Jump to content

The NTVDM CPU has encountered an illegal instruction


Cutepuffy16

Recommended Posts

Can you check if anything is wrong...:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:01:16 AM, on 6/18/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe

C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe

C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://activation.rr.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SnapDetect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Load WebShots 1999x1333 - C:\Documents and Settings\Owner\desktop\Webshots Premium Photos\WebShotsLoader.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144528024203

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to comment
Share on other sites

Yes , You didnt upgrade to SP2 like you said you had in your earlier reply :P

 

These can be fixed :

 

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)

Link to comment
Share on other sites

lol, i thought i did, because i did do the system updates, well, i dont really know to much about computers,oh wait, yes i remember now, it froze when i was doing the SP2 thingy, this problems are giving me headaches, is one freakin problem after the next.aaaaaahghgh :o:(:(:(:unsure:

Link to comment
Share on other sites

Time for a format I think :)

 

The backdoor infection found if used may of made alot of changes to your system and this issue your having here may just be a small part of that, a format and reinstall of the OS will help as you then know everything is clean and you can then get all the protection products in place and keep visiting Windows Updates until you have SP2 installed and all the updates. Then you just need to reinstall all the software but it should only take you a few hours which may be alot quicker than trying to solve issues one by one and when a Backdoor is detected a format does have to be considered.

 

You can get more info here:

 

When Should I Format, How Should I Reinstall

 

Dont ya just love crack sites and the damage they cause :P

Link to comment
Share on other sites

Ive just replied to your new HJT log on that Forum, If you want to work through the problems then we are happy to help, I just wanted to make it clear that a backdoor if used could of caused alot of damage to your pc which may not be easy to fix.

 

There is 4 recommended scans on your HJT forum log to make sure the system is now clean then attempt to update to SP2 again and reply on that thread if your still having problems and at what point in the upgrade

 

Andy

Link to comment
Share on other sites

dllcache is there, it's a hidden system folder.

Go into it by hand if you want to (but you don't really need to; I'm not sure why that was recommended).

 

Start > Run > dllcache

Click here if CCleaner Issues are re-appearing

 

DjLizard.net

DjLizard.net wiki

Dial-a-fix

Dial-a-fix tips

DjLizard.net software support forum

 

Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work :)

Link to comment
Share on other sites

dllcache is there, it's a hidden system folder.

Go into it by hand if you want to (but you don't really need to; I'm not sure why that was recommended).

 

Start > Run > dllcache

 

Well my instructions (in Post #12) were to include hidden system folders to search for USER.EXE. Cutepuffy 16 said that it didn't show up in the search so I suggested that she reinstall it into system32 and the dllcache.

 

Some people have had the same problem as this one and corrected it by re-installing USER.EXE. Others have corrected the same problem by running DOS programs from Command.com instead of Cmd.exe.

 

That is all that I know. :P

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

Okay, I need you to answer a few questions.

 

1. Is USER.EXE in your system32, and dllcache folder?

 

2. Did you download, AND install SP2?

 

3. What version of XP are you using? Home or Professional?

 

4. Why don't you understand the difference between Cmd.exe, and Command.com? What steps do you take to run a DOS application? By telling me how you run a DOS application I will know if you're using Cmd.exe, or Command.com.

 

 

Please answer the questions matching the answers to the question using numbers.

Thank you,

Kristin :)

 

 

P.S. I'm not addressing any possibilites of malware because I noticed that Andy is addressing that in the appropriate forum. ;)

Windows Pro Media 8.1 x64  |  8GB Ram  |  500G HDD 7200 RPM  |  All  that I know about my graphics is that it's Intel  :)

Link to comment
Share on other sites

  • 2 weeks later...

Okay, guys, I'm truly sorry for not replying earlier, I havent been online lately but hey, I got good news..lol..I managed to finally fix the problem. Now the program is working fine, Thank god!!

 

Umm.I did exactly what you guys told me to do and downloaded and installed SP2, which I dont know how it did it but after I installed it and restarted the computer the program I was having trouble with finally worked again.Thank you guys so much for helping me and I apologize for taking so long to reply.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.