Solved

Proxying issue with Windows Update on Vista

Posted on 2009-04-10
7
1,482 Views
Last Modified: 2012-05-06
I recently got hit with a virus which, among other things, tried to redirect my broweser and such to a local proxy address. The virus was easy enough to eliminate as well as reset my browsers settings including shutting off the proxying redirect. However, Windows Update continually errors out now. In reviewing its logs, I am seeing the following error:

SendRequest failed with hr = 80072efd. Proxy List used: <http=localhost:7171>

Thus, even though IE is no longer being improperly redirected, Windows Update is and, for the life of me, I cannot find where that particular setting is that WU is reading that proxy address from. I have done a full registry scan and come up empty handed. Please advise.
0
Comment
Question by:alaskowski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:zrobinson
ID: 24116671
Can you run Hijackthis and post the scan log?
0
 

Author Comment

by:alaskowski
ID: 24117075
Here you go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:44 PM, on 4/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\SCRIPT~1\DESKTO~1\CLIENT~1\780~1.82\slagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\ScriptLogic\PortSecurity\EmbargoEvents.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 65.54.239.20 messenger.hotmail.com
O1 - Hosts: 65.54.165.179 login.live.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [EmbargoEvents] C:\Program Files\Scriptlogic\PortSecurity\EmbargoEvents.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} (Session Viewer) - https://192.9.200.146/plugins/vkvm/ActiveXVideoViewer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aegisoft.webex.com/client/T26L/smt/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\Software\..\Telephony: DomainName = aegisoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{424B82AE-7340-407F-A3E2-7E3487B72819}: NameServer = 192.9.200.101,192.9.200.109,192.9.200.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = aegisoft.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CA ARCserve Discovery Service (CASDiscovery) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS\casdscsvc.exe
O23 - Service: CA ARCserve Message Engine (CASMessageEngine) - CA - C:\Program Files\CA\ARCserve Backup\msgeng.exe
O23 - Service: CA ARCserve PortMapper (CASportmapper) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\ASPortMapper\Catirpc.exe
O23 - Service: CA ARCserve Universal Agent (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\UniAgent\UnivAgent.exe
O23 - Service: ScriptLogic USB/Port Security (EmbargoSvc) - ScriptLogic Software Corporation - C:\Windows\system32\EmbargoSvc.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - CA - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\AaronL\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\Program Files\ScriptLogic\Desktop Authority\Client Files\7.80.82\SLClient.exe
 
--
End of file - 12401 bytes

Open in new window

0
 
LVL 3

Expert Comment

by:zrobinson
ID: 24118744
Nothing jumps out at me...

In internet explorer, go to Tools > Internet Options > Connections > Lan Settings

Is it configured to use a proxy server?

0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:alaskowski
ID: 24119088
No, as I said, I have already eliminatd the proxy settings that were placed in Internet Explorer.
0
 
LVL 3

Assisted Solution

by:zrobinson
zrobinson earned 150 total points
ID: 24119127
This may be a longshot, but check here:

http://windowshelp.microsoft.com/Windows/en-US/help/93b6ab71-8b21-4b50-b40e-abb80eba29271033.mspx

It's basically saying to add windows update sites that are listed there to your firewall exceptions list.

Or, you could try turning off your AV or firewall and see if you can hit windows update.
0
 

Author Comment

by:alaskowski
ID: 24119149
I have unrestricted access thru the corporate firewall and I already tried shutting down my AV to no effect. It seems evident to me that Windows Update is, in this case, not taking its proxy settings from the IE settings (no proxy) but from another source (thus getting pointed to http=localhost:7171). I just can't determine where it is getting that setting from.
0
 

Accepted Solution

by:
alaskowski earned 0 total points
ID: 24119227
I have solved myself. Windows Update was getting the proxy setting from WinHTTP. I was able to reset it from the command line using the netsh winhttp proxy command and reset the proxy settings.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi All Just a quick one for everybody. I was recently looking into setting the default User Account Picture for all my vista clients within the network but on closer inspection the group policy setting only allows you to set the default pictur…
The Service applet starts in Extended Mode by Default, with a taskpad on the left of the services pane. This view mode was introduced in XP. As I find it not very usefull, I like to use the Standard view as default, and without the Console tree. …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question