unable to update at MSUpdate

Hello all,

At a friends computer i keep getting errormsgs from te MS update site about activeX not being OK.
Several problems are on this computer including a worm called STEPH

I think the update problem has an relation with these problems.

Here's the hijack file:

Logfile of HijackThis v1.97.3
Scan saved at 21:57:36, on 1-11-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\QOGJ.exe
C:\WINDOWS\DRFIG.exe
C:\WINDOWS\RCTKB.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frans\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0B906603-34C3-4E06-9AC9-12282721C8AD} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [QOGJ] C:\WINDOWS\QOGJ.exe
O4 - HKLM\..\Run: [DRFIG] C:\WINDOWS\DRFIG.exe
O4 - HKLM\..\Run: [RCTKB] C:\WINDOWS\RCTKB.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{805B2433-A4C8-4874-B911-191D7D06D53E}: NameServer = 194.134.5.5 194.134.0.97

What do I have to do to make this system save again? (AV and Firewall will ben installed soon, Norman)

 

In Hijack This, check all of the following items, then close all browser windows, and press "Fix Checked":

O3 - Toolbar: (no name) - {0B906603-34C3-4E06-9AC9-12282721C8AD} - (no file)

O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [QOGJ] C:\WINDOWS\QOGJ.exe
O4 - HKLM\..\Run: [DRFIG] C:\WINDOWS\DRFIG.exe
O4 - HKLM\..\Run: [RCTKB] C:\WINDOWS\RCTKB.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


Now restart your computer, and delete:

Thr C:\Program Files\Acceleration Software folder
The C:\Program Files\SuperBar folder
The C:\Program Files\EbatesMoeMoneyMaker folder
The C:\WINDOWS\QOGJ.exe file
The C:\WINDOWS\DRFIG.exe file
The C:\WINDOWS\RCTKB.exe

As some of the above may have the 'hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show.

Incidentally, unless of course you installed the MyBar Search bar wittingly, go to Add/Remove Programs, and uninstall the My Way Speed Bar.

If no joy, have Hijack This fix these as well:

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

Then restart your computer, and delete the C:\Program files\Myway folder.


Finally, download Spybot - Search & Destroy

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds.

 

About those Windows Update problems, they're probably not related to your spyware infection.

Here's some reading:

WINUP-Problems When Viewing or Downloading From Windows Update

HOW TO: Download Windows Updates and Drivers from the Windows Update Catalog on Windows XP

WINUP: Error Message: "Software Update Incomplete, This Windows Update Software Did Not Update Successfully

Microsoft Windows Update Troubleshooter

 

BTW, does this sound like your error message?

Cheers,

 

Thanks guys,

I will try these options asap. Problem is that the computer is 90 Km away from me, so it could take a while.

The security option was tried before but not with all the other options.

So the good nes is I have at least 2 problems on that machine! ;-)

Great.

Thanks again!

Frans

 

No prob!

Do keep us posted!

 

But off course Sir! ;-)

Greetings from Holland!

 

That was no long distance call.

 

Right!

Nice weather, no?

What kind of trouble does that machine has? I know about steph but the rest? Can you give me an idication?

Frans

 

ok Guys Thanks!

Most problems are gone now, only the update at microsoft will not work.
Still got the activex error and I did try all things in the file above...

I did found out that SP! was not installed yet. Could that be the problem?

Frans

 

Hi Fraha,

Since it is advisable to install it anyway, and may very well help, go to this site: http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp
select the correct language in the drop down box on the right and follow instructions.

Regards,

Pieter