Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

cannot connect to windows update site

Posted on 2008-06-26
17
Medium Priority
?
1,739 Views
Last Modified: 2013-12-06
Since december 2007 no windows updates have been downloaded on this pc at hand. When I click on 'windows update' IE goes to msn instead of the windows update site.

I ran SDFix, Combofix and HijackThis. Attached are the log files.

Now after doing this the problem still exists. Please look at the logs and tell me what to do next.

Thanks!
0
Comment
Question by:ruud00000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 4
  • 2
17 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874490
When you manually run Windows Update do you get an error?  What is the eror code?

DR
0
 

Author Comment

by:ruud00000
ID: 21874696
No error code. Just goes to www.msn.com instead of to the Windows Update site...

Attached you find the Windows Update log. Oh and also the other logs, I see I forgot to attach them to previous message.
SDFix-log.txt
CoboFix-log.txt
HTJ-log.txt
WindowsUpdate.log
0
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874949
Is the WU service running, quick check -  in a CMD prompt type the command 'net start wuauserv', it should respond with "The requested service has already been started" if not what did it say?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21875144
Nothing much showing in the CF log.
There's a value in your "Run" key called "Powerbar" that combofix couldn't enumerate the path/data correctly, check in your registry what it says.

Also do this:
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\Documents and Settings\Bertus\Application Data\errorsafedutchnewreleaseinstall[1].exe
C:\Documents and Settings\Bertus\Application Data\install_nl[1].exe

Folder::
C:\Program Files\ErrorSafe Free

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error Safe Free"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:ruud00000
ID: 21875302
Yes the update service is running
0
 

Author Comment

by:ruud00000
ID: 21875384
Ran ComboFix with your script. Here's the log.
ComboFix2-log.txt
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21879682
I just realized, your hijackthis log is showing entries belonging to wareout.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
0
 

Author Comment

by:ruud00000
ID: 21908123
The Powerbar entry in the registry is empty ( "" ).

Here's the Fixwareout log.

The program told me to strat a batch file but I can't find that one.
Fixwareout-log.txt
0
 

Author Comment

by:ruud00000
ID: 21908199
Found the file: dnsbak.reg, and have run it.

Here's the fresh HTJ log.


HTJ-log2.txt
0
 

Author Comment

by:ruud00000
ID: 21908278
Tried again now. In the meantime I cannot connect to internet at all anymore with Internet Explorer.

Next step: reinstall Windows?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 21908535
Please fix these entries in Hijackthis:
O17 - HKLM\System\CCS\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81

Now can't connect?
Try the command --> ipconfig /flushdns
Also in IE > Tools > Internet Options > Connections > LAN Settings
is "Automatically detect settings" checked?


For the Windows Update issue:
Also try these steps mentioned in this link, scroll down to post no. 3 :(stopping the Automatic updates, renaming the SoftwareDistribution folder, and deleting the datastore folder.)
http://www.windowsbbs.com/showthread.php?t=59013

Click Start > Run
In the Run box, type

services.msc

Click OK
Right-click the "Automatic Updates Service"
Click Stop

After Stopping the Service please use Windows Explorer to rename the folder c:\Windows\SoftwareDistribution

Open Windows Explorer
Navigate to the Windows folder
Click on the + next to the Windows folder
Navigate to SoftwareDistribution folder
Right Click on the SoftwareDistribution folder
Select rename from the Menu
Rename the folder to SoftwareDistribution.old and click Enter
Exit Windows Explorer.

Finally:

Click Start > Run
In the Run box, type

CMD

Type: cd /d C:\windows\SoftwareDistribution
Type: rd /s DataStore
Type: Exit

Now restart the Automatic Update Service

Click Start
Choose Run
In the Run box, type services.msc
Click OK
Right-click the Automatic Updates Service
Click Start

Starting the service will take a moment.
Reboot and try Windows Update again, using Microsoft Internet Explorer.
     

0
 

Author Comment

by:ruud00000
ID: 21909003
I fixed the two HJT entries, no improvement.

Did flushdns. no result.

Automatically detect was not checked. Checked it, tried again, no result.

The rest applies to Windows not being able to update AFTER the Windows update site was reached (and updates were donwnload) but I cannot reach any URL now.

I'll wait another hour now for suggestions and then I will start Windows reinstall.

So far thanks anyway!
0
 

Author Comment

by:ruud00000
ID: 21909192
Well, in a clear moment I took another look with ipconfig which reminded me I had set a manual IP adres. However IP-adresses are issued by the internet provider through PPoE. which michght explein that the connecton has first worked well but has not worked, probably after the first restart. Moreover I found that DNS was set to maual and empty. Is that caused by the /flushdns command?

Due to all other above actions, in the meantime not only IE works again but also the Windows update site can be contacted now and updates can be installed.

Thanks!
0
 

Author Closing Comment

by:ruud00000
ID: 31470953
Thanks again!
0
 

Author Comment

by:ruud00000
ID: 21910464
For my information, what was the entry in the HJT log that belonged to wareout?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21913761
You mean the primary and secondary DNS server were blanked out?
Our connection is also PPPoE with and I've used "ipconfig /flushdns" command so many times and it never blanked out those entries.

Those 017 entries line in your Hijackthis log(with that IP) belong to wareout infection.
I'm glad to know that you've sorted it all out, well done.

Thank you for the points and the A grade!
0
 

Author Comment

by:ruud00000
ID: 21914325
Yes, DNS was set to manual and both were blank. Maybe I did it accidentally (although I find that somewhat unlikely).
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question