windows xp prefetch changes load order

Discussion in 'ESET NOD32 Antivirus' started by ccomputertek, Aug 22, 2009.

Thread Status:
Not open for further replies.
  1. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    I just compared 2 boot logs, 1 with prefetch enabled and 1 with it disabled and I have no clue why, but drivers moved out of order in the boot log while prefetch was on.I just found out this was the main cause of my problem.Anyone having a driver or service related error or issue might want to go delete NTOSBOOT-B00DFAAD.pf from their prefetch folder and reboot without that file there and see if your problems go away.The people with SBS 2003 and 2008 might want to try this for their issues as well.This explains why I could not reproduce the problem on the same machine when I did a clean install of windows 2000 SP2, no prefetch.So if i have this right, prefetch monitors the way the drivers and services are loaded the first time and makes it's NTOSBOOT-B00DFAAD.pf file, then the next time you reboot while the file is there it loads stuff the way it appears in the file into memory ignoring everything else........ weird.I set prefetch to zero in the registry and empty the folder or delete that file and the problem never comes back, this is a very odd discovery.
     
  2. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    This was the effects of turning prefetch on or off.As you can see, wanarp.sys moved from loading just before eprwtdir.sys to a couple of spaces after.Why would wanarp.sys loading after eprwtdir.sys cause me to get this error:

    Personal firewall: An error occurred while starting proxy server. Checking of application protocols (POP3, HTTP) will not work.

    And then when I leave prefetch on and change easdrv.sys to start after epfwtdir.sys the error goes away.This makes no sense, easdrv is the anti-stealth driver, and has nothing to do with being a network driver.

    Any experts out there that can shed some light on why this slight change in load order causes some type of conflict ? I searched high and low for info on wanarp.sys and it's role in the system, but cannot find anything.
     

    Attached Files:

  3. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello ccomputertek,

    We sometimes see those messages on machines that do not have much RAM. The order that drivers load may be evidence of how much some of them use memory to start. This is just speculation, however because I do know how much memory any of these use or how much RAM you have on the machine.
     
  4. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    well I know that the Nvidia display drivers starting with the forceware 70 series, gobble up about 400 megs of RAM when it loads, but then later releases the RAM, I am still using version 6176 though.I have a minimum of 1 GIG of ram on all these machines.It's not that epfwtdir is failing to load when I get this message, But seems like EASDRV interferes with it somehow and prevents erkrn from filtering the web or something, but only when boot file prefetch is enabled, does not make sense to me.I have my own fixes for the problem anyway, so Im not too worried about it.It's seems from doing a google search that I actually pioneered the fixes for this issue.Set the INF's up the way I have them, and no one will have a problem anymore.
     
Thread Status:
Not open for further replies.