If you found your computer prompt our an application error call "Spoolsv.exe - Application Error" the you can try the following solution, because it help me to solve my problem.

You cannot add a printer and you receive printer spooler error messages in Windows XP
View products that this article applies to.
Article ID : 324757
Last Review : September 25, 2008
Revision : 7.1
This article was previously published under Q324757
On This Page
SYMPTOMS
CAUSE
RESOLUTION
Turn off Lexmark print service
Start computer in safe mode
Now delete spool printer and driver files
Next, edit the registry
First, remove Windows NT subkeys
Second, remove registry entries for printer drivers
Third, remove registry entries for default print monitors
Now verify that the print spooler service is running
Finally, add a printer and print a test page
NEXT STEPS
MORE INFORMATION
SYMPTOMS
You may experience any of the following symptoms on your Windows XP-based computer:
• After you start your computer, you may receive the following error message:
Spooler subsystem app has encountered a problem and needs to close.
• When you try to start the Print Spooler service, you may receive the following error message:
Spooler subsystem app has encountered a problem and needs to close.
• When you try to stop the Print Spooler service, you may receive the following error message:
Spooler subsystem app has encountered a problem and needs to close.
• When you click Start, and then click Printers and Faxes, you may receive the following error message:
Spooler subsystem app has encountered a problem and needs to close.
• When you click Start, and then click Printers and Faxes to try to view your printers, no printers appear. This issue may occur even if you have a printer installed.
• When you click Add a printer, or when you try to print, you may receive the following error message and cannot add a printer:
Operation could not be completed.

Back to the top
CAUSE
This issue may occur if a third-party printer driver or a third-party service that is installed prevents you from adding printers, or if the third-party printer driver or the third-party service affects the functionality of a newly installed printer.

For example, this issue may occur if the Lexmark print service (LexBce Server service) is installed and is running on your computer before you try to add another printer.

Back to the top
RESOLUTION
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows
If you have a Lexmark printer installed, start with the "Turn off Lexmark print service" section and then, if it is necessary, follow the remaining steps in the order presented to resolve this issue. If you do not have a Lexmark printer installed, go to the "Start computer in safe mode" section, and then follow the remaining steps in the order in which they are presented to resolve this issue. You may find it easier to follow the steps if you print this article first.

Back to the top
Turn off Lexmark print service
If the Lexmark print service is installed on your computer, turn off the LexBce Server service. To do this, follow these steps:
1. Click Start, right-click My Computer, and then click Manage.
2. Expand Services and Applications, and then click Services.
3. In the details pane, right-click LexBce Server, and then click Properties.
4. On the General tab in the Startup type list, click Disabled.
5. Under Service status, click Stop, and then click OK.
6. Right-click the Print Spooler service, and then click Start (if it is stopped).
7. Exit Computer Management.
Test whether the issue is resolved. If the issue is resolved, you do not have to follow the remaining steps. If the issue is not resolved, go to the "Start computer in safe mode" section, and then follow the remaining steps.

Back to the top
Start computer in safe mode
Start the computer in safe mode so that you can remove spool files. To do this, follow these steps:
1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured to start multiple operating systems, you can press the F8 key when the Boot menu appears.
2. Select Safe Mode when the Windows Advanced Options menu appears, and then press ENTER.
3. If the Boot menu appears again and you are prompted to select the operating system on the computer, use the arrow keys to select the operating system, and then press ENTER.

Note For more information about how to start your computer in safe mode, click Start, click Help and Support, type safe mode in the Search box, press the ENTER key, and then click the Start Windows in safe mode topic.

Back to the top
Now delete spool printer and driver files
In safe mode, delete the spool printer and driver files. To do this, start Microsoft Windows Explorer, and then delete all the files and the folders in the following two folders (where C: is the drive where you have Windows XP installed):
• C:\Windows\System32\Spool\Printers
• C:\Windows\System32\Spool\Drivers\w32x86

Back to the top
Next, edit the registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
First, remove Windows NT subkeys
Remove the potentially problematic registry entries for Windows NT x86 service subkeys. These may have been installed by third-party printer setup programs and may be interfering with the print spool service. Use the following steps to keep the drivers, print spools, and registry entries that came with Windows on your computer and remove all others that may be causing issues.
1. Start Registry Editor. To do this, click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and expand the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86
View the list of subkeys (subfolders). There should only be the following subkeys:
• Drivers
• Print Processors
3. If there are any subkeys other than the subkeys that are listed in step 2, follow these steps:
a. On the File menu, click Export.
b. In the File Name box, type the name that you want to use for this key, such as WindowsNTx86regkey, and then click Save.

NoteYou can use this backup of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86 registry key to restore the key if you experience any issues after you complete this procedure.
c. Delete all the subkeys other than the subkeys that are listed in step 2. To do this, right-click each subkey that is not on the list, and then click Delete. Click Yes when you are prompted to confirm the deletion.
Second, remove registry entries for printer drivers
Remove the potentially problematic printer driver subkeys, which may be interfering with the printer you want to use. These may have been installed by third-party printer setup programs. Use the following steps to keep the printer driver and registry entries that came with Windows on your computer and remove all others that may be causing issues.
1. Start Registry Editor if it is not open. To do this, click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then expand the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
The registry entries for the printer drivers that are installed on the computer are stored in the Version-x subkey or subkeys, where x is a number (typically 2 or 3).
3. Export the Version-x subkey or subkeys. To do this, follow these steps:
a. On the File menu, click Export.
b. In the File Name box, type the name that you want to use for this key, such as print driver, and then click Save.
4. Expand the Version-x subkey or subkeys, and then delete the printer driver entries. To do this, right-click each printer driver subkey, and then click Delete. Click Yes when you are prompted to confirm the deletion.
Third, remove registry entries for default print monitors
Remove the potentially problematic print monitor subkeys, which may be interfering with the printer you want to use. These may have been installed by third-party printer setup programs. Use the following steps to keep the print monitors and registry entries that came with Windows and remove all others that may be causing issues.
1. Start Registry Editor if it is not open. To do this, click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then expand the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
View the list of subkeys. There should only be the following subkeys for the default print monitors:
• BJ Language Monitor
• Local Port
• PJL Language Monitor
• Standard TCP/IP Port
• USB Monitor
3. If there are any subkeys other than the subkeys that are listed in step 1, follow these steps:
a. On the File menu, click Export.
b. In the File Name box, type the name that you want to use for this key, such as MonitorsRegkey, and then click Save.

NoteYou can use this backup of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors registry key to restore the key if you experience any issues after you complete this procedure.
c. Delete all the subkeys other than the subkeys that are listed in step 2. To do this, right-click each subkey that is not on the list, and then click Delete. Click Yes when you are prompted to confirm the deletion.
4. Exit Registry Editor.
5. If you have a printer attached to the computer, disconnect the printer cable from the computer, and then restart the computer.

Back to the top
Now verify that the print spooler service is running
Verify that the print spooler service is running. To do this, follow these steps:
1. Click Start, right-click My Computer, and then click Manage.
2. Expand Services and Applications, and then click Services.
3. In the details pane, right-click the Print Spooler service, and then click Start (if it is stopped).
4. Exit Computer Management.
If you cannot start the Print Spooler service, follow the steps in the following Microsoft Knowledge Base article to start the Print Spooler service:
919750 (http://support.microsoft.com/kb/919750/) You experience problems printing, viewing printer icons, and adding printers, the Print Spooler service does not function correctly, and you receive print-related error messages on a Windows XP-based computer

Back to the top
Finally, add a printer and print a test page
If you have a printer attached, reconnect the printer cable to the computer, install the printer by adding it to the computer through the Add Printer Wizard, and then try to print a test page. To install the printer you want, follow these steps:
1. Click Start, and then click Printers and Faxes.
2. Click Add a printer. The Add Printer Wizard starts.
3. Follow the instructions in the Add Printer Wizard to install the printer that you want.
4. Print a test page to make sure that you can print.
If you still cannot print or if you are still receiving print spool errors, go to the "Next Steps" Section.

Back to the top
NEXT STEPS
If these methods did not work for you, you can use the Microsoft Customer Support Services Web site to find other solutions to your problem. Services that the Microsoft Customer Support Services Web sites provide include the following:
• Searchable Knowledge Base (http://support.microsoft.com/search/?adv=1): Search technical support information and self-help tools for Microsoft products.
• Solution Centers (http://support.microsoft.com/select/?target=hub): View product-specific frequently asked questions and support highlights.
• Microsoft Customer Support Newsgroups (http://www.microsoft.com/communities/newsgroups/default.mspx): Contact counterparts, peers, and Microsoft Most Valuable Professionals (MVPs).
• Other Support Options (http://support.microsoft.com/default.aspx?pr=csshome): Use the Web to ask a question, contact Microsoft Customer Support Services, or provide feedback.
If you continue to have printing problems, you might want to contact Support:
http://support.microsoft.com/contactus (http://support.microsoft.com/contactus)

Back to the top
MORE INFORMATION
For more information about how to troubleshoot printing problems in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
314085 (http://support.microsoft.com/kb/314085/) Advanced troubleshooting for when you cannot print in Windows XP
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Back to the top
APPLIES TO
• Microsoft Windows XP Professional
• Microsoft Windows XP Home Edition

Back to the top
Keywords:
kbtshoot kbresolve kbregistry kb3rdparty kbenv kbprint kbdriver kberrmsg kbprb KB324757

To those who have facing forgot password when you need to uninstall your Symantec AntiVirus, you just need to do the following step then the password will gone: -

1) Goto Regedit.
2) Goto the following directory: - HKEY_Local_Machine\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security
3) Looking for "UseVPUninstallPassword", this is a REG_DWORD value.
4) Just change the value from 1 to 0.
5) Close all the application and then goto uninstall again.

The password authentication is gone ..... :)

Begin of the article W32.Sality.AE removal process

1. DownloadGoogle recommend safer browser Web browser, For more safe, Stay Secure on the Web and stay far away virus, Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in Safe Mode
4. Run a full system scan and clean/delete all W32.Sality.AE infected files and Delete/Modify any values added to the registry.
Navigate to the sub key and delete the values as following:

When the virus is executed, it copies itself as the following file:
%System%\drivers\[RANDOM FILE NAME].sys

The virus creates the following mutex so only one instance of the virus is running:
Op1mutx9

It then creates the following registry sub keys:

• HKEY_CURRENT_USER\Software\[USER NAME]914
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER

It then creates the following registry entry so that it bypasses the Windows Firewall:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"[INFECTED FILE]" = "[INFECTED FILE]:*:Enabled:ipsec"

It modifies the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Setting\"GlobalUserOffline" = "0"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"

The virus also deletes entries in the following registry sub keys:

• HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

It then registers itself as a new service with the following characteristics:
Service Name: WMI_MFC_TPSHOKER_80
Display Name: WMI_MFC_TPSHOKER_80
Startup Type: Automatic

It then deletes itself.

It stops the following services:

• ALG
• aswUpdSv
• avast! Antivirus
• avast! Mail Scanner
• avast! Web Scanner
• BackWeb Plug-in - 4476822
• bdss
• BGLiveSvc
• BlackICE
• CAISafe
• ccEvtMgr
• ccProxy
• ccSetMgr
• F-Prot Antivirus Update Monitor
• fsbwsys
• FSDFWD
• F-Secure Gatekeeper Handler Starter
• fshttps
• FSMA
• InoRPC
• InoRT
• InoTask
• ISSVC
• KPF4
• LavasoftFirewall
• LIVESRV
• McAfeeFramework
• McShield
• McTaskManager
• navapsvc
• NOD32krn
• NPFMntor
• NSCService
• Outpost Firewall main module
• OutpostFirewall
• PAVFIRES
• PAVFNSVR
• PavProt
• PavPrSrv
• PAVSRV
• PcCtlCom
• PersonalFirewal
• PREVSRV
• ProtoPort Firewall service
• PSIMSVC
• RapApp
• SmcService
• SNDSrvc
• SPBBCSvc
• Symantec Core LC
• Tmntsrv
• TmPfw
• tmproxy
• UmxAgent
• UmxCfg
• UmxLU
• UmxPol
• vsmon
• VSSERV
• WebrootDesktopFirewallDataService
• WebrootFirewall
• XCOMM
• AVP

It infects all executable files listed in the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache

It infects all .exe executable files listed in the following registry subkeys:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also infects all .exe and .scr files on the C drive and on any writable network resource, except the files on any folder with the following strings:

• SYSTEM
• AHEAD

The infected file size will increase 57,344 bytes.

It deletes any file whose name contains any of the following strings:

• .VDB
• .AVC
• .KEY
• drw
• _AVPM
• A2GUARD
• AAVSHIELD
• AVAST
• ADVCHK
• AHNSD
• AIRDEFENSE
• ALERTSVC
• ALMON
• ALOGSERV
• ALSVC
• AMON
• ANTI-TROJAN
• AVZ
• ANTIVIR
• ANTS
• APVXDWIN
• ARMOR2NET
• ASHAVAST
• ASHDISP
• ASHENHCD
• ASHMAISV
• ASHPOPWZ
• ASHSERV
• ASHSIMPL
• ASHSKPCK
• ASHWEBSV
• ASWUPDSV
• ATCON
• ATUPDATER
• ATWATCH
• AUPDATE
• AUTODOWN
• AUTOTRACE
• AUTOUPDATE
• AVCIMAN
• AVCONSOL
• AVENGINE
• AVGAMSVR
• AVGCC
• AVGCC32
• AVGCTRL
• AVGEMC
• AVGFWSRV
• AVGNT
• AVGNTDD
• AVGNTMGR
• AVGSERV
• AVGUARD
• AVGUPSVC
• AVINITNT
• AVKSERV
• AVKSERVICE
• AVKWCTL
• AVP
• AVP32
• AVPCC
• AVPM
• AVPUPD
• AVSCHED32
• AVSYNMGR
• AVWUPD32
• AVWUPSRV
• AVXMONITOR9X
• AVXMONITORNT
• AVXQUAR
• BACKWEB-4476822
• BDMCON
• BDNEWS
• BDOESRV
• BDSS
• BDSUBMIT
• BDSWITCH
• BLACKD
• BLACKICE
• CAFIX
• CCAPP
• CCEVTMGR
• CCPROXY
• CCSETMGR
• CFIAUDIT
• CLAMTRAY
• CLAMWIN
• CLAW95
• CLAW95CF
• CLEANER
• CLEANER3
• CLISVC
• CMGRDIAN
• CUREIT
• DEFWATCH
• DOORS
• DRVIRUS
• DRWADINS
• DRWEB32W
• DRWEBSCD
• DRWEBUPW
• ESCANH95
• ESCANHNT
• EWIDOCTRL
• EZANTIVIRUSREGISTRATIONCHECK
• F-AGNT95
• FAMEH32
• FAST
• FCH32
• FILEMON
• FIRESVC
• FIRETRAY
• FIREWALL
• FPAVUPDM
• F-PROT95
• FRESHCLAM
• FRW
• FSAV32
• FSAVGUI
• FSBWSYS
• F-SCHED
• FSDFWD
• FSGK32
• FSGK32ST
• FSGUIEXE
• FSM32
• FSMA32
• FSMB32
• FSPEX.
• FSSM32
• F-STOPW
• GCASDTSERV
• GCASSERV
• GIANTANTISPYWAREMAIN
• GIANTANTISPYWAREUPDATER
• GUARDGUI
• GUARDNT
• HREGMON
• HRRES
• HSOCKPE
• HUPDATE
• IAMAPP
• IAMSERV
• ICLOAD95
• ICLOADNT
• ICMON
• ICSSUPPNT
• ICSUPP95
• ICSUPPNT
• IFACE
• INETUPD
• INOCIT
• INORPC
• INORT
• INOTASK
• INOUPTNG
• IOMON98
• ISAFE
• ISATRAY
• ISRV95
• ISSVC
• KAV
• KAVMM
• KAVPF
• KAVPFW
• KAVSTART
• KAVSVC
• KAVSVCUI
• KMAILMON
• KPFWSVC
• KWATCH
• LOCKDOWN2000
• LOGWATNT
• LUALL
• LUCOMSERVER
• LUUPDATE
• MCAGENT
• MCMNHDLR
• MCREGWIZ
• MCUPDATE
• MCVSSHLD
• MINILOG
• MYAGTSVC
• MYAGTTRY
• NAVAPSVC
• NAVAPW32
• NAVLU32
• NAVW32
• NOD32
• NEOWATCHLOG
• NEOWATCHTRAY
• NISSERV
• NISUM
• NMAIN
• NOD32
• NORMIST
• NOTSTART
• NPAVTRAY
• NPFMNTOR
• NPFMSG
• NPROTECT
• NSCHED32
• NSMDTR
• NSSSERV
• NSSTRAY
• NTRTSCAN
• NTXCONFIG
• NUPGRADE
• NVC95
• NVCOD
• NVCTE
• NVCUT
• NWSERVICE
• OFCPFWSVC
• OUTPOST
• PAV
• PAVFIRES
• PAVFNSVR
• PAVKRE
• PAVPROT
• PAVPROXY
• PAVPRSRV
• PAVSRV51
• PAVSS
• PCCGUIDE
• PCCIOMON
• PCCNTMON
• PCCPFW
• PCCTLCOM
• PCTAV
• PERSFW
• PERTSK
• PERVAC
• PNMSRV
• POP3TRAP
• POPROXY
• PREVSRV
• PSIMSVC
• QHM32
• QHONLINE
• QHONSVC
• QHPF
• QHWSCSVC
• RAVMON
• RAVTIMER
• REALMON
• REALMON95
• RFWMAIN
• RTVSCAN
• RTVSCN95
• RULAUNCH
• SAVADMINSERVICE
• SAVMAIN
• SAVPROGRESS
• SAVSCAN
• SCAN32
• SCANNINGPROCESS
• CUREIT
• SDHELP
• SHSTAT
• SITECLI
• SPBBCSVC
• SPHINX
• SPIDERML
• SPIDERNT
• SPIDERUI
• SPYBOTSD
• SPYXX
• SS3EDIT
• STOPSIGNAV
• SWAGENT
• SWDOCTOR
• SWNETSUP
• SYMLCSVC
• SYMPROXYSVC
• SYMSPORT
• SYMWSC
• SYNMGR
• TAUMON
• TBMON
• TC
• TCA
• TCM
• TDS-3
• TEATIMER
• TFAK
• THAV
• THSM
• TMAS
• TMLISTEN
• TMNTSRV
• TMPFW
• TMPROXY
• TNBUTIL
• TRJSCAN
• UP2DATE
• VBA32ECM
• VBA32IFS
• VBA32LDR
• VBA32PP3
• VBSNTW
• VCHK
• VCRMON
• VETTRAY
• VIRUSKEEPER
• VPTRAY
• VRFWSVC
• VRMONNT
• VRMONSVC
• VRRW32
• VSECOMR
• VSHWIN32
• VSMON
• VSSERV
• VSSTAT
• WATCHDOG
• WEBPROXY
• WEBSCANX
• WEBTRAP
• WGFE95
• WINAW32
• WINROUTE
• WINSS
• WINSSNOTIFY
• WRADMIN
• WRCTRL
• XCOMMSVR
• ZATUTOR
• ZAUINST
• ZLCLIENT
• ZONEALARM

It connects to the following URLs to get instructions. The instructions contain additional URLs to possibly download other malicious files:

• [http://]pedmeo222nb.info
• [http://]pzrk.ru
• [http://]technican.w.interia.pl
• [http://]www.kjwre9fqwieluoi.info
• [http://]bpowqbvcfds677.info
• [http://]bmakemegood24.com
• [http://]bperfectchoice1.com
• [http://]bcash-ddt.net
• [http://]bddr-cash.net
• [http://]btrn-cash.net
• [http://]bmoney-frn.net
• [http://]bclr-cash.net
• [http://]bxxxl-cash.net
• [http://]balsfhkewo7i487fksd.info
• [http://]buynvf96.info

It prevents access to various security-related domains containing any of the following strings:

• Cureit
• Drweb
• Onlinescan
• Spywareinfo
• Ewido
• Virusscan
• Windowsecurity
• Spywareguide
• Bitdefender
• Panda software
• Agnmitum
• Virustotal
• Sophos
• Trend Micro
• Etrust.com
• Symantec
• McAfee
• F-Secure
• Eset.com
• Kaspersky

It then adds following entry to %Windir%\system.ini:
[MCIDRV_VER]

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

• Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
• If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
• Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
• Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
• Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
• Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

5. Exit registry editor.
6. Delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning. And restart the computer.
8. Now you may remove W32.Sality.AE successfully.

9. After remove the virus, please try to install antivirus like Avira Antivirus. And then run full scanning for your computer. It might delete a lot of application exe file, just let it delete. Once it delete done these mean your pc is clean. Then you have to reinstall the application that deleted by antivirus again to make all application functioning.