Can't connect to windows update.

About a month ago I got a bunch of viruses from someone using my computer after work. I've gone through all the steps in the READ ME FIRST BEFORE ASKING FOR SUPPORT tutorial, and seem to have gotten rid of most of the bad stuff. The problems that I'm still having are, 1. I can't get to Windows Update from my Start menu or from clicking on the link on the MSN page. 2. I can't access my e-mail on my company's server.- I can access my personal account off my office computer and I can access either of them off my home computer.
When I went through the steps, CWS found C:\WINNT\MSCONFIG.exe. Is that a bad thing?
When I did the Bitdefender scan, it found 6 infected items, but couldn't disinfect them. I scanned the files it found the infections in with Norton, but it didn't find anything.
I couldn't run a squared without it creating errors and closing.
I ran HJT and ran my log through the HJT analyzer from the HJT tutorial, and it came up with 28 nasties that I had HJT fix. My last log I ran through there showed no nasties.
When I restart my computer I get a 'Runtime error 9'. subscript out of range alert, but I closed the box and it finished booting.
When I try to get into my company e-mail, the page opens and tells me what's in my folders, and then says 'done error on page'. When I check what the error is, it says,' Error on page. Line:72 Char:3 Error: Automation server can't create object. URL: http\\windows update. microsoft.com\.
When I try to get to Windows update, I get the same error as above.
When I click on the search button, the side window opens but it's blank.
I also have an extra volume control icon on my lower right tool bar. When I put my cursor on it, it displays what looks like a URL address.
My OS is windows 2000.

Anybody got any ideas?

Thanks

 

Thanks for responding Chasling,
I had to run back to work to run HJT on the right computer again, that's what took so long. Here it is.
Hope I attached this right.
Should I have CWS fix that MS CONFIG thing?
Hey, I also did write that my OS is windows 2000 on my first message. It was the last line. I thought I was getting fairly longwinded on that thing, you must not have lasted till the end.


Thanks again for looking!

Pat

 

Thanks Chaslang

OK. I had CWS fix that thing.
When I tried to unistall AVG I got a message " 16 bit Windows Subsystem C:\Winnt\System 32\AutoEXEC.NT. The system is not suitable for running MS-DOS and Microsoft Windows applications. Choose close to terminate application. I chose close and it quit trying to uninstall. Should I have chosen ignor?

No, I don't know what DNTUS26.EXE is for. How do I get rid of it?

I don't think I have system restore on Windows 2000 do I? If I do, I didn't see instructions in the tutorial for disabling it. I checked the show hidden files and it was enabled.

I brought up task manager. C:\WINNT\fxsvc.exe and C:\WINNT\system32\audio.exe both gave me an access denied message when I tried to end them. C:\WINNT\system32\d?dplay.exe ended ok.

I ran HJT and fixed the items listed.

I booted to safe mode. The only thing on the delete list that was found was C:\WINNT\system32\catsrvut.exe and I deleted it.

I renamed the audio.exe. and emptied the Recycle Bin.

Rebooted in normal. Ran HJT. Tried to get on Windows update and got the same automation server error I had before. Tried my company e-mail and got an automation server error also, but with different line and character numbers.

I don't have the extra volume control icon anymore though. That's something!

I checked for the files on the delete list in normal mode and found C:WINNT\fxsvc.exe. Do you want me to try to do something to it in normal mode?

Here's my new HJT log. What's next?

Thanks!

 

I checked for C:\WINNT\MSCONFIG.exe and can't find it. CWS must have taken care of it?

No, I don't know anything about that c:\winnt\system32\MsOffExport.dll.
No, I don't know anything about C:\WINNT\system32\station.exe

I'm not sure what those 3 016 deals are, but but they come from my company website, so I was assuming they were ok.

I'm going to download Pocket Killbox now and go through that stuff.

I'll be back when I'm done.

Thanks

 

Pocket Killbox worked on fxsvc.exe. now I'm going to do it to the other one.

 

It looks like it got rid of dntus26.exe also.

What's next?

 

Neither one has version tabs, so I'll go to safe mode and rename them. When I was checking their properties I noticed that both of them have created dates that are after their modified dates. How does that work?

I just tried to get to Windows update and got the same message as before. I'll let you know if that changes when I get back from safe mode.

Thanks!

 

I got the names changed in safe mode and the stayed changed in normal.

Just tried Windows Update again and I get the same page error message.

What's next?

 

Chaslang

I tried downloading Microsoft Windows Script 5.6 (Windows 2000, XP), but it didn't seem to change anything. I still get the same script error message. I went to http://blogs.msdn.com/jledgard/arch.../23/218994.aspx and read through that. About the only thing I saw that I understood somewhat is that Norton Scriptblocker could be doing it. I opened Norton and looked for the options button he talked about, but it isn't there. Pretty much the rest his page could have been written in Martian and I would have understood it just as well.

Was there something specific on there that you thought I should do, or what do you suggest?

Thanks

 

I got to thinking about some of the stuff the Martian guy was saying and remembered that I couldn't uninstall my AVG anti-virus when I tried before. I tried to do it again and got the message, '16 bit Windows Subsystem C:\WINNT\System 32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close" to terminate the application.'

I checked my files and C:\WINNT\System 32\AUTOEXEC.NT doesn't seem to exist! Why am I getting this message? Should I hit ignore and try to finish the uninstall?

Any suggestions?

Thanks again.

 

tagged,

The link below will help you with the 16 bit Windows Subsystem C:\WINNT\System 32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close" to terminate the application error.

http://support.microsoft.com/kb/305521

Good luck.

Steve

 

Yeah, I was going to post back that the link was for XP, then I saw the link for all win systems at the bottom of the page. Now I have to find my 2000 cd. I missplaced it in my stuff somewhere when I moved last spring.

This might take awhile.

Thanks guys.

 

Well, I can't find my installation CD, so the Computer Guy at my home office wants me to send this thing in so he can change the OS over to XP. He's been wanting to do this for a while, but I haven't wanted to sort out everything I want to keep. I guess now I'll have to.

Thanks alot for all the help, hopefully my problems will go away with my new system.

If not, I'll be back.

 

Hey good idea!

I couldn't find it in my i386 files that the search came up with, but I did a c: drive search and it was in a WINNT\repair file. I copied it into system32 and tried to uninstall AVG and it went right to uninstall! No 16 bit message or anything! I didn't unistall yet though. It asked me what I wanted to do with the contents of the virus vault and I'm not sure of the answer. What do I do, delete the files or what?

On the other hand, should I be getting rid of Norton instead of AVG?

Oh, by the way putting autoexec back where it was supposed to be didn't change anything as far as being able to get to Windows Update. I still get the same script error as before. Any suggestions?

Thanks again!

 

tagged,

While we are on the subject. Double, triple, fourple check your anti-virus and firewall settings. That might be keeping you from getting to update.

Any kind of pop-up, spam, blocking settings. There is an option in Norton's, can't remember right now where it is. I will be checking in case you have trouble finding them.

But check everything.

Steve

 

Check for Popup Window Blocking or Ad Blocking.

Steve

 

Steve

I can't find where to check the settings for Norton or AVG. Can you point me in the right direction?

Pat

 

I am not that familiar with those, been a long time since I had Norton's. I would check under something like Options or Security or Tools or Internet.

Any function that gives you an option for selecting or not.

Steve

 

See if you have a Advanced Options or Web Rules option.

Steve

 

I'm still fairly lost there Steve. I checked my Internet Options and Security levels are all set at Medium, but that's about all I know.

 

OK. You are looking in Internet Explorer, that's not where you need to check.

The settings or options that I am referring to are with your Norton's product, you need to open Norton's anti-virus and check there. You should have a Norton's icon on the bottom right of your computer screen (where the clock is). Left or right-click the icon and it should open to a screen that gives you like a Control Panel where you can adjust certain things.

Also, which version of Norton's do you have installed?

Steve

 

I had Norton corporate, but I uninstalled it after reading Chaslang's post on protecting yourself from malware. The funny thing about it was that when I went to uninstall, my computer said it was used infrequently, and that the last time it had been used was like 5-12-02. If that's the case, what was generating the scan results window I've been closing off my screen every morning for the last two years?

In reading the same post on malware protection I checked out the free firewall downloads. Both say you have to buy them if you're going to use them on a business computer, so if I'm going to buy something, what is the best product?

Thanks for responding.

 

Still working on your update problem, check your HOSTS file:

1. Go to

C:\WINNT\SYSTEM32\DRIVERS\etc (in Windows 2000)

2. Use Notepad to view contents of the HOSTS file.

3. If you see any entries that refer to Microsoft or to Akamai delete them or place a # in the beginning of the line.

4. Close notepad and save the changes.

5. On Windows 2000/XP/2003 flush the DNS cache by running the following command from the Command Prompt:

ipconfig /flushdns

6. Open Internet Explorer and try the Windows Update site again.

Also, some of these software programs will add the Akamai URL to the Restricted Sites in Internet Explorer. Make sure you delete any references to Akamai servers:

1. Open Internet Explorer, on the Tools menu, click Internet Options, and then click the Security tab.

2. Click Restricted sites, Now click the Sites button.

3. Remove any URLs that have akamai in the address.

Steve

 

What's supposed to be in the hosts file? I've got a line that refers to clear-search and some other stuff I don't recognize?

 

Follow step 3 . Also, if the following entries are listed remove them:

216.177.73.139 auto.search.msn.com
216.177.73.139 search.netscape.com
216.177.73.139 ieautosearch

(Sometimes the IP address on the left may be slightly different.)

Steve

 

I don't seem to have any of these or anything that refers to Microsoft or Akamai in my hosts file. I'm sending a copy of my hosts file, but I don't know if anything is bad in it, because I don't know what should be in it.
What's this look like?

Thanks

 

Oh, by the way, I also downloaded the new v1.99.0 of HJT. Can anyone look at this and tell me if anything on it would keep me from getting on windows update or my company's webmail server?

Also, is there a new tutorial somewhere that tells what the new stuff in v1.99 does for you? I couldn't find anything in the MG tutorial or on the merijin site.

Thanks for anything

 

I deleted everything in my Hosts file that didn't look like the example in Chaslang's post. It didn't change anything on the error messages I get when I try to get to Windows update or to my Webmail folders though.

Steve, I'm not sure how I get to the Command Prompt to do this step.
5. On Windows 2000/XP/2003 flush the DNS cache by running the following command from the Command Prompt:

ipconfig /flushdns

If that's important, I guess I need some dumbed-down directions on how to do it.

In my restricted sites list, I didn't find anything that referenced Akamai, and the only site that had MSN in it was MSN-info.net. I didn't know if that was a malware site or not, so I left it there.

When I put my cursor on Windows Update when I'm on MSN.com, the address bar at the bottom reads,"http://g.msn.com/ovs!s5.31472_315529/46.a3629/5??cm=FromMSFTQL". Does that look like the correct path?
I can get to the downloads page from the link in the From Msn box on MSN.com, what do you suppose is different about the Updates list?

Thanks again

 

Thanks for the step-by-step Chaslang!

I got the flush completed. I don't see any difference though. I still get the same 'automation server can't create object' message.

The funny thing is, the link you sent for Windows Update went right through, no errors, and let me scan for updates, download, everything! Why do you suppose that is?

One other thing, I was looking through some old notes I took when my problems first started and I found where I wrote down the name or address or something of one of the pop-ups that was on my screen. It was YeAjukZ in brackets. Do you know what that is?

Thanks again for your time!

P.S. Do you ever sleep?

 

Before I asked for help, I read through a bunch of threads and tried anything that even resembled my problem. I don't know if one of the scans from the 'Read me first before asking for support" got rid of it, or if I luckily happened to get it when I was in the 'Delete everything I don't recognize' mode. I might have gotten rid of it when I ran my first HJT scan and tried to check the log myself through the sites linked on Merijn. I'm not real sure, because I was just stumbling around blindly, and I'm probably lucky this computer works at all, because my first log I fixed was from a copy of HJT I had put on my desktop, so it didn't give me any backups!

If the link on my startup menu to Windows Update and the one I get when I click on MSN.com are wrong, how do I change them? Your link worked, but theirs still doesn't?

 

I can right click on the icon on the start menu and get to Properties, and it shows the shortcut it's taking "%SystemRoot%\system32\wupgr.exe". When I select 'Find Target' it shows me where it is in C:\Winnt\System32, and shows the file hasn't been modified since 12/7/99. So if that hasn't changed, and it worked before, is there something in the shortcut that has been changed? Do you know what that %SystemRoot% is all about?

Thanks

 

I just checked on my home computer (which has ME for an OS), and the shortcut is C:\Windows\wupdgr.exe. Do you suppose if I delete the %SystemRoot% and type in C:\Winnt it will do anything? If so I'll try it as soon as I get to work tomorrow.

Thanks again!