alaskowski
asked on
Proxying issue with Windows Update on Vista
I recently got hit with a virus which, among other things, tried to redirect my broweser and such to a local proxy address. The virus was easy enough to eliminate as well as reset my browsers settings including shutting off the proxying redirect. However, Windows Update continually errors out now. In reviewing its logs, I am seeing the following error:
SendRequest failed with hr = 80072efd. Proxy List used: <http=localhost:7171>
Thus, even though IE is no longer being improperly redirected, Windows Update is and, for the life of me, I cannot find where that particular setting is that WU is reading that proxy address from. I have done a full registry scan and come up empty handed. Please advise.
SendRequest failed with hr = 80072efd. Proxy List used: <http=localhost:7171>
Thus, even though IE is no longer being improperly redirected, Windows Update is and, for the life of me, I cannot find where that particular setting is that WU is reading that proxy address from. I have done a full registry scan and come up empty handed. Please advise.
zrobinson
Can you run Hijackthis and post the scan log?
ASKER
Here you go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:44 PM, on 4/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\SCRIPT~1\DESKTO~1\CLIENT~1\780~1.82\slagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\ScriptLogic\PortSecurity\EmbargoEvents.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 65.54.239.20 messenger.hotmail.com
O1 - Hosts: 65.54.165.179 login.live.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [EmbargoEvents] C:\Program Files\Scriptlogic\PortSecurity\EmbargoEvents.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.6.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} (Session Viewer) - https://192.9.200.146/plugins/vkvm/ActiveXVideoViewer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aegisoft.webex.com/client/T26L/smt/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\Software\..\Telephony: DomainName = aegisoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{424B82AE-7340-407F-A3E2-7E3487B72819}: NameServer = 192.9.200.101,192.9.200.109,192.9.200.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = aegisoft.com
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = aegisoft.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: Alert Notification Server - CA, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CA ARCserve Discovery Service (CASDiscovery) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS\casdscsvc.exe
O23 - Service: CA ARCserve Message Engine (CASMessageEngine) - CA - C:\Program Files\CA\ARCserve Backup\msgeng.exe
O23 - Service: CA ARCserve PortMapper (CASportmapper) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\ASPortMapper\Catirpc.exe
O23 - Service: CA ARCserve Universal Agent (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\ARCserve Backup\UniAgent\UnivAgent.exe
O23 - Service: ScriptLogic USB/Port Security (EmbargoSvc) - ScriptLogic Software Corporation - C:\Windows\system32\EmbargoSvc.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - CA - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\AaronL\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\Program Files\ScriptLogic\Desktop Authority\Client Files\7.80.82\SLClient.exe
--
End of file - 12401 bytes
Nothing jumps out at me...
In internet explorer, go to Tools > Internet Options > Connections > Lan Settings
Is it configured to use a proxy server?
In internet explorer, go to Tools > Internet Options > Connections > Lan Settings
Is it configured to use a proxy server?
ASKER
No, as I said, I have already eliminatd the proxy settings that were placed in Internet Explorer.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have unrestricted access thru the corporate firewall and I already tried shutting down my AV to no effect. It seems evident to me that Windows Update is, in this case, not taking its proxy settings from the IE settings (no proxy) but from another source (thus getting pointed to http=localhost:7171). I just can't determine where it is getting that setting from.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.