syspools.exe and new *.t

I used the procedure published in Syspools.exe and more 18 months ago and I was successful in removing some *.t and the syspools.exe.
I now have contracted syspools.exe and variouse/ever changing *.t. Like I said since I have followed the published procedure before and had success, tried that again and did not work.
I dont have QSS in the services, I have Qos and not sure if should remove it or not. Also I had difficulty following the instructions when comes to KILLBOX. Help please
Thanks:cry

 

I have been following your instructions. Came to realize my Win2k PC was also infected. Ultimately am carrying out a parrallel Detox on my Win2k machine as well as a WinXP machine. As off now I am Spybot step of your instructions. My Wink2k is doing OK, I even carried out the REPAIR BROKEN CONNECTION on both of them even though Win2k did not necessarily need it. However my WinXP has become extremely slow, in spite of the fact that it has more BHP than my Win2k machine. As we speak I have disabled the start of the SAS when the windows start, it takes about 10~15 min before I even get to my login screen. I will carry out your instruction step by step, but the behavior of this machine has become increasingly peculiar.
FYI: (automatic update feature of SAS is disables, and is not starting when Win starts on both machines)
Win2K stats: Scanned 17k files / Infected 02k files; log size ~ 117kb
WinXP stats: Scanned 62k files / Infected 37k files; log size ~ 2mb
Any thoughts will be greatly appreciated
Thanks

 

I have some domestic issues (my 2 yr and 1 yr old) that is the reason for my delay.
I have followed the new instructions and the results have been more than satisfactory. And yes you do have a valid point, mines were deeply rooted. As mentioned previously my Win2k machine is doing OK however, in spite of the fact that I can see my WinXP (SP3) is / should be clean but still takes forever before I get to the login screen. After logging in, (everything is slow) however, taskmanager tells me that my CPU USAGE is NORTH OF 100%. I also noticed the size of explorer.exe is ~ 36mb and after ending that process the problem goes away, but of course you wont have much choice except restarting the machine.

 

Here is Part 2
As stated before, this symptom of WinXP started showing itself after SAS were done cleaning. After doing so, I found out that I had been infected for a lot longer than I thought I was. I have even DISABLED the RESTORE POINT and have not been able to tell any difference. When COMBOFIX was working I think it went to 50~60 stages of cleaning.

One more observation, the first ever hint I had about my malwares were intermittent error messages I had from ADOBE or other application, Also my EXCEL STOPPED COMPLETELY FROM WORKING. That was the only MS application that did that the rest worked. While I never experienced such symptom in my Win2k machine. As I was working through various stages of detoxing, came to notice while I had gotten rid of the *.t error messages but ADOBE error messages were still persisting and EXCEL was still not working.

After disabling the RESTORE POINT, it seems ADOBE's error message are gone away, not sure about EXCEL since it takes forever for it to load.
I will wait for your response and help, however presently I have these two machines networked together, via PEER to PEER networking, while a third machine is sharing a router with these two but not the same resources. Are the other two machines in any danger, should I pull the plug and disable the resource sharing between the two and the other, any thoughts!

I throughly appreciate the knowledge you are sharing via your forucm. I have learned a lot and can not be thankful enough for the depth of discussions offered in your forums.

I will post a screenshot of my TASKMANAGER in the third post.

Thank you
:cry

 

Here is a screen shot of my TASKMANAGER

Once again thank you for your help and guidance, my Win2K machines seems to be out of the woods

Regards:cry

 

I am still learning my way around this forum

Please disregard my comments about the Win2k. My comments only meant to be a testemonial on validity of the procedure

Thanks

 

I disabled the SAS as a measure to make sure that is not slowing the PC down
Thanks

 

The first directory Malwareremoval-WXP was created by me
I basically gathered all of my downloaded files as well as the logs in there
However the other two I did not creat.
Question;
Should I run SAS twice under normal windows or just do it when I am in the safe mode

Question;
My data is on a different physical HD, I dont mind to re-install windows, however I want
to make sure my data is clear, is there a way I can make sure my data is clean before doing so?

Thanks

 

Here are the two logs
still the same will try the online scanners
any hints will be greatly appreciated.
I used the SAFE MODE WITH NETWORK support and things were fine and the problem was gone at that time

Thanks:cry:confused

 

I have just noticed that even in SAFE MODE I still show 100% CPU usage however the machine seems to be working better.
Thought this could help
Also just got done scanning with STINGER and showed no results in other words it said it is clear

Thanks

 

If I recall correctly in the Old version of DETOX one of the stages had a patch for registry possibly called FIXME.REG
Does whatever that patch did have any bearing on 100% CPU Usage
Thanks

 

I meant detoxification referring to the malware removal procedure.

I have downloaded a 2 applets from MS autoruns and processexplorer
and cant see/show where the 100% CPU usage is coming from

I am contemplating on redoing my OS

I will also give the SOFTWARE a try

Please let me know
Thanks

 

When I am in SAFE MODE it is OK however I can not use all the applications I want, I can verify that by looking at the PERFORMANCE tab of task manager and processexplorer confirms the same thing'

When in the normal mode PERFORMANCE tab shows 100% CPU USAGE and it even goes past it. Now processexplorer does not show which application/process is clocking 100% CPU USAGE and once again the applications respond randomly when I click on them. Another hint is it takes forever to get to login screen (5~10mins).

Now when I kill iexplorer in the PROCESSES tab it calms down but u know there is nothing left to do anything with except restarting the machine.

Thanks for your help, I am still at a loss

 

Here is a shot of processexplorer

 

I am trying to weigh in the possibility of re-installing the OS which thread is the right thread to ask question, such as how to find where the Service Packs are (so wont have to wait for downloading them), or proper way of formatting (heard rumors no re-format is as good as buying a new HD)

Thanks

 

I have removed everything and only after removing everything the CPU usage is lowered however the first application I launch it clocks it to 100% and makes it stay there
It still takes forever to get to the login page

Thanks

 

I either launched OUTLOOK or IE later I also tried Adobe or other stuff but of course they would not run
Thanks

 

It appears my problem is Adobe

However it will still take about 10min. before it gets to the login screen!
This part still puzzles me.

I did try to launch Adobve and it immediately takes off to 100% and stays there while the software never actually starts working

I am seriously considering redoing the OS however I am looking for advice on where to retreive the archived downloaded updates so after reinstallation I can save some times by launching them locally as opposed to downloading them

Thanks