Need Procedure to roll back driver in XP

Oh, and the .DMP files are located in C:\Windows\Minidump

Ok - let's see, I think I have tried everything suggested

Minidump DMP files - Don't see any for this issue.  There are a few in the folder, a couple of years old, mostly.   I don't know how to read them, so any assistance there would be appreciated.

Registry - load hive:  I was able to boot off another HD and load the hive from the Windows installation on the non-booting disk.  I could poke around in the registry and verified the system init.  I looked at a number of driver-related registry entries, but it is difficult to tell which are the offending entries.  

Read the MUP.SYS page and generally agree that MUP is an unlikely culprit.  Registry corruption or bad driver/virus are possible explanations.  

MSConfig page is most interesting, but since I am not booting off the damaged drive, I don't see how I can use it.  If I could use it on the damaged drive that would be good help, but I can't even boot that drive in safe mode.

All ideas welcome.  thanks

No Restore Points?

Salvage mission link not applicable here?

I've been trying the restore points as the article describes.   I was able to boot the disk using the repair snapshots and get to the restore points.  I've restored about 3 of them, but I still get the BSOD on bootup.  I can keep trying restore points, but I've tried the extreme date ranges with no good results.   I suspect I will get the same results if I use restore points with dates between the times I have already tried.

I guess if you've tried the earliest date and still blue screen, you need more than a "roll back"

johnb always has good ideas.  I just learned you could do off line systems with Autoruns :o)  

post the minidump here for analyse plse

How To Disable the Automatic Restart on System Failure in Windows XP
http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm

Maybe we can at least see the driver name on screen after the BSOD. Then we can muck around in the registry and disable the driver.....

This is getting interesting...

I tried autoruns system internals utility, but it gets an error when accessing the offline system.  Error is "Cannot load user registry hive of the offline system".  I was able to load the hive using regedit.

However, just for fun, I ran my anti-virus software again on the disk.   I use Malwarebytes, and when I last ran the utility, the disk was clean, though I did clean some malware off it when I first ran it at the start of all this.  However, this time, the Malware software had access to the System Volume Information folder (thanks to the restore points procedure.

Malware found a item called Backdoor.0Access inside one of the RP folders.  It is in a file called A1004804.ini.  

Instead of cleaning it, I renamed the RP file and put back the original snapshot files.  Sure enough, the boot failed again, but this time when I ran the Malwarebytes program, I get two copies of this item.  

My next step will be to clean the virus using the Malwarebytes program, but first I want to see if there are any other suggestions here.  I will also post all the minidumps from the system, though I have no idea when they were actually created.   Mini051810-01.dmp Mini070408-01.dmp
Mini080211-01.dmp

more minidumps Mini120909-01.dmp Mini122310-01.dmp

Who Crashed?  Mini Dump analysis  Dates created are shown along with "uptime before crash"

Long story short.  Because these dumps show uptime being days long, I don't think any of these are from the time it takes to boot XP and are not related to your issue.  The SYS file is from Symantec Endpoint and may have crashed due to the back door nasty you found, but I'm just speculating.  However, that being said, there was one comment I found that said

"wpsdrvnt.sys cause SP3 to crash"

I take this to mean that someone found Symantec's Endpoint program caused their computer to crash after SP3 was installed.

On Tue 8/2/2011 1:17:54 PM GMT your computer crashed
crash dump file: C:\UsersDesktop\Minidump\Mini080211-01.dmp
uptime: 15 days, 02:52:31
This was probably caused by the following module: wpsdrvnt.sys (wpsdrvnt+0x36C9)
Bugcheck code: 0x100000D1 (0xFFFFFFFFF90DFA14, 0x2, 0x0, 0xFFFFFFFFF781A6C9)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wpsdrvnt.sys .
Google query: wpsdrvnt.sys CUSTOM_ERROR

On Thu 12/23/2010 5:22:03 PM GMT your computer crashed
crash dump file: C:\UsersDesktop\Minidump\Mini122310-01.dmp
uptime: 8 days, 06:00:23
This was probably caused by the following module: hal.dll (hal+0x5BFB)
Bugcheck code: 0x9C (0x5, 0xFFFFFFFF805545F0, 0xFFFFFFFFB2001210, 0x14040400)
Error: MACHINE_CHECK_EXCEPTION
file path: C:\Windows\system32\hal.dll
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hardware Abstraction Layer DLL
Bug check description: This bug check indicates that a fatal machine check exception has occurred.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

On Wed 5/19/2010 6:04:13 AM GMT your computer crashed
crash dump file: C:\UsersDesktop\Minidump\Mini051810-01.dmp
uptime: 21 days, 16:09:00
This was probably caused by the following module: Unknown (0xFFFFFFFFF88DEEDC)
Bugcheck code: 0x100000D1 (0xFFFFFFFF8068E01C, 0x2, 0x0, 0xFFFFFFFFF88DEEDC)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown .
Google query: Unknown CUSTOM_ERROR

On Thu 12/10/2009 2:53:53 AM GMT your computer crashed
crash dump file: C:\UsersDesktop\Minidump\Mini120909-01.dmp
uptime: 15:32:49
This was probably caused by the following module: wpsdrvnt.sys (wpsdrvnt+0x36C9)
Bugcheck code: 0x100000D1 (0xFFFFFFFFFD67F814, 0x2, 0x0, 0xFFFFFFFFF78926C9)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wpsdrvnt.sys .
Google query: wpsdrvnt.sys CUSTOM_ERROR

On Sat 7/5/2008 12:30:18 AM GMT your computer crashed
crash dump file: C:\UsersDesktop\Minidump\Mini070408-01.dmp
uptime: 01:07:29
This was probably caused by the following module: ntoskrnl.exe (nt+0x39A6A)
Bugcheck code: 0x1000000A (0xFFFFFFFFC0100918, 0x2, 0x0, 0xFFFFFFFF80510A6A)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

5 crash dumps have been found and analyzed. 3 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

unknown

wpsdrvnt.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.

dmp 1 refers to : IMAGE_NAME:  atapi.sys
dmp2 points to :  IMAGE_NAME:  memory_corruption   -   PROCESS_NAME:  BRec.exe
dmp 3 see above; but it is  (together with dmp 2) a DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

since all are different, i suggest to run RAM and disk diags first; to be sure about the basics (ram = suspect here)
best download UBCD, and run memtest86+ for ram, and the disk diag for your disk brand : http://www.ultimatebootcd.com/      

Ok - I tried renaming wpsdrvnt.sys in the windows\system32 folder, but that didn't help.  I am not getting a good boot diskette for the UBCD after multiple tries, but I really don't think the problem is hardware, since I can boot and run the problem drive just fine if I replace the 5 registry files.   I just can't replace them with the ones I want to replace them with.   I can replace them with the versions from the installation disk, so that pretty much checks the hardware out.  

I am going to close this question and look into fixing these registry files somehow.  

Lots of good information in this thread - sadly it didn't resolve my issue.

did you try what i posted?  any result?

I can't get a bootable copy of UCBD.   I tried multiple sites and finally got one to download but when I burned the iso, the CD would not boot.   Started to boot then hung.  Seems like a good program and I would like to use it, but can't seem to get a good copy.  

Make sure the hash numbers match after download is finished.

Should get UBCD from original site.  Many links here

[MD5    ] 3d35afcc9150d99fb67cc3c9fe4e6b75
[SHA1   ] 5bc63a1264d124ba96333bb6ed05f725de01e0ef

^^^^^^^^^^^^Hash numbers^^^^^^^^^^Above

Foolproof way to verify a file matches.  Handy tool for anyone to ensure file is not corrupted when publisher of file to download makes this information available.  Just as in this case.

File Hash Checker

Requirements :
-Windows 7
OR
-Windows XP or Vista with .net Framework 3.5 installed