Solved

cannot connect to windows update site

Posted on 2008-06-26
17
1,700 Views
Last Modified: 2013-12-06
Since december 2007 no windows updates have been downloaded on this pc at hand. When I click on 'windows update' IE goes to msn instead of the windows update site.

I ran SDFix, Combofix and HijackThis. Attached are the log files.

Now after doing this the problem still exists. Please look at the logs and tell me what to do next.

Thanks!
0
Comment
Question by:ruud00000
  • 11
  • 4
  • 2
17 Comments
 
LVL 8

Expert Comment

by:DenverRick
Comment Utility
When you manually run Windows Update do you get an error?  What is the eror code?

DR
0
 

Author Comment

by:ruud00000
Comment Utility
No error code. Just goes to www.msn.com instead of to the Windows Update site...

Attached you find the Windows Update log. Oh and also the other logs, I see I forgot to attach them to previous message.
SDFix-log.txt
CoboFix-log.txt
HTJ-log.txt
WindowsUpdate.log
0
 
LVL 8

Expert Comment

by:DenverRick
Comment Utility
Is the WU service running, quick check -  in a CMD prompt type the command 'net start wuauserv', it should respond with "The requested service has already been started" if not what did it say?
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Nothing much showing in the CF log.
There's a value in your "Run" key called "Powerbar" that combofix couldn't enumerate the path/data correctly, check in your registry what it says.

Also do this:
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\Documents and Settings\Bertus\Application Data\errorsafedutchnewreleaseinstall[1].exe
C:\Documents and Settings\Bertus\Application Data\install_nl[1].exe

Folder::
C:\Program Files\ErrorSafe Free

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error Safe Free"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:ruud00000
Comment Utility
Yes the update service is running
0
 

Author Comment

by:ruud00000
Comment Utility
Ran ComboFix with your script. Here's the log.
ComboFix2-log.txt
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
I just realized, your hijackthis log is showing entries belonging to wareout.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
0
 

Author Comment

by:ruud00000
Comment Utility
The Powerbar entry in the registry is empty ( "" ).

Here's the Fixwareout log.

The program told me to strat a batch file but I can't find that one.
Fixwareout-log.txt
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ruud00000
Comment Utility
Found the file: dnsbak.reg, and have run it.

Here's the fresh HTJ log.


HTJ-log2.txt
0
 

Author Comment

by:ruud00000
Comment Utility
Tried again now. In the meantime I cannot connect to internet at all anymore with Internet Explorer.

Next step: reinstall Windows?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
Comment Utility
Please fix these entries in Hijackthis:
O17 - HKLM\System\CCS\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81

Now can't connect?
Try the command --> ipconfig /flushdns
Also in IE > Tools > Internet Options > Connections > LAN Settings
is "Automatically detect settings" checked?


For the Windows Update issue:
Also try these steps mentioned in this link, scroll down to post no. 3 :(stopping the Automatic updates, renaming the SoftwareDistribution folder, and deleting the datastore folder.)
http://www.windowsbbs.com/showthread.php?t=59013

Click Start > Run
In the Run box, type

services.msc

Click OK
Right-click the "Automatic Updates Service"
Click Stop

After Stopping the Service please use Windows Explorer to rename the folder c:\Windows\SoftwareDistribution

Open Windows Explorer
Navigate to the Windows folder
Click on the + next to the Windows folder
Navigate to SoftwareDistribution folder
Right Click on the SoftwareDistribution folder
Select rename from the Menu
Rename the folder to SoftwareDistribution.old and click Enter
Exit Windows Explorer.

Finally:

Click Start > Run
In the Run box, type

CMD

Type: cd /d C:\windows\SoftwareDistribution
Type: rd /s DataStore
Type: Exit

Now restart the Automatic Update Service

Click Start
Choose Run
In the Run box, type services.msc
Click OK
Right-click the Automatic Updates Service
Click Start

Starting the service will take a moment.
Reboot and try Windows Update again, using Microsoft Internet Explorer.
     

0
 

Author Comment

by:ruud00000
Comment Utility
I fixed the two HJT entries, no improvement.

Did flushdns. no result.

Automatically detect was not checked. Checked it, tried again, no result.

The rest applies to Windows not being able to update AFTER the Windows update site was reached (and updates were donwnload) but I cannot reach any URL now.

I'll wait another hour now for suggestions and then I will start Windows reinstall.

So far thanks anyway!
0
 

Author Comment

by:ruud00000
Comment Utility
Well, in a clear moment I took another look with ipconfig which reminded me I had set a manual IP adres. However IP-adresses are issued by the internet provider through PPoE. which michght explein that the connecton has first worked well but has not worked, probably after the first restart. Moreover I found that DNS was set to maual and empty. Is that caused by the /flushdns command?

Due to all other above actions, in the meantime not only IE works again but also the Windows update site can be contacted now and updates can be installed.

Thanks!
0
 

Author Closing Comment

by:ruud00000
Comment Utility
Thanks again!
0
 

Author Comment

by:ruud00000
Comment Utility
For my information, what was the entry in the HJT log that belonged to wareout?
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
You mean the primary and secondary DNS server were blanked out?
Our connection is also PPPoE with and I've used "ipconfig /flushdns" command so many times and it never blanked out those entries.

Those 017 entries line in your Hijackthis log(with that IP) belong to wareout infection.
I'm glad to know that you've sorted it all out, well done.

Thank you for the points and the A grade!
0
 

Author Comment

by:ruud00000
Comment Utility
Yes, DNS was set to manual and both were blank. Maybe I did it accidentally (although I find that somewhat unlikely).
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now