Go back into the Safe Mode menu and enable boot logging. It will probably keep doing the Last Known Good stuff.
What time zone are you on? I'm in Florida on Eastern time.
#32
Posted 04 January 2018 - 09:48 AM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
I'm actually in MO myself, but tend to keep some pretty off-kilter hours (grad school does that to you!)
I've noticed a couple strange things during this whole ordeal:
a. Not every boot attempt seems to generate a log entry
b. The advanced boot options menu (through F8 during startup) seems inaccessible while I have my bootable USB stick inserted - I'm only able to get the Windows Error Recovery prompt (with options safe mode, SM w/ network, SM w/ cmd, and normal boot), which appears every boot regardless. I have to remove the USB to be able to access the Adv Boot Options menu instead of the Windows Error Recovery one.
c. Even with the bootable USB removed, I only seem to be able to successfully get into it ~25-50% of the time. It ignores my F8 'request' the rest of the time, and just goes to the Windows Error Recovery prompt.
d. I have to re-establish my boot priorities every time I re-insert the USB. It seems to default back to the SSD when I remove the USB; once I set the USB as the primary boot option though, it'll stay that way as long as I don't remove the USB.
All of this has made things more complicated on my end than they otherwise should be...Actually did a little test last night doing a series of different boots to see what generated a log:
1. USB removed, F8 to Adv Boot Opt, Enable boot logging
2. Insert USB, boot into USB recovery environment
3. Remove USB (kept removed for all following steps), F8 to Adv Boot Opt, Last Known Good Config
4. F8 to Adv Boot Opt, Enable boot logging
5. F8 to Adv Boot Opt, Last Known Good Config
6. Windows Error Recovery, Safe Mode
7. Windows Error Recovery, Safe Mode
8. Windows Error Recovery, Start Windows Normally
9. Windows Error Recovery, Safe Mode w/ command prompt
10. F8 to Adv Boot Opt, Safe Mode w/ command prompt
11. F8 to Adv Boot Opt, Safe Mode w/ networking
As far as I can tell from the time stamps and the outputs, it seems like all but #2, #3, #5, and #8 generated logs (attached). Each case had the identical end result: black screen & cursor. Don't know if any of this is meaningful at all, just what I've noticed on my end.
Attached Files
-
ntbtlog.txt 851.4KB
685 downloads
#33
Posted 04 January 2018 - 05:01 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
When booting without the USB if you get to 3.
on https://eventlogxp.c...-recovery-mode/
and hit command prompt does that work?
Can you do
sfc /scannow
Do you get the same results as before?
Look in C or D :\Windows\inf
find
hal.inf
cpu.inf
oem53.inf
nettun.inf
netavpna.inf
netrasa.inf
netsstpa.inf
Rename each from inf to txt then attach them to a reply. The first three look to be more important. The net... stuff is just networking so it shouldn't stop the boot.
I want to make sure that the files are the same as on my windows 7. Then we will look at the files that each refers to. In the first one we see:
ntkrnlmp.exe
hal.dll
2nd
processr.sys
intelppm.sys
amdk8.sys
amdppm.sys
I don't have oem53.inf so can't tell what files it uses.
#34
Posted 06 January 2018 - 03:31 PM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
Sorry for the hold up! Crazy busy few days at work.
Ran SFC, and it returned "Windows Resource Protection did not find any integrity violations".
Here are the files you asked for. hal and cpu seem to match what you put. oem53 has:
;nvvad32.sys
;nvvad64.sys
nvvad32v.sys
nvvad64v.sys
nvaudcap32v.dll
nvaudcap64v.dll
It appears to be the "NVIDIA Virtual Audio driver". Don't know to what extent this matters, but when you first raised the possibility of it being a video driver issue, I removed my graphics card (ASUS GTX660) and have since been running straight from the mobo.
Attached Files
-
hal.txt 2.3KB
662 downloads
-
cpu.txt 18.38KB
689 downloads
-
oem53.txt 7.8KB
869 downloads
-
nettun.txt 20.57KB
720 downloads
-
netavpna.txt 5.16KB
675 downloads
-
netrasa.txt 30.45KB
8613 downloads
-
netsstpa.txt 5.01KB
720 downloads
#35
Posted 07 January 2018 - 08:31 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Let's try something easy first.
Look in C or D :\Windows\inf
find and delete
hal.pnf
cpu.pnf
oem53.pnf
nettun.pnf
netavpna.pnf
netrasa.pnf
netsstpa.pnf
Make sure you get the .pnf file and not the .inf one.
Reboot. It will create new ones. These are just precompiled versions of the .inf file which are used to speed up the boot a tad. I'm thinking it's possible that the pnf versions might be corrupt.
There are two setupapi logs in \windows\inf one with app in the name and one with dev. Can you attach them?
Looking at the Hall.inf file it writes to the registry in about four places.
Example:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\ACPI_HAL\0000
This looks like:
is that what you have?
What sizes do you have for:
hal.dll
One of these should show you the size:
dir c:\windows\system32\hal.dll
dir d:\windows\system32\hal.dll
ntkrnlmp.exe which is also mentioned in the hall.inf does not exist on my PC so expect it is only on the setup disk.
#36
Posted 07 January 2018 - 07:24 PM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
Deleted those files, no change on startup. oem53.pnf was the only one that regenerated after reboot.
Attached are the setupapi files. There was also a 15MB file 'setupapi.dev.20170302_021456' in blue font.
There were 4 ControlSet00x entries in the SYSTEM hive. 1, 2, 4 had entries in that address; they all seem to match what you have.
My hal.dll is 263KB.
Attached Files
-
setupapi.app.log 2.14MB
709 downloads
-
setupapi.dev.log 926.14KB
1521 downloads
#38
Posted 07 January 2018 - 11:50 PM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
Yes, that matches what mine says exactly.
#39
Posted 08 January 2018 - 06:37 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I would put the graphic card back in.
Then give me a new ntbtlog.
Give me the exact bytes for:
nvvad32.sys
nvvad64.sys
nvvad32v.sys
nvvad64v.sys
nvaudcap32v.dll
nvaudcap64v.dll
I expect they will be in \Windows\System32\Drivers
Also attach
ks.inf,
wdmaudio.inf
IF you boot to the safe mode menu then to Command Prompt can you type:
explorer.exe
and hit Enter? What happens?
#40
Posted 09 January 2018 - 02:24 AM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
Re-installed the video card, and did a few different reboots (1. normal, 2. safe mode, 3. last known good, 4. enable boot log, 5. normal). ntbtlog attached.
nvvad64v.sys (40,392) was the only one in \Windows\System32\Drivers. nvaudcap64v.dll (37,320) was in \Windows\System32. The other ones weren't in either directories.
Attached the ks.inf and wmdaudio.inf files.
Still unable to boot into anything but the recovery environment.
Attached Files
-
ntbtlog.txt 215.8KB
662 downloads
-
ks.txt 66.24KB
695 downloads
-
wdmaudio.txt 8.96KB
668 downloads
#41
Posted 09 January 2018 - 06:15 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Do you have afd.sys in windows\system32\drivers
What size is it?
IF you boot to the safe mode menu then to Command Prompt can you type:
explorer.exe
and hit Enter? What happens?
Also in Command Prompt type:
net start afd
What does it say?
#42
Posted 09 January 2018 - 06:28 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I'm thinking it may be time to do a full install but back up your data first.
#43
Posted 09 January 2018 - 09:32 AM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
afd.sys is 497,152 bytes.
I'm still not able to boot into safe mode unfortunately.
I was thinking it was starting to look like we were just spinning our wheels, but I was holding out hope that we'd get lucky! If you're out of ideas and say it's time to call it, I'm OK with it - I've got all my files saved via cloud, so not too big a deal, just trying to avoid having to reinstall some harder to track down software.
#44
Posted 09 January 2018 - 11:57 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
My afd.sys is 496,128. I suppose we can try to replace yours and see if that changes anything.
Download the afd.zip, save and then right click and extract all to get the afd.sys file
alternatively you can download afd.txt and rename it to afd.sys then try to copy it to \windows\system32\drivers
the CMD command to copy a file is:
copy afd.sys \windows\system32\drivers
If that won't work we can let FRST do it. I just need to know where the downloaded file is.
#45
Posted 10 January 2018 - 02:40 AM
stallada
- Topic Starter
-
- Member
-
- 29 posts
Member
Replaced the afd.sys with the one you provided, and it doesn't look like that made a difference
Similar Topics
Also tagged with one or more of these keywords: avast, windows, boot, aswbisha
|
#linux
Discussion →
Off-Topic →
Two different OS on two different drivers - recommended?Started by Killian Gharrah , 17 Sep 2023  #linux, #windows, #SSD, #HDD
|
|
|
|
|
|
Operating Systems →
All Other Operating Systems →
Specific boot problem with Windows XPStarted by SomeNewUser , 21 May 2023 Windows XP, boot
|
|
|
|
|
|
Software →
Applications →
Recommendation on program which can set alerts/remindersStarted by Master T , 22 Nov 2022 alert, reminder, windows, android
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Help w/FRST logs...NEWBIE [Closed]Started by stephspomer , 28 Sep 2021 farbar, frst, virus, malware and 2 more...
|
|
![Help w/FRST logs...NEWBIE [Closed] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
|
|
|
|
Operating Systems →
Windows 8 and 8.1 →
Noob questionStarted by kelly1 , 02 Aug 2021 windows 8.1
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
