New
#11
How do you change it to C:\TEMP
Sorry not really good at CMD
How do you change it to C:\TEMP
Sorry not really good at CMD
No worries - once you open an elevated cmd prompt (start, type in "cmd", right click on the cmd.exe item in the start menu list and select "Run as Administrator'), you change directories with the "cd" command. So, "cd C:\temp" will change the directory to C:\temp.
Thank you =D
I think im getting a new computer in 6 months if i do good in my tests but i need the printers for my schoolwork and its so annoying spending a whole day reinstalling windows
Well, if you did what I said and dumped the spoolsv.exe process with the error on-screen, the error is most definitely not coming from the print spooler service itself. Very odd, but the dump doesn't lie.
Can you post a screenshot of your desktop with the error displayed?
There its in the attachments
il try to do the dump again
http://www.mediafire.com/file/d37dk9...107_140002.dmp
Well, that's the print error from the add printer dialog. This is usually caused by an installed driver loaded into the spooler that is not running properly once installed, so in looking again at your print spooler dump I did notice this:
This .dll is using one of the many filenames that the win32.banker.xjh worm is known to use, and I believe this machine is likely infected by this (very old, but very serious) trojan given you mentioned earlier that you knew that your PC was already "messed up", you couldn't run process monitor, etc - all telltale signs of an infection given what I've just found running on your PC. I think it might be best right now to stop worrying about your printers, and start worrying about the security of your PC (especially if you do any internet banking, as this particular nasty is specifically designed to watch for such activity and report it to whomever it is configured to upload the data to).Code:0:006> kn # ChildEBP RetAddr 00 0210f82c 779b8f8f ntdll!KiFastSystemCallRet 01 0210f830 779b8fc2 user32!NtUserGetMessage+0xc 02 0210f84c 014c231b user32!GetMessageW+0x33 WARNING: Stack unwind information not available. Following frames may be wrong. 03 0210fa78 77321194 CNAS0MMK+0x231b 04 0210fa84 77bcb495 kernel32!BaseThreadInitThunk+0xe 05 0210fac4 77bcb468 ntdll!__RtlUserThreadStart+0x70 06 0210fadc 00000000 ntdll!_RtlUserThreadStart+0x1b 0:014> lmvm cnas0mmk start end module name 014c0000 014d2000 CNAS0MMK T (no symbols) Loaded symbol image file: CNAS0MMK.DLL Image path: C:\Windows\System32\CNAS0MMK.DLL Image name: CNAS0MMK.DLL Timestamp: Wed Apr 18 04:13:58 2007 (4625D346) CheckSum: 0001F2E0 ImageSize: 00012000 File version: 1.2.0.0 Product version: 1.2.0.0 File flags: 0 (Mask 3F) File OS: 10004 DOS Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
i dont do any internet banking and how can i get rid of it?
Read the link. You can download Microsoft Security Essentials (MSE), update it, and then try to use it to clean the system. Not sure if it will work, but it's worth a try. Whatever you're using as an antivirus solution may not be good enough, assuming you are keeping it updated regularly.