Re: Help! NTVDM error

Hi Wes

you're certainly trying hard, and I really appreciate the help! But, no luck
so far. I've tried both progressivly ending tasks with the Task Manager and
deleting Start Up items with msconfig. But the problem persists. Is there
anything else to try, or should I reinstall XP?

Thanks
John

"Wesley Vogel" wrote:

> Hi John,
>
> I cleaned this up some and added comments or info about what something is
> inside the [[ ]].
>
> Nothing jumps out at me.
>
> Jeez, you have a bunch of things that start at boot. McAfee sure adds a
> bunch of crap.
> ------
>
> What you're going to have to do is get rid of startup items one at a time
> and keep rebooting until you find the offending entry.
>
> Or uncheck the first half of the startup items, reboot and see if you still
> get the error message. If you don't get the error message, then you have
> narrowed it down to the second half. If you still get the error message,
> recheck the first half of the items and then uncheck the last half of the
> items, reboot and see if you get the error message.
>
> You can keep narrowing it down until you find one offending startup item.
>
> Make sure that you unplug the phone line to your modem while troubleshooting
> as you will be disabling McAfee, your antivirus.
>
> Open the System Configuration Utility...
> Start | Run | Type: msconfig | Click OK |
> Click the Startup tab.
> UNCheck the first half of everything that's listed
> Click the Apply button.
> Click the Close button.
> You will see this message...
>
> [[You must restart your computer for some of the changes made by
> System Configuration to take effect.]]
>
> Click the Restart button.
> Your machine will then reboot.
>
> After your machine reboots, you will get the MSCONFIG Reminder Message...
>
> [[You have used the System Configuration Utility to change the way Windows
> starts.
> The System Configuration Utility is currently in Diagnostic or Selective
> Startup mode, causing this message to be displayed and the utility to run
> every time Windows starts.
> Choose the Normal Startup mode on the General tab to start Windows normally
> and undo the changes you made using the System Configuration Utility.]]
>
> Check: "Don't show this message or launch the System Configuration Utility
> when Windows starts" and click OK.
>
> You'll have to keep doing this until the guilty item is found. Since you
> have a boatload of startup items, this will take a while.
>
> Another way to troubleshoot this is, first make sure that you unplug the
> phone line to your modem while troubleshooting as you will be disabling
> McAfee, your antivirus. Then start killing off processes one at time with
> the Task Manager and open the Control Panel after you kill each process.
> When you stop getting the error message you should know what process you
> killed. That is the guilty party.
> ---------
>
> Startup Programs
> CTFMON.EXE c:\windows\system32\ctfmon.exe
> HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[ctfmon.exe = CTF Loader. Part of Microsoft Office. It activates
> the Alternative User Input Text Input Processor (TIP) and the Microsoft
> Office XP Language Bar.]]
>
> msnmsgr "c:\program files\msn messenger\msnmsgr.exe"/background
> HKU\S-1-5-21-2472243092-1981300170-3414494143-1006\SOFTWARE\
> Microsoft\Windows\CurrentVersion\Run
> [[msnmsgr.exe is the main executable for MSN Messenger, which is bundled
> with Windows and Microsoft Office. It provides online chat, an file sharing
> capabilities.]]
>
> MSMSGS "c:\program files\messenger\msmsgs.exe" /background
> HKU\S-1-5-21-2472243092-1981300170-3414494143-1006\SOFTWARE\
> Microsoft\Windows\CurrentVersion\Run
> [[msmsgs.exe is the main process relating to the MSN Messenger Internet chat
> tool installed by default on most Windows computers. A tray bar is also
> installed alongside this process for easy access to its features which
> include Internet chat, file sharing and audio/video conferencing. This is a
> non-essential process. Disabling or enabling this is down to user
> preference.
>
> Note: msmsgs.exe is a process which is registered as the W32.Alcarys.B@mm
> worm. This virus is distributed via the Internet through e-mail and comes in
> the form of an e-mail message, in the hopes that you open its hostile
> attachment. The worm has it’s own SMTP engine which means it gathers E-mails
> from your local computer and re-distributes itself. In worst cases this worm
> can allow attackers to access your computer, stealing passwords and personal
> data. It is a registered security risk and should be removed immediately.]]
>
> CTFMON.EXE c:\windows\system32\ctfmon.exe
> ..DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> Why is CTFMON.EXE listed twice???
>
> WinZip Quick Pick c:\progra~1\winzip\wzqkpick.exe
> Common Startup (This is Start button | All Programs | Startup)
> [[Wzqkpick.exe is the tray bar process for WinZip. The process is used to
> access WinZip from the tray bar. To save resources this process can safely
> be removed. ]]
>
> VSOCheckTask "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[mcmnhdlr.exe is vital process for McAfee SecurityCenter and Virusscan
> Online. Removing this process will dissable the automatic scanning.]]
>
> VirusScan Online c:\program files\mcafee.com\vso\mcvsshld.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[mcvsshld.exe is an important executable belonging to McAfee's Internet
> security suite. This program is important for the stable and secure running
> of your computer and should not be terminated.]]
>
> VirusScan c:\progra~1\mcafee.com\vso\mcvsshld.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> Why is mcvsshld.exe listed twice???
>
> UpdateManager "c:\program files\common files\sonic\update
> manager\sgtray.exe" /r
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[If you are running Veritas or Stomp Backup MyPC, then the sgrtray.exe is
> the Veritas Update Manager. You can easily remove it by going through
> Add/Remove Programs. It will be listed as the Veritas Update Manager.]]
>
> SunJavaUpdateSched c:\program files\java\j2re1.4.2_03\bin\jusched.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[jusched.exe is a process installed alongside Sun Microsystem's Java2 suite
> and checks for/installs Java updates.]]
>
> RealTray c:\program files\real\realplayer\realplay.exe
> systemboothideplayer
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> realplay.exe
> [[System Tray icon for RealPlayer. If you subsequently start RealPlayer
> manually it adds itself back to the start-up list. You can stop this from
> happening by right-clicking on the tray icon and disabling SmartCenter via
> Preferences]]
>
> PCMService "c:\program files\dell\media experience\pcmservice.exe"
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[PCMService.exe is a part of the Dell media experience software. This is a
> multimedia product, and program is non-essential process to the running of
> the system]]
>
> OASClnt c:\program files\mcafee.com\vso\oasclnt.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[oasclnt.exe is a process associated with the McAfee VirusScan software. It
> is an scan client service and should not be removed to ensure that your
> AntiVirus application keeps you protected.]]
>
> MPFExe c:\progra~1\mcafee.com\person~1\mpftray.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[mpftray.exe is a process associated with McAfee Internet Security suite.
> It creates a icon on the desktop tray for easy access. This program is a
> non-essential system process, and is installed for ease of use]]
>
> MessengerPlus3 "c:\program files\messengerplus! 3\msgplus.exe"
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[msgplus.exe is distributed as a third party MSN extension. However is also
> spyware if installed with the sponsor program it offers to install. If this
> optional sponsor program was installed, this process monitors your browsing
> habits and distributes the data back to the author's servers for analysis.
> This also prompts advertising popups.]]
>
> MCUpdateExe c:\progra~1\mcafee.com\agent\mcupdate.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[mcupdate.exe is a process associated with McAfee Internet Security Suite.
> This process ensures the computer's virus definations are up to date by
> connectign to McAfee's server on the Internet. This program is important for
> the stable and secure running of your computer and should not be
> terminated.]]
>
> MCAgentExe c:\progra~1\mcafee.com\agent\mcagent.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[mcagent.exe is a process associated with McAfee Internet Security Suite.
> This process ensures the computer's virus definations are up to date by
> communicating with the McAfee VirusScan server on the network. This program
> is important for the stable and secure running of your computer and should
> not be terminated.]]
>
> IntelMeM c:\program files\intel\modem event monitor\intelmem.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[IntelMEM.exe is a process which assists Intel chipset based modems. This
> program is non-essential process to the running of the system]]
>
> IgfxTray c:\windows\system32\igfxtray.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[igfxtray.exe is a process which allows you to access access the Intel
> Graphics configuration and diagnostic application for the Intel 810 series
> graphics chipset. This program is a non-essential system process, and is
> installed for ease of use via the desktop tray. ]]
>
> HotKeysCmds c:\windows\system32\hkcmd.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[hkcmd.exe is installed alongside Intel multimedia devices and allows
> configuration and diagnostic options for these devices. This program is
> non-essential process to the running of the system]]
>
> DVDLauncher "c:\program files\cyberlink\powerdvd\dvdlauncher.exe"
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[dvdlauncher.exe is a process belonging to the Cyberlink PowerCinema video
> viewing software which allows you to play DVDs on insertation. This program
> is a non-essential process, and is installed for ease of use. ]]
>
> dla c:\windows\system32\dla\tfswctrl.exe
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[tfswctrl.exe is an essential process for HP's packet writing software
> which burns data to CD's using Microsoft Windows explorer. This program is a
> non-essential system process]]
>
> Dell AIO Printer A920 "c:\program files\dell aio printer a920\dlbkbmgr.exe"
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[dlbkbmgr.exe is a process which is installed alongside your Dell printer
> and offers additional diagnostics and configuration for the Dell range of
> printers. This program is non-essential process to the running of the
> system]]
>
> BTopenworld "c:\program files\bt yahoo! internet\dialbtyahoo.exe"
> /reinstallautodial
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> [[Connection for BTYahoo?????????]]
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:67007B4C-420C-4CB4-93F6-C58D85C31056@xxxxxxxxxxxxx,
> ronashill <ronashill@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
> > Hi Wesley
> >
> > I searched for both rundll.exe and rundll32.exe but only found the latter
> > (3 times in CI386, SYSTEM32 and Service PackFiles/i386)
> >
> > Error messages cite either. So far as I can tell just rundll on start up
> > and rundll32 in the Control Panel. Should I follow the instructions on
> > the sites you refer to?
> >
> > Thanks
> > John
> >
> > "Wesley Vogel" wrote:
> >
> >> Hi John,
> >>
> >> This will show what programs are started when you boot your machine.
> >>
> >> Open System Information...
> >> Start | Run | Type: msinfo32 | Click OK |
> >> Click the [+] next to Software Environment |
> >> Click on Startup Programs |
> >>
> >> This will save the startup information to Startup.txt to your Desktop.
> >>
> >> On the top toolbar, click on File | Click on Export | When the Export As
> >> window opens, click on the Desktop icon | Use Startup for filename |
> >> Click the Save button | Close System Information
> >>
> >> Now go to your Desktop and locate Startup.txt, open it, right click and
> >> select Select All, right click and select Copy.
> >>
> >> Now paste what you just copied into a message and post back.
> >> -----
> >>
> >> rundll.exe is a Windows System process belonging to the Windows 95, 98
> >> and ME.
> >>
> >> rundll32.exe is what's in Windows XP. If rundll.exe exists on your
> >> machine it is part of LOXOSCAM or Backdoor.SchoolBus.B trojans.
> >>
> >> Backdoor.SchoolBus.B
> >>
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.schoolbus.b.html
> >>
> >> Backdoor.LoxoScam
> >>
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:0CA315BE-CE2F-4F60-A272-510AB7CE4573@xxxxxxxxxxxxx,
> >> ronashill <ronashill@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
> >>> No luck! The error has been on my system for a while but not been a
> >>> problem until now as I can just close it and carry on with most tasks.
> >>>
> >>> Any other ideas?
> >>>
> >>> Thanks
> >>> John
> >>>
> >>> "Wesley Vogel" wrote:
> >>>
.