57 replies to this topic

[Alain Toogood]

I ran Trojan Hunter on the Gateway machine and it was clean.

The HijackThis report for the Gateway machine is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 09:50:37, on 13/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Documents and Settings\David Bruford\Desktop\PopUpInspector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PopUpInspector] C:\Documents and Settings\David Bruford\Desktop\PopUpInspector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Allow popups from this web page - C:\Documents and Settings\David Bruford\Desktop\allowsite.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Documents and Settings\David Bruford\Desktop\denysite.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Documents and Settings\David Bruford\Desktop\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Documents and Settings\David Bruford\Desktop\PopUpInspector.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {083F2348-989A-4650-A541-6BB9CEE58E5E} (IEUpdateOSR2 Control with Key) - http://client.virgin...sets/update.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119431512278
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://internal.bru...emote/msrdp.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecre...PEInstaller.exe
O16 - DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} (InstallShield Update Service Setup Player) - http://updates.insta...AB/dwusplay.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....b/gb/games4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} (:-) VideoSoft FlexGrid 7.0 (Light)) - https://www.e-broker...om/vsflex7L.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-i...ia.com/mpv0.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark...en/AMClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86F11A7F-B0B8-472F-98BA-5C473E110D76}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE


The IP addresses are as follows:
Gateway machine (OK for updates): 192.168.0.1 [PPP Adapter Speedtouch Connection 81.107.199.4]

My laptop (no updates): 192.168.0.3

Clare's laptop (no updates): 192.168.0.4

Mike's PC (Updates OK): In response to ipconfig the message appears: "An internal error occurred. The request is not supported." I tried re-booting in Safe Mode with a Command Prompt but to no avail.


The two problem machines cannot access Windows Updates or any web site within the www.microsoft.com area. They seem to be able to access everything else. You may recall that before your kind assistance started neither machine could access MSN or even the tomcoyote web site.

When attempting to access Windows Updates on my laptop via the Start menu prompt, it gets as far as http://update.micros...v6/default.aspx then either 'hangs' forever or sometimes it gives the standard. "This page cannot be displayed" message.

I ran Spybot S&D and it congratulated me! The report is attached.

 SpybotSD.Report_Laptop.txt   27.71KB   477 downloads

[rand1038]

Run HijackThis, close all programs with a placeholder in the taskbar then checkmark the following lines and click "Fix checked".

netvenda dialer, you want to steer clear of netvenda.com or any sites that link to it.
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....b/gb/games4.cab

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-i...ia.com/mpv0.cab

Lets see if we can get Windows Update to work with a "reset". What the following procedure does is clear out all your pending downloads and any corrupted files that may be causing a hang.

Navigate to C:\WINDOWS\SoftwareDistribution
Rename all the folders you find in there so that they end with an "X".
Example: DataStore gets renamed to DataStoreX
If you have c:\wutemp rename it in the same manner.

Once that is done close the folder then try windows update.

If that doesn't help then we'll take a look at your protocol filters. It seems like something is preventing you from getting a valid windows.com address and HOSTS file lines show up in HJT. Rather perplexing. It will be fun to find out the problem.

[Alain Toogood]

I ran HijackThis but there were no entries for netvenda dialer.

O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....b/gb/games4.cab

OR

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-i...ia.com/mpv0.cab

Renaming the C:\WINDOWS\SoftwareDistribution content folders went OK except that EventCache. I got the message:
"Cannot rename EventCache: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use."

I checked Windows Task Manager and the only things in Applications were an Explorer icon for 'SoftwareDistribution' and 'Mt Documents'.

I have a C:\WUTemp folder but there is nothing in it.

I then went to Windows Update from the Start menu and this launched IE and put http://windowsupdate.microsoft.com in the Address bar; this then changes to http://update.micros...v6/default.aspx and at the bottom says "Opening page http://update.micros....aspx?In=en-us...

P.S. I ran the new version of Spybot S&D 1.4 on Clare's Laptop and it found 69 little swines. I deleted them all but it still doesn't access Windows updates.

Edited by Alain Toogood, 14 August 2005 - 03:04 AM.

[rand1038]

I ran HijackThis but there were no entries for netvenda dialer.

O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....b/gb/games4.cab

OR

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-i...ia.com/mpv0.cab

These are in the gateway machine log.

I then went to Windows Update from the Start menu and this launched IE and put http://windowsupdate.microsoft.com in the Address bar; this then changes to http://update.micros...v6/default.aspx and at the bottom says "Opening page http://update.micros.....aspx?In=en-us...

This looks like you are able to get to the site which tells us DNS is not blocked for it. I take it that windows updates still does not work?

[Alain Toogood]

These are in the gateway machine log.

Sorry, being a bit dense, I should have checked all the machines.
These items have now been deleted from the Gateway machine.

This looks like you are able to get to the site which tells us DNS is not blocked for it. I take it that windows updates still does not work?

No change I'm afraid. After deleting the items from the HijackThis list I rebooted both machines and tried Windows updates on the laptop but it hangs at the same place. To double check I tried the same on the Gateway machine and it goes straight to the "Keep your computer up to date" page with no problem.

On the bright side, I can now use the quote facility of your site!

Edited by Alain Toogood, 14 August 2005 - 10:22 AM.

[rand1038]

On the bright side, I can now use the quote facility of your site!

Its always good to acquire a new skill. You may be writing batch files and scripts by the time this gets done.

Close all browser windows then do the following steps.

First, copy the contents of the code box to a new notepad document. Save as type "All Files" with the name REGWU.BAT to your desktop. Double click regwu.bat to run it. This will reregister the windows update dlls.

Regsvr32 /s wuapi.dll
RegSvr32 /s wuaueng1.dll
RegSvr32 /s wuaueng.dll
RegSvr32 /s wups.dll
RegSvr32 /s wuweb.dll
RegSvr32 /s winhttp.dll
RegSvr32 /s wucltui.dll
RegSvr32 /s jscript.dll

Next run HijackThis on your laptop. Find the 016 that looks similar to this:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095305225656

The important part is the bolded section, which may also be update.microsoft.com depending on which version of the control you have (if any). If you find one, or more, checkmark them all then click fix checked. Make sure all web browser windows are closed when you do this. If you don't find any don't worry about it. If you are in doubt and it is an 016 item then go ahead and check it for fixing. A website which uses on of the 016 items will prompt you to download a new copy if you accidently delete the wrong one. This is only true in the 016 section, don't apply this philosophy in any of the other HJT sections or we'll be fixing a much bigger problem.

Once the above steps are complete then try Winodows update again.

Let us know how things worked out. If it still doesn't work, let us know if you found one or more of the 016 lines with windows update in them.

[Alain Toogood]

The last time I wrote a batch file, it was on an Apple II Europlus (a revolution compared to my Sinclair ZX81) so the delights of 10 GET A$ and 20 GOTO 100 are not foreign to me, but perhaps just an ancient languare now.

I couldn't see a 016 as you described, I only has:

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://internal.bru...emote/msrdp.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

No change on WIndows update.

[rand1038]

Are you able to access other sites, such as banks, that use ssl (HTTPS prefix)?

[Alain Toogood]

Yes, as far as I can ascertain, I can access every darn site except a *.*microsoft one. It's a very specific ailment!

[rand1038]

Sorry for taking so long to respond Alain. We are going to try another procedure and if that doesn't work then you get to learn how to use a network monitor (aka packet sniffer).

General instructions for using the locked files wizard, if you end up needing it
Download Locked Files Wizard and unzip it.
Double click lfw.exe to run the Locked Files Wizard.
Click next.
Click "Select Folder" then navigate to FOLDER TO RENAME and click ok.
Click next then choose "Rename" then click next
Enter NEW NAME and click next
Click next again
Click "Finish" and the computer will reboot.
When the reboot is complete check the folder(s) you renamed to make sure the rename worked.


Disable any software you have that monitors the regisrry (For example: Spybot S&D Teatimer, WinPatrol, CounterSpy). Go into each program's options and disable the feature (usually uncheck a box) to run the program when windows starts. Check the help manuals for each program to find instructions on how to do this..

Go to Start > Run and type Services.msc then click ok.
Find Windows Update and Background Intelligent Transfer service.
For each of those services right click and choose Properties.
On the "General" tab, click the "Stop" button then use the dropdown menu to set the startup type to disabled.

Reboot the computer.

Rename all of the folders in C:\Windows\SoftwareDistribution as you did before.
Use the Locked Files Wizard to rename any that will not allow it to be done manually.
If you have this folder:
c:\wuTemp rename it also (unless it is empty), use the Locked Files Wizard if necessary.

If you would like, you can copy all of the lines below into a notepad document and save the document with a name that ends with .BAT (notice the ".") as type "All Files". All of the lines starting with regsvr32 should be in the file and nothing else. Double click the file and it will open the cmd window and run the commands for you (you will still have to click Ok in the message boxes). That will be much easier than pasting each line into the run box.

Paste each of the following into the Start > Run box.
Click Ok for each message box, even if it is an error, and proceed.

Regsvr32 /u wuapi.dll
RegSvr32 /u wuaueng1.dll
RegSvr32 /u wuaueng.dll
RegSvr32 /u wups.dll
RegSvr32 /u wuweb.dll
RegSvr32 /u winhttp.dll
RegSvr32 /u wucltui.dll
regsvr32 /u wups2.dll
Regsvr32 wuapi.dll
RegSvr32 wuaueng1.dll
RegSvr32 wuaueng.dll
RegSvr32 wups.dll
RegSvr32 winhttp.dll
RegSvr32 wucltui.dll
regsvr32 wups2.dll

What the above steps have done is an almost complete uninstall/reinstall of windows update (except for the weweb dll which you get from the windows update site).

Once that is all done then go to Start > Control Panel > Internet Options
Under the general tab:
Delete Cookies button
Delete Files button, check "Delete offline content"
That step clears the old windows update files from the cache so you will get new ones.

Next go back into Services.msc and start Windows Update and Background Intelligent Transfer service (in that order) and set their startup type for Automatic Updates to "Automatic" and Background Intelligent Transfer Service to "Manual"..

See if windows update will work.

If winodws update will not work then download and install ethereal-setup-0.10.12.exe.
This is the network monitor program I spoke of at the beginning of the post. It is a free program and very good at its job.

[Alain Toogood]

No problem on the delay in replying. I’ve been ‘up North’ for a few days and only just got back. While away my son decided to upgrade my desktop with a new motherboard and memory. As a result, the old graphics card doesn’t fit and he doesn’t know how to re-assemble it back to its previous state and it is now ‘dead’ until the new graphics card arrives. However, every cloud has a silver lining and I was forced to use my backup machine, which is the laptop, and the original source of the “Can’t get updates…” problem. While kicking myself for failing to have a recent backup of Outlook (I now have a free week as I have no idea what I’m meant to be doing!) I thought I’d try plugging in the broadband connection directly into the laptop and trying Windows Updates. Voila! It worked, no problem. After another self-kicking for not trying this before I got Clare’s laptop and accessed Windows update via the wireless connection (her laptop to my laptop). Simply put I have now downloaded all current Windows updates and am pretty certain that this has proved that the problem is in the PC’s firewall. On reading your latest advice it looks as if you are approaching the same conclusion (if that’s what a network monitor does). In conclusion, I haven’t acted on your latest advice until I get your reaction to my tome above. I guess we could leave it as it is and I just juggle the cables to get updates in future. If you are keen to get to the root of the problem we’ll have to wait until my PC is rebuilt (a few days I think) otherwise, we could call it problem solved and I will remain in your debt with a very guilty feeling at all the work that you have put in. Can I make a donation to the link that appeared on the earlier replies (but I can’t see on the laptop so that might have to wait until I get the PC back!)? Regards Alain

[rand1038]

In conclusion, I haven’t acted on your latest advice until I get your reaction to my tome above. I guess we could leave it as it is and I just juggle the cables to get updates in future. If you are keen to get to the root of the problem we’ll have to wait until my PC is rebuilt (a few days I think) otherwise, we could call it problem solved and I will remain in your debt with a very guilty feeling at all the work that you have put in.  Can I make a donation to the link that appeared on the earlier replies (but I can’t see on the laptop so that might have to wait until I get the PC back!)?

Regards
Alain

At this point Alain I would like to find the root of the problem. As much work as you and I have put into this I think a victory is required.

You can donate at the following page:
http://tomcoyote.org/donate.php

As my signature states, the help you receive here is free and no payment is expected. We do appreciate donations to help offset the cost of running and maintaining this site.

Let us know when you have things back to their normal setup and we will continue to investigate the problem.

Rand

[Alain Toogood]

Hi

I'm back! The PC (desktop) that apparently caused the problem now has a new motherboard, pwer supply, memory and graphics card. The hard disk was formatted and XP reinstalled.

The laptop still hangs at http://update.micros...t.aspx?ln=en-us regardless of whether the PC's Norton firewall is enabled or disabled. This is when the laptop is using the PCs broadband connection via the wireless network.

However, if I put the broadband connector directly into the laptop it accesses Windows updates fine.

As I can get around the problem it might be practical for you to drop my problem and concentrate on something less wierd. Up to you.

Thanks
Alain