Hey! I'm having a similar problem with the spoolsv.exe that was evidently an infection of some sort. Avira shows:

Virus or unwanted program 'TR/Patched.CK.6 [trojan]'
detected in file 'C:\Documents and Settings\Owner\Local Settings\Temp\tmp6.tmp

Now, I couldn't get into that file, BUT there was another file, tmp5.tmp that didn't seem to set off an alarm, but in it, it showed the following:


%c;%d;%s;%d \\?\globalroot\systemroot\system32\advapi32.dll advapi32.dll spoolsv.exe \ T D K P tmp \\?\globalroot\tdl.dat

I couldn't find the tdl.dat file (which is probably because when I got suspicious of the install, I canceled the install, but the only thing that would stop it was to rename the spoolsv.exe file. Running Avira over that file shows nothing, but it'd seem to me we're looking at a script. The problem is, I can't find out where the script is originating. I checked my boot stuff with Autoruns, and there is nothing there. I turned off the spools service for now, just in case, but I figure as long as spoolsv.exe has been renamed, this script will not work. Now I jush have to figure out where the script is hiding.

Any ideas?

******

Nevermind! I found it! it was hiding in the Autorun.inf file on C:\ I renamed and moved it and put a blank autorun.inf in it's place. If replacing a system file like spoolsv.exe doesn't fix it, you probably have a script running that's causing the problem like I did.