Discussion in 'Windows & Other OS Discussion & Support' started by WxMan1, Mar 7, 2011.

  1. WxMan1

    WxMan1 Active Member

    Is it normal for a WinXP SP3 patched system where:

    Prefetch/local/system value, etc. and et ali and whatnot/=3

    for NTOSBOOT-B00DFAAD.pf to be missing?

  2. Tipstaff

    Tipstaff Well-Known Member

    Did you ever run a tweaking software that turns of Prefetch, or anything that cleans up the Prefetch folder that would have deleted it (CCleaner I think has this option when used on XP)? Also, if you did do this, double check to see the Task Scheduler service is turned off or set to Manual (some tweak utilities will set this to Manual, but if you ran a tweaking/cleaning tool that altered the Prefetch folder as well as turned off Task Scheduler, this file will never be recreated).

    On a side note, you might want to check to make sure Prefetch is turned on. Open up regedit (Start, Run, regedit), and go to this location:

    HKEY LOCAL MACHINE | SYSTEM | CurrentControlSet | Control | SessionManager | MemoryManagement | PrefetchParameters

    On the right side look for EnablePrefetcher. Make sure it's set to 3 (that's the default). Then reboot.

    Edit: BTW, I noticed THIS other thread of yours,. By any chance, are you dual booting your machine, or are these 2 separate machines?
  3. WxMan1

    WxMan1 Active Member

    The machine in question is Mom's and she doesn't know enough to do that.

    The enableprefetcher value at the key cited is set to 3. There are tons of *.pf files in there, including layout.ini.

    I'll have to check to see if the task scheduler service is enabled.

    Curious thing is that she's been complaining about frequent BSOD's. I ran HDAT2 v4.3.5 - a HDD diagnostic utility - and the R/W/R/W/C test fails on compare for every single cluster checked (FWIW: Prime95 runs for 30 minutes w/out error before aborting manually). I did all that because I tried to do a boot-time defrag of the boot-partition's - C: - NTFS meta-files, e.g., $MFT, $LOG, reserved-for-MFT, etc. using Ultimate Defrag v3, and the disk failed to mount (undefined error). However, that was not an issue for D: (1st logical drive in extended partition). First time I ever seen that; I've used UDefrag extensively to defrag optimize placement of NTFS metafiles w/out any issues whatsoever. :hmm:

    FWIW, Dad has the same WD40JB HDD in his machine (also WinXP SP3), and it checks out fine; its not an issue particular to the specific HDD hardware. Furthermore, I ran UD boot-time defrag on his machine w/out an issue. Like I say: that's never been an issue. Ever.

    Anyways, after running chkdsk c: /x (no errors found 'ceptin' garbage collection), I blew the contents of %windir%\prefetch away (leaving the empty folder itself). Upon reboot I encountered BSOD xC000026a (fatal error). This prevented me from entering Safe Mode w/same error (and logging into previously installed Recovery Console hung).

    I used WinXP SP2 install CD to format the drive and then restored the Ghost image of C: that I made immediately before (of BSOD system). No dice (same xC000026a BSOD). I formatted C: again and ran HDAT2 on it again and same R/W/R/W/C fails on compare for every cluster. So I restored the BSOD Ghost image back to C: and did a repair install. This time I got the infamous BIOSINFO.inf file missing/corrupt. Subsequent research suggests that repair install of a system having certain versions of anti-virus software are suspect in this case. No amount of waving magic wand could resolve this issue.

    I restored C: from a full volume image made 11 Dec 11 and was able to boot into the system. Investigation showed NTOSBOOT-B00DFAAD.pf file to be already missing a/o that date. I noticed that it wasn't there when I first purged the prefetch folder (prior to the BSOD xC000026a), but thought nothing of it.

    The only thing I had my hand in immediately prior to all this was resolving WAU pertaining to the BIG .NET Framework update that gets horked up somehow. Furthermore, there was an issue pertaining to Adobe Acrobat w/respect to version 9.3 and 9.4 (both versions got installed somehow and neither will uninstall). All of these issues occured on my own machine - Win2003 Std R2 - back in late Spring 2010. So I was intimately familiar with what had to be done about that. :mad:

    My folks don't think WAU are important, that's why this is has dragged on as long as it has; they've essently not obtained or installed any WinXP security updates in the last 1/2 year. Wouldn't you know it, prior to this fiasco I was receiving app crash messages pertaining to NAV 2010 (while I was working on the WAU .NET thing).

    Anyways, to resolve the issue essentially entails using the Windows Installer Cleanup utility, and the .NET Framework Uninstall utility (to get .NET & Adobe completely removed from the system). Then I ran Norton Win Doc (a registry cleaner), and Comodo System Cleaner for good measure. The latter is just an industrial grade version of Norton Win Doc. I'm competent enough to answer the prompts manually, and essentially only reg entries being deleted are references to invalid ActiveX components (and whatever vestiges to .NET and associated SxS there may be). Once the system is clean of .NET, then .NET 1.0 can be installed and let the WAU fun & games begin anew.

    Anyways this whole NTOSBOOT-B00DFAAD.pf missing thing is quite suprising (as was the BSOD obtained after cleaning out the prefetch folder). The reason I did that was due to complaints about slow boot, app launch and general system sluggishness. I figured since the system is a few years old and there's been a lot of crap installed and removed and what not, just blow it away and let it rebuild itself. I intended on helping all that out with a dose of BootVis (but I never got that far).

    My thinking is that either there is:

    • hardware malfunction in HDD controller
    • hardware malfunction in mobo IDE controller
    • corrupton of MBR
    • corruption of boot sector
    • system file corruption and/or missing
    • malware
    I don't really know about that last thing though. Who knows what she was answering to prompts though. She has Lava Soft Adaware v8.3.5, I periodically updated her HOST file from MVPS, Spybot v1.6 (for host file protection only: Spybot immunize function puts its malicious URL list into the IE restricted zone), plus Windows Defender. For firewall she's using Zone Alarm v8.x

    So the only way she's getting malware is via drive-by-download, or the infamous Windows Application DLL vulnerability. Either of these could be a vector for even a mild root-kit.
    Last edited: Mar 10, 2011
  4. Tipstaff

    Tipstaff Well-Known Member

    Have you had any luck with this? I've never encountered something exactly like this, not to this extent at least, and was just wondering if you were able to fix it (and what you did), or if you were not able to fix it.

Share This Page