Help! Spybot affected my O.S.

[Eric Hawaii]

Unfortunately after fixing all the malware and rootkits detected by Spybot S&D, I now cannot run my Windows OS because there's a program that cannot exectute:

WNNT\System32\ntvdm.exe opens as a black window on the desktop wallpaper before desktop icons have appeared and just remains there frozen, and I cannot get beyond that point.

But I CAN reboot in safe mode, which is what I'm doing now. Any suggestions on how to be able to operate my OS in normal mode?

[Eric Hawaii]

By the way, I did try to recover the file, but I did not find it among the list under the removal utility in Spybot. It's possible it's there and I just can't see the full file path/name because, in safe mode, text is larger, and I cannot see the whole chain in some of the file paths listed.

[Greyfox]

Eric Hawaii,

A quick Google on "ntvdm.exe" gives "ntvdm.exe is a process that belongs to the Windows 16-bit Virtual Machine. It provides an environment for a 16-bit process to execute on a 32-bit platform. This program is important for the stable and secure running of your computer".

That said, it is not loaded during normal bootup in my XP home SP3 system, but is used if I subsequently run an old 16 bit application.

From your description "WNNT\System32\ntvdm.exe" you are not using XP, however I suspect you have some 16 bit software included in your normal boot up process, which is not there when you boot up in safe mode. Assuming that your ntvdm.exe is not in itself corrupted (and again for XP this file has been subject to a number of updates), then I would perhaps suspect the problem may be with the application that is requiring it.

You should be able to locate this using Windows Boot logging, or alternatively temporarily disable all non original windows processes loaded at startup and then re enable them one at a time. The process may have been one of the malware items removed, but still being called up during the startup.