Solved

cannot connect to windows update site

Posted on 2008-06-26
17
1,720 Views
Last Modified: 2013-12-06
Since december 2007 no windows updates have been downloaded on this pc at hand. When I click on 'windows update' IE goes to msn instead of the windows update site.

I ran SDFix, Combofix and HijackThis. Attached are the log files.

Now after doing this the problem still exists. Please look at the logs and tell me what to do next.

Thanks!
0
Comment
Question by:ruud00000
  • 11
  • 4
  • 2
17 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874490
When you manually run Windows Update do you get an error?  What is the eror code?

DR
0
 

Author Comment

by:ruud00000
ID: 21874696
No error code. Just goes to www.msn.com instead of to the Windows Update site...

Attached you find the Windows Update log. Oh and also the other logs, I see I forgot to attach them to previous message.
SDFix-log.txt
CoboFix-log.txt
HTJ-log.txt
WindowsUpdate.log
0
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874949
Is the WU service running, quick check -  in a CMD prompt type the command 'net start wuauserv', it should respond with "The requested service has already been started" if not what did it say?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21875144
Nothing much showing in the CF log.
There's a value in your "Run" key called "Powerbar" that combofix couldn't enumerate the path/data correctly, check in your registry what it says.

Also do this:
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\Documents and Settings\Bertus\Application Data\errorsafedutchnewreleaseinstall[1].exe
C:\Documents and Settings\Bertus\Application Data\install_nl[1].exe

Folder::
C:\Program Files\ErrorSafe Free

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error Safe Free"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:ruud00000
ID: 21875302
Yes the update service is running
0
 

Author Comment

by:ruud00000
ID: 21875384
Ran ComboFix with your script. Here's the log.
ComboFix2-log.txt
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21879682
I just realized, your hijackthis log is showing entries belonging to wareout.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
0
 

Author Comment

by:ruud00000
ID: 21908123
The Powerbar entry in the registry is empty ( "" ).

Here's the Fixwareout log.

The program told me to strat a batch file but I can't find that one.
Fixwareout-log.txt
0
 

Author Comment

by:ruud00000
ID: 21908199
Found the file: dnsbak.reg, and have run it.

Here's the fresh HTJ log.


HTJ-log2.txt
0
 

Author Comment

by:ruud00000
ID: 21908278
Tried again now. In the meantime I cannot connect to internet at all anymore with Internet Explorer.

Next step: reinstall Windows?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 21908535
Please fix these entries in Hijackthis:
O17 - HKLM\System\CCS\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81

Now can't connect?
Try the command --> ipconfig /flushdns
Also in IE > Tools > Internet Options > Connections > LAN Settings
is "Automatically detect settings" checked?


For the Windows Update issue:
Also try these steps mentioned in this link, scroll down to post no. 3 :(stopping the Automatic updates, renaming the SoftwareDistribution folder, and deleting the datastore folder.)
http://www.windowsbbs.com/showthread.php?t=59013

Click Start > Run
In the Run box, type

services.msc

Click OK
Right-click the "Automatic Updates Service"
Click Stop

After Stopping the Service please use Windows Explorer to rename the folder c:\Windows\SoftwareDistribution

Open Windows Explorer
Navigate to the Windows folder
Click on the + next to the Windows folder
Navigate to SoftwareDistribution folder
Right Click on the SoftwareDistribution folder
Select rename from the Menu
Rename the folder to SoftwareDistribution.old and click Enter
Exit Windows Explorer.

Finally:

Click Start > Run
In the Run box, type

CMD

Type: cd /d C:\windows\SoftwareDistribution
Type: rd /s DataStore
Type: Exit

Now restart the Automatic Update Service

Click Start
Choose Run
In the Run box, type services.msc
Click OK
Right-click the Automatic Updates Service
Click Start

Starting the service will take a moment.
Reboot and try Windows Update again, using Microsoft Internet Explorer.
     

0
 

Author Comment

by:ruud00000
ID: 21909003
I fixed the two HJT entries, no improvement.

Did flushdns. no result.

Automatically detect was not checked. Checked it, tried again, no result.

The rest applies to Windows not being able to update AFTER the Windows update site was reached (and updates were donwnload) but I cannot reach any URL now.

I'll wait another hour now for suggestions and then I will start Windows reinstall.

So far thanks anyway!
0
 

Author Comment

by:ruud00000
ID: 21909192
Well, in a clear moment I took another look with ipconfig which reminded me I had set a manual IP adres. However IP-adresses are issued by the internet provider through PPoE. which michght explein that the connecton has first worked well but has not worked, probably after the first restart. Moreover I found that DNS was set to maual and empty. Is that caused by the /flushdns command?

Due to all other above actions, in the meantime not only IE works again but also the Windows update site can be contacted now and updates can be installed.

Thanks!
0
 

Author Closing Comment

by:ruud00000
ID: 31470953
Thanks again!
0
 

Author Comment

by:ruud00000
ID: 21910464
For my information, what was the entry in the HJT log that belonged to wareout?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21913761
You mean the primary and secondary DNS server were blanked out?
Our connection is also PPPoE with and I've used "ipconfig /flushdns" command so many times and it never blanked out those entries.

Those 017 entries line in your Hijackthis log(with that IP) belong to wareout infection.
I'm glad to know that you've sorted it all out, well done.

Thank you for the points and the A grade!
0
 

Author Comment

by:ruud00000
ID: 21914325
Yes, DNS was set to manual and both were blank. Maybe I did it accidentally (although I find that somewhat unlikely).
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Spam mails from a compromised internal computer 5 130
windows explorer default details view 10 80
MS Endpoint Protection 2 43
MMC - Computer Management / Display Properties 3 29
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question