Problems with SP2 Update

[firewolfsm]

Last week I had to reformat (and lose all my data) because Windows just had to ask me to re-activate (updating the drivers made windows think I changed all my hardware) JUST when I got a bad virus that wouldn't let me open the wizard (or any other program).

So, fresh, new computer, activated and ready to go, I update to SP2 and restart, I get a screen telling me this

STOP: c0000135 {Unable To Locate Component}
This application has failed to start because winsrv was not found. Re-installing the application may fix this problem.

According to MS, this happens because a program called T.V. Media has problems working with SP2. I've never heard of this program and I definitely don't have it because this is a new install of windows, all I installed were some utilities and a virus/spy ware scan and zone alarm pro.

http://support.microsoft.com/kb/885523

The fix is to force-uninstall SP2, I did that through the recovery console and now windows is acting weird. It can boot, and log on, but it takes way too long go load the log on screen (after the windows logo) and to log on. When it actually gets on, there's no explorer, no taskbar, and some programs don't work.

I've had problems with this computer for two weeks now, it's all OS problems, and I don't want to have to reformat a second time. Any ideas?

 

[mechBgon]

all I installed were some utilities and a virus/spy ware scan and zone alarm pro.

It sounds like one of the above items infected you with TV Media. What precise utilities and virus/spyware scanner are these?

What I'd do:

1) burn that Windows installation to the ground

2) unplug network cable & wireless networking stuff so the computer is safe from network worms

3) install WinXP in isolation

4) keeping the computer isolated, patch it to SP2 from a guaranteed uninfected source such as a CD-R made on a clean computer

5) enable DEP completely and enable Automatic Updates

6) let Automatic Updates get the computer patched, which may take a couple reboots' worth, then install motherboard drivers, reboot, and install video drivers.

7) AFTER the Automatic Updates have the system patched, and the drivers are installed, install AOL Kaspersky, except do not install the optional security toolbar. Connect to the network, update Kaspersky, and reboot.

8) Now that your drivers are installed and stuff, activate Windows, drag it through Windows Update, and install software, but not unless it's from absolutely safe sources.

 

[firewolfsm]

damn, I really don't want to reformat, I know I should...I'll get to it, the computer works now, it's just slow. This weekend, I promise.

thanks

I do have symantec which is probably much better.

 

[mechBgon]

I would definitely use the free AOL Kaspersky, except I already own the pay-for version. It's good stuff. 24 updates per day, every day, and they have a typical response time of ~2 hours to new threats. If you wanted to try a scan without actually installing it, try the F-Secure online scanner which uses the Kaspersky engine combined with the BlackLight rootkit scanner. At the end, if it's detected anything, hit the REPORT button, then paste the text from the report into the thread.

Also, if you want to post a HijackThis log here, that might shed some light on what the deal is. HijackThis download links. Unzip the contents of the Zip file to a permanent location before running HJT.

 

[mechBgon]

Oh, and here is the link to the full Service Pack 2 offline installation file in case you end up doing that offline approach.

 

[firewolfsm]

Thanks, here's the HijackThis log, until the online scan finishes...:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:44 AM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\Installation Programs\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: RivaTuner's shortcut to 616 _ 803.lnk = C:\Program Files\RivaTuner v2.0 RC 15.8\RivaTuner.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup...86/client/wuweb_site.cab?1165179507625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...86/client/muweb_site.cab?1165179500093
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


edit: thanks for the link, I found it about a minute before you linked me, downloading now

 

[mechBgon]

That stuff looks ok. If nothing else comes to light, but you decide to plow it under anyway so you can get SP2 installed, then do the SP2 installation first thing, and then nothing will have a chance to interfere with it (famous last words ).

 

[firewolfsm]

Thanks mate

 

[redbeard1]

I had a customers system crash to similar error. I found that same MS KB article about TV Media. After I manually uninstalled SP2, I looked the system over manually, and scanned it with spyware cleaners and did not find any traces of TV media.

Confident it was clean, I started the SP2 install again. Part way through the install, it came up with an error saying it could not write to a spot in the registry, which it named, and then after I said ignore the error, it seemed to keep going. After the reboot, it blue screened to the WINSRV error. I manually forced the SP2 removal again to get it to boot.

Searching on the net for the registry error message, I found that there are a couple of registry entries that can have the wrong permissions on them and SP2 needs to change them to complete sucessfully.

I found a link that said to look at these two logs to find the errors that occurred during the SP2 install. This link below talks about these two log files and where they are located. The logs are Setupapi.log and Svcpack.log.

One of the logs actually said that there were two registry entries that the install could not change. I could change one of them with regedit, the other I had to change using a boot cd. Both of the entries were MS multi media related, but I cannot remember them off hand.

After I changed those two permissions to allow system, administrators, and everyone full rights, SP2 installed without a hitch, and the system booted normally.


MS support

 

[mechBgon]

nice