Home News Reviews Forums Shop


Help - Illegal Request Error Occurred

Nero Burning ROM, Nero Express, NeroVision Express, Recode, InCD, etc..

Postby cfitz on Sun Mar 16, 2003 2:41 am

You're welcome.

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby colonwk on Mon Mar 17, 2003 10:18 am

Microsoft Office
Live Menu (eFax)
EFax.com Tray Menu
Quickbooks 2002 Delivery Agent
WinZip QuickPick
Acrobat Assistant
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Quicken Startup
Bill Minder
C:\Documents and Settings\william colon\Start Menu\Programs\Startup


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"CriticalUpdate"="C:\\WINNT\\System32\\wucrtupd.exe -startup"
"LoadQM"="loadqm.exe"
"QuickTime Task"="C:\\WINNT\\System32\\qttask.exe"
"WinampAgent"="\"D:\\Winamp3\\winampa.exe\""
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ATTBroadbandClient"="D:\\Program Files\\AT&T\\BBClient\\Programs\\RegCon.exe /admincheck"
"ATTBroadbandUpdate"="D:\\Program Files\\AT&T\\BBClient\\Programs\\SAUpdate.exe"
"explore"="C:\\WINNT\\System32\\explore.exe"
"IEXPLORER"="C:\\windows\\system32\\explorer.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Com+Services"="explorer.exe"
"print sharing"="c:\\winnt\\web\\printers\\images\\start.bat"
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"InCD"="D:\\Ahead InCD\\InCD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Driver Information
------------------
Driver : BsUDF
Description : UDF File System Driver (Windows2000)
Version : 3.5.22.0
Company : ahead software

Driver : dmio
Description : NT Disk Manager I/O Driver
Version : 2195.2104.297.3
Company : VERITAS Software Corp.

Driver : dmload
Description : NT Disk Manager Startup Driver
Version : 2195.2104.297.3
Company : VERITAS Software Corp.

Driver : Imagedrv
Description : NERO IMAGEDRIVE SCSI miniport
Version : 1.1.0.0
Company : ahead software gmbh && its licensors
Last edited by colonwk on Tue Mar 18, 2003 8:24 pm, edited 1 time in total.
colonwk
Buffer Underrun
 
Posts: 9
Joined: Wed Mar 12, 2003 11:44 am

Postby colonwk on Mon Mar 17, 2003 11:28 am

And my answers to Q1 - Q12:

Q1: TDK VeloCD 32/10/40 Internal ATAPI/E-IDE Model #AI-320140
Q2: Don't know motherboard manufacturer. Is there a way to check other than physically looking in box?
Q3: MS Windows 2000 SP 2
Q4: InCD V 3.5.22.0, Nero V 5.5.10.15
Q5: Memorex CDRW 700MB/80MIN 4X (Problem - tossed 'em all)
Samsung Premium (650MB/74MIN 10X (so far so good)
Q6: UDF 1.5
Q7: Auto Run On
Q8: System ASPI - Not Installed
Nero ASPI - WNASPI32.DLL Version 2.0.1.5, Length 160016 bytes
Q9: Have not cleaned registry: Please instruct.
Q10: If I did this right they are:
cdaudio.sys, 19,088
cdfs.sys, 61,072
cdrom.sys, 107,536
Q11: Posted above
Q12: Couldn't find this file
colonwk
Buffer Underrun
 
Posts: 9
Joined: Wed Mar 12, 2003 11:44 am

Postby KCK on Mon Mar 17, 2003 2:53 pm

colonwk:

Your latest answers to Q1-Q12 are addressed below. I start with your previous post on startup items, because it is more urgent!

Your C:\Documents and Settings\All Users\Start Menu\Programs\Startup looks OK. Well, you probably don't need most of these startup items (you could move their shortcuts to an archive directory, see what happens when you use the corresponding applications, and move some of them back if necessary).

C:\Documents and Settings\william colon\Start Menu\Programs\Startup also looks fine (unless Quicken and Bill Minder are seldom used).

As for the registry Run export, I googled for mobsync.exe, loadqm.exe, etc., and found some interesting links. These links show how to get rid of unnecessary startup items, but there are too many of them to be quoted here, so you will have to use Google yourself.

Anyway, mobsync is useless, wucrtupd is run by few users, loadqm is useless, qttask only starts the Quick Time tray icon, winampa just eats your resources, whereas BJCFD, ATTBroadbandClient and ATTBroadbandUpdate seem to be useless as well.

explore.exe is probably due to the Worm.ExploreZip virus!!! :evil: See Symantec's and McAfee's warnings, and run some antivirus software! BTW, since I can't see any Run entries for such software, I'm wondering what kind of antivirus software you are using.

I don't know why you have the IEXPLORER entry; maybe other W2K users could comment here?

realsched (from RealOne) is useless.

The Com+Services entry looks strange. Does anybody know how to google for such terms that include the special + character?

Now, print sharing=c:\winnt\web\printers\images\start.bat could be the culprit responsible for your startup messages. Please post this start.bat file here.

Finally, NeroCheck and InCD are OK.

Of course, only explore.exe and start.bat are of immediate interest. Most of the remaining Startup and Run items could be removed to speed up your system, but you should read some Google links first, and this is not urgent. (BTW, on my XP box I only have one batch file in Startup for RAMDisk and 7 items in Run (two of which are Dell's rubbish, but I don't care)).

Your Driver Information extract from Nero InfoTool looks OK. The VERITAS drivers dmio.sys and dmload.sys have been replaced by similar Microsoft drivers in XP. Unless you really need Nero ImageDrive, you could uninstall it. BTW, I'm not sure why you didn't omit the Microsoft drivers; also the .dll files could be deleted (you may edit your post).

Concerning your answers to Q1-Q12:

Q2: The mobo and chipset are probably not important in your case (unless Nvidia IDE drivers are listed in Device Manager).

Q3: Why not SP3?

Q9: Apparently you have not removed any burning programs or plugins so far, so this might not be needed, but you could run RegClean (see S11.3); just back up your registry first.

Q11: Why don't you run the four dir commands, redirecting their output to text files as explained in S11.1? Sometimes file dates help as well.

Q12: The Nero log file should be produced/augmented for each Nero run. Have you not run Nero so far?
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Postby cfitz on Mon Mar 17, 2003 11:00 pm

I'm running Windows 2000 and have only three entries in the "Run" key:

AVG_CC (for my anti-virus software)
NeroCheck
Proxomitron (browser proxy)

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby KCK on Tue Mar 18, 2003 8:13 pm

cfitz:

Your Run key is indeed lean! :P Thus it seems that colonwk's IEXPLORER and Com+Services entries are far from being standard.

BTW, apparently instead of deleting entries from the Run key, it suffices to modify their DATA values to make them invalid, e.g., by prepending "." (a dot) or "rem " (without the quotes). It is easier to reverse such modifications than to recreate the entries.

I guess you are running AVG AntiVirus from www.grisoft.com . I've just learnt that its free edition is available worldwide. Would you recommend it to colonwk, who apparently needs antivirus software?
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Postby colonwk on Tue Mar 18, 2003 10:58 pm

Have been away for a while so not sure if anyone is still out there monitoring this thread.

I ran the dir commands in the cmd window and found. I have read thru the previous posting and don't see anything suspect, but then again I am a complete rookie at this.

dir C:\WinNT\System32\Drivers\cd*.*
12/7/99, 19,088, cdaudio.sys
12/7/99, 61,072, cdfs.sys
12/7/99, 23,376, cdrom.sys

dir C:\WinNT\System32\cd*.*
5/4/2001, 2,523,408, cdosys.dll
9/18/2001, 118,872, CDM.DLL
12/7/1999, 402,704, cdonts.dll
6/6/2000, 144,144, cdfview.dll
12/7/1999, 337,680, cdplayer.exe
12/7/1999, 68,368, CDM.DLL.OLD

dir C:\WinNT\System32\Drivers\ud*.*
Volume in Drive C has no label
Voluem Serial Number is 2C76-9ED4
5/4/2001, 62,128, udfs.sys

dir C:\WinNT\System32\*.*
No Files.

(1) I deleted the dll and microsoft drivers from previous posts.
(2) How do I post the start.dat file here? This may well be part of the solution.
(3) Is there any advantage to SP3?
(4) I will have to read the google search answers for how to delete items from the start menu.. Thanks. I have been wondering how to do that for some time.
(5) Will it be beneficial for me to run the regcleaner from the vtoy.fi site?

I am learning a ton. thanks guys.
colonwk
Buffer Underrun
 
Posts: 9
Joined: Wed Mar 12, 2003 11:44 am

Postby cfitz on Tue Mar 18, 2003 11:46 pm

KCK wrote:I guess you are running AVG AntiVirus from www.grisoft.com . I've just learnt that its free edition is available worldwide. Would you recommend it to colonwk, who apparently needs antivirus software?
I haven't done any extensive testing of its virus detection capabilities, just the standard eicar virus test, which it passed. But it is easy to use, keeps out of the way, and has never given me any problems such as mysterious crashes. And the price is right! :D The one drawback is the update mechanism. It is automated (or manual, if you prefer), but doesn't seem to upgrade incrementally. Every time it updates it downloads around 1.5 MiBytes of data. That's not a problem if you have a broadband connection, but it might discourage a dial-up user from keeping his or her virus definitions up to date.

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby KCK on Wed Mar 19, 2003 12:53 am

colonwk:

Yes, the results of your four dir commands do not list any culprits.

As I wrote on Monday, apparently your system is infected by a virus!!! Unless you have some reputable antivirus software, download the free edition of AVG AntiVirus from www.grisoft.com and check your system thoroughly (select to scan as many file types as possible). This must be done before doing anything else. I'm really puzzled why you chose to ignore this point.

As for C:\WinNT\web\printers\images\start.bat, call Notepad to edit it, press Ctrl+A to highlight everything, then Ctrl+C to copy, and finally Ctrl-V to paste it into the IE window where you are composing your post.

I mentioned SP3 because most W2K users are running it. I can't see any reason why you shouldn't upgrade to SP3, but maybe other forum experts (cfitz?) could tell you if there are any dangers in upgrading from SP2 to SP3.

Except for the possible virus issues, cleaning up your Startup and Run items may speed up your system, but apparently it is not really crucial for your InCD problems, so you can do it at your leisure.

Right now I see no reason for running RegCleaner, but it might be beneficial to run it after the virus cleanup; just back up your registry first.
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Postby cfitz on Wed Mar 19, 2003 1:03 am

KCK wrote:As I wrote on Monday, apparently your system is infected by a virus!!! Unless you have some reputable antivirus software, download the free edition of AVG AntiVirus from www.grisoft.com and check your system thoroughly (select to scan as many file types as possible). This must be done before doing anything else. I'm really puzzled why you chose to ignore this point.

A web-based virus scan is also available for free from Trend Micro:

http://housecall.antivirus.com/housecall/start_corp.asp

KCK wrote:I mentioned SP3 because most W2K users are running it. I can't see any reason why you shouldn't upgrade to SP3, but maybe other forum experts (cfitz?) could tell you if there are any dangers in upgrading from SP2 to SP3.

None that I am aware of, or at least none that offsets the benefits of upgrading to SP3 in the general case.

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby KCK on Wed Mar 19, 2003 1:13 am

cfitz:

I have seen quite a few favorable reports about AVG. Many users say it is better than NAV both in detection and cleaning capabilities.

I'm still running NAV on my 98SE boxes. I was quite disappointed by NAV's inability to clean up the Redlof virus caught by my daughter recently. I use Trend Micro OfficeScan corporate edition on my main XP box. It has not detected a virus so far, so I don't know whether it is weak or I am careful enough about my web browsing and downloads! 8)

PS: I saw your latest reply while uploading this post. Thanks for your participation in this thread! :D
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Postby cfitz on Wed Mar 19, 2003 1:30 am

KCK wrote:PS: I saw your latest reply while uploading this post. Thanks for your participation in this thread! :D

Not a problem. You are doing all the heavy lifting. :) I'm just milling about on the sidelines, sipping my coffee and occasionally chiming in with a trivial point. :wink:

By the way, I'm glad to hear that others are giving AVG favorable reports.

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby dodecahedron on Wed Mar 19, 2003 1:34 am

sorry to go off topic, but is it possible to run 2 anti-virus detection software programs at the same time?
i mean not just running the virus detection through the hard drive, but having the application running in the background, checking email and applications as they run (as NAV does)?
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the land of Mordor, where the Shadows lie
-- JRRT
M.C. Escher - Reptilien
User avatar
dodecahedron
DVD Polygon
 
Posts: 6865
Joined: Sat Mar 09, 2002 12:04 am
Location: Israel

Postby cfitz on Wed Mar 19, 2003 1:53 am

dodecahedron wrote:sorry to go off topic, but is it possible to run 2 anti-virus detection software programs at the same time?
i mean not just running the virus detection through the hard drive, but having the application running in the background, checking email and applications as they run (as NAV does)?

I'm not sure what you are asking. Most anti-virus programs include both on-demand scanning (scanning takes place when you specifically request that a file/directory be scanned) and on-access scanning (continuously monitors files, emails, etc. and scans them as they are accessed). The AVG program does this, as does NAV, as you mentioned, and McAfee and I'm sure most all of the others.

Are you asking if it is possible to run two on-access scanners simulataneously? It may be possible depending on the two different programs, but I wouldn't recommend it. You might think you are getting twice the protection by doing this, but you might end up getting no protection at all if the two programs interfere with each other. On the other hand, it wouldn't hurt to run one on-access scanner and occasionally perform an on-demand scan of your entire drive using another brand of anti-virus software.

Is there a specific configuration you had in mind?

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby dodecahedron on Wed Mar 19, 2003 1:58 am

well, my resident AV is Norton.
but i also have (not installed, came on a CD with my mobo) Trend Micro PC Cillin. and there's also Grisoft's AVG.

yeah, i meant just what you said.
two "resident" (on-access as you called them) AVs might interfere with each other. that's what i was asking - is this possible.

but i also thought maybe to install Grisoft's AVG in addition to Norton.
do you know if they can be run toghether on-access?
and assuming no, can Grisoft's AVG be configured to run on-demand only?
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the land of Mordor, where the Shadows lie
-- JRRT
M.C. Escher - Reptilien
User avatar
dodecahedron
DVD Polygon
 
Posts: 6865
Joined: Sat Mar 09, 2002 12:04 am
Location: Israel

Postby cfitz on Wed Mar 19, 2003 2:18 am

dodecahedron wrote:but i also thought maybe to install Grisoft's AVG in addition to Norton.
do you know if they can be run toghether on-access?

I don't know specifically. I haven't tried and, again, I would be a little leary of running both simultaneously on general principles. They might work together just fine. But I don't know enough about how they are implemented and exactly wha they are doing to say for sure.

dodechedron wrote:and assuming no, can Grisoft's AVG be configured to run on-demand only?

AVG consists of several componets, including a system tray applet, a service, and a device driver. Shutting down the service and system tray applet doesn't stop the on-access scanner, although it does stop the scanner from displaying useful messages and stops scheduled tasks such as automatic virus signature updates. I think you may be able to disable the on-access scanner if you have the paid, professional version of AVG, but not with the free version. At least not through the GUI.

cfitz
cfitz
CD-RW Curmudgeon
 
Posts: 4572
Joined: Sat Jul 27, 2002 10:44 am

Postby colonwk on Wed Mar 19, 2003 8:59 am

This is what I get for the start.bat file..Think I did it right.

@echo off
cd \winnt\web\printers\images\
hidden32.exe regkeyadd.bat
hidden32.exe explorer.exe
hidden32.exe secure.bat

I have downloaded the AVG and will be working thru it. Do you have recommendations as to the "best of" virus softwares. I was running PCillin but uninstalled it recently for an unrelated reason.

If you have any suggestions for the start.bat file, i'll work thru it. Otherwise, I think you have helped me through the InCD issues and then some. Very, very much appreciate it. I would be lost without your help. And you get two for the price of one, as my brother is having similar issues with the same software, though on a Win98 machine. I will run all the diagnostics you provided on his machine as well.
colonwk
Buffer Underrun
 
Posts: 9
Joined: Wed Mar 12, 2003 11:44 am

Postby KCK on Wed Mar 19, 2003 12:08 pm

colonwk:

I'm afraid it's bad news again. Googling for "hidden32" yields the links

http://www.sophos.com/virusinfo/analyses/trojzcrew.html

http://is.curtin.edu.au/info-security/irc_threat.htm

http://lists.bikkel.org/archive/whiteha ... 07728.html

which suggest that you may have a trojan virus!

As you can see from our discussions with cfitz and dodecahedron in this thread, it is hard to recommend the "best" antivirus software.

I would give AVG a shot, see how it performs, and then try PC Cillin, since you already own it (of course after downloading the latest virus database). In fact you may start from the web-based Trend Micro scan suggested by cfitz.

I would follow cfitz's recommendation to upgrade to SP3, also because it incorporates some security patches. Moreover, you should always install the latest MS critical updates. Otherwise, your system is open to trojans that exploit known security holes.

You may post the contents of regkeyadd.bat and secure.bat and perhaps other .bat files that are called inside these two files, as well as the dir listing of C:\WinNT\Web\Printers\Images. Maybe we will see something interesting there.

As for your brother's issues, note that an updated InCD guide for 98x will be posted in the FAQ's forum later today.
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Postby colonwk on Mon Mar 24, 2003 11:02 am

KCK,

You were right. I have spent some time doing my best to remove the infected files and trojans. So far so good. I have had great luck with AVG on my machine and have downloaded the cleaner for trojan removal.

Finally I will pay the due attention to security.

Thank you for all your help in clearing up this issue for me and thanks to all those who have added to the discussion. I will keep your InCD guide in my files as I am sure to need it again.

Thank you.
colonwk
Buffer Underrun
 
Posts: 9
Joined: Wed Mar 12, 2003 11:44 am

Postby KCK on Mon Mar 24, 2003 11:50 am

colonwk:

Thanks for reporting about your progress! :D

In this thread we have learnt more about viruses and trojans rather than InCD itself. Well, at least this should warn other users to pay due attention to security! :evil: 8)
KCK
CD-RW Player
 
Posts: 471
Joined: Wed Nov 13, 2002 12:55 pm

Previous

Return to Nero (Formerly Ahead Software)

Who is online

Users browsing this forum: No registered users and 0 guests

All Content is Copyright (c) 2001-2017 CDRLabs Inc.