Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Error message

  1. #1
    Member
    Join Date
    May 2006
    Posts
    31
    Points
    0

    Default Error message

    This morning when I turned on my computer, I encountered this "error" message:

    C:\WINDOWS\system32\CTHELPER.EXE
    The NTVDM CPU has encountered an illegal instruction.
    CS:054b IP:011c OP:c4 ea 28 20 c4 Choose ‘Close’ to terminate the application.

    How do I get it off? I've tried everything and can't get it off. Please help.

    Thanks!

  2. #2
    Member
    Join Date
    Feb 2006
    Posts
    11
    Points
    0

    Default

    Hi, you might want to search around on google, ive seen a lot of people with the same problem and the best thing to do from what they say is to disable it from starting up, there are multiple sites with instructions on how to do this. But i wouldnt advise doing anything untill an expert gives you advice.

    Hope this helps
    -Nosidam

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Please go here :-

    http://virusscan.jotti.org/

    Upload this file from your computer :-


    C:\WINDOWS\system32\CTHELPER.EXE

    copy & paste the above bold line into the "File to upload and scan" box...

    or click the browse button and browse to the file on your computer...

    Then click the submit button


    Post back the results


    Also post a hijackthis log...

    Download a self-extracting copy of HijackThis from :-
    http://downloads.malwareremoval.com/hijackthis_sfx.exe
    1. save it to your Desktop.
    2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
    C:\Program Files\HijackThis
    3. Go to this folder and run the hijackthis.exe file
    4. click Do a system scan and save a logfile
    5. Copy & paste the logfile into your next post here...

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  4. #4
    Member
    Join Date
    May 2006
    Posts
    31
    Points
    0

    Default

    HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:32:27 PM, on 7/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1102225536\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Updater.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1102225536\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;;
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102225536\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102225536\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102225536\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...54/mcfscan.cab
    O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa1435.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1102225536\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    Virusscan results:

    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

  5. #5
    Member
    Join Date
    May 2006
    Posts
    31
    Points
    0

    Default

    Hey steam, I'm still waiting on an answer. Please reply soon. Thanks!

  6. #6
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    kmalston

    Hey steam, I'm still waiting on an answer. Please reply soon. Thanks!
    This is free help, not necessarily fast help. At the time you posted this it was about 3:30 AM his time. You need to be patient !!!

    Jotti scan found nothing, but it is not complete.

    Steam gave you recommendations some 6 weeks ago here:

    http://www.help2go.com/component/opt...hlight,/#92645

    Did you install them ?

    Do you know what this entry is ?:

    O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa1435.exe

    BG

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    There is a virus which places a cthelper.exe in this location ... C:\WINDOWS\system32\cthelper.exe

    W32/Rbot-XB :- http://www.sophos.com/virusinfo/analyses/w32rbotxb.html

    and uses this run key to run it :-

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    CTHelper
    cthelper.exe

    Hijackthis would show it as this :-

    O4 - HKLM\..\Run: [CTHelper] cthelper.exe

    In fact there would be up to 4 run keys similar to this ...

    if this were causing your problem ... the jotti scan would have told us

    --

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE (upper case) is a plug-in manager for Creative drivers

    But it should also be shown in the "running processes"

    You have the run key, but it is not running... I am guessing that the C:\WINDOWS\system32\CTHELPER.EXE is corrupt...

    & is generating The NTVDM CPU has encountered an illegal instruction. error message, because it can't be run...

    --
    This is what Castlecops have to say about it...

    CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
    As it is not running, you are not using it at the moment...

    If you know of a way to disable it ... then do it.

    Alternatively you can disable it by unchecking the box next to it in msconfig... or

    by fixing this entry in hijackthis :-

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE


    This will remove the run key from the registry, but keep a backup in the hijackthis backups.

    After fixing this entry ... reboot and see if you still get the error message

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    May 2006
    Posts
    31
    Points
    0

    Default

    Hi steam:

    Thanks for the advice! I apologize it took so long for me to respond. I did fix the problem under Hijackthis. However, when I restart the computer, a black box pops up then disappears. Also, the system32 folder opens each time I restarts.

    Is there a way you could help me with this problem? Thanks.

    Basementgeek, I don't know if you are interpreting my reply in a different way, but the reason I made the reply was becasue my compter did not tell me if my reply was posted until I went to check it a couple days after I made the reply. That's when I questioned whether he got the message. I apologize if it came out the wrong way. Thanks!

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Is the The NTVDM CPU error resolved ?


    For your "system32 folder opens at startup" problem... have a look here :-

    http://support.microsoft.com/default.aspx?id=170086

    Let me know if you need additional help with the information in this link & whether or not it works.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    May 2006
    Posts
    31
    Points
    0

    Default

    Hey steam:

    I've tried this and it did not work. Not only did the system32 folder open, but the Dell folder also opens when I restart the computer. There's also a black box (I think it's associated with the system32 folder) that opens for a couple of seconds and then goes away. Please help.

    Thanks!

Page 1 of 2 12 LastLast