Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


NTVDM CPU illegal request instruction on start up

  • This topic is locked This topic is locked
7 replies to this topic

#1 Kyrazr2


  • Members
  • 3 posts
  • Local time:01:16 AM

Posted 27 June 2009 - 01:59 PM

Hi All!

first of all i would very much like to thank you for any forthcoming help as this one has really got me stumped. i have also never used a forum before so pls 4give any mistakes/ inappropriate postings etc.!

it is a minor issue after all but an annoying one nevetheless ;) i am not sure whether it is a simple registry error or a worm that i have contracted from a USB drive (this is an assumption after doing my own research into the topic....) However if that is the case then i would have expected my Sophos anti virus to have cleared it - which it didnt.

It is an unobtrusive error which is essentially a pop up just before the pc is to access the desktop screen but as with all pc things that arent right i want to know how to fix it ;). The error message is as follows:

NTVDM CPU illegal instruction CS:126B IP: 0122 OP:DB 73 56 65 00


i presume i am to copy and paste the dss log at this point?...hold on !(sorry if this was supposed to go somewhere else...)

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 19:34:41.89 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1982.614 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *disabled* (Updated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Max Registry Cleaner\RCVistaService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.mytalktalk.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
uURLSearchHooks: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
mURLSearchHooks: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer =,
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 40496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-1 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-1 108552]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2009-6-26 85312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-26 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-26 298776]
R2 Intrchs;Intrchs;c:\users\owner\appdata\local\playe4\bin\Intrchs.sys [2008-10-31 9728]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-2-26 29183504]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-1-17 28728]
R2 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\RCVistaService.exe [2009-4-22 1519488]
R2 RelevantKnowledge;RelevantKnowledge;c:\windows\system32\rlservice.exe [2008-6-28 86016]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 XMail;Apache2Triad Xmail Service;c:\apache2\mail\bin\xmail.exe [2009-1-7 327680]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2009-4-18 22528]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [2009-4-18 2688]
S2 Microsoft Device Manag;Microsoft Device Manag;c:\program files\common files\microsoft shared\msinfo\system32.exe --> c:\program files\common

files\microsoft shared\msinfo\system32.exe [?]
S2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
S3 Apache2(SSL);Apache2Triad Apache2 Service with SSL;c:\apache2\bin\apache.exe [2009-1-7 20541]
S3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-4-18 16640]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-4-18 184320]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-6-26 20288]

=============== Created Last 30 ================

2009-06-27 03:14 <DIR> -cd----- c:\programdata\RegCure
2009-06-27 03:14 <DIR> -cd----- c:\progra~2\RegCure
2009-06-26 23:20 130,088 ac--h--- c:\windows\system32\5e19414d.stf
2009-06-26 23:20 130,088 ac------ c:\windows\system32\sdccoinstaller.dll
2009-06-26 23:18 <DIR> -cd----- c:\program files\common files\Cisco Systems
2009-06-26 23:18 23,552 ac------ c:\windows\system32\SophosBootTasks.exe
2009-06-26 23:17 <DIR> -cd----- c:\programdata\Sophos
2009-06-26 23:17 <DIR> -cd----- c:\program files\Sophos
2009-06-26 23:17 <DIR> -cd----- c:\progra~2\Sophos
2009-06-26 23:15 20,288 ac------ c:\windows\system32\drivers\SophosBootDriver.sys
2009-06-26 23:15 85,312 ac------ c:\windows\system32\drivers\savonaccess.sys
2009-06-26 23:15 <DIR> -cd----- C:\stdtsa
2009-06-26 18:30 620 ac------ c:\windows\RegGenie.ini
2009-06-26 17:14 161,816 ac------ c:\windows\RegGenieOnUninstall.exe
2009-06-26 17:14 <DIR> -cd----- c:\program files\RegGenie
2009-06-26 16:41 <DIR> -cd----- c:\program files\Trend Micro
2009-06-26 15:28 <DIR> -cd----- c:\programdata\AVG Security Toolbar
2009-06-26 15:28 <DIR> -cd----- c:\progra~2\AVG Security Toolbar
2009-06-14 13:05 428,544 ac------ c:\windows\system32\EncDec.dll
2009-06-14 13:05 217,088 ac------ c:\windows\system32\psisrndr.ax
2009-06-14 13:05 293,376 ac------ c:\windows\system32\psisdecd.dll
2009-06-14 13:05 177,664 ac------ c:\windows\system32\mpg2splt.ax
2009-06-14 13:05 80,896 ac------ c:\windows\system32\MSNP.ax
2009-06-05 13:42 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-06-01 11:49 11,952 ac------ c:\windows\system32\avgrsstx.dll.old
2009-06-01 11:49 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-06-01 11:49 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-06-01 11:49 327,688 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-06-01 11:49 <DIR> -cd----- c:\windows\system32\drivers\Avg

==================== Find3M ====================

2009-06-22 21:57 56,895 ac------ c:\programdata\nvModes.dat
2009-06-22 21:57 56,895 ac------ c:\progra~2\nvModes.dat
2009-05-28 22:21 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-28 22:21 86,016 a------- c:\windows\inf\infstor.dat
2009-05-28 22:21 51,200 a------- c:\windows\inf\infpub.dat
2009-05-15 16:04 3,809,280 ac------ c:\windows\system32\bcmihvsrv.dll
2009-05-15 16:04 3,502,080 ac------ c:\windows\system32\bcmihvui.dll
2009-05-15 16:04 1,331,192 ac------ c:\windows\system32\drivers\BCMWL6.SYS
2009-05-15 16:04 87,280 ac------ c:\windows\system32\bcmwlcoi.dll
2009-05-15 16:04 6,656 ac------ c:\windows\system32\bcmwlrc.dll
2009-05-09 06:50 915,456 ac------ c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 ac------ c:\windows\system32\iesetup.dll
2009-04-23 13:43 784,896 ac------ c:\windows\system32\rpcrt4.dll
2009-04-23 13:42 636,928 ac------ c:\windows\system32\localspl.dll
2009-04-21 12:55 2,033,152 ac------ c:\windows\system32\win32k.sys
2009-04-04 00:09 145,504 ac------ c:\windows\system32\bgsvcgen.exe
2009-04-04 00:09 59,488 ac------ c:\windows\system32\GenSvcInst.exe
2009-04-01 11:06 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-31 15:35 17,160 ac------ c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 ac------ c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-02-09 10:20 27,335 ac------ c:\users\owner\appdata\roaming\nvModes.dat
2008-08-27 06:08 174 a--sh--- c:\program files\desktop.ini
2008-08-27 05:57 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-05 18:37 374 ac------ c:\users\owner\appdata\roaming\internaldb6334.dat
2008-03-05 18:35 18,432 ac------ c:\users\owner\appdata\roaming\internaldb41.dat
2008-03-05 18:35 555 ac------ c:\users\owner\appdata\roaming\internaldb8467.dat
2007-07-01 22:31 4,487,152 ac------ c:\program files\Nero-Lightscribe_1.6.43.1.EXE
2006-11-02 13:42 287,440 ac------ c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 ac------ c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 ac------ c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 ac------ c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 ac------ c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 ac------ c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 ac------ c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 ac------ c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:37:54.61 ===============

hokey, cokey i think that about does it...;)

thanking you once again for your time x

Peace and Lurrve and many Tecchie Blessings!

BC AdBot (Login to Remove)


#2 etavares


    Bleepin' Remover

  • Malware Response Team
  • 15,514 posts
  • Gender:Male
  • Local time:02:16 AM

Posted 01 July 2009 - 08:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators

#3 Kyrazr2

  • Topic Starter

  • Members
  • 3 posts
  • Local time:01:16 AM

Posted 02 July 2009 - 04:55 PM

Hi again

Thanks for the input regarding the delay, however i have already followed your instructions and have posted the problem accurately along with the DSS log. I have as yet not taken any steps to try and resolve the problem because i am at the moment trying to acquire a copy of a good registry cleaner which i am hoping will clear some missing entries up and also am looking to update all of the NVDTV drivers - although i do not consider this to be part of the problem. It is in my opinion a worm contracted from a portable USB drive that i have been using recently ...

After i have run the registry scan i shall put up another log if the problem has not been fixed so you can evaluate any changes.

Thanking you once again for you help


#4 Farbar


    Just Curious

  • Security Developer
  • 21,730 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:16 AM

Posted 05 July 2009 - 06:24 AM

Hi Kyrazr2,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

i am at the moment trying to acquire a copy of a good registry cleaner which i am hoping will clear some missing entries up and also am looking to update all of the NVDTV drivers

Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.
It seems you are not ready yet to use our assistance.
So either you do this on your own or you are ready to stop making changes to the system. We would like to help you but except from you not making our job more difficult.

Your computer is infected. If you want our assistance please refrain from making any changes to your system (updating Windows, installing applications, removing files, using registry cleaners, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please tell me your decision.

#5 Kyrazr2

  • Topic Starter

  • Members
  • 3 posts
  • Local time:01:16 AM

Posted 05 July 2009 - 10:40 PM

ok ... well i have run the avp kaspersky virus check and it found 3 threats were phishing attacks in emails and also deleted the runonce registry entries which fixed the problem only temporarily, only for it to be back to square one a few reboots later.

on top of the runonce error i am also having problems completely ridding the reg genie program which i rather foolishly downloaded and then tried to uninstall. the reggenieonreboot.exe keeps popping up at the same time as the runonce error and i would really like to find a way to fix the issue.

hope this extra info helps


#6 Farbar


    Just Curious

  • Security Developer
  • 21,730 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:16 AM

Posted 06 July 2009 - 05:32 AM

I have send you a PM as I had the impression my reply was not entirely clear to you. I doubted if you have read my reply and understood what I was saying. Your subsequent post just supported my thought about it. So please read the post once again carefully. Here we are dealing with an infection and not just a couple of error at startup and I need you to stop doing things on your own. Please tell me you understand and agree with what I am suggesting.
If you agree please run DDS and copy and paste both the logs to your reply. No deed to attach or zip them.

Edited by farbar, 06 July 2009 - 05:59 AM.

#7 Farbar


    Just Curious

  • Security Developer
  • 21,730 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:16 AM

Posted 08 July 2009 - 05:47 PM

I'll wait one more day before closing the topic.

#8 Farbar


    Just Curious

  • Security Developer
  • 21,730 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:16 AM

Posted 12 July 2009 - 08:11 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users