NTVDM Error opens all the time now!!!

Status
Not open for further replies.
M

mlww2us

Hello I had some issues with Brave sentry on christmas eve. I was able to remove that but now my problem is an error message that pops up every couple of seconds. It happens in both my profile and my wifes profile as well.

The message generated is a 16 bit DOS subsystem.
Path is provided as C:\documents and settings\profile\localsettings\temp\cmd.exe
I have tried to delete this file but it continues to come back. This must be a malicous trojan but unable to figure out how to kill it. I have gone into safe mode and ran ad aware, AVG antivirus, and AVG spyware. I installed the spybot product you mentioned in this forum. I have not been able to run spybot as it crashes when ever I try to run it. I have run the AVG and placed the logfile for this and HJK as well. I hope you will be able to assist me in removing this problem. Also I now get a message about the winsock32.exe when shutting down. I have to hit end now to stop it.
 
Hello and welcome to Techspot.

Your system is heavily infected with all kinds of nasties.

If that were my system, I wouldn`t hesitate to reformat and reinstall from scratch. However, you may take a different view.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

Let me know how you wish to proceed.

Regards Howard :wave: :wave:


This thread is for the use of mlww2us only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard,

Thanks for the quick reply. I have been thinking about the reformat and may do that later. In regards to my current issue have you dealt with the specific
error I am having related to the cmd.exe error? Have you resolved this before? I noticed some others users of this forum were also having the exact same message but I did not see if they were able to correct the issue. If you have dealt with this nasty little bugger before I would like to try and resolve it.

Let me know what you think!

Thank you sir.
 
Ok, let`s try the following.

Run AVG Antispyware, delete all files in AVG Antispyware quarantine and disable the active shield as this may interfere with any fix we try and run. On the top of the main screen click Shield. Click the word active to change it to inactive. Close AVG Antispyware.

We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Toolbar V35
Viewpoint Manager
BroadJump
Client Foundation

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

winsock32
ICF

Close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
CFD.exe
winsock32.exe
83765.exe
80421.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

Fix all O1 - Hosts: entries.

O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)

O4 - HKLM\..\Run: [winsock32] winsock32

O4 - HKLM\..\RunServices: [winsock32] winsock32

O4 - HKCU\..\Run: [winsock32] winsock32

O4 - HKCU\..\Run: [WinUpdate] "C:\DOCUME~1\Matt\LOCALS~1\Temp\83765.exe "

O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Matt\LOCALS~1\Temp\80421.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive. cab

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32:svchost.exe (file missing)

O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\winsock32.exe
C:\Program Files\Viewpoint<Delete the entire folder.
C:\DOCUME~1\Matt\LOCALS~1\Temp\80421.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\83765.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of mlww2us only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have not been able to get the spybot SD to even run. It not running on the taskbar. I double click and it will briefly open then shut down again. I have not been able to open and run Spybot successfully. Do you feel its safe to run thru the other steps since I have never been able to get spybot to run.
The only function I was able to do was hit immunize before it shut down. I don't know if TeaTimer is running.
 
In that case, before following the instructions, uninstall SS&D from add remove programmes. You can always reinstall it after we`re done cleaning.

Regards Howard :)

This thread is for the use of mlww2us only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard you are top notch sir!!!

I have performed the steps you provided and so far I have not had another occurence of the dreaded cmd.exe error. I did notice a ton of startup items came up in the task bar. That was a bit strange as they have not been there
in months. Here is the latest HJK log you asked for. Let me know if you have any more work for me to do.

mlww2
 
Your system is infected with Bravesentry, This is a bogus antispyware programme.

Go HERE and follow the instructions for Bravesentry removal.

Post a fresh HJT log when done.

Regards Howard :)

This thread is for the use of mlww2us only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok I have run the smitfraudfix and this seems to have removed the bravesentry crap. The Bravesentry hit my PC on Christmas Eve how about that for a Christmas gift. I have created another HJT log or as I like to think
of it as HJK "hijack killer". I thought I removed the BraveSentry but all was not
what it seemed.

Howard thanks for all the excellent help you have provided!!! This is a great forum keep up the great work!!!

MLWW2
 
Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of mlww2us only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

E
Apple opens up the App Store to allow retro game emulators
Replies
8
Views
215
Theinsanegamer
T
midian182
You can currently get The Outer Worlds with all its DLC and Thief free from the Epic Games Store
Replies
7
Views
157
fluffydroid
F
Shawn Knight
All-digital SAT to be administered for the first time this weekend
Replies
7
Views
200
BillieSonger
B

Latest posts

Back