Critical Updates won't install??

I'm trying to kill a nasty bug in my son's computer (Compaq running XP Home). The other day he was hijacked by About:Blank.

I have ran (updated) Spybot, Ad-Aware 6.0, CleanCache, & CWShredder as well as download and install the latest version of Avast (his Norton 2002 just expired 5-31-04. Avast found about 8 virus's last night and removed them.

I have been trying to download and install two critical updates through Windows Update for the last few days. They seem to download OK, but will not install.

The computer is working faster now since I removed the virus's that Avast found but the updates still won't install.

I have been reading alot of posts about these new bugs that are nasty to remove.

Any advice on the next step.

Thanks for all you do! This forum rocks!

Genman

 

Thanks!

When I get home from work tonight, I'll try.

I'll post my results later.

Genman

 

I looked for the WUTemp file on the C drive. Nothing found.


Any other ideas?

Genman

 

I spent a few more hours scanning and deleting virus's last night on my son's machine. The Windows updates appear to be up to date, however there is still a nasty bug in the machine.

I'm doing research on the Trojano-092 and Startpage-006 (both found in Win32) bugs that Avast found that seem to reappear and are very difficult to remove.

I downloaded and installed a Sygate Firewall. Is this OK, or should I look at another?

These boards and the Avast forum are a great wealth of information.

When I get home tonight I'll try again.

Thanks for all your help!

Let me know if anyone has any other ideas on these bugs mentioned above.

Genman

 

Last night Avast did a scan upon re-boot that found (and I deleted) several bugs. I then downloaded McAfee Stinger and scanned with negative results. I have been running CWShredder (updated) every night as well as Adaware and Spybot. Just as I thought everything was gone, I clicked on IE and went directly to About Blank. It was late so I gave up and will try again later tonight.


I did turn off System Restore and I will run all these scans again while in Safe Mode. I will try the online scan as well.

Wish me luck!

I know I can beat this bugger!

I love a challenge!

My son thinks I'm nuts.

Genman

 

I spent the last four hours in safe mode. I scanned with Spybot, Adaware, and a thorough Avast scan. Several items were found and removed.


Below is a log from Hijackthis

Do you think I'm OK now?

Thanks for all your help!


Logfile of HijackThis v1.98.0
Scan saved at 11:17:24 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis 7-2-04\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wc1.unh.edu/activex/AxisCamControl.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikegridiron/install.cab
O18 - Filter: text/html - {E5C19A8A-0F39-4EAD-AA85-9B2C0780560B} - C:\WINDOWS\System32\jbffja.dll
O18 - Filter: text/plain - {E5C19A8A-0F39-4EAD-AA85-9B2C0780560B} - C:\WINDOWS\System32\jbffja.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\res.dll

This forum rocks!!!!

Genman

 

I followed your instructions untill step 12 where I'm stuck.

Attached is a screenshot of what I found.



Where do I go from here?

Thanks!

Genman

 

Here's another screenshot I hope you can read!

 

I'm in trouble now!

I screwed up!

I was trying to move the files from C:\System 32 (as per step 14)

This is what I did, In Winfile, In the From Box put C:|Windows\System32 to C:\junk 7-3-04\res.dll (I named the folder slightly different that what you suggested, and forgot to add the \res.dll on the end)

When I hit OK it started moving files. After several boxes popped up saying the file could not be moved, which I hit ignore, I hit cancel.

I checked the new C:\junk 7-3-04 folder and there were many files in it.

I tried to reboot, and it won't get very far.

Below is the message I get.

Windows could not start because the following file is missing or corrupt:
<Windows Root>\System32\hal.dll

Please re-install a copy of the above file


I'm now on another computer in the house. Do I use my son's computer as a boat anchor now.

Thanks for your help!

I'm sorry for all the trouble!

Genman

 

coz if you did...the sky is gonna cave in !

 

I tried to boot in safe mode. No Good!

I tried in several of the other options that are given with F8. No Good!

Each time I get the same response. See post below.

And no, I did not type a | instead of \. I typed it wrong in my post here.

Any other ideas?

Genman