After a bit of research it looks like this is a Windows process for running 16-bit (DOS) programs under NT variants (Win2K, XP, WinNT). When I boot my VM, I am getting a DOS command window in the foreground with the title C:\Windows\System32\userinit.exe
There is nothing being displayed in this command window (just a flashing cursor), but while it is open, there is a process "ntvdm.exe" that is consuming 99% of the CPU continuously.
If I kill the DOS window by clicking the red "X", I get an "End Program" pop-up confirmation, to which I click "End Now". Once I do this, the NTDVM.exe process disappears from the task list
What 16-bit process is trying to run when Windows is booting?
I cannot get Windows to run reliably under VMware yet, and this seems to be the culprit...
Hi,
Are you sure it is NTVDM.exe or NTDVM.exe ,if it is NTDVM.exe then it means your PC is infected..Ntdvm.exe is Trojan/Backdoor.
Kill the process ntdvm.exe and remove ntdvm.exe from Windows startup.
If it is NTVDM.exe ( ntvdm.exe is process that belongs to the Windows 16-bit Virtual Machine. It provides an environment for a 16-bit process to execute on a 32-bit platform. This program is important for the stable and secure running of your computer and should not be terminated. )
You can also have a look at below link:
http://www.file.net/process/ntvdm.exe.html
Message was edited by: RiteshK
It is definitely ntvdm.exe, the Windows process for running 16-bit apps
There are several possibilities for this problem, but I don't think any of them relate to Fusion. But do provide the details of your system - version of Fusion, Guest OS, service packs applied, etc.
You should also consider the time it will take to diagnose/troubleshoot/repair this problem versus backing up your data and building a new guest OS.
Is this guest part of a domain? If so, check with the admin if they are using any script tools like Scriptlogic, which may cause this command prompt box.
I would do a full antivirus and spyware/malware scan. userinit.exe is commonly targeted.
WoodyZ posted the following in another forum post dealing with userinit.exe:
When logging into Windows by default, Winlogon runs Userinit.exe, which
runs logon scripts, reestablishes network connections, and then starts
Explorer.exe, the Windows user interface and in the Windows Registry it
is located at "HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\userinit" and its value it
"C:\WINDOWS\system32\userinit.exe,". Note the comma after the .exe and
what this means it it support multiple executables before or after the
userinit.exe a long as they are separated by the coma. This Registry
Key is a know target for viruses, malware, spyware, etc and without
verifying what the value of the Registry Key is and that the program
it's pointing to is legitimate I would have to examine the system
myself to further diagnose.
Anyway If I had that happen I'd be booting the system, physical or
virtual, with a Live OS CD/DVD/ISO Image that contained the tools
necessary to examine that Registry Key and verify it is only pointing
to "C:\WINDOWS\system32\userinit.exe," and that the target file is
legitimate. If one knows what they are doing and has the right tools
this is very easy to check however if you don't fall into this category
then it's a pain in the neck to deal with so you could use VMDKMounter
to mount the Virtual Machine's virtual hard drive to recover any user
data and then build a new Virtual Machine. You can also try a repair
install of the Guest OS however that too requires addition steps beyond
what's documented in VMware Fusion Help File to accomplish however its
been covered many time in the forum so searching the forum you should
be able to find how to do a Windows XP Repair Install or Google it too.
Thanks vvegas,
I think you might be onto something with the question about the domain membership - I did just join my vm to a domain, and since I am out of the office right now, the login script might be calling resources that are not accessible... I'll check on that
If this fails, I think I'll be reinstalling everything (and snap-shotting every step of the way!)
OK, I seem to have resolved this problem. Apparently some Windows files must have become corrupted or got deleted, or something else went wrong while installing SP3 or Office. I dug out my CD for Windows XP Pro SP2 and then opened up a command window and used SFC /scannow
After completing a full scan (while I was out doing stuff) it did not throw any errors, but all seems to be working normally now (very slow boot times, but hey, its Windows, after all...)
Used SFC /Scannow command in DOS window to run a full scan of the file system. It seems to have done the trick