Solved

Proxying issue with Windows Update on Vista

Posted on 2009-04-10
7
1,462 Views
Last Modified: 2012-05-06
I recently got hit with a virus which, among other things, tried to redirect my broweser and such to a local proxy address. The virus was easy enough to eliminate as well as reset my browsers settings including shutting off the proxying redirect. However, Windows Update continually errors out now. In reviewing its logs, I am seeing the following error:

SendRequest failed with hr = 80072efd. Proxy List used: <http=localhost:7171>

Thus, even though IE is no longer being improperly redirected, Windows Update is and, for the life of me, I cannot find where that particular setting is that WU is reading that proxy address from. I have done a full registry scan and come up empty handed. Please advise.
0
Comment
Question by:alaskowski
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:zrobinson
ID: 24116671
Can you run Hijackthis and post the scan log?
0
 

Author Comment

by:alaskowski
ID: 24117075
Here you go
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:54:44 PM, on 4/10/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\SCRIPT~1\DESKTO~1\CLIENT~1\780~1.82\slagent.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files\ScriptLogic\PortSecurity\EmbargoEvents.exe

C:\Program Files\Symantec\Ghost\ngtray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\System32\mmc.exe

C:\Windows\system32\mmc.exe

C:\Windows\System32\mstsc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\mstsc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O1 - Hosts: 65.54.239.20 messenger.hotmail.com

O1 - Hosts: 65.54.165.179 login.live.com

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [EmbargoEvents] C:\Program Files\Scriptlogic\PortSecurity\EmbargoEvents.exe

O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix: 

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

O16 - DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} (Session Viewer) - https://192.9.200.146/plugins/vkvm/ActiveXVideoViewer.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aegisoft.webex.com/client/T26L/smt/ieatgpc1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\Software\..\Telephony: DomainName = aegisoft.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{424B82AE-7340-407F-A3E2-7E3487B72819}: NameServer = 192.9.200.101,192.9.200.109,192.9.200.112

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = aegisoft.com

O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = aegisoft.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll

O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE

O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: CA ARCserve Discovery Service (CASDiscovery) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS\casdscsvc.exe

O23 - Service: CA ARCserve Message Engine (CASMessageEngine) - CA - C:\Program Files\CA\ARCserve Backup\msgeng.exe

O23 - Service: CA ARCserve PortMapper (CASportmapper) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\ASPortMapper\Catirpc.exe

O23 - Service: CA ARCserve Universal Agent (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\UniAgent\UnivAgent.exe

O23 - Service: ScriptLogic USB/Port Security (EmbargoSvc) - ScriptLogic Software Corporation - C:\Windows\system32\EmbargoSvc.exe

O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Event Log Watch (LogWatch) - CA - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\Users\AaronL\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\Program Files\ScriptLogic\Desktop Authority\Client Files\7.80.82\SLClient.exe
 

--

End of file - 12401 bytes

Open in new window

0
 
LVL 3

Expert Comment

by:zrobinson
ID: 24118744
Nothing jumps out at me...

In internet explorer, go to Tools > Internet Options > Connections > Lan Settings

Is it configured to use a proxy server?

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:alaskowski
ID: 24119088
No, as I said, I have already eliminatd the proxy settings that were placed in Internet Explorer.
0
 
LVL 3

Assisted Solution

by:zrobinson
zrobinson earned 150 total points
ID: 24119127
This may be a longshot, but check here:

http://windowshelp.microsoft.com/Windows/en-US/help/93b6ab71-8b21-4b50-b40e-abb80eba29271033.mspx

It's basically saying to add windows update sites that are listed there to your firewall exceptions list.

Or, you could try turning off your AV or firewall and see if you can hit windows update.
0
 

Author Comment

by:alaskowski
ID: 24119149
I have unrestricted access thru the corporate firewall and I already tried shutting down my AV to no effect. It seems evident to me that Windows Update is, in this case, not taking its proxy settings from the IE settings (no proxy) but from another source (thus getting pointed to http=localhost:7171). I just can't determine where it is getting that setting from.
0
 

Accepted Solution

by:
alaskowski earned 0 total points
ID: 24119227
I have solved myself. Windows Update was getting the proxy setting from WinHTTP. I was able to reset it from the command line using the netsh winhttp proxy command and reset the proxy settings.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Hi All Just a quick one for everybody. I was recently looking into setting the default User Account Picture for all my vista clients within the network but on closer inspection the group policy setting only allows you to set the default pictur…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now