Jump to content

problem loading windows service pack 2


jmathis
 Share

Recommended Posts

There is some evidence that windows\system32\ftp.exe is a trojan or other undesirable. This may result in the effect you are experiencing (see Trend micro here )

What security systems are you using? Run scans for virus, trojans, adware/spyware and see what is found.

If that fails, look under the HiJackThis header on this site for instructions on how to run HJT, do a scan and post the results here. Do not delete anything resulting from the scan until one of our experts has given the go ahead.

Link to comment
Share on other sites

Also,

Clean your machine of spyware as much as you possibly can before even attempting to load Windows XP Service Pack 2. I've read several horror stories about people who've been "stuck" in limbo, with Service Pack 2 getting half way installed, because of spyware. They can't uninstall it, and can't continue the install.

For more on Spyware Removal, see Nell's Post in the Hijack This - Spyware Removal Forum.

One thing I'd like to add to the information covered there, make sure you go through Add/Remove Programs in Control Panel and manually remove as much scumware as you can. If you have a question in your mind about whether an application is spyware or not, go to Spyware Guide and check.

Sincerely,

Link to comment
Share on other sites

this is the results from highjackthis. Can anyone please help!!

Logfile of HijackThis v1.98.2

Scan saved at 5:16:13 PM, on 11/8/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Stomp\DLA\dlatray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

C:\WINDOWS\System32\svchost.exe

C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\ATI Multimedia\main\LaunchPd.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

O4 - Global Startup: TFTP3844

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099951715265

Link to comment
Share on other sites

jmathis - have you fixed anything yourself? There is a lot missing from that log. Hijackthis doesn't differentiate between good and bad and a lot of what it lists is useful and even essential to the running of your PC.

If you did 'fix' some stuff with hjt then restore the backups and post a fresh log. To do this, run hijackthis, click on the config button, then backups then click 'restore'

Link to comment
Share on other sites

Yes if fixed some stuff. Maybe essential to running my pc stuff. I'm a computer idot. Here is a fresh update. Thanks for your efforts!

Logfile of HijackThis v1.97.7

Scan saved at 6:03:47 PM, on 11/8/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Stomp\DLA\dlatray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

C:\WINDOWS\System32\svchost.exe

C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\ATI Multimedia\main\LaunchPd.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

O4 - Global Startup: TFTP3844

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099951715265

Link to comment
Share on other sites

I don't know about HijackThis - I have never used it. I use Lavasoft's Ad-Aware; it is easy to use, and it can clean almost anything.

Download Ad-aware SE Personal from http://www.lavasoft.de/ and install it. Next run it, and click 'Check for updates now' to download the latest reffile. Click 'Start' and run a full system scan (this can take a long time if you have lots of stuff installed on your computer).

At the end of the scan it will give you a list of found items. Select everything (right-click on an item, Select all), and click 'Next'.

If you still cannot install XP-SP2, give us some details on that ftp.exe file: what's its size, date, properties, especially version info.

Link to comment
Share on other sites

I don't know about HijackThis - I have never used it.  I use Lavasoft's Ad-Aware; it is easy to use, and it can clean almost anything.

These two programs are not interchangeable or even similar, although they both assist in keeping a computer running smoothly.

Ad-Aware is not universal in its detection of malware or in its applicability and many people, including me, use it in combination with other malware detection systems such as SpyBot S&D, SpywareBlaster, Spyware Guard and a².

If you are interested, find out more about HJT by looking under ther heading for it in this forum.

Note that HJT results should only be acted upon after advice from someone experienced in interpreting its output. Failure to do this could result in a non-working system.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy