NTVDM CPU error... caused by spyware?

I have a new PC and got my first bad cases of spyware on it this week (despite running ad-aware, spybot and spyblaster) including LOP stuff, and all sorts of data miners and things. I ran ad-aware 3 times in an hour and each time it found about 90 things! I followed various instructions in articles on this site, and downloaded various other spyware programsn, and believe i've got rid of most of it.

However one thing keeps happening: A black Dos box appears labelled C:\, and the error message appears:
"C:\Docume~1\Liz\locals~1\Temp\******.exe
The NTVDM CPU has encountered an illegal instruction
CS: **** IP: ** ** ** ** **
Chose close to terminate the application."

The * symbols represent numbers and letters that seem to change all the time. there are options: Close and Ignore. Closing it makes it dissappear, only to return an hour or so later. Ignore makes another message appear with different numbers where the stars are.

This problem has only happened since I had this spyware this week.

I'm running XP, and downloaded SP2 the about a week ago - so much for improved security - More adware since I installed than before!

Hope someone can help. thanks,

Liz

 

oh yeh, i forgot to say I use mozilla as a browser as often as possible (except for windows update) however i think some freinds have been using IE on my pc.

IE now has this LOP toolbar, and I can't get rid of it. I found an unistaller for it, which worked, only it keeps coming back. anyone have a good way of getting rid of it? i have all the recommended programs on the sticky posts.

cheers
xxLiz

 

hyjack this log attached... i think!

 

Okok, it doesn't take much to be friendly does it?

I hadn't done online virus scans as I had done offline ones using virus software already. Sorry.

I had only just downloaded what was labelled the latest version of Hyjack This from another website when I visited this one, so did not follow the link to download it here, assuming I had the right one. Sorry again.

I ran the online checks, nothing was found. Also ran all of the ad-software in safe mode again, and still nothing was found.

Unistalling Plus worked to get rid of LOP, thankyou. I've attached a new Hyjack This log from today. I have noticed the first entry in the HT log, the IE web address is obviously not correct. I had HT fix this.

I still get this NTVDM error though. Do you know what this error is?

Thanks for your help
Liz

 

Liz, You ran HJT from

C:\Documents and Settings\Liz\My Documents\Programs\HT\HijackThis.exe

which is a folder for documents, not programs. Please place HJT into its own folder. Ex: C:\Program Files\HJT\Hijackthis.exe

Post a new log once you've done so.

 

Thanks for your replies -

I've run HT again in program files. No, the wierd start page did not come back when I ran the scan again. And Tiny.com is my IE home page (I never changed it from when I got the pc). Supadial is ok, its the internet provider software that Tiny install on all their computers to try to get you to go with them for internet. They also make it hard to uninstall (I've removed it from add/remove programs already)!

The links you gave about the NTVDM thing, they seem to refer to NT or 2000 computers, I'm running XP - would the same advice still apply? The error message hasn't occured since this morning actually (previously it had been happening every hour or so). And It's never happened in safe mode.

Thanks guys

Liz

 

Nope, not gone, happened again. But I shall try to replace this command file from another pc.

Thankyou guys anyway, i aprreciate your help

xLiz

 

NTVDM will show up when wowexec is invoked. This is almost always by a 16 bit program that needs to be emulated with windows on windows (WOW). Something is being loaded that is 16 bit and NTVDM WILL chew up 100% of your CPU. What you need to do is set any programs short cut up to use low cpu affinity.

in the shortcut target



dfds
cmd /c start /low [programname.exe]

with out the brackets around the program name.