cak46

did you get a driver disk with the cd-rom drive (Hardware Drivers for the cd-rom itself)? And you mentioned combo. Is it a combination cd-rom drive and floppy drive in 1 51/4' slot? What do you mean by combo in your post a few times ago? Sound like it doesn't like to be interrupted. When it happens again, do ctrl+alt+delete and watch the processes and note which have activity with the cpu for a minute or so, then click ok (Edit:on the error message window) and try to catch what process ends or has the most activity prior to shutdown.

Yeah, generally if I go against my instinct, I get creamed.... . Tech support is only as good as the cue cards they are given to read from :haha: Good idea with the floppy controller... It still could be the attempted install of silent hunter damaged one of the drivers or dlls for nero or power DVD. May want to try disconnect/reconnect test and if it doesn't work, reinstall the nero and power DVD programs, hopefully overwriting or putting back the missing or corrupted file. I'm fighting a bug on a coworkers machine, so I'll be in and out till about 10:30 or so, my time (Eastern.... way eastern..... )

If she doesn't have the original disks, she can contact the manufacturer of the laptop and request replacement disks. She will need serial numbers and such, and may pay a fee, but its worth it to have the disks in the long run. Got the disks for an older ME HP machine for about 30 bucks. Op. sys and preinstalled software recovery disks. Good investment and save you a good amount of bucks. What is the model of laptop that she has from Dell?

The radio shack guy could be right, since the power supply also serves as a charger for the battery packs. I would not connect a full line power dc or ac to the battery pack! May fry the machine, at the least, or cause the batteries to explode.

Sorry about the double post. Falco, I tried your fix first, since it seemed less involved and a quick try. Looks like this issue may not be aurora after all. Ran the fix then looked for the files mentioned and found none of them. The process disappeared when explorer was shut down by the fix, but came back on instantly when explorer came back up. Looks like, the more I dig, it is directly tied to explorer.exe because if I just end the explore.exe process and then end the random process, it does not come back until the explorer.exe process is restarted. I may try killing each module, one by one, under the explorer.exe process to see if I can find which is restarting the random process. BTW: The bad process starts at about 176kb of mem usage then climbs steadily in memory usage over time. Scanned the file with the name same as the process involved directly with AV, nothing found. DN0, will give your fix a try next. Edit: Ran TrojanHunter. Found it, but can't get rid of it. The trojan is Agent.214. TH stops the process and can rename it, but gives the process enough time to re-constitute itself. Anyone know of a scannner that will kill this bug or will this be a blood-letting ritualistic manual remove?

Yeah, this is only part of the problem with this bug. If you are running xp, do ctrl+alt+delete. In the process list check to see if there is a randomly named file that doesn't "fit" in the list that may be 200Kb in size. This file, I believe, is remnants of the aurora bug. To find out if it is, end that process and watch closely because a new process will pop onto the list almost instantly after you end the original process. Thanks for all the help! Going to try and eliminate it with your suggestions in a bit.

Thing that gets me is that it specifically says the optical drives. Might want to check the manufacturers websites and see if they have updated drivers. I need to sign off for now but if you open the hood and disconnect the cd-rom drive then start the machine back up it will cause XP to automatically disable the driver which would rule it out or in as the culprit. Take care and get some sleep! :wave:

Was this booting to safe mode or normal boot up and did you try the cd-rom qucik fixes yet? Still perusing the log..... This was your most recent bootup. Rest is prior sessions..... Service Pack 2 7 5 2005 17:31:39.500 Loaded driver WINDOWSsystem32ntoskrnl.exe Loaded driver WINDOWSsystem32hal.dll Loaded driver WINDOWSsystem32KDCOM.DLL Loaded driver WINDOWSsystem32BOOTVID.dll Loaded driver ACPI.sys Loaded driver WINDOWSsystem32DRIVERSWMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver WINDOWSSystem32DRIVERS1394BUS.SYS Loaded driver pciide.sys Loaded driver WINDOWSsystem32DRIVERSPCIIDEX.SYS Loaded driver viaide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver sfsync02.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver WINDOWSSystem32DRIVERSCLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver sfhlp02.sys Loaded driver sfdrv01.sys Loaded driver nv_agp.sys Loaded driver Mup.sys Loaded driver SystemRootSystem32DRIVERSamdk7.sys Loaded driver SystemRootsystem32DRIVERSusbohci.sys Loaded driver SystemRootsystem32DRIVERSusbehci.sys Loaded driver SystemRootsystem32DRIVERSNVENET.sys Loaded driver SystemRootsystem32driversnvax.sys Loaded driver SystemRootSystem32DRIVERSimapi.sys Loaded driver SystemRootSystem32DRIVERScdrom.sys Loaded driver SystemRootSystem32DRIVERSredbook.sys Loaded driver SystemRootSystem32Driversincdrm.SYS Loaded driver SystemRootSystem32DRIVERSInCDPass.sys Loaded driver SystemRootsystem32DRIVERSnv4_mini.sys Loaded driver SystemRootsystem32DRIVERSfdc.sys Loaded driver SystemRootsystem32DRIVERSserial.sys Loaded driver SystemRootsystem32DRIVERSserenum.sys Loaded driver SystemRootSystem32DRIVERSparport.sys Loaded driver SystemRootSystem32DRIVERSi8042prt.sys Loaded driver SystemRootSystem32DRIVERSkbdclass.sys Loaded driver SystemRootSystem32DRIVERSaudstub.sys Loaded driver SystemRootSystem32DRIVERSrasl2tp.sys Loaded driver SystemRootSystem32DRIVERSndistapi.sys Loaded driver SystemRootSystem32DRIVERSndiswan.sys Loaded driver SystemRootSystem32DRIVERSraspppoe.sys Loaded driver SystemRootSystem32DRIVERSraspptp.sys Loaded driver SystemRootSystem32DRIVERSmsgpc.sys Loaded driver SystemRootSystem32DRIVERSpsched.sys Loaded driver SystemRootSystem32DRIVERSptilink.sys Loaded driver SystemRootSystem32DRIVERSraspti.sys Loaded driver SystemRootsystem32DRIVERSrdpdr.sys Loaded driver SystemRootSystem32DRIVERStermdd.sys Loaded driver SystemRootSystem32DRIVERSmouclass.sys Loaded driver SystemRootSystem32DRIVERSswenum.sys Loaded driver SystemRootSystem32DRIVERSupdate.sys Loaded driver SystemRootSystem32DRIVERSmssmbios.sys Loaded driver SystemRootSystem32DriversNDProxy.SYS Did not load driver SystemRootSystem32DriversNDProxy.SYS Loaded driver SystemRootsystem32DRIVERSusbhub.sys Loaded driver SystemRootsystem32driversnvapu.sys Loaded driver SystemRootSystem32DRIVERSflpydisk.sys Did not load driver SystemRootSystem32Driverslbrtfdc.SYS Did not load driver SystemRootSystem32DRIVERSsfloppy.sys Did not load driver SystemRootSystem32Driversi2omgmt.SYS Did not load driver SystemRootSystem32DriversChanger.SYS Did not load driver SystemRootSystem32DriversCdaudio.SYS Samsung CD-rom Driver Loaded driver SystemRootSystem32DriversFs_Rec.SYS Loaded driver SystemRootSystem32DriversNull.SYS Loaded driver SystemRootSystem32DriversBeep.SYS Loaded driver SystemRootSystem32driversvga.sys Loaded driver SystemRootSystem32Driversmnmdd.SYS Loaded driver SystemRootSystem32DRIVERSRDPCDD.sys Loaded driver SystemRootSystem32DriversInCDfs.SYS Loaded driver SystemRootSystem32DriversInCDrec.SYS Loaded driver SystemRootSystem32DriversMsfs.SYS Loaded driver SystemRootSystem32DriversNpfs.SYS Loaded driver SystemRootSystem32DRIVERSrasacd.sys Loaded driver SystemRootSystem32DRIVERSipsec.sys Loaded driver SystemRootSystem32DRIVERStcpip.sys Loaded driver SystemRootSystem32DRIVERSnetbt.sys Loaded driver SystemRootSystem32vsdatant.sys Loaded driver SystemRootSystem32driversws2ifsl.sys Loaded driver SystemRootSystem32driversafd.sys Loaded driver SystemRootSystem32DRIVERSnetbios.sys Did not load driver SystemRootSystem32DRIVERSprocessr.sys Did not load driver SystemRootSystem32DriversPCIDump.SYS Loaded driver SystemRootSystem32DRIVERSrdbss.sys Loaded driver SystemRootSystem32DRIVERSmrxsmb.sys Loaded driver SystemRootsystem32DRIVERSipnat.sys Loaded driver SystemRootSystem32DRIVERSwanarp.sys Loaded driver SystemRootSystem32DriversFips.SYS Loaded driver SystemRootSystem32DRIVERSusbprint.sys Loaded driver SystemRootSystem32DriversLHidUsb.Sys Loaded driver SystemRootsystem32DRIVERSLHidFlt2.Sys Loaded driver SystemRootSystem32DRIVERSmouhid.sys Loaded driver SystemRootsystem32DRIVERSLMouFlt2.Sys Loaded driver SystemRootSystem32DriversCdfs.SYS Did not load driver SystemRootSystem32DRIVERSrdbss.sys Did not load driver SystemRootSystem32DRIVERSmrxsmb.sys Loaded driver SystemRootSystem32DRIVERSmrxdav.sys Loaded driver SystemRootSystem32DriversParVdm.SYS Loaded driver SystemRootSystem32DRIVERSsrv.sys Loaded driver SystemRootsystem32driverswdmaud.sys Loaded driver SystemRootsystem32driverssysaudio.sys Loaded driver SystemRootsystem32driverssplitter.sys Loaded driver SystemRootsystem32driversaec.sys Loaded driver SystemRootsystem32driversswmidi.sys Loaded driver SystemRootsystem32driversDMusic.sys Loaded driver SystemRootsystem32driverskmixer.sys Loaded driver SystemRootsystem32driversdrmkaud.sys Did not load driver SystemRootsystem32DRIVERSipnat.sys Loaded driver SystemRootSystem32DriversHTTP.sys Loaded driver SystemRootsystem32DRIVERSNaiFiltr.sys Loaded driver SystemRootSystem32DriversFastfat.SYS Loaded driver SystemRootsystem32driverskmixer.sys Loaded driver SystemRootsystem32driverskmixer.sys

Yup. Read through it and bookmarked it. Avast did find the most of it, just not this 200kb process that keeps reactivating. I have a feeling that if I put the machine on the web, it's all going to go to pot really fast. I generally don't reformat until the fat lady sings, or the machine is a trainwreck. Thanks again. Will let you know how I fare tomorrow evening when I attempt the fix.

Could be. That was one of the many bugs that Avast got rid of. Right now I do get an error with Nail.exe not being found on boot up. Was planning on deleting that entry later. Thing that makes this difficult is that it is a multi-user machine. I'll give it a try tomorrow. Thanks much in advance!

:haha: I live so far out in the boonies I just hear a rumble off in the distance....... Try this first: Taken from link below: Open My Computer | Right click CD/DVD drive | Hardware tab | Highlight CD/DVD drive | Properties button | Properties tab |

Posted the following in Avasts forum.... BTW: Thanks PHP. Avast was the only AV program I could get to run on this machine, even in safemode..... Any thoughts on this? I'm a newbie with a question. I have a process that when killed, comes back renamed but the exact same size. Avast and AVG with all the newest updates are not detecting this. I captured a copy of the .exe file, renamed it, then edited it. Looks like it uses upx 1.24 to unpack or pack itself. Wish it would be detected by something. Also did adaware as well. This machine had mucho adware, trojan horses, regular viruses. You name it, she had it. Now I'm down to just this one buggar. I've used killbox, no good, the Porgram/process just comes back renamed. Looks like when you kill the process, it deletes the corrosponding file name on the hd. BTW, its running from the c:windowssystem32 directory on a Windows XP SP1 machine. (I do not dare get on the net with it until this bug is gone. made that mistake early in the game before) Can anyone help with this or is Avast interested in the file I have (renamed of course)? Edit: Also ran stinger, and perused the registry with hijackthis and used ms's malicious program removal tool at one point......

Back like a bad breakfast burrito! :haha: I had a thought, yeah, I know, rare thing nowadays...... . Reboot and hit the F8 key, then use the 'boot logging' selection. Since it's happening before the main interface (Explorer) comes up, we might luck out and get an entry in that log. Excerpt from this link: http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prmc_str_xhtz.asp Boot Logging Boot logging lists the files that successfully and unsuccessfully processed during startup. Boot logging enables you to log the Windows XP Professional components that are processed when you start your computer in safe mode and also in normal mode. By comparing the differences between the two logs, you can determine which components are not required to start. You can enable boot logging by using either of these methods: * Edit the Boot.ini file as described in "Reviewing and Correcting Boot.ini Settings on x86-based Systems" later in this chapter. Add the /bootlog parameter, save the revised Boot.ini, and restart the computer. For more information about the /bootlog parameter, see Table 28.18 later in this chapter. * Restart the computer and press F8 when prompted. On the Windows Advanced Options menu, select Enable Boot Logging. Windows XP Professional records in a log, windirNtbtlog.txt, the name and path of each file that runs during startup. The log marks each file as successful (Loaded driver) or unsuccessful (Did not load driver). Boot logging appends entries to Ntbtlog.txt when you start your system in safe mode. Comparing normal mode and safe mode entries enables you to determine which services run in normal mode only. The following lines are sample Ntbtlog.txt entries: Loaded driver SystemRootSystem32DRIVERSflpydisk.sys Did not load driver SystemRootSystem32DRIVERSflpydisk.SYS If you cannot start your computer in normal mode, start it in safe mode. For the services that run only in normal mode, disable those services one at a time, trying to restart your computer in normal mode after you disable each service. Continue to individually disable services until your computer starts in normal mode. *************** Go ahead and post the log after your machine is fully booted. It should be in your windows directory named ntbtlog.txt.

Darn.... Before I go, do you have any security failures in your security log? They would have a little lock on the left side.... Will be back tomorrow, same Bat station, Same Bat channel... Obscure Batman reference.... sorry....... Have a good night

Sound tasty. Did a bit a barbeque here today! Happy Fourth of July! Here are the errors: Details Product: Windows Operating System ID: 26 Source: Application Popup Version: 5.2 Symbolic Name: STATUS_LOG_HARD_ERROR Message: Application popup: %1 : %2 Explanation The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt. User Action To correct this problem: Ensure that the program user has sufficient privileges to access the directory in which the driver is installed. Reinstall the program to restore the driver to the correct location. If these solutions do not work, contact Product Support Services. Version: 5.0 Symbolic Name: status_log_hard_error Message: Unable to Load Device Driver : device driver could not be loaded. Explanation The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt. User Action To correct this problem: Reinstall the program to restore the driver to the correct location. If these solutions do not work, contact Product Support Services.

Ahhh, must not be that one then...... Any luck with the logs? Hoping the scripting fix may have fixed the log entires for that error.

Give this a try if you want. I'm rethinking the floppy and its a quick test. If you want, unhook the floppy drive, then shut down and start your machine up without the floppy attached to see if that might be the problem driver. Also, may want to recheck the system logs to see if the fix fixed the reporting problem for the hardware error there.

Hmmm. Probably not that. Can you do ctrl+alt+del and see all of the processes running then do a screen print and post it? Make the window big enough so that all processes show on the list, if you would. BTW: Sounds like the re-install pushed the program that is causing the iss up the list, so to speak, so that it executes earlier in the boot process. Might want to do a new HJT log and compare the two to see the changes and what was moved around during the fix. Have you tried fully uninstalling the mouse software and putting a different mouse on the system? I know you swapped mice once a while ago, but did you uninstall the software as well?

Does it occur both with the floppy connected and disconnected?

She's a chow mix. Her tongue looks like she ate a purple popsicle. Thanks . Shes' very mild mannered, that must be the mix part because chows are usually an aggressive breed. Yeah, everywhere you turn you wind up at the wrong information on the MS website. Good to hear that their fix worked for the missing stuff. That must be a relief. I will assume but you might want to check it out with the Microsoft dude, if the repair re-wrote the op sys files and fixed the op sys reg. entries. A couple more things to look at: (Just what you wanted to hear..........) 1. ) go to Start menu>programs>Startup Look at the entries to see if there is something there that you previously uninstalled from your computer. If you could, post what is listed there.. if anything.... 2.) Do you use power management? For example, does your system power down autmatically if you aren't using it for a while? (Hard drives spin down, monitor goes black, etc.). If you do, go in and set all settings for power mgt. to never. 3.) When the error occurs after the desktop comes up, is everything already loaded and showing down by the clock, or is just some of the little icons there? 4.) Floppy and cd-rom drive working OK?

Ditto.... Searching their site is like tryin' to find a flea on a Chow. Not much sucesss, and all you do come up with is fur...... :haha:

:haha:

Their site is next to impossible to navigate...... Havin' a buzz while navigating their site actually might help.

No, no... Benda' (or bender for those from away) is what you go on the night before, hangover is what you have the morning after.... :haha: Edit: It's actually hangova' in this neck of the woods....... Here's a link on the reinstall stuff from Microsucks, oops I mean soft. Method 2 is his suggestion.... http://support.microsoft.com/default.aspx?scid=kb;en-us;315341

Yup. Only thing I can figure is that something that the sp2 disk didn't update on install might be fixed with repair.