Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

spoolsv.exe - application error

  • Please log in to reply

Paul Cossey

Paul Cossey

    New Member

  • Member
  • Pip
  • 6 posts
Hi All!


I recive the following error message as soon as the PC boots to the Crtl Alt Del screen:

spoolsv.exe - application error
The instruction at "0x7c91347e" referenced memory at 0x00e45426". the memory could not be "read"

The PC is running very slowly and will not open up the printers folder unless the print spooler service has been restarted then i get the following error:

Spooler Sub System App
Spooler Sub System App has encountered a problem and needs to close. We are sorry for the inconvience
(It then gives you the option to debug or close)

Thanks Paul!

I have compleated all scans etc...
Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:26, on 14/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Gemplus\GAC\GACService.exe
C:\Program Files\Syntegra\Device Identification Logger\tktmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nww.eastern.n....asp?pid=1&id=7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nww.eastern.n....asp?pid=1&id=7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Waveney PCT
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [GACService] C:\Program Files\Gemplus\GAC\GACService.exe
O4 - HKLM\..\Run: [Ticket API Monitor] C:\Program Files\Syntegra\Device Identification Logger\tktmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [C&B Fixes] cmd.exe /c "start /MIN c:\iainstaller\startup\CAB-fixes.bat"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Shortcut toEMIS LV.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://nww.eastern.nhs.uk/scripts/index.asp?pid=1&id=7
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095173209875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139843644514
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emis4275.local
O17 - HKLM\Software\..\Telephony: DomainName = emis4275.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7255BCC7-7F6E-442D-B967-BCCEF921F914}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emis4275.local
O18 - Protocol: emistp - {0EFAEA2E-11C9-11D3-88E3-0000E867A001} - C:\WINDOWS\system32\EmisAPP.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

ewido anti-malware - Scan report

+ Created on: 16:10:26, 13/02/2006
+ Report-Checksum: 68C7FBF0

+ Scan result:

C:\Documents and Settings\AEmerson\Cookies\aemerson@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\AEmerson\Cookies\aemerson@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup

::Report End

Edited by Paul Cossey, 14 February 2006 - 04:31 AM.

  • 0




    The Leather Lady

  • Moderator
  • 3,038 posts
Have you followed the instructions here?

  • 0

Paul Cossey

Paul Cossey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry... will do now and post back
  • 0

Paul Cossey

Paul Cossey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I have now compleated all the Scans etc... and edited the original post with a new Hijack This.

Thanks! :tazz:
  • 0




  • Member
  • PipPipPip
  • 377 posts
Hi Paul

Please go to the Malware Forum and follow the instructions at the top....Especially the Start Here

That will give you several steps that will help you clean up 70 percent of all problems by yourself...then post a hijackthis log in THAT forum. Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

Since you have done most of this just post in the forum.
  • 0

Paul Cossey

Paul Cossey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
New post in the malware forum ->New Post

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP