It may be malware (that's another problem) but regardless, I can NOT download any, that's any, Windows Updates... instead I read " error code 80072EE2
Why do you think it's Malware? You might be ok, wait a while and try again.
You may encounter temporary connection-related errors when you use Windows Update or Microsoft Update to install updates
You may encounter temporary connection-related errors when you use Windows Update or Microsoft Update to install updates
I have tried for at least a year and still no luck. I feel it may be malware because my browser (IE8) can't access most Microwave pages and without Updates I can forget about IE9. I've done a Recovery but still no change.Is there a soution?
�� Quote: Originally Posted by zarnic 
I have tried for at least a year and still no luck. I feel it may be malware because my browser (IE8) can't access most Microwave pages and without Updates I can forget about IE9. I've done a Recovery but still no change.Is there a soution?
Are you able to access other websites? Are you experiencing any other Malware related problems? What do you have in the way of security software?? (anti virus, anti malware, firewall).
Hi! zarnic, welcome to 7F 
When was the last time you ran any malware scans? No matter, from your posts I would guess about a year. Let us start there first.
If you are able to download at all go here: Malicious Software Removal Tool | Protect Your Computer Download and run the tool.
Then a little further down you will see a link for Live One Care, download and run that also.
Post back any results, good or bad.
You need to get rid of / make sure you do not have the nasties before you can get anything else to work properly.
When was the last time you ran any malware scans? No matter, from your posts I would guess about a year. Let us start there first.
If you are able to download at all go here: Malicious Software Removal Tool | Protect Your Computer Download and run the tool.
Then a little further down you will see a link for Live One Care, download and run that also.
Post back any results, good or bad.
You need to get rid of / make sure you do not have the nasties before you can get anything else to work properly.
Wow! I didn't expect this level of interest. Been living too long with the no-update problem that I've become complacent.
Techmonkey74:
Yes I can see other web sites and some Microsoft, as long as I don't download.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Anak:
I tried to download the Malicious Software Tool and got " Internet Explorer cannot display the webpage" in a seperate window... typical response.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
Techmonkey74:
Yes I can see other web sites and some Microsoft, as long as I don't download.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Anak:
I tried to download the Malicious Software Tool and got " Internet Explorer cannot display the webpage" in a seperate window... typical response.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
�� Quote: Originally Posted by zarnic Wow! I didn't expect this level of interest. Been living too long with the no-update problem that I've become complacent.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
TY techmonkey74, have to agree about the multiple Anti-Virus programs and I stay away from doing that. McAfee was a one time deal and is gone now. As for Antivira, am happy with it and the controversey continues ... we'll see.
- Please download Dial-A-Fix from one of the following mirrors:
- Extract the zip file to your desktop.
- Double click Dial-a-Fix.exe to start the program.
- Press the green double checkmark box (Looks like this:
)
- UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
- Click on go
- Exit/Close Dial-A-Fix
http://windows.microsoft.com/en-US/w...windows-update
Reboot, and see if that solves your update issues
�� Quote: Originally Posted by zarnic Wow! I didn't expect this level of interest. Been living too long with the no-update problem that I've become complacent.
Techmonkey74:
Yes I can see other web sites and some Microsoft, as long as I don't download.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Techmonkey74:
Yes I can see other web sites and some Microsoft, as long as I don't download.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Quote:
The folks at the independent anti-virus testing body AV-Test.org have been in touch with some interesting statistics.
They are finding more than one million unique malware samples a month, and presently the total amount of unique samples in their malware collection exceeds 22 million.
They are finding more than one million unique malware samples a month, and presently the total amount of unique samples in their malware collection exceeds 22 million.
�� Quote: Originally Posted by zarnic Anak:
I tried to download the Malicious Software Tool and got " Internet Explorer cannot display the webpage" in a seperate window... typical response.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
I tried to download the Malicious Software Tool and got " Internet Explorer cannot display the webpage" in a seperate window... typical response.
As for ' Live One Care ', went there but read "As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011.As of October 2009, Windows Live OneCare sales were discontinued in all markets. Product support ended on April 11, 2011...."
As far as Malicious:
- Restart your machine and try to get into Safe Mode with networking.
- Usually the user has to tap the F8 key while the machine is booting up.
- Go to this site to start: SuperAntiSpyware
- Click on the Red Button to download the free version.
- When it asks you to save the file, click save file, then save it to your Desktop under an assumed name like mydoghasfleas, do not forget we are trying to fool any nasties that this is a harmless file.
- Right click the file and click on Run As Administrator if it asks to update say okay.
- Then let it run.
This trick should also work with the Malicious tool. But, you have to be in Safe Mode!
Any Antimalware tool that is downloaded has to saved under a fictitious name in order to fool the nasties!
If you are happy with Avira Okay, but get rid of all the other extra programs. If you need help because some do not want to be un-installed we will get it figured out, there are tools.
For Starters: McAfee removal tool
Scroll down to Windows Vista \ 7 to start that process.
Do not forget to rename the file before you save it!
I can even show you how to remove any errant entries that were missed in the registry.
I am doing chores outside today so I am not able to stay nearby to see your responses, but I will check back at least once every hour.
Anak
Ahhh...I see Jacee
has arrived. Follow her advice, she will be able to help you quicker than I can with a more aggressive approach. As I tend to take a more cautious approach. Once again looking around ... Windows Update error 80072ee2
�� Quote: Originally Posted by zarnic The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Do you have Antivira: Remove AntiVira Av (Uninstall Guide) -THIS ONE IS A FAKE AV PROGRAM
OR
Avira
Avira anti-virus for home and for business
EDIT: IF YOU DO HAVE THE FAKE AV WAIT FOR JACEE OR SOMEONE ELSE TO HELP YOU OUT. I AM NOT SURE IF THE LINK I PROVIDED ABOVE IS THE BEST SOLUTION
�� Quote: Originally Posted by zarnic Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Your statement contains the two prime examples of malware behaviour especially the last one.
techmonkey that bleepingcomputer link you provided would be a good place to start, and either mbam or SuperAS would work.
The fact that it is suggested there could mean that the antivira malware might not be too hard to eradicate, but zarnic is going to have to make the effort to scan his machine first to make sure it is not infected, otherwise any effort to fix his update problem will be futile.
It would not surprise me that once zarnic cleaned up his machine his update problem would disappear.
Jacee posted:
No good, Jacee... keeps referring to Vista! But thanks for the thought.
I'll try the various suggestions but I have to admit... I'm not very hopeful.
Great forum!!
Quote:
I'll try the various suggestions but I have to admit... I'm not very hopeful.
Great forum!!
Just as I suspected... still no updates, oh well. Sorry that I waited until today, when you all responded yesterday, but after it being over a year without having this ability waiting one day isn't hard to do. At first I thought it was just an IE browser problem but while using Firefox may have allowed me to visit some pages that I couldn't in IE all Anti-(whatever) and Microsoft downloads still would not happen. It may be that I'll have to purchase a new system, tho that is not a good solution... a bit spendy. There is always coffee. Again, thank you all. Please refer to post# 13 above. IF you have Antivira AV, THAT is most likely your problem. If you do not want to try to rid the system of the fake AV program AND you are planning to buy a new system instead why not just reformat and reload Windows on this system?
�� Quote: Originally Posted by techmonkey74 Please refer to post# 13 above. IF you have Antivira AV, THAT is most likely your problem. If you do not want to try to rid the system of the fake AV program AND you are planning to buy a new system instead why not just reformat and reload Windows on this system?
Second: I have NO plans on purchasing a new system... the need isn't great enough.
I have used System Restore many times and even Recovery, which puts the s/w back to factory specs and guess what... no change. It appears that someone simply dislikes Microsoft products and doesn't want us to use them.
So I've been fighting with this same windows update error all day today. I've tried every fix I could find out there for this including ones mentioned in this thread. I removed all AV/AS, toggled off/on firewall, etc.... to no avail. As a last ditch effort I decided to unjoin this system from the domain and then rejoin. Much to my surprise, when the machine is off the domain here, windows update works perfectly. If I join to the domain again, the error repeats itself and I cannot do windows updates again(even from the local Admin account while still joined).
Now I assume that you're not running a domain at home so this kinda doesn't apply to you directly, but what it tells me is that this is related to a group policy setting of some sort that's being pushed to my machine when joined (I'm thinking firewall/defender). So I'd think that your problem is related to your Firewall settings or any settings that an AV/AS might apply similar to a firewall.
I could be wrong here, but I'd scrutinize those items on your computer to the best of your ability, I suspect one of them is blocking updates in some way. Sorry I have not discovered a fix yet, I'll keep at the machine I have here though and post any updates I have on this for you.
Now I assume that you're not running a domain at home so this kinda doesn't apply to you directly, but what it tells me is that this is related to a group policy setting of some sort that's being pushed to my machine when joined (I'm thinking firewall/defender). So I'd think that your problem is related to your Firewall settings or any settings that an AV/AS might apply similar to a firewall.
I could be wrong here, but I'd scrutinize those items on your computer to the best of your ability, I suspect one of them is blocking updates in some way. Sorry I have not discovered a fix yet, I'll keep at the machine I have here though and post any updates I have on this for you.
�� Quote: Originally Posted by zarnic First: I do NOT have Antivira AV and, as far as that goes, my problem occurred before I even heard of Antivira.
Second: I have NO plans on purchasing a new system... the need isn't great enough.
�� Quote: Originally Posted by zarnic Just as I suspected... still no updates, oh well. Sorry that I waited until today, when you all responded yesterday, but after it being over a year without having this ability waiting one day isn't hard to do. At first I thought it was just an IE browser problem but while using Firefox may have allowed me to visit some pages that I couldn't in IE all Anti-(whatever) and Microsoft downloads still would not happen. It may be that I'll have to purchase a new system, tho that is not a good solution... a bit spendy. There is always coffee. Again, thank you all.�� Quote: Originally Posted by zarnic Techmonkey74:
Yes I can see other web sites and some Microsoft, as long as I don't download.
The Anti-(whatever) that I have used, or do, includes Malware Bytes, Norton, Antivira, and McAfee but little has changed. Maybe my problem is not a malware issue but it does seem strange that Windows is the only victum and sites that offer malware products can not usually be accessed.
Anak:
�� Quote: Originally Posted by zarnic TY techmonkey74, have to agree about the multiple Anti-Virus programs and I stay away from doing that. McAfee was a one time deal and is gone now. As for Antivira, am happy with it and the controversey continues ... we'll see.
Sorry for the confusion
Your prior posts were a bit confusing at least to me
I hope you get this worked out
UPDATE:
It appears I have discovered what the issue was with my problem machine here. Our System Essentials VM was off and our GP pushes windows update settings to use it. Interesting that other machines on the domain aren't showing the same issue but this computer is definitely not doing updates as a result of this. If I turn on the VM, windows update works, if I pause/turn off the VM, update fails.
So what does this mean for the OP? Not quite sure at this point. My issue was surely GP/Domain related so it doesn't really apply to the OP. To throw it out there because I didn't see it posted in this thread, have you tried running the FixIT utility from Microsoft yet? Although it says Vista on it, it is the correct tool for Win7 as well. Check your proxy settings in IE, reset IE to default settings to be sure. Check your hosts file for any entries. Make SURE your computer is clean of infection/malware. Also remove your AV/AS if necessary once you're sure it is clean(you can always reinstall), disable windows firewall and defender and try the update again. At this point that's all I can think of for you to try. If anything else comes to mind I'll surely post it.
Good luck, if you do resolve things please let us know what did it, I'd be very interested to hear the resolution for this.
It appears I have discovered what the issue was with my problem machine here. Our System Essentials VM was off and our GP pushes windows update settings to use it. Interesting that other machines on the domain aren't showing the same issue but this computer is definitely not doing updates as a result of this. If I turn on the VM, windows update works, if I pause/turn off the VM, update fails.
So what does this mean for the OP? Not quite sure at this point. My issue was surely GP/Domain related so it doesn't really apply to the OP. To throw it out there because I didn't see it posted in this thread, have you tried running the FixIT utility from Microsoft yet? Although it says Vista on it, it is the correct tool for Win7 as well. Check your proxy settings in IE, reset IE to default settings to be sure. Check your hosts file for any entries. Make SURE your computer is clean of infection/malware. Also remove your AV/AS if necessary once you're sure it is clean(you can always reinstall), disable windows firewall and defender and try the update again. At this point that's all I can think of for you to try. If anything else comes to mind I'll surely post it.
Good luck, if you do resolve things please let us know what did it, I'd be very interested to hear the resolution for this.
�� Quote: Originally Posted by TCG "... I'd scrutinize those items on your computer to the best of your ability, I suspect one of them is blocking updates in some way...."
Zarnic check your profile page, I just sent you a message but I'll post it here for you too....
Quote:
If you have a min, I don't mind taking a look via teamviewer for you. I'll need your teamviewer connection ID and password to connect though. You will be able to see everything I'm doing while I'm connected and are able to end the connection at any time you'd like.
Er... teamviewer? Huh?
zarnic, Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.
Next, download Malwarebytes' Anti-Malware, but before saving to your desktop re-name it to zarnic.exe |MG| Malwarebytes Anti-Malware 1.50.1.1100 Download
* Double-click zarnic/mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.
Next, download Malwarebytes' Anti-Malware, but before saving to your desktop re-name it to zarnic.exe |MG| Malwarebytes Anti-Malware 1.50.1.1100 Download
* Double-click zarnic/mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
�� Quote: Originally Posted by TCG Zarnic check your profile page, I just sent you a message but I'll post it here for you too....
�� Quote: Originally Posted by zarnic
Quote:
If you have a min, I don't mind taking a look via teamviewer for you. I'll need your teamviewer connection ID and password to connect though. You will be able to see everything I'm doing while I'm connected and are able to end the connection at any time you'd like.
�� Quote: Originally Posted by zarnic Er... teamviewer? Huh?
The following is in response to the last post by Jacee, anyone else can ignore this if they want.
Step 1.
�� Quote: Originally Posted by Jacee Did This.
Step2:
Tried but got error msg saying "... could not open the Internet site" so used my copy of Malwarebytes. Looked for update but got error msg "PROGRAM_ERROR_UPDATING (12007,0,WinHttpSendRequest) "
But ran my copy.
Step3:
Ok, here is that log report:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/16/2011 7:41:18 AM
mbam-log-2011-04-16 (07-41-18).txt
Scan type: Full scan (C:\|)
Objects scanned: 277445
Time elapsed: 18 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C975BB2F-86FA-49E7-80D7-90F3971561FB}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C975BB2F-86FA-49E7-80D7-90F3971561FB}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Tried Windows Update again but still no change. Next?
(the attachment relates to my attempt to follow your link to the Malware Bytes site)
Step 1.
�� Quote: Originally Posted by Jacee zarnic, Copy and paste these lines in Note pad. On Desktop SaveAs Flush.bat
Step2:
Quote:
Next, download Malwarebytes' Anti-Malware, but before saving to your desktop re-name it to zarnic.exe |MG| Malwarebytes Anti-Malware 1.50.1.1100 Download
But ran my copy.
Step3:
Quote:
* Double-click zarnic/mbam-setup.exe and follow the prompts to install the program.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/16/2011 7:41:18 AM
mbam-log-2011-04-16 (07-41-18).txt
Scan type: Full scan (C:\|)
Objects scanned: 277445
Time elapsed: 18 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C975BB2F-86FA-49E7-80D7-90F3971561FB}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C975BB2F-86FA-49E7-80D7-90F3971561FB}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Tried Windows Update again but still no change. Next?
(the attachment relates to my attempt to follow your link to the Malware Bytes site)
This IP --> 93.188.166.105 is from Ukraine Promnet Ltd
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
- Disable any script blocking protection
- Double click the dds icon to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt <--- will be minimized in the task tray
- Save both reports to your desktop.
�� Quote: Originally Posted by zarnic The following is in response to the last post by Jacee, anyone else can ignore this if they want.
�� Quote: Originally Posted by Anak ... I do not know about "anyone else", but for me this is reading better than any "suspense novel" I have ever read.
Jacee, who you writing to, or want a log from?
Quote:
Jacee, who you writing to, or want a log from?
�� Quote: Originally Posted by Jacee My post above for the two DDS logs is to you, zarnic
Okay, will get right on it.
�� Quote: Originally Posted by Jacee This IP --> 93.188.166.105 is from Ukraine Promnet Ltd
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
- Disable any script blocking protection
- Double click the dds icon to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt <--- will be minimized in the task tray
- Save both reports to your desktop.
Here is DDS.txt :
�� Quote: Originally Posted by zarnic �� Quote: Originally Posted by Jacee This IP --> 93.188.166.105 is from Ukraine Promnet Ltd
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
Not a WA IP#
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
- Disable any script blocking protection
- Double click the dds icon to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt <--- will be minimized in the task tray
- Save both reports to your desktop.
Here is DDS.txt :
Here is Attach.txt:
You have a few problems! Is Win7 an upgrade from Vista? Did you do a "Clean install"?
Roxio could be causing problems ... (not unheard of
)
Take a look at the Attach.txt. Scroll to the ==== Event Viewer Messages From Past Week ========
And see the errors.
I think if this was my computer, I'd do a clean install and not fight the same problems over and over again.
Roxio could be causing problems ... (not unheard of
)Take a look at the Attach.txt. Scroll to the ==== Event Viewer Messages From Past Week ========
And see the errors.
I think if this was my computer, I'd do a clean install and not fight the same problems over and over again.
Thanks... Hummm, here are asnswers in the order you asked.
1. My Win 7 is not an upgrade but came with the machine. I recently did a 'Recovery' using the Dell OS disk sent to me for that purpose.
2. Doubt that Roxio is the culpert in that the program was purchased long after. Roxio is for burning CDs and DVDs.
I'll review the Attach.txt as you suggested now you go enjoy your weekend, I will too. It's too sunny to be at this machine. Ciao
1. My Win 7 is not an upgrade but came with the machine. I recently did a 'Recovery' using the Dell OS disk sent to me for that purpose.
2. Doubt that Roxio is the culpert in that the program was purchased long after. Roxio is for burning CDs and DVDs.
I'll review the Attach.txt as you suggested now you go enjoy your weekend, I will too. It's too sunny to be at this machine. Ciao
Well, it's still early here and my Husband is going to make dinner (read: fast food) tonight, so please do this...
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.
In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
- Double click combofix.exe and follow the prompts.
- When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.
In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix
�� Quote: Originally Posted by Jacee Post this log in your next reply together with a new hijackthislog.
In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
(what is HiJackThis no log was created)
Navigate to c:\windows\msdownld.tmp <-- and delete this file
Next, from the control panel, click on Action Center. Set Windows to notify you before downloading and installing updates.
If UAC is turned off, turn it back on and set it to medium. Give the computer a day or two to see if you are offered updates, then let me know.
Next, from the control panel, click on Action Center. Set Windows to notify you before downloading and installing updates.
If UAC is turned off, turn it back on and set it to medium. Give the computer a day or two to see if you are offered updates, then let me know.
�� Quote: Originally Posted by Jacee Navigate to c:\windows\msdownld.tmp <-- and delete this file
Next, from the control panel, click on Action Center. Set Windows to notify you before downloading and installing updates.
If UAC is turned off, turn it back on and set it to medium. Give the computer a day or two to see if you are offered updates, then let me know.
Next, from the control panel, click on Action Center. Set Windows to notify you before downloading and installing updates.
If UAC is turned off, turn it back on and set it to medium. Give the computer a day or two to see if you are offered updates, then let me know.
Looked for msdownld.tmp but never found it. Did make that change in the Action Center and had the UAC on and as specified. See ya in a couple days. Enjoy yours, and thanks.
okay �� Quote: Originally Posted by Jacee Give the computer a day or two to see if you are offered updates, then let me know.
Little has changed. Still no
? Windows updates (Error code: 0x800072EE2) or
? Defender updates (still get "the program can't check for definition update. Error found (attempt #1- 0x80072efb, attempt #2- 0x80072ee7, attempt #3- 0x80072efd) A connection with server could not be established" )
One good thing came from these few days - got my lawn mowed.
You have a third party program that is interfering with your updates.
error 0x80072efb has to do with ActiveSync (mobile device/smartphone, sync partnership between the storage card and Windows Media Player)
error 0x80072EE7
error 0x80072EFD
You may encounter temporary connection-related errors when you use Windows Update or Microsoft Update to install updates
error 0x80072efb has to do with ActiveSync (mobile device/smartphone, sync partnership between the storage card and Windows Media Player)
error 0x80072EE7
error 0x80072EFD
You may encounter temporary connection-related errors when you use Windows Update or Microsoft Update to install updates
�� Quote: Originally Posted by Jacee You have a third party program that is interfering with your updates.
Stop it from running in 'services' or startup (msconfig) .... unplug any USB devices other than your mouse and keyboard.
Temporarily disable Norton and turn Windows firewall on.
Temporarily disable Norton and turn Windows firewall on.
�� Quote: Originally Posted by Jacee Stop it from running in 'services' or startup (msconfig) .... unplug any USB devices other than your mouse and keyboard.
Temporarily disable Norton and turn Windows firewall on.
Temporarily disable Norton and turn Windows firewall on.
As an aside, I've used most Windows' versions, since Windows 3, and have never expierenced this. Perhaps... just perhaps, it is a OS problem. Or maybe the Explorer... I definitely see an infection in IE8, and redirects (Google is bad for that) and popups are constantly appearing, even though pop-up blocker is used.
Isn't life grand!
Did you flush the DNS cache and restore Ms's Hosts file using the batch file I gave you in a previous post?
Download TDSSkiller http://support.kaspersky.com/downloa...tdsskiller.zip and save it to your Desktop.
Download TDSSkiller http://support.kaspersky.com/downloa...tdsskiller.zip and save it to your Desktop.
- Extract the file and run it.
- Once completed it will create a log in the root directory (usually C:\).
- Please post the contents of that log in your next reply.
�� Quote: Originally Posted by Jacee Did you flush the DNS cache and restore Ms's Hosts file using the batch file I gave you in a previous post?
Download TDSSkiller http://support.kaspersky.com/downloa...tdsskiller.zip and save it to your Desktop.
Download TDSSkiller http://support.kaspersky.com/downloa...tdsskiller.zip and save it to your Desktop.
- Extract the file and run it.
- Once completed it will create a log in the root directory (usually C:\).
- Please post the contents of that log in your next reply.
You said you bought the computer with Windows 7 already installed, these two items have me curious
C:\Windows.old
C:\$UPGRADE.~OS
C:\Windows.old
C:\$UPGRADE.~OS
�� Quote: Originally Posted by Jacee You said you bought the computer with Windows 7 already installed, these two items have me curious
C:\Windows.old
C:\$UPGRADE.~OS
C:\Windows.old
C:\$UPGRADE.~OS
I have a Facebook page (Jacques Levieux), Jacee, if you need to reach me because I don't plan to keep using Firefox. BTW, the directory \Windows.old was created by the machine when I did a 'Recovery'. I reloaded the OS last month, using a mfg disk, and put everything at factory level. I have no idea about the directory \$UPGRADE.~OS.
Needed to get coffee anyway.
No Facebook membership, zarnic.
Have you thought about backing up your data and doing a 'clean install'?
Have you thought about backing up your data and doing a 'clean install'?
Try this in the Start/search/ type or paste.
hh Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Hit Enter.
It should take you to Microsoft site and you can go any where from their.
hh http://www.microsoft.com/ Start/past in search.
hh Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Hit Enter.
It should take you to Microsoft site and you can go any where from their.
hh http://www.microsoft.com/ Start/past in search.
It could be related to all software/programs for itunes and syncing ... I'm at a loss, but I would try uninstalling all of that nonsense , cleaning all temp files, defragging, shut down, restart normally, and then try Windows updates again.
Totally frustrating to me!!
Totally frustrating to me!!
�� Quote: Originally Posted by Jacee Totally frustrating to me!!
especially when my IE8 wouldn't allow access to this Forum but Firefox does (so now I use Firefox).Update
Have since noticed Malwarebytes always finds a Registry error called Trojan: DNS Changer by 93.188.166.105 whenever the Internet is used. Months ago someone else had this trojan and also couldn't get Updates. Even though Malwarebytes cleans up my Registry it always reappears and just may be the culprit behind me never being able to update Windows.
Have a nice Easter!
Disable the proxy settings in Internet Explorer:
1) Under �Tools� in the browser tool bar select �Internet Options�.
2) In the �Internet Options� window that pops up, click the �Connections� tab at the top.
3) Click �LAN Settings� near the bottom of the �Connections� section.
4) If the �Proxy server� checkbox is marked with a check, click it to deselect/uncheck it.
5) Click �Ok� to close the �Local Area Network (LAN) Settings� window.
6) Click �Ok� to close the �Internet Options� window.
Reboot. Test whether internet connectivity is restored to IE.
1) Under �Tools� in the browser tool bar select �Internet Options�.
2) In the �Internet Options� window that pops up, click the �Connections� tab at the top.
3) Click �LAN Settings� near the bottom of the �Connections� section.
4) If the �Proxy server� checkbox is marked with a check, click it to deselect/uncheck it.
5) Click �Ok� to close the �Local Area Network (LAN) Settings� window.
6) Click �Ok� to close the �Internet Options� window.
Reboot. Test whether internet connectivity is restored to IE.
�� Quote: Originally Posted by Jacee 4) If the �Proxy server� checkbox is marked with a check, click it to deselect/uncheck it.
I know you saw this DNS before (pg 3) and id'd it as coming from Ukraine Promnet Ltd and
not a WA IP#, Jacee, is there a work-around?
Go into programs and features ... uninstall BitTorrent
Next, unhide hidden files and folders. Control panel > Folder Options > View tab. Tick to show hidden files and folds, uncheck hide extensions for known file types.
Now, go to C:\Program Files (x86)\BitTorrent <-- delete this folder
C:\Users\Ron\AppData\Roaming\BitTorrent <-- delete this folder
Reboot.
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Next, unhide hidden files and folders. Control panel > Folder Options > View tab. Tick to show hidden files and folds, uncheck hide extensions for known file types.
Now, go to C:\Program Files (x86)\BitTorrent <-- delete this folder
C:\Users\Ron\AppData\Roaming\BitTorrent <-- delete this folder
Reboot.
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
�� Quote: Originally Posted by Jacee Go into programs and features ... uninstall BitTorrent
but use it for P2P downloading of torrents so may have to reload the exe.BTW for your info, that Urkraine company, Promnet Ltd, has the IP address which is 85.255.112.121.
Wet outside, huh!
Quote:
BTW for your info, that Urkraine company, Promnet Ltd, has the IP address which is 85.255.112.121.
If you don't want to follow my instructions, then do a clean/custom install, or a repair install.
Jacee, did all that you just asked and attached the log. Good luck.
Uninstall corel videostudio pro
Delete c:\users\ron\documents\corel videostudio pro <--folder
keygen.rar <--- delete this file.
Reboot.
Delete c:\users\ron\documents\corel videostudio pro <--folder
keygen.rar <--- delete this file.
Reboot.
- Download http://oldtimer.geekstogo.com/OTL.exe to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
�� Quote: Originally Posted by Jacee Uninstall corel videostudio pro
Delete c:\users\ron\documents\corel videostudio pro <--folder
keygen.rar <--- delete this file.
Delete c:\users\ron\documents\corel videostudio pro <--folder
keygen.rar <--- delete this file.
ran OTL and its' logs are attached ( or I can post the full contents if preferred).
I notice the name SteelWerx and its' SWXCACLS.exe . What is this? Is it a threat?
SteelWerx and its' SWXCACLS.exe is okay.
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Copy and paste the log back here.
Also, please post the content of C:\qoobox\ComboFix.txt
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Copy and paste the log back here.
Also, please post the content of C:\qoobox\ComboFix.txt
�� Quote: Originally Posted by Jacee ...
Also, please post the content of C:\qoobox\ComboFix.txt
Also, please post the content of C:\qoobox\ComboFix.txt
- I neither have the quoted directory nor fileto post.
- As for the rest of your instructions, done and attached... next?
Oh, and have a Good Day!
The OTL Extras.txt is incomplete .... what did you take out of it?
I sure I'm waiting for the answer to that question.
�� Quote: Originally Posted by Jacee The OTL Extras.txt is incomplete .... what did you take out of it?
I just want to see the entire Extras.txt
Jacee, I just noticed that I have two OTL-generated Extra files but different sizes so I'll attach them both and if you want me to run OTL again I will.
Here they are: (those two files should be yr 2011 not 2001)
Here they are: (those two files should be yr 2011 not 2001)
I'd like you to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the entire contents of this report in your next reply.
- Push the
button.
- Push
�� Quote: Originally Posted by Jacee I'd like you to scan your machine with ESET OnlineScan ....
Plan B?
Plan B .... Clean install!
�� Quote: Originally Posted by Jacee Plan B .... Clean install!
Do you still want the file ComboFix.txt (?)... cus I have a directory, now, labeled Qoobox with that file included.
Perhaps I should first try to fix my IE8. Perhaps I should just forget about windows Updates and go on with my life. The sun is out, perhaps I should just go outside.
Just a thought. Some how some bad thing is hanging in there. If it was my computer and I went through what all you folks have I would wipe my drive with one of many 3rd party programs like Drive Scrubber at least 4 times Remove anything that is plugged into the computer that you don't need to do a clean install. For sure the printer because some of them have memory. Notice I did not tell you to save anything. Do a clean install with a legal Windows 7 disc. Once everything is working properly check to make sure it's activated with Microsoft. Then don't install all those p2p and torrents ect. They are probably where you got what ever this thing is you got. I don't care what security is on a computer if the owner/operator let those types of things by the security this whole mess starts again. There is more than enough information on the net to keep a person reading for days about the bad things that happen with p2p and torrents.
Adding to what Layback Bear said could something be hiding on the partition? Like myself Zarnic has a OEM Installed OS and like most OEM OS's the Operation system is on a Partition in my case it's the "D" drive. I did not even get any OS discs with my system HP includes a tool that lets you burn a set of your own. CAN a virus creep on to the partition?
Thank You All for your thoughts and suggestions. It may very well be that P2P and torrents are the culprit. However, where I got it really means little, how to get rid of whatever-it-is means more.
Perhaps I misunderstood what is ment by a 'clean' install... isn't a manufacturers' disc, an OEM Win 7 OS disc, considered 'clean'? If not then I need educating.
Jacee has spent a lot of her spare time trying to work this out and to her I owe a lot.
I think that after so many years of being infection-free it is probably fitting that now I'm not. Sort of a payback thing.
Perhaps I misunderstood what is ment by a 'clean' install... isn't a manufacturers' disc, an OEM Win 7 OS disc, considered 'clean'? If not then I need educating.
Jacee has spent a lot of her spare time trying to work this out and to her I owe a lot.
I think that after so many years of being infection-free it is probably fitting that now I'm not. Sort of a payback thing.
Reset Router and re-installed.
Malwarebytes updated , finally. Yay!
DNSChanger gone. Yay!
Windows updated, first time in year-and-a-half... yay, Yay!! And on a Monday, too.
Thank You, Jacee... I owe ya!
Malwarebytes updated , finally. Yay!
DNSChanger gone. Yay!
Windows updated, first time in year-and-a-half... yay, Yay!! And on a Monday, too.
Thank You, Jacee... I owe ya!
w00t!! 
Just curious for my own education HOW was the router affected?
See here! DNSCHANGER
DNSChanger
DNSChanger
The reason for knowing where and how you get something like that is so you can try not going to that site again. Knowing how you get a bad thing is a good thing.
So true, LB, but... if I had never had this bad thing I never would have heard from such good people, would have never visited this forum, would have never experienced what I did. Sometimes having a bad thing is a good thing.
Không có nhận xét nào:
Đăng nhận xét