1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

C:\Windows\system32\WINSPOOL.DRV

Discussion in 'Virus & Other Malware Removal' started by Acronymic, May 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    Hello all, I'm not quite sure if my problem is a Virus/Malware, but I just felt that putting my problem in 'General Security' was wrong. I apologize and thank you in advance if I need my post to be redirected into a different forum.

    This started 2 days ago, as soon as I logged in to my computer, I was presented with multiple 'errors' all saying the same thing. A screenshot is attached of what the popup appears to be.

    The same error would show up multiple times, with the only difference being the title.
    It would be, 'various program.exe - Bad Image' everytime.

    It would occur randomly when on the internet, and whenever I started my computer, with programs such Adobe Reader. Those programs would then show a seperate popup, indicating that they would not work ('Adobe Reader and Acrobat Manager has stopped working -Check online for a solution and close the program -Close the program').

    Thank you for your help!
     

    Attached Files:

  2. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    Also:

    I can only open Opera atm, FireFox isn't working, and videos won't play. From FaceBook to YouTube, and flash games as well.
     
  3. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    Also:

    Cannot upload any media content, on any website.
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi and Welcome,

    Please do the following:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT




    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    [/QUOTE]
     
  5. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    The WINSPOOL.DRV error occured with the Notepad results, and they couldn't open. I tried to see if I could open Notepad at all after the scan, and it won't.

    Should I skip that step and continue onto gmer?
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    yes, try GMER,

    try running in safemode and see if notepad will open in safemode

    (on boot up - tap F8 repeatedly till an option menu appears - arrow up to safe mode)
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Also, try running this program, prior to the scans:

    Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
     
  8. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    Ran exeHelper in safe mode, Notepad failed to work again.
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    are you able to open any other text editor?

    will word open for you?
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Let's see if you actually have notepad.exe in your system32 folder where it is supposed to be,

    Please show hidden files and folders

    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Clear "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Show hidden files and folders."
    • Clear "Hide protected operating system files."
    • Click Apply, and then click OK.


    NEXT

    go to windows explorer (windows key +E) and type in notepad.exe

    tell me all the locations where it is found:

    (include the full file paths)
     
  11. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    C:\WINDOWS\System32
    That was the only place that I found notepad.exe in when I searched for it in the search bar on the start menu (Windows Vista).

    When I pressed Windows key + E, it opened the 'Computer' file, and when I searched for notepad.exe in there, nothing showed up.
     
  12. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    Sorry, I didn't see your other post. Sorry, sorry, sorry.
    Oddly enough, Wordpad will open up just fine...
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Ok
    Try this scan



    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
     
  14. Acronymic

    Acronymic Thread Starter

    Joined:
    May 6, 2010
    Messages:
    66
    When I open OTL, the original error occurs, followed by:
    This procedure * could not be located in the DLL winspool.drv.

    I'm sorry, this is pretty frustrating.
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    If you have access to another computer, download the following program to a USB stick - rename it to Combo.com befor you save it:

    run if from the USB stick in safe mode:

    make sure all other windows are closed and all security programs are disabled:


    Link 1


    post the resulting log


    Agree to letting combofix install the Recovery Console if it requests to do so
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/925274