Hi All,

I've been facing the same problem as mentioned in one of the threads related to deletion of spools.exe, after I heroically deleted the spools.exe file from my System32\drivers folder.

I use a Windows Xp Home Edition with SP2 and do not have anti virus solutions installed.

I was searching for a key for a software yesterday when I accidentally ran the file to land in hell.

Also I am a newbie so didn't know where to begin from.

Apologies and Thanks in advance.

hi, there are free stuff on the web.. like AVG anti-virus, or you can download also malware bytes... check if any of these stuff can help you..

It's what happens when you download cracks. I doubt that you accidentally ran the file after deliberately searching for it though

Hi,

I tried hoping for a miracle with the anti-virus software but to no effect. Thank you though.

True, I was searching for a .txt file or just the serial number but the darn thing happened to be a .exe file.

Regardless could you let me know as to what I should do now? I've lost my Dvd drive to and the USB ports making me all the more crippled as I cannot back up data.

Please advice.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner

• Panda Active Scan

• Trend Micro HouseCall

• F-Secure Online Virus Scanner

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Hi,

I've been trying to scan all day yesterday. Using the Kaspersky Online Scanner. It functions and scans but then gets struck. The last time it got struck at 77% and shot my temperature boiling. I am trying to scan again.

Meanwhile is there anything I can do.

Have you tried all those links?

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Yes, I tried with all of the online scanner. Only KOS was a hit as it didn't prompt me to install anything. None of the .exe function. The Malware setup also didn't install. I am trying to scan again using KOS.

I have downloaded the HijackThis tool but cannot install it as I don't know which program to select from the list when asked for.

What shall I do now?

Thank you.

Finally after two sleepless night I've been able to complete a scan of the Critical Areas of the computer using the Kaspersky Online Scanner. The results are as follows:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 26, 2009 18:49:02
Records in database: 1701953
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 102795
Threat name: 9
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 02:07:42


File name Threatname Threats count

C:\Program Files\Internet Explorer\setupapi.dll
Infected: Trojan.Win32.Agent.abas 1

C:\Program Files\Mozilla Firefox\setupapi.dll
Infected: Trojan.Win32.Agent.abas 1

C:\WINDOWS\system32\cbXOHxVm.dll
Infected: Trojan.Win32.Monder.arys 1

C:\WINDOWS\system32\crypts.dll
Infected: Trojan-Downloader.Win32.Injecter.bzs 1

C:\WINDOWS\system32\mlJAqPig.dll
Infected: Trojan.Win32.Monderb.afet 1

C:\WINDOWS\system32\nvsvc32.exe
Infected: Trojan-Downloader.Win32.Agent.aofm 1

C:\WINDOWS\system32\tuvUMFyw.dll
Infected: Trojan.Win32.Agent.bknt 1

C:\WINDOWS\system32\userinit.exe
Infected: Backdoor.Win32.Delf.ntc 1

C:\WINDOWS\Temp\15AA.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\2691.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\7D64.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\8CC63119.exe
Infected: Trojan-Dropper.Win32.Agent.wcc 1

C:\WINDOWS\Temp\93BD013A.exe
Infected: Trojan-Dropper.Win32.Agent.wcc 1

C:\WINDOWS\Temp\B56F.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\F3DF.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\FA00.tmp
Infected: Backdoor.Win32.KeyStart.s 1

C:\WINDOWS\Temp\FFA5.tmp
Infected: Backdoor.Win32.KeyStart.s 1

The selected area was scanned.

Open Device Manager and on the VIEW Tab, select the Show hidden
devices option.
Go down to non plug and play drivers and see if there is one called
TDSSserv and disable it.

==

Reboot if found and try to run MBA-M and hijackthis as per my previous instructions.