Inactive Trouble installing Service Pack 3

[Mona22]

I have an HP Pavillion desktop a600n with XP home service pack 1. I'm positive there are viruses and/or malware on my computer and I tried to install TrendMicro Titanium 2012 edition but it said I need the latest service pack. So, I downloaded Service Pack 3 and when I tried to install, I received the following error:

[FONT=Helvetica]the file C:\windows\system32\drivers\ndis.sys is open or in use by another application. close all other applications and then click Retry.\[/FONT]

I read the thread about the the 4 step preliminary instructions but I did not attempt to follow them because I was uncertain if they would even install on my computer since it doesn't have service pack 3. Any sort of help would be greatly appreciated. Thanks.

I apologize if this is in the wrong section.

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[Mona22]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2008 5:32:24 PM
System Uptime: 11/19/2012 11:50:46 AM (6 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2083/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 52.959 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.617 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\87B152E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\87B152E01800
Service: NIC1394
.
==== System Restore Points ===================
.
RP7: 11/19/2012 5:02:47 PM - Installed Linksys Wireless-G USB Network Adapter
.
==== Installed Programs ======================
.
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CameraDrivers
Copy
CreativeProjects
Crystal Maze from Hewlett-Packard Desktops (remove only)
Director
DirectX Hotfix - KB825116
DocProc
Easy Internet Sign-up
Fax
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
Internet Explorer Q828750
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Linksys Wireless-G USB Network Adapter
Malwarebytes Anti-Malware version 1.65.1.1000
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MSN
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Outlook Express Update Q330994
Overball from Hewlett-Packard Desktops (remove only)
Overland
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB923414)
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows XP (KB898461)
Updates from HP
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821431
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB833407
Windows XP Hotfix (SP2) [See KB810243 for more information]
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
.
==== Event Viewer Messages From Past Week ========
.
11/19/2012 9:44:21 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/19/2012 9:32:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/19/2012 8:46:13 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
11/19/2012 8:46:13 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
11/19/2012 8:46:12 AM, error: SideBySide [59] - Generate Activation Context failed for E:\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
11/19/2012 8:18:25 AM, error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2012 8:18:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
11/19/2012 8:18:25 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
11/19/2012 8:07:25 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 83b99439, parameter3 f55c8c04, parameter4 f55c8904.
11/19/2012 8:07:08 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 83da3439, parameter3 f550ac04, parameter4 f550a904.
11/19/2012 8:06:18 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
11/19/2012 10:12:36 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
.
==== End Of File ===========================
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 6.0.2800.1106
Run by Owner at 17:37:13 on 2012-11-19
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.959.476 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\sdra64.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Documents and Settings\Owner\Applications\NT\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\All Users\dulvoppeditu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\dulvoppeditu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U9QZW7WH\avast_free_antivirus_setup[1].exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a00692\avast.setup
C:\Program Files\AVAST Software\Avast\vcredist_x86_SP1.exe
c:\169f7cb9314ba569469860423cdfee\install.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uProxyOverride = localhost
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\temp\init.exe,c:\windows\system32\hhupd.exe,c:\windows\system32\sdra64.exe,
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - c:\windows\system32\BROWSEUI.DLL
EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\SHDOCVW.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [RecordNow!] <no file>
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [qgovx5zz] c:\documents and settings\owner\application data\yw247j7y.exe
mRun: [dulvoppeditu] c:\documents and settings\all users\dulvoppeditu.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [rveakamn.exe] c:\windows\rveakamn.exe
dRun: [reader_s] c:\documents and settings\owner\reader_s.exe
dRun: [services] c:\windows\services.exe
dRun: [phnsntta.exe] c:\windows\phnsntta.exe
dRun: [hdlmqkjx.exe] c:\windows\hdlmqkjx.exe
dRun: [tcpudp] c:\windows\VRT1B.tmp
mExplorerRun: [35836] c:\docume~1\alluse~1\locals~1\temp\mslwxo.com
uExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: syncps - syncps.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dsna3dd;dsna3dd;c:\windows\system32\drivers\dsna3dd.sys [2009-5-4 17376]
R1 syncmc;Frequency SynCPU;c:\windows\system32\syncmc.sys [2009-1-9 8672]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-12-14 61499]
S1 ethvwnty;ethvwnty;c:\windows\system32\drivers\ethvwnty.sys [2008-12-14 137952]
S1 gbq5d40;gbq5d40;c:\windows\system32\drivers\gbq5d40.sys [2009-4-17 17376]
S2 mrtRate;mrtRate; [x]
S2 MsIRSTS;Intel(R) Rapid Storage Technology Service;c:\documents and settings\owner\applications\nt\svchost.exe [2004-5-20 66560]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]
.
=============== Created Last 30 ================
.
2012-11-19 22:18:08--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-11-19 22:18:0620552----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-19 22:18:06--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-11-19 22:02:47--------d-----w-C:\169f7cb9314ba569469860423cdfee
2012-11-19 22:02:3641224----a-w-c:\windows\avastSS.scr
2012-11-19 22:02:13--------d-----w-c:\program files\AVAST Software
2012-11-19 22:02:13--------d-----w-c:\documents and settings\all users\application data\AVAST Software
2012-11-19 20:00:15--------d-----w-C:\f2ced4a8894e8075beb5fb
2012-11-19 19:40:48--------d-----w-c:\windows\system32\CatRoot_bak
.
==================== Find3M ====================
.
2012-09-15 20:31:21168----a-w-c:\documents and settings\owner\application data\rkjuu3.bat
2012-09-15 20:31:20108---h--w-c:\documents and settings\owner\application data\ahiscc6f.bat
2012-09-15 20:31:07210051234----a-w-c:\documents and settings\owner\application data\yw247j7y.exe
2012-09-15 20:30:4166560----a-w-c:\documents and settings\owner\application data\afeiisb.exe
2012-09-15 20:30:2439424----a-w-c:\documents and settings\owner\application data\alitr3j.exe
2012-09-15 20:30:0897280--sha-w-c:\documents and settings\owner\dulvoppeditu.exe
2012-09-15 20:30:0897280--sha-w-c:\documents and settings\all users\dulvoppeditu.exe
2012-09-15 20:30:0739424----a-w-c:\documents and settings\owner\application data\napzck.exe
2012-09-15 20:29:55125440----a-w-c:\documents and settings\owner\application data\ljysba.exe
2012-09-15 20:29:44153600---ha-w-c:\windows\VRT1B.tmp
2005-08-02 20:46:54187904--sha-r-c:\windows\ia\asappsrv.dll
2005-08-02 20:58:38304640--sha-r-c:\windows\ia\command.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x851EE2A3]<< >>UNKNOWN [0xF5AD047B]<<
_asm { JMP 0x708e21d8; }
1 nt!IofCallDriver[0x804EA224] -> \Device\Harddisk0\DR0[0x85787B48]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
user != kernel MBR !!!
.
============= FINISH: 17:38:22.07 ===============
# AdwCleaner v2.008 - Logfile created 11/19/2012 at 17:47:56
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 1 (32 bits)
# User : Owner - YOUR-VP7X3S9CTM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2800.1106
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adw78r4i.default\prefs.js
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adw78r4i.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [1212 octets] - [19/11/2012 17:47:56]
########## EOF - C:\AdwCleaner[S1].txt - [1272 octets] ##########

 

[Mona22]

Malwarebytes installed but won't open. And Avast wouldn't install. I hope these files aren't useless in the absence of the Malwarebytes scan. Also, my computer refuses to let me get into the techspot forums, the actual website works but not techspot.com/community, I have been posting from my laptop.

 

[Jay Pfoutz]

Oh my. This should be better for us to be able to clean the computer:

OTLPE + Farbar Recovery Scan Tool

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.