Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: C:\Windows\system32\WINSPOOL.DRV


(!)

Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
25-May-2010, 11:37 PM #1
C:\Windows\system32\WINSPOOL.DRV
Hello all, I'm not quite sure if my problem is a Virus/Malware, but I just felt that putting my problem in 'General Security' was wrong. I apologize and thank you in advance if I need my post to be redirected into a different forum.

This started 2 days ago, as soon as I logged in to my computer, I was presented with multiple 'errors' all saying the same thing. A screenshot is attached of what the popup appears to be.

The same error would show up multiple times, with the only difference being the title.
It would be, 'various program.exe - Bad Image' everytime.

It would occur randomly when on the internet, and whenever I started my computer, with programs such Adobe Reader. Those programs would then show a seperate popup, indicating that they would not work ('Adobe Reader and Acrobat Manager has stopped working -Check online for a solution and close the program -Close the program').

Thank you for your help!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
26-May-2010, 09:34 PM #2
Also:

I can only open Opera atm, FireFox isn't working, and videos won't play. From FaceBook to YouTube, and flash games as well.
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
27-May-2010, 08:28 PM #3
Also:

Cannot upload any media content, on any website.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 07:28 AM #4
Hi and Welcome,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT




Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
[/QUOTE]
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
28-May-2010, 02:29 PM #5
The WINSPOOL.DRV error occured with the Notepad results, and they couldn't open. I tried to see if I could open Notepad at all after the scan, and it won't.

Should I skip that step and continue onto gmer?
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 02:32 PM #6
yes, try GMER,

try running in safemode and see if notepad will open in safemode

(on boot up - tap F8 repeatedly till an option menu appears - arrow up to safe mode)
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 02:36 PM #7
Also, try running this program, prior to the scans:

Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
28-May-2010, 03:04 PM #8
Ran exeHelper in safe mode, Notepad failed to work again.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 03:17 PM #9
are you able to open any other text editor?

will word open for you?
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 03:27 PM #10
Let's see if you actually have notepad.exe in your system32 folder where it is supposed to be,

Please show hidden files and folders
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Clear "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Show hidden files and folders."
  • Clear "Hide protected operating system files."
  • Click Apply, and then click OK.


NEXT

go to windows explorer (windows key +E) and type in notepad.exe

tell me all the locations where it is found:

(include the full file paths)
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
28-May-2010, 03:37 PM #11
C:\WINDOWS\System32
That was the only place that I found notepad.exe in when I searched for it in the search bar on the start menu (Windows Vista).

When I pressed Windows key + E, it opened the 'Computer' file, and when I searched for notepad.exe in there, nothing showed up.
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
28-May-2010, 03:52 PM #12
Sorry, I didn't see your other post. Sorry, sorry, sorry.
Oddly enough, Wordpad will open up just fine...
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-May-2010, 04:06 PM #13
Ok
Try this scan



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
Acronymic's Avatar
Acronymic Acronymic is offline
Member with 66 posts.
THREAD STARTER
 
Join Date: May 2010
29-May-2010, 11:14 AM #14
When I open OTL, the original error occurs, followed by:
This procedure * could not be located in the DLL winspool.drv.

I'm sorry, this is pretty frustrating.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
29-May-2010, 01:56 PM #15
If you have access to another computer, download the following program to a USB stick - rename it to Combo.com befor you save it:

run if from the USB stick in safe mode:

make sure all other windows are closed and all security programs are disabled:


Link 1


post the resulting log


Agree to letting combofix install the Recovery Console if it requests to do so
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
error, winspool.drv

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2