dnburgess
asked on
NTVDM.EXE using 100% of CPU - again
I know this has cropped up before - but I need an Idiot's guide.
I'm running Windows 2000 Professional 5.00.2195 service pack 3.
When I start up my system launches NTVDM.EXE (which seems to behave) and then a short time later launches another NTVDM.EXE which hogs the CPU. I can end the greedy process in Task Manager with no ill effect.
How do I stop it from launching in the first place?
I'm running Windows 2000 Professional 5.00.2195 service pack 3.
When I start up my system launches NTVDM.EXE (which seems to behave) and then a short time later launches another NTVDM.EXE which hogs the CPU. I can end the greedy process in Task Manager with no ill effect.
How do I stop it from launching in the first place?
So this process is executing due to a 16-bit program and not executing directly from registry or startup list. Anyway have a look at this registry key and if you find anything it then delete it: HKEY_LOCAL_MACHINE\Softwar
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
r-k here is the file generated by Autoruns. Suggestions appreciated.
HKLM\SOFTWARE\Microsoft\Wi
+ AdaptecDirectCD DirectCD Application (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\directcd.exe
+ CreateCD50 Roxio Create CD (Not verified) Roxio c:\program files\common files\adaptec shared\createcd\createcd50
+ DadApp c:\program files\dell\accessdirect\da
+ IBWin Background process (Not verified) Pro-softnet Corporation c:\program files\ibackup for windows\ibackground.exe
+ IBWin Monitor (Not verified) Pro-Softnet Corporation c:\program files\ibackup for windows\ibmonitor.exe
+ IntelliPoint Point32.exe (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\point32.exe
+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.
+ LoadQM Microsoft QMgr (Not verified) Microsoft Corporation c:\winnt\loadqm.exe
+ Norton eMail Protect Norton AntiVirus Utilities (Not verified) Symantec Corporation c:\program files\navnt\poproxy.exe
+ NPS Event Checker Norton Program Scheduler Signaler (Not verified) Symantec Corporation c:\program files\navnt\npscheck.exe
+ Omline Service File not found: C:\WINNT\suchost.exe
+ PRPCMonitor Intel(R) SpeedStep(TM) technology User Interface (Not verified) Intel Corporation c:\winnt\system32\prpcui.e
+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched c:\program files\java\j2re1.4.2_06\bi
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\reals
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup
+ Acrobat Assistant.lnk AcroTray (Not verified) Adobe Systems Inc. c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe
+ Microsoft Works Calendar Reminders.lnk Microsoft® Works Calendar Reminder Service (Not verified) Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
HKCU\Software\Microsoft\Wi
+ H/PC Connection Agent Connection Manager (Not verified) Microsoft Corporation c:\program files\microsoft activesync\wcescomm.exe
+ Microsoft Works Update Detection File not found: \WkDetect.exe
+ MsnMsgr File not found: C:\Program Files\MSN Messenger\MsnMsgr.Exe
+ PlaxoUpdate InstallStub (Not verified) Plaxo c:\winnt\plaxo\2.1.0.80\in
+ Skype Skype - Free Internet Telephony Skype Technologies SA c:\program files\skype\phone\skype.ex
HKLM\System\CurrentControl
+ RetroLauncher Launches Retrospect automatically when scripts are waiting to run. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\ret
+ Retrospect Helper Helps Retrospect with various tasks. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\rth
+ svcWRSSSDK Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function. (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\wrsssdk.exe
HKLM\SOFTWARE\Microsoft\Ac
+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\winnt\system32\updcrl.e
HKLM\Software\Microsoft\Wi
+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ IntelliPoint Activities Control Panel Property Page ipcplact.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplact.dll
+ IntelliPoint Buttons Control Panel Property Page ipcplbtn.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplbtn.dll
+ IntelliPoint Wheel Control Panel Property Page ipcplwhl.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplwhl.dll
+ IntelliPoint Wireless Control Panel Property Page ipcplwir.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplwir.dll
+ Shell Extensions for RealOne Player RealOne Player Shell Extensions (Not verified) RealNetworks c:\program files\real\realplayer\rpsh
+ Webroot Spy Sweeper Context Menu Integration Spy Sweeper Retail Executable (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\ssctxmnu.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Wi
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems, Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroieh
HKLM\Software\Microsoft\In
+ Create Mobile Favorite ActiveSync Favorite Synchronization (Not verified) Microsoft Corporation c:\program files\microsoft activesync\inetrepl.dll
+ Create Mobile Favorite... ActiveSync Favorite Synchronization (Not verified) Microsoft Corporation c:\program files\microsoft activesync\inetrepl.dll
HKLM\System\CurrentControl
+ DllDirectory c:\winnt\system32
HKLM\SOFTWARE\Microsoft\Wi
+ AdaptecDirectCD DirectCD Application (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\directcd.exe
+ CreateCD50 Roxio Create CD (Not verified) Roxio c:\program files\common files\adaptec shared\createcd\createcd50
+ DadApp c:\program files\dell\accessdirect\da
+ IBWin Background process (Not verified) Pro-softnet Corporation c:\program files\ibackup for windows\ibackground.exe
+ IBWin Monitor (Not verified) Pro-Softnet Corporation c:\program files\ibackup for windows\ibmonitor.exe
+ IntelliPoint Point32.exe (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\point32.exe
+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.
+ LoadQM Microsoft QMgr (Not verified) Microsoft Corporation c:\winnt\loadqm.exe
+ Norton eMail Protect Norton AntiVirus Utilities (Not verified) Symantec Corporation c:\program files\navnt\poproxy.exe
+ NPS Event Checker Norton Program Scheduler Signaler (Not verified) Symantec Corporation c:\program files\navnt\npscheck.exe
+ Omline Service File not found: C:\WINNT\suchost.exe
+ PRPCMonitor Intel(R) SpeedStep(TM) technology User Interface (Not verified) Intel Corporation c:\winnt\system32\prpcui.e
+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched c:\program files\java\j2re1.4.2_06\bi
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\reals
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup
+ Acrobat Assistant.lnk AcroTray (Not verified) Adobe Systems Inc. c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe
+ Microsoft Works Calendar Reminders.lnk Microsoft® Works Calendar Reminder Service (Not verified) Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
HKCU\Software\Microsoft\Wi
+ H/PC Connection Agent Connection Manager (Not verified) Microsoft Corporation c:\program files\microsoft activesync\wcescomm.exe
+ Microsoft Works Update Detection File not found: \WkDetect.exe
+ MsnMsgr File not found: C:\Program Files\MSN Messenger\MsnMsgr.Exe
+ PlaxoUpdate InstallStub (Not verified) Plaxo c:\winnt\plaxo\2.1.0.80\in
+ Skype Skype - Free Internet Telephony Skype Technologies SA c:\program files\skype\phone\skype.ex
HKLM\System\CurrentControl
+ RetroLauncher Launches Retrospect automatically when scripts are waiting to run. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\ret
+ Retrospect Helper Helps Retrospect with various tasks. (Not verified) Dantz Development Corporation c:\program files\dantz\retrospect\rth
+ svcWRSSSDK Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function. (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\wrsssdk.exe
HKLM\SOFTWARE\Microsoft\Ac
+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\winnt\system32\updcrl.e
HKLM\Software\Microsoft\Wi
+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ IntelliPoint Activities Control Panel Property Page ipcplact.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplact.dll
+ IntelliPoint Buttons Control Panel Property Page ipcplbtn.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplbtn.dll
+ IntelliPoint Wheel Control Panel Property Page ipcplwhl.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplwhl.dll
+ IntelliPoint Wireless Control Panel Property Page ipcplwir.dll (Not verified) Microsoft Corporation c:\program files\microsoft intellipoint\ipcplwir.dll
+ Shell Extensions for RealOne Player RealOne Player Shell Extensions (Not verified) RealNetworks c:\program files\real\realplayer\rpsh
+ Webroot Spy Sweeper Context Menu Integration Spy Sweeper Retail Executable (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\ssctxmnu.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Wi
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems, Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroieh
HKLM\Software\Microsoft\In
+ Create Mobile Favorite ActiveSync Favorite Synchronization (Not verified) Microsoft Corporation c:\program files\microsoft activesync\inetrepl.dll
+ Create Mobile Favorite... ActiveSync Favorite Synchronization (Not verified) Microsoft Corporation c:\program files\microsoft activesync\inetrepl.dll
HKLM\System\CurrentControl
+ DllDirectory c:\winnt\system32
ASKER
I used autoruns and got rid of some strange looking programs. Also removed some old applications that I no longer use.
Thanks
Thanks
Thanks. Sorry I forgot to follow up on this thread, but I am very glad you got the problem resolved.
ASKER
The culprit may have been suchost.exe which Spy Sweeper did not pick up but a google search showed was associated with a trojan.
Not sure, you can follow the article to troubleshoot or just have a look in case you can solve this problem
http://support.microsoft.com/kb/q196453/