1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Trouble installing Service Pack 3

By Mona22 ยท 4 replies
Nov 19, 2012
  1. I have an HP Pavillion desktop a600n with XP home service pack 1. I'm positive there are viruses and/or malware on my computer and I tried to install TrendMicro Titanium 2012 edition but it said I need the latest service pack. So, I downloaded Service Pack 3 and when I tried to install, I received the following error:

    the file C:\windows\system32\drivers\ndis.sys is open or in use by another application. close all other applications and then click Retry.\

    I read the thread about the the 4 step preliminary instructions but I did not attempt to follow them because I was uncertain if they would even install on my computer since it doesn't have service pack 3. Any sort of help would be greatly appreciated. Thanks.

    I apologize if this is in the wrong section.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,279   +49

    Hello, and welcome to TechSpot.

    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Mona22

    Mona22 TS Rookie Topic Starter

    DDS (Ver_2012-11-07.01)
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/12/2008 5:32:24 PM
    System Uptime: 11/19/2012 11:50:46 AM (6 hours ago)
    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2083/167mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 70 GiB total, 52.959 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 0.617 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    ==== Disabled Device Manager Items =============
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\87B152E01800
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\87B152E01800
    Service: NIC1394
    ==== System Restore Points ===================
    RP7: 11/19/2012 5:02:47 PM - Installed Linksys Wireless-G USB Network Adapter
    ==== Installed Programs ======================
    Adobe Reader 6.0.1
    Agere Systems PCI Soft Modem
    Blackhawk Striker from Hewlett-Packard Desktops (remove only)
    Blasterball 2 from Hewlett-Packard Desktops (remove only)
    Bounce Symphony from Hewlett-Packard Desktops (remove only)
    Crystal Maze from Hewlett-Packard Desktops (remove only)
    DirectX Hotfix - KB825116
    Easy Internet Sign-up
    Five Card Frenzy from Hewlett-Packard Desktops (remove only)
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 3.5
    HP Image Zone Plus 3.5
    HP Instant Support
    HP Organize
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 3.5
    HP Software Update
    IntelliMover Data Transfer Demo
    Internet Explorer Q828750
    InterVideo WinDVD Creator 2
    InterVideo WinDVD Player
    Java 2 Runtime Environment, SE v1.4.2_03
    Linksys Wireless-G USB Network Adapter
    Malwarebytes Anti-Malware version
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition
    Microsoft Works 7.0
    Orbital from Hewlett-Packard Desktops (remove only)
    Otto from Hewlett-Packard Desktops (remove only)
    Outlook Express Update Q330994
    Overball from Hewlett-Packard Desktops (remove only)
    PC-Doctor for Windows
    Photosmart 140,240,7200,7600,7700,7900 Series
    Polar Bowler from Hewlett-Packard Desktops (remove only)
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    Quicken 2004
    RealOne Player
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB905495)
    Security Update for Windows XP (KB923414)
    Slyder from Hewlett-Packard Desktops (remove only)
    Sonic Update Manager
    Toolkit View(HP)
    Tradewinds from Hewlett-Packard Desktops (remove only)
    Update for Windows XP (KB898461)
    Updates from HP
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows XP Hotfix - KB810217
    Windows XP Hotfix - KB821431
    Windows XP Hotfix - KB823182
    Windows XP Hotfix - KB824105
    Windows XP Hotfix - KB824141
    Windows XP Hotfix - KB825119
    Windows XP Hotfix - KB826939
    Windows XP Hotfix - KB826942
    Windows XP Hotfix - KB828028
    Windows XP Hotfix - KB828035
    Windows XP Hotfix - KB833407
    Windows XP Hotfix (SP2) [See KB810243 for more information]
    Windows XP Hotfix (SP2) [See q329256 for more information]
    Windows XP Hotfix (SP2) Q327979
    Windows XP Hotfix (SP2) Q329112
    Windows XP Hotfix (SP2) Q331958
    Windows XP Hotfix (SP2) Q811789
    Windows XP Hotfix (SP2) Q814995
    Windows XP Hotfix (SP2) Q815485
    Windows XP Hotfix (SP2) Q817357
    ==== Event Viewer Messages From Past Week ========
    11/19/2012 9:44:21 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
    An internal error occurred.
    11/19/2012 9:32:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/19/2012 8:46:13 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
    11/19/2012 8:46:13 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
    11/19/2012 8:46:12 AM, error: SideBySide [59] - Generate Activation Context failed for E:\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
    11/19/2012 8:18:25 AM, error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2012 8:18:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    11/19/2012 8:18:25 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    11/19/2012 8:07:25 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 83b99439, parameter3 f55c8c04, parameter4 f55c8904.
    11/19/2012 8:07:08 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 83da3439, parameter3 f550ac04, parameter4 f550a904.
    11/19/2012 8:06:18 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
    11/19/2012 10:12:36 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
    An internal error occurred.
    ==== End Of File ===========================
    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 6.0.2800.1106
    Run by Owner at 17:37:13 on 2012-11-19
    Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.959.476 [GMT -5:00]
    ============== Running Processes ================
    C:\Documents and Settings\Owner\Applications\NT\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\All Users\dulvoppeditu.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Owner\dulvoppeditu.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U9QZW7WH\avast_free_antivirus_setup[1].exe
    C:\Program Files\AVAST Software\Avast\vcredist_x86_SP1.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    uProxyOverride = localhost
    mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\temp\init.exe,c:\windows\system32\hhupd.exe,c:\windows\system32\sdra64.exe,
    TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
    EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - c:\windows\system32\BROWSEUI.DLL
    EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\SHDOCVW.DLL
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    uRun: [RecordNow!] <no file>
    mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [qgovx5zz] c:\documents and settings\owner\application data\yw247j7y.exe
    mRun: [dulvoppeditu] c:\documents and settings\all users\dulvoppeditu.exe
    mRun: [Regedit32] c:\windows\system32\regedit.exe
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [rveakamn.exe] c:\windows\rveakamn.exe
    dRun: [reader_s] c:\documents and settings\owner\reader_s.exe
    dRun: [services] c:\windows\services.exe
    dRun: [phnsntta.exe] c:\windows\phnsntta.exe
    dRun: [hdlmqkjx.exe] c:\windows\hdlmqkjx.exe
    dRun: [tcpudp] c:\windows\VRT1B.tmp
    mExplorerRun: [35836] c:\docume~1\alluse~1\locals~1\temp\mslwxo.com
    uExplorerRun: [services] c:\windows\services.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
    StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoCDBurning = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: syncps - syncps.dll
    ============= SERVICES / DRIVERS ===============
    R1 dsna3dd;dsna3dd;c:\windows\system32\drivers\dsna3dd.sys [2009-5-4 17376]
    R1 syncmc;Frequency SynCPU;c:\windows\system32\syncmc.sys [2009-1-9 8672]
    R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-12-14 61499]
    S1 ethvwnty;ethvwnty;c:\windows\system32\drivers\ethvwnty.sys [2008-12-14 137952]
    S1 gbq5d40;gbq5d40;c:\windows\system32\drivers\gbq5d40.sys [2009-4-17 17376]
    S2 mrtRate;mrtRate; [x]
    S2 MsIRSTS;Intel(R) Rapid Storage Technology Service;c:\documents and settings\owner\applications\nt\svchost.exe [2004-5-20 66560]
    S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]
    =============== Created Last 30 ================
    2012-11-19 22:18:08--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
    2012-11-19 22:18:0620552----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-19 22:18:06--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-11-19 22:02:47--------d-----w-C:\169f7cb9314ba569469860423cdfee
    2012-11-19 22:02:3641224----a-w-c:\windows\avastSS.scr
    2012-11-19 22:02:13--------d-----w-c:\program files\AVAST Software
    2012-11-19 22:02:13--------d-----w-c:\documents and settings\all users\application data\AVAST Software
    2012-11-19 20:00:15--------d-----w-C:\f2ced4a8894e8075beb5fb
    2012-11-19 19:40:48--------d-----w-c:\windows\system32\CatRoot_bak
    ==================== Find3M ====================
    2012-09-15 20:31:21168----a-w-c:\documents and settings\owner\application data\rkjuu3.bat
    2012-09-15 20:31:20108---h--w-c:\documents and settings\owner\application data\ahiscc6f.bat
    2012-09-15 20:31:07210051234----a-w-c:\documents and settings\owner\application data\yw247j7y.exe
    2012-09-15 20:30:4166560----a-w-c:\documents and settings\owner\application data\afeiisb.exe
    2012-09-15 20:30:2439424----a-w-c:\documents and settings\owner\application data\alitr3j.exe
    2012-09-15 20:30:0897280--sha-w-c:\documents and settings\owner\dulvoppeditu.exe
    2012-09-15 20:30:0897280--sha-w-c:\documents and settings\all users\dulvoppeditu.exe
    2012-09-15 20:30:0739424----a-w-c:\documents and settings\owner\application data\napzck.exe
    2012-09-15 20:29:55125440----a-w-c:\documents and settings\owner\application data\ljysba.exe
    2012-09-15 20:29:44153600---ha-w-c:\windows\VRT1B.tmp
    2005-08-02 20:46:54187904--sha-r-c:\windows\ia\asappsrv.dll
    2005-08-02 20:58:38304640--sha-r-c:\windows\ia\command.exe
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
    device: opened successfully
    user: error reading MBR
    Disk trace:
    called modules: ntoskrnl.exe >>UNKNOWN [0x851EE2A3]<< >>UNKNOWN [0xF5AD047B]<<
    _asm { JMP 0x708e21d8; }
    1 nt!IofCallDriver[0x804EA224] -> \Device\Harddisk0\DR0[0x85787B48]
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
    user != kernel MBR !!!
    ============= FINISH: 17:38:22.07 ===============
    # AdwCleaner v2.008 - Logfile created 11/19/2012 at 17:47:56
    # Updated 17/11/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 1 (32 bits)
    # User : Owner - YOUR-VP7X3S9CTM
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Common Files\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint
    ***** [Registry] *****
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v6.0.2800.1106
    [OK] Registry is clean.
    -\\ Mozilla Firefox v [Unable to get version]
    Profile name : default
    File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adw78r4i.default\prefs.js
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adw78r4i.default\user.js ... Deleted !
    [OK] File is clean.
    AdwCleaner[S1].txt - [1212 octets] - [19/11/2012 17:47:56]
    ########## EOF - C:\AdwCleaner[S1].txt - [1272 octets] ##########
  4. Mona22

    Mona22 TS Rookie Topic Starter

    Malwarebytes installed but won't open. And Avast wouldn't install. I hope these files aren't useless in the absence of the Malwarebytes scan. Also, my computer refuses to let me get into the techspot forums, the actual website works but not techspot.com/community, I have been posting from my laptop.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,279   +49

    Oh my. This should be better for us to be able to clean the computer:

    OTLPE + Farbar Recovery Scan Tool

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...