Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

cannot connect to windows update site

Posted on 2008-06-26
17
Medium Priority
?
1,740 Views
Last Modified: 2013-12-06
Since december 2007 no windows updates have been downloaded on this pc at hand. When I click on 'windows update' IE goes to msn instead of the windows update site.

I ran SDFix, Combofix and HijackThis. Attached are the log files.

Now after doing this the problem still exists. Please look at the logs and tell me what to do next.

Thanks!
0
Comment
Question by:ruud00000
  • 11
  • 4
  • 2
17 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874490
When you manually run Windows Update do you get an error?  What is the eror code?

DR
0
 

Author Comment

by:ruud00000
ID: 21874696
No error code. Just goes to www.msn.com instead of to the Windows Update site...

Attached you find the Windows Update log. Oh and also the other logs, I see I forgot to attach them to previous message.
SDFix-log.txt
CoboFix-log.txt
HTJ-log.txt
WindowsUpdate.log
0
 
LVL 8

Expert Comment

by:DenverRick
ID: 21874949
Is the WU service running, quick check -  in a CMD prompt type the command 'net start wuauserv', it should respond with "The requested service has already been started" if not what did it say?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21875144
Nothing much showing in the CF log.
There's a value in your "Run" key called "Powerbar" that combofix couldn't enumerate the path/data correctly, check in your registry what it says.

Also do this:
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
C:\Documents and Settings\Bertus\Application Data\errorsafedutchnewreleaseinstall[1].exe
C:\Documents and Settings\Bertus\Application Data\install_nl[1].exe

Folder::
C:\Program Files\ErrorSafe Free

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error Safe Free"=-
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:ruud00000
ID: 21875302
Yes the update service is running
0
 

Author Comment

by:ruud00000
ID: 21875384
Ran ComboFix with your script. Here's the log.
ComboFix2-log.txt
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21879682
I just realized, your hijackthis log is showing entries belonging to wareout.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
0
 

Author Comment

by:ruud00000
ID: 21908123
The Powerbar entry in the registry is empty ( "" ).

Here's the Fixwareout log.

The program told me to strat a batch file but I can't find that one.
Fixwareout-log.txt
0
 

Author Comment

by:ruud00000
ID: 21908199
Found the file: dnsbak.reg, and have run it.

Here's the fresh HTJ log.


HTJ-log2.txt
0
 

Author Comment

by:ruud00000
ID: 21908278
Tried again now. In the meantime I cannot connect to internet at all anymore with Internet Explorer.

Next step: reinstall Windows?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 21908535
Please fix these entries in Hijackthis:
O17 - HKLM\System\CCS\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{159D674B-3E3E-4B5A-9311-62BC2EA03019}: NameServer = 85.255.113.149,85.255.112.81

Now can't connect?
Try the command --> ipconfig /flushdns
Also in IE > Tools > Internet Options > Connections > LAN Settings
is "Automatically detect settings" checked?


For the Windows Update issue:
Also try these steps mentioned in this link, scroll down to post no. 3 :(stopping the Automatic updates, renaming the SoftwareDistribution folder, and deleting the datastore folder.)
http://www.windowsbbs.com/showthread.php?t=59013

Click Start > Run
In the Run box, type

services.msc

Click OK
Right-click the "Automatic Updates Service"
Click Stop

After Stopping the Service please use Windows Explorer to rename the folder c:\Windows\SoftwareDistribution

Open Windows Explorer
Navigate to the Windows folder
Click on the + next to the Windows folder
Navigate to SoftwareDistribution folder
Right Click on the SoftwareDistribution folder
Select rename from the Menu
Rename the folder to SoftwareDistribution.old and click Enter
Exit Windows Explorer.

Finally:

Click Start > Run
In the Run box, type

CMD

Type: cd /d C:\windows\SoftwareDistribution
Type: rd /s DataStore
Type: Exit

Now restart the Automatic Update Service

Click Start
Choose Run
In the Run box, type services.msc
Click OK
Right-click the Automatic Updates Service
Click Start

Starting the service will take a moment.
Reboot and try Windows Update again, using Microsoft Internet Explorer.
     

0
 

Author Comment

by:ruud00000
ID: 21909003
I fixed the two HJT entries, no improvement.

Did flushdns. no result.

Automatically detect was not checked. Checked it, tried again, no result.

The rest applies to Windows not being able to update AFTER the Windows update site was reached (and updates were donwnload) but I cannot reach any URL now.

I'll wait another hour now for suggestions and then I will start Windows reinstall.

So far thanks anyway!
0
 

Author Comment

by:ruud00000
ID: 21909192
Well, in a clear moment I took another look with ipconfig which reminded me I had set a manual IP adres. However IP-adresses are issued by the internet provider through PPoE. which michght explein that the connecton has first worked well but has not worked, probably after the first restart. Moreover I found that DNS was set to maual and empty. Is that caused by the /flushdns command?

Due to all other above actions, in the meantime not only IE works again but also the Windows update site can be contacted now and updates can be installed.

Thanks!
0
 

Author Closing Comment

by:ruud00000
ID: 31470953
Thanks again!
0
 

Author Comment

by:ruud00000
ID: 21910464
For my information, what was the entry in the HJT log that belonged to wareout?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21913761
You mean the primary and secondary DNS server were blanked out?
Our connection is also PPPoE with and I've used "ipconfig /flushdns" command so many times and it never blanked out those entries.

Those 017 entries line in your Hijackthis log(with that IP) belong to wareout infection.
I'm glad to know that you've sorted it all out, well done.

Thank you for the points and the A grade!
0
 

Author Comment

by:ruud00000
ID: 21914325
Yes, DNS was set to manual and both were blank. Maybe I did it accidentally (although I find that somewhat unlikely).
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question