systemroot%\system32\drivers\afd.sys,-1000 \SystemRoot\system32\drivers\afd.sys
System PNP_TDI n/a* NetBT @%SystemRoot%\system32\drivers\netbt.sys,-2 System32\DRIVERS\netbt.sys
System NDIS 13 Psched @%SystemRoot%\System32\drivers\pacer.sys,-101 \SystemRoot\system32\DRIVERS\pacer.sys
System NDIS 27 vwififlt @%SystemRoot%\System32\drivers\vwififlt.sys,-259 \SystemRoot\system32\DRIVERS\vwififlt.sys
System NDIS 30 epfwwfp epfwwfp \SystemRoot\system32\DRIVERS\epfwwfp.sys
System NetBIOSGroup 2 NetBIOS @netnb.inf,%NetBIOS_Desc%;NetBIOS Interface system32\DRIVERS\netbios.sys
System n/a* n/a* ahcache @%systemroot%\system32\drivers\ahcache.sys,-102 system32\DRIVERS\ahcache.sys
System n/a* n/a* dam @%SystemRoot%\system32\drivers\dam.sys,-100 system32\drivers\dam.sys
System Network* n/a* Dfsc @%systemroot%\system32\wkssvc.dll,-1008 System32\Drivers\dfsc.sys
System * n/a* mssmbios @mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver \SystemRoot\System32\drivers\mssmbios.sys
System * n/a* npsvctrig @npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider \SystemRoot\System32\drivers\npsvctrig.sys
System n/a* n/a* nsiproxy @%SystemRoot%\system32\drivers\nsiproxy.sys,-2 system32\drivers\nsiproxy.sys
System Network* 4* rdbss @%systemroot%\system32\wkssvc.dll,-1000 system32\DRIVERS\rdbss.sys
System n/a* n/a* Wanarpv6 @%systemroot%\system32\rascfg.dll,-32012 \SystemRoot\system32\DRIVERS\wanarp.sys
Automatic FSFilter Virtualization n/a* luafv @%systemroot%\system32\drivers\luafv.sys,-100 \SystemRoot\system32\drivers\luafv.sys
Automatic Base n/a* ekrn ESET Service "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
Automatic COM Infrastructure n/a* BrokerInfrastructure @%windir%\system32\bisrv.dll,-100 %SystemRoot%\system32\svchost.exe -k DcomLaunch
Automatic COM Infrastructure n/a* DcomLaunch @combase.dll,-5012 %SystemRoot%\system32\svchost.exe -k DcomLaunch
Automatic COM Infrastructure n/a* LSM @%windir%\system32\lsm.dll,-1001 %SystemRoot%\system32\svchost.exe -k DcomLaunch
Automatic COM Infrastructure n/a* RpcEptMapper @%windir%\system32\RpcEpMap.dll,-1001 %SystemRoot%\system32\svchost.exe -k RPCSS
Automatic COM Infrastructure n/a* RpcSs @combase.dll,-5010 %SystemRoot%\system32\svchost.exe -k rpcss
Automatic Event Log n/a* EventLog @%SystemRoot%\system32\wevtsvc.dll,-200 %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Automatic ProfSvc_Group n/a* gpsvc @gpapi.dll,-112 %systemroot%\system32\svchost.exe -k netsvcs
Automatic profsvc_group n/a* ProfSvc @%systemroot%\system32\profsvc.dll,-300 %systemroot%\system32\svchost.exe -k netsvcs
Automatic ProfSvc_Group n/a* SENS @%SystemRoot%\system32\Sens.dll,-200 %SystemRoot%\system32\svchost.exe -k netsvcs
Automatic ProfSvc_Group n/a* Themes @%SystemRoot%\System32\themeservice.dll,-8192 %SystemRoot%\System32\svchost.exe -k netsvcs
Automatic AudioGroup n/a* AudioEndpointBuilder @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Automatic AudioGroup n/a* Audiosrv @%SystemRoot%\system32\audiosrv.dll,-200 %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Automatic AudioGroup n/a* FontCache @%systemroot%\system32\FntCache.dll,-100 %SystemRoot%\system32\svchost.exe -k LocalService
Automatic AudioGroup n/a* STacSV @%SystemRoot%\system32\stlang64.dll,-10101 C:\Program Files\IDT\WDM\STacSV64.exe
Automatic MS_WindowsLocalValidation n/a* SamSs @%SystemRoot%\system32\samsrv.dll,-1 %SystemRoot%\system32\lsass.exe
Automatic Plugplay n/a* Power @%SystemRoot%\system32\umpo.dll,-100 %SystemRoot%\system32\svchost.exe -k DcomLaunch
Automatic PlugPlay n/a* TabletInputService @%SystemRoot%\system32\TabSvc.dll,-100 %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Automatic NDIS 15 rspndr @%SystemRoot%\system32\lltdres.dll,-5 \SystemRoot\system32\DRIVERS\rspndr.sys
Automatic NDIS 16 lltdio @%SystemRoot%\system32\lltdres.dll,-6 \SystemRoot\system32\DRIVERS\lltdio.sys
Automatic NDIS 17 NativeWifiP @%SystemRoot%\System32\drivers\nwifi.sys,-101 \SystemRoot\system32\DRIVERS\nwifi.sys
Automatic TDI n/a* Dhcp @%SystemRoot%\system32\dhcpcore.dll,-100 %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Automatic TDI n/a* Dnscache @%SystemRoot%\System32\dnsapi.dll,-101 %SystemRoot%\system32\svchost.exe -k NetworkService
Automatic TDI n/a* lmhosts @%SystemRoot%\system32\lmhsvc.dll,-101 %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Automatic TDI n/a* Wcmsvc @%SystemRoot%\System32\wcmsvc.dll,-4097 %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Automatic TDI n/a* WlanSvc @%SystemRoot%\System32\wlansvc.dll,-257 %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Automatic ShellSvcGroup n/a* ShellHWDetection @%SystemRoot%\System32\shsvcs.dll,-12288 %SystemRoot%\System32\svchost.exe -k netsvcs
Automatic SchedulerGroup n/a* Schedule @%SystemRoot%\system32\schedsvc.dll,-100 %systemroot%\system32\svchost.exe -k netsvcs
Automatic SpoolerGroup n/a* Spooler @%systemroot%\system32\spoolsv.exe,-1 %SystemRoot%\System32\spoolsv.exe
Automatic SmartCardGroup n/a* WbioSrvc @%systemroot%\system32\wbiosrvc.dll,-100 %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Automatic NetworkProvider n/a* BFE @%SystemRoot%\system32\bfe.dll,-1001 %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Automatic NetworkProvider n/a* LanmanWorkstation @%systemroot%\system32\wkssvc.dll,-100 %SystemRoot%\System32\svchost.exe -k NetworkService
Automatic NetworkProvider n/a* MpsSvc @%SystemRoot%\system32\FirewallAPI.dll,-23090 %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Automatic n/a* n/a* AdobeARMservice Adobe Acrobat Update Service "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Automatic n/a* n/a* ammntdrv ammntdrv \??\C:\Windows\system32\ammntdrv.sys
Automatic n/a* n/a* amwrtdrv amwrtdrv \??\C:\Windows\system32\amwrtdrv.sys
Automatic n/a* n/a* AppHostSvc @%windir%\system32\inetsrv\iisres.dll,-30011 %windir%\system32\svchost.exe -k apphost
Automatic n/a* n/a* BITS @%SystemRoot%\system32\qmgr.dll,-1000 %SystemRoot%\System32\svchost.exe -k netsvcs
Automatic n/a* n/a* CryptSvc @%SystemRoot%\system32\cryptsvc.dll,-1001 %SystemRoot%\system32\svchost.exe -k NetworkService
Automatic n/a* n/a* DeviceAssociationService @%SystemRoot%\system32\das.dll,-100 %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Automatic n/a* n/a* DiagTrack @%SystemRoot%\system32\UtcResources.dll,-3001 %SystemRoot%\System32\svchost.exe -k utcsvc
Automatic n/a* n/a* DPS @%systemroot%\system32\dps.dll,-500 %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Automatic n/a* n/a* edgeupdate Microsoft Edge Update Service (edgeupdate) "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
Automatic n/a* n/a* EFS @%SystemRoot%\system32\efssvc.dll,-100 %SystemRoot%\System32\lsass.exe
Automatic n/a* n/a* ElodeaEventCollectorService Elodea Event Collector Service C:\Program Files (x86)\Elodea_notify_events_mssql_db\EventCollector.exe
Automatic n/a* n/a* EventSystem @comres.dll,-2450 %SystemRoot%\system32\svchost.exe -k LocalService
Automatic n/a* n/a* EvtEng Intel(R) PROSet/Wireless Event Log "C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
Automatic n/a* n/a* gupdate Google Update Service (gupdate) "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Automatic n/a* n/a* HP Support Assistant Service HP Support Assistant Service "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
Automatic n/a* n/a* IAStorDataMgrSvc Intel(R) Rapid Storage Technology "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
Automatic n/a* n/a* ibtsiva @oem81.inf,%SERVICE_NAME%;Intel Bluetooth Service %SystemRoot%\system32\ibtsiva
Automatic n/a* n/a* IJPLMSVC Canon Inkjet Printer/Scanner/Fax Extended Survey Program C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
Automatic n/a* n/a* IKEEXT @%SystemRoot%\system32\ikeext.dll,-501 %systemroot%\system32\svchost.exe -k netsvcs
Automatic n/a* n/a* iphlpsvc @%SystemRoot%\system32\iphlpsvc.dll,-500 %SystemRoot%\System32\svchost.exe -k NetSvcs
Automatic n/a* n/a* jhi_service Intel(R) Dynamic Application Loader Host Interface Service "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
Automatic n/a* n/a* LanmanServer @%systemroot%\system32\srvsvc.dll,-100 %SystemRoot%\system32\svchost.exe -k netsvcs
Automatic n/a* n/a* LMS Intel(R) Management and Security Application Local Management Service "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
Automatic n/a* n/a* MMCSS @%systemroot%\system32\mmcss.dll,-100 %SystemRoot%\system32\svchost.exe -k netsvcs
Automatic Network* 6* mrxsmb10 @%systemroot%\system32\wkssvc.dll,-1004 system32\DRIVERS\mrxsmb10.sys
Automatic n/a* n/a* Ndu @%SystemRoot%\system32\drivers\Ndu.sys,-10001 system32\drivers\Ndu.sys
Automatic n/a* n/a* NlaSvc @%SystemRoot%\System32\nlasvc.dll,-1 %SystemRoot%\System32\svchost.exe -k NetworkService
Automatic n/a* n/a* nsi @%SystemRoot%\system32\nsisvc.dll,-200 %systemroot%\system32\svchost.exe -k LocalService
Automatic n/a* n/a* PcaSvc @%SystemRoot%\system32\pcasvc.dll,-1 %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Automatic n/a* n/a* PEAUTH PEAUTH system32\drivers\peauth.sys
Automatic n/a* n/a* RegSrvc Intel(R) PROSet/Wireless Registry Service "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
Automatic n/a* n/a* sppsvc @%SystemRoot%\system32\sppsvc.exe,-101 %SystemRoot%\system32\sppsvc.exe
Automatic Network* n/a* srv @%systemroot%\system32\srvsvc.dll,-102 System32\DRIVERS\srv.sys
Automatic n/a* n/a* stisvc @%SystemRoot%\system32\wiaservc.dll,-9 %SystemRoot%\system32\svchost.exe -k imgsvc
Automatic n/a* n/a* SysMain @%SystemRoot%\system32\sysmain.dll,-1000 %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Automatic n/a* n/a* SystemEventsBroker @%windir%\system32\SystemEventsBrokerServer.dll,-1001 %SystemRoot%\system32\svchost.exe -k DcomLaunch
Automatic n/a* n/a* tcpipreg TCP/IP Registry Compatibility System32\drivers\tcpipreg.sys
Automatic n/a* n/a* TrkWks @%SystemRoot%\system32\trkwks.dll,-1 %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Automatic ValiditySensors* n/a* valWBFPolicyService Validity WBF Policy Service C:\Windows\system32\valWBFPolicyService.exe
Automatic n/a* n/a* Winmgmt @%Systemroot%\system32\wbem\wmisvc.dll,-205 %systemroot%\system32\svchost.exe -k netsvcs
Automatic n/a* n/a* wscsvc @%SystemRoot%\System32\wscsvc.dll,-200 %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Automatic n/a* n/a* WSearch Windows Search %systemroot%\system32\SearchIndexer.exe /Embedding
Automatic n/a* n/a* ZeroConfigService Intel(R) PROSet/Wireless Zero Configuration Service "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"

That is the best that I've been able to come up with since first starting on this journey to find an answer more than 10 years ago.

Thoughts, comments, etc...?

Thanks. . .

John



@cwsink
@philc43
@axe0
@MrPepka
@Patrick
@xilolee
@softwaremaniac
@Wrench97
@satrow
@writhziden
@x BlueRobot
@jcgriff2
@MichaelB
 
Last edited:
And will booting in safe mode help or just restoring the system from a restore point? And I have such a question. Does the system load endlessly after starting Driver Verifier,
and after turning off this verifier the system starts normally, can you trace which driver has been flagged or is it a hardware failure? I know that this is not related to the topic, but I have this case with one user on BleepingComputer, and he did all the hardware tests and showed that everything is OK
 
MrPepka said:
Does the system load endlessly after starting Driver Verifier,
Click to expand...
Sometimes it is an endless boot and other times the system will hang during boot and other times it will simply not boot at all. It all depends on which boot driver was flagged/disabled (primarily its position in the boot-up driver order).

MrPepka said:
and after turning off this verifier the system starts normally, can you trace which driver has been flagged or is it a hardware failure?
Click to expand...
No... this situation is usually not hardware failure - it is a case where a boot driver has been flagged by Driver Verifier and disabled (HKLM Registry "Start" entry changed to 4).

MrPepka said:
I know that this is not related to the topic, but I have this case with one user on BleepingComputer, and he did all the hardware tests and showed that everything is OK
Click to expand...
That's OK - we're all here to get questions answered.

So... you have a BSOD thread where Driver Verifier flagged a boot driver and now the OP cannot boot his system?

He should use the System Restore point he created before running Driver Verifier, per the Instruction sticky for Driver Verifer.
 
In the past years I have seen boot crashes due to verifier, after resetting verifier in the command prompt in the RE a dump was created just fine most of the time.

The registry doesn't tell the system a crash occurred at boot, the pagefile contains information that a crash occurred.
 
That is exactly the subject that I brought up here, assuming that he BSOD'd after running Driver Verifier.

Given the fact that it could not boot after F/V, I assume that a boot driver was flagged as he also said that System Restore restored his ability to boot.

However, running system restore wiped out the ability to obtain a VERIFIER_ENABLED dump that likely would have revealed the name of the offending boot driver.

Also, I don't know what all of the freezing is about. I never, ever get involved with freezing threads as I know they are bound to be unknown hardware failure. I also don't know if the freezing/hardware failure played a part in the no-boot, but it does not appear so.

All I can suggest is what I've done - run LoadOrder and look for 3rd party drivers to update. That will take some time to do.

Just a side comment - please don't ever link to a TF tutorial here at Sysnative as we have all of those tutorials. . . here at Sysnative. :-)

What you do at other forums, I cannot control.

John
 
If I have correctly understood (I hope): before using system restore (or a system image), the user can copy the minidump and the memory.dmp to another safe location.

Another solution: the user must create a registry backup before running driver verifier; tools that do this: probably a bunch... For sure: tweaking.com-windows repair, delfix by xplode, acelogix regback.
Even windows creates (created) its own registry backup (currently this was disabled and could/should be re-enabled using a registry key).
Maybe even from regedit we can get a backup (from hklm: sam, security, software, system; and hku: .default - altough I didn't check this ever)..
After we know the user has got a registry backup, we can start safe mode, find and substitute its corrupted registry files (in c:\windows\system32\config) with the good ones.
The tutorial is this one: Manually Restore the Registry From its Backup in Windows (Windows 7 / Vista)

Another solution (more complicated than previous ones... Well, it's so easy that we can corrupt the entire system hive! Or the entire registry...): from safe mode, load the corrupted SYSTEM hive (it's in "Find-Drive-Letter":\windows\system32\config) in a BLANK/EMPTY KEY, find the disabled driver, modify/edit/change the value from 4 (disabled) to its default one (0, 1, 2, 3), unload it.
The following tutorial shows how to disable verifier, but could be used also to change the driver start value: Disable Driver Verifier Outside Windows (Vista / 7 / 8 / 10)
 
Last edited:
xilolee said:
If I have correctly understood (I hope): before using system restore (or a system image), the user can copy the minidump and the memory.dmp to another safe location.
Click to expand...
When a BSOD occurs, kernel memory is written to the page file (and the offending driver is disabled).

Upon re-boot, the memory dump is created, depending on settings.

If a boot driver is flagged, there is a good chance that the system will not start-up.

From Carrona - BSOD Crash Dump Generation
 
In this case, if the user starts Windows in safe mode, won't the dump be created?
Then he should find it in [FindTheWindowsInstallationDrive]:\windows\minidump...
 
Good point - never considered that before.

But how do you start a system in safemode if you can't get to msconfig?
 
The recovery environment has lots of options, including one to boot into safemode.
 
jcgriff2 said:
Good point - never considered that before.

But how do you start a system in safemode if you can't get to msconfig?
Click to expand...
That's why I change the BCD options:
- bcdedit {bootmgr} displaybootmenu setting from No to Yes
- bcdedit {bootmgr} timeout setting to 30 seconds
- bcdedit bootmenupolicy setting from standard to legacy
In that way I can start Windows in safe mode (even with F8).

Anyway, even without those changes, Windows should brings up its advanced options, and from there the user can start Windows in safe mode (or can use a system restore point, or can use a system image, or ... Other tasks).
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top