Windows Update nearly kills my computer

August 15, 2008

I have XP SP3 installed and when (I think it's) Windows update accesses the

internet just after startup, the rest of the computer almost comes to a

standstill. If I start Task manager > Processes one of the several

svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after

startup. I have 'Download updates and let me choose..' set.

If I select 'Turn off Automatic Updates' my computer starts normally. This

has developed lately, but I cannot deffinitely associate it with the

installation of SP3.

System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

Any suggestions would be more than welcome.

August 15, 2008

Re: Windows Update nearly kills my computer

This issue should *not* be occurring after the application of SP3 and

had been addressed in prior KB articles.

What is the installed antivirus\security software and is a 3rd party

firewall being used ?

Is/are they configured to scan this location ? -

WINDOWS\SoftwareDistribution\DataStore

If it/they are, then please exclude that location from any real-time

monitoring or scanning.

Then do a manual visit to Windows Update with the AU service set to

Automatic and the Background Intelligent Transfer service set to Manual.

What happened when you did that ?

Next, go to Start > Run > type in or copy&paste the below into the Open:

line and then click OK or press Enter.

The WindowsUpdate.log will open.

Scroll all the way to the bottom for the most recent entries.

Copy and paste the last 50 or so lines into your reply, Trevor.

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

TrevorJ wrote:

> I have XP SP3 installed and when (I think it's) Windows update accesses the

> internet just after startup, the rest of the computer almost comes to a

> standstill. If I start Task manager > Processes one of the several

> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after

> startup. I have 'Download updates and let me choose..' set.

> If I select 'Turn off Automatic Updates' my computer starts normally. This

> has developed lately, but I cannot deffinitely associate it with the

> installation of SP3.

> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> Any suggestions would be more than welcome.

>

August 15, 2008

Re: Windows Update nearly kills my computer

Try my Svchosts Fix tool. Download it here

http://pcbutts1.com/downloads/tools/tools.htm

--

Cyberstalking is a crime. If you had one as bad as I did simply ignoring

them is not an option.

"TrevorJ" <TrevorJ@discussions.microsoft.com> wrote in message

news:4BA897B1-351A-4F9D-9BF4-4F82572B63A5@microsoft.com...

>I have XP SP3 installed and when (I think it's) Windows update accesses the

> internet just after startup, the rest of the computer almost comes to a

> standstill. If I start Task manager > Processes one of the several

> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins

> after

> startup. I have 'Download updates and let me choose..' set.

> If I select 'Turn off Automatic Updates' my computer starts normally. This

> has developed lately, but I cannot deffinitely associate it with the

> installation of SP3.

> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> Any suggestions would be more than welcome.

>

August 16, 2008

Re: Windows Update nearly kills my computer

Free unlimited installation and compatibility support is available for

Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and

e-mail support is available only in the United States and Canada.

• US:

http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131

• CA:

http://support.microsoft.com/oas/default.aspx?ln=en-ca&prid=11273&gprid=522131

• UK:

http://support.microsoft.com/oas/default.aspx?ln=en-gb&prid=11273&gprid=522131

• AU:

http://support.microsoft.com/oas/default.aspx?ln=en-au&prid=11273&gprid=522131

• Other: http://support.microsoft.com/oas/default.aspx?gprid=1173 | select

Windows XP | select Windows XP Service Pack 3

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

TrevorJ wrote:

> I have XP SP3 installed and when (I think it's) Windows update accesses

> the

> internet just after startup, the rest of the computer almost comes to a

> standstill. If I start Task manager > Processes one of the several

> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins

> after

> startup. I have 'Download updates and let me choose..' set.

> If I select 'Turn off Automatic Updates' my computer starts normally. This

> has developed lately, but I cannot deffinitely associate it with the

> installation of SP3.

> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> Any suggestions would be more than welcome.

August 16, 2008

Re: Windows Update nearly kills my computer

Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried

switching ZA off to no avail. I'll try the other suggestions latertoday when

I have time. PS my Vista Lappie does not have this problem.

Thanks for now, will report back later

"MowGreen [MVP]" wrote:

> This issue should *not* be occurring after the application of SP3 and

> had been addressed in prior KB articles.

>

> What is the installed antivirus\security software and is a 3rd party

> firewall being used ?

> Is/are they configured to scan this location ? -

> WINDOWS\SoftwareDistribution\DataStore

>

> If it/they are, then please exclude that location from any real-time

> monitoring or scanning.

>

> Then do a manual visit to Windows Update with the AU service set to

> Automatic and the Background Intelligent Transfer service set to Manual.

>

> What happened when you did that ?

>

> Next, go to Start > Run > type in or copy&paste the below into the Open:

> line and then click OK or press Enter.

> The WindowsUpdate.log will open.

> Scroll all the way to the bottom for the most recent entries.

> Copy and paste the last 50 or so lines into your reply, Trevor.

>

> MowGreen [MVP 2003-2008]

> ===============

> *-343-* FDNY

> Never Forgotten

> ===============

>

> TrevorJ wrote:

>

> > I have XP SP3 installed and when (I think it's) Windows update accesses the

> > internet just after startup, the rest of the computer almost comes to a

> > standstill. If I start Task manager > Processes one of the several

> > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after

> > startup. I have 'Download updates and let me choose..' set.

> > If I select 'Turn off Automatic Updates' my computer starts normally. This

> > has developed lately, but I cannot deffinitely associate it with the

> > installation of SP3.

> > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> > Any suggestions would be more than welcome.

> >

>

August 16, 2008

Re: Windows Update nearly kills my computer

Did that. Switched off ZA and AVG. Update site now does not seem to lock up

computer. Now I have a better idea of What's wrong (hopefully) I'll try

another update later today.

"The Real Truth MVP" wrote:

> Try my Svchosts Fix tool. Download it here

> http://pcbutts1.com/downloads/tools/tools.htm

>

> --

> Cyberstalking is a crime. If you had one as bad as I did simply ignoring

> them is not an option.

>

> "TrevorJ" <TrevorJ@discussions.microsoft.com> wrote in message

> news:4BA897B1-351A-4F9D-9BF4-4F82572B63A5@microsoft.com...

> >I have XP SP3 installed and when (I think it's) Windows update accesses the

> > internet just after startup, the rest of the computer almost comes to a

> > standstill. If I start Task manager > Processes one of the several

> > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins

> > after

> > startup. I have 'Download updates and let me choose..' set.

> > If I select 'Turn off Automatic Updates' my computer starts normally. This

> > has developed lately, but I cannot deffinitely associate it with the

> > installation of SP3.

> > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> > Any suggestions would be more than welcome.

> >

>

August 16, 2008

Re: Windows Update nearly kills my computer

Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update

site responds OK without a 98% cpu useage. There were no updates, so I will

try again later, and see if the comp locks up on a restart.

I will close the loop here once I think have fixed the prob.

Thanks again for the pointers

"TrevorJ" wrote:

> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried

> switching ZA off to no avail. I'll try the other suggestions latertoday when

> I have time. PS my Vista Lappie does not have this problem.

>

> Thanks for now, will report back later

>

> "MowGreen [MVP]" wrote:

>

> > This issue should *not* be occurring after the application of SP3 and

> > had been addressed in prior KB articles.

> >

> > What is the installed antivirus\security software and is a 3rd party

> > firewall being used ?

> > Is/are they configured to scan this location ? -

> > WINDOWS\SoftwareDistribution\DataStore

> >

> > If it/they are, then please exclude that location from any real-time

> > monitoring or scanning.

> >

> > Then do a manual visit to Windows Update with the AU service set to

> > Automatic and the Background Intelligent Transfer service set to Manual.

> >

> > What happened when you did that ?

> >

> > Next, go to Start > Run > type in or copy&paste the below into the Open:

> > line and then click OK or press Enter.

> > The WindowsUpdate.log will open.

> > Scroll all the way to the bottom for the most recent entries.

> > Copy and paste the last 50 or so lines into your reply, Trevor.

> >

> > MowGreen [MVP 2003-2008]

> > ===============

> > *-343-* FDNY

> > Never Forgotten

> > ===============

> >

> > TrevorJ wrote:

> >

> > > I have XP SP3 installed and when (I think it's) Windows update accesses the

> > > internet just after startup, the rest of the computer almost comes to a

> > > standstill. If I start Task manager > Processes one of the several

> > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after

> > > startup. I have 'Download updates and let me choose..' set.

> > > If I select 'Turn off Automatic Updates' my computer starts normally. This

> > > has developed lately, but I cannot deffinitely associate it with the

> > > installation of SP3.

> > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> > > Any suggestions would be more than welcome.

> > >

> >

August 16, 2008

Re: Windows Update nearly kills my computer

Thanks again for your input.

Just done all you suggest (but I don't know what you mean by 'Background

Intellegent Transfer'), but svchost still takes up to 99% processor time. A

manual check on Windows update sticks on 'Checking your system for latest

updates' (or something like that) It did not do this the first time I tried

it this morning after switching off ZA and AVG.

I have to end the scvhost process to do anything with the computer.

All AV and antiSpyware and ZA off.

Please clkarify how to get the log, you seem to have missed the critical bit

about what to paste into the Run dialog. Please repeat.

Trevor

"TrevorJ" wrote:

> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update

> site responds OK without a 98% cpu useage. There were no updates, so I will

> try again later, and see if the comp locks up on a restart.

> I will close the loop here once I think have fixed the prob.

> Thanks again for the pointers

>

> "TrevorJ" wrote:

>

> > Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried

> > switching ZA off to no avail. I'll try the other suggestions latertoday when

> > I have time. PS my Vista Lappie does not have this problem.

> >

> > Thanks for now, will report back later

> >

> > "MowGreen [MVP]" wrote:

> >

> > > This issue should *not* be occurring after the application of SP3 and

> > > had been addressed in prior KB articles.

> > >

> > > What is the installed antivirus\security software and is a 3rd party

> > > firewall being used ?

> > > Is/are they configured to scan this location ? -

> > > WINDOWS\SoftwareDistribution\DataStore

> > >

> > > If it/they are, then please exclude that location from any real-time

> > > monitoring or scanning.

> > >

> > > Then do a manual visit to Windows Update with the AU service set to

> > > Automatic and the Background Intelligent Transfer service set to Manual.

> > >

> > > What happened when you did that ?

> > >

> > > Next, go to Start > Run > type in or copy&paste the below into the Open:

> > > line and then click OK or press Enter.

> > > The WindowsUpdate.log will open.

> > > Scroll all the way to the bottom for the most recent entries.

> > > Copy and paste the last 50 or so lines into your reply, Trevor.

> > >

> > > MowGreen [MVP 2003-2008]

> > > ===============

> > > *-343-* FDNY

> > > Never Forgotten

> > > ===============

> > >

> > > TrevorJ wrote:

> > >

> > > > I have XP SP3 installed and when (I think it's) Windows update accesses the

> > > > internet just after startup, the rest of the computer almost comes to a

> > > > standstill. If I start Task manager > Processes one of the several

> > > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after

> > > > startup. I have 'Download updates and let me choose..' set.

> > > > If I select 'Turn off Automatic Updates' my computer starts normally. This

> > > > has developed lately, but I cannot deffinitely associate it with the

> > > > installation of SP3.

> > > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> > > > Any suggestions would be more than welcome.

> > > >

> > >

August 16, 2008

Re: Windows Update nearly kills my computer

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjuction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. **Post your log to

http://aumha.net/viewforum.php?f=30,

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html, or other appropriate forums for review

by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

TrevorJ wrote:

> Thanks again for your input.

> Just done all you suggest (but I don't know what you mean by 'Background

> Intellegent Transfer'), but svchost still takes up to 99% processor time.

> A

> manual check on Windows update sticks on 'Checking your system for latest

> updates' (or something like that) It did not do this the first time I

> tried

> it this morning after switching off ZA and AVG.

> I have to end the scvhost process to do anything with the computer.

> All AV and antiSpyware and ZA off.

> Please clkarify how to get the log, you seem to have missed the critical

> bit

> about what to paste into the Run dialog. Please repeat.

> Trevor

>

> "TrevorJ" wrote:

>

>> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update

>> site responds OK without a 98% cpu useage. There were no updates, so I

>> will

>> try again later, and see if the comp locks up on a restart.

>> I will close the loop here once I think have fixed the prob.

>> Thanks again for the pointers

>>

>> "TrevorJ" wrote:

>>

>>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried

>>> switching ZA off to no avail. I'll try the other suggestions latertoday

>>> when I have time. PS my Vista Lappie does not have this problem.

>>>

>>> Thanks for now, will report back later

>>>

>>> "MowGreen [MVP]" wrote:

>>>

>>>> This issue should *not* be occurring after the application of SP3 and

>>>> had been addressed in prior KB articles.

>>>>

>>>> What is the installed antivirus\security software and is a 3rd party

>>>> firewall being used ?

>>>> Is/are they configured to scan this location ? -

>>>> WINDOWS\SoftwareDistribution\DataStore

>>>>

>>>> If it/they are, then please exclude that location from any real-time

>>>> monitoring or scanning.

>>>>

>>>> Then do a manual visit to Windows Update with the AU service set to

>>>> Automatic and the Background Intelligent Transfer service set to

>>>> Manual.

>>>>

>>>> What happened when you did that ?

>>>>

>>>> Next, go to Start > Run > type in or copy&paste the below into the

>>>> Open:

>>>> line and then click OK or press Enter.

>>>> The WindowsUpdate.log will open.

>>>> Scroll all the way to the bottom for the most recent entries.

>>>> Copy and paste the last 50 or so lines into your reply, Trevor.

>>>>

>>>> MowGreen [MVP 2003-2008]

>>>> ===============

>>>> *-343-* FDNY

>>>> Never Forgotten

>>>> ===============

>>>>

>>>> TrevorJ wrote:

>>>>

>>>>> I have XP SP3 installed and when (I think it's) Windows update

>>>>> accesses

>>>>> the internet just after startup, the rest of the computer almost comes

>>>>> to a standstill. If I start Task manager > Processes one of the

>>>>> several

>>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins

>>>>> after startup. I have 'Download updates and let me choose..' set.

>>>>> If I select 'Turn off Automatic Updates' my computer starts normally.

>>>>> This has developed lately, but I cannot deffinitely associate it with

>>>>> the installation of SP3.

>>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

>>>>> Any suggestions would be more than welcome.

August 17, 2008

Re: Windows Update nearly kills my computer

Thanks again. I have now done a few checks and it gets worse. I can now no

longer access Task Manager and cannot restore to an earlier date. I think

it's time I reinstated the Acronis image I made a few months ago before it

all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

but at least I'll feel more confident that I havn't caught anything nasty.

BTW, I am now using my laptop, and my 'dodgy' computer is disconnected from

the net.

Thanks again.

Trev

"PA Bear [MS MVP]" wrote:

> Unexplained computer behavior may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Run a /thorough/ check for hijackware, including posting your hijackthis log

> to an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine2.blogspot.com/

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> When all else fails, HijackThis v2.0.2

> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

> conjuction with some other utilities). HijackThis will NOT fix anything on

> its own, but it will help you to both identify and remove any

> hijackware/spyware with assistance from an expert. **Post your log to

> http://aumha.net/viewforum.php?f=30,

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://castlecops.com/forum67.html, or other appropriate forums for review

> by an expert in such matters, not here.**

>

> If the procedures look too complex - and there is no shame in admitting this

> isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

>

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

> TrevorJ wrote:

> > Thanks again for your input.

> > Just done all you suggest (but I don't know what you mean by 'Background

> > Intellegent Transfer'), but svchost still takes up to 99% processor time.

> > A

> > manual check on Windows update sticks on 'Checking your system for latest

> > updates' (or something like that) It did not do this the first time I

> > tried

> > it this morning after switching off ZA and AVG.

> > I have to end the scvhost process to do anything with the computer.

> > All AV and antiSpyware and ZA off.

> > Please clkarify how to get the log, you seem to have missed the critical

> > bit

> > about what to paste into the Run dialog. Please repeat.

> > Trevor

> >

> > "TrevorJ" wrote:

> >

> >> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update

> >> site responds OK without a 98% cpu useage. There were no updates, so I

> >> will

> >> try again later, and see if the comp locks up on a restart.

> >> I will close the loop here once I think have fixed the prob.

> >> Thanks again for the pointers

> >>

> >> "TrevorJ" wrote:

> >>

> >>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried

> >>> switching ZA off to no avail. I'll try the other suggestions latertoday

> >>> when I have time. PS my Vista Lappie does not have this problem.

> >>>

> >>> Thanks for now, will report back later

> >>>

> >>> "MowGreen [MVP]" wrote:

> >>>

> >>>> This issue should *not* be occurring after the application of SP3 and

> >>>> had been addressed in prior KB articles.

> >>>>

> >>>> What is the installed antivirus\security software and is a 3rd party

> >>>> firewall being used ?

> >>>> Is/are they configured to scan this location ? -

> >>>> WINDOWS\SoftwareDistribution\DataStore

> >>>>

> >>>> If it/they are, then please exclude that location from any real-time

> >>>> monitoring or scanning.

> >>>>

> >>>> Then do a manual visit to Windows Update with the AU service set to

> >>>> Automatic and the Background Intelligent Transfer service set to

> >>>> Manual.

> >>>>

> >>>> What happened when you did that ?

> >>>>

> >>>> Next, go to Start > Run > type in or copy&paste the below into the

> >>>> Open:

> >>>> line and then click OK or press Enter.

> >>>> The WindowsUpdate.log will open.

> >>>> Scroll all the way to the bottom for the most recent entries.

> >>>> Copy and paste the last 50 or so lines into your reply, Trevor.

> >>>>

> >>>> MowGreen [MVP 2003-2008]

> >>>> ===============

> >>>> *-343-* FDNY

> >>>> Never Forgotten

> >>>> ===============

> >>>>

> >>>> TrevorJ wrote:

> >>>>

> >>>>> I have XP SP3 installed and when (I think it's) Windows update

> >>>>> accesses

> >>>>> the internet just after startup, the rest of the computer almost comes

> >>>>> to a standstill. If I start Task manager > Processes one of the

> >>>>> several

> >>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins

> >>>>> after startup. I have 'Download updates and let me choose..' set.

> >>>>> If I select 'Turn off Automatic Updates' my computer starts normally.

> >>>>> This has developed lately, but I cannot deffinitely associate it with

> >>>>> the installation of SP3.

> >>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection.

> >>>>> Any suggestions would be more than welcome.

>

August 17, 2008

Re: Windows Update nearly kills my computer

Repost:

>> When all else fails, HijackThis v2.0.2

>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>> (in conjuction with some other utilities). HijackThis will NOT fix

>> anything on its own, but it will help you to both identify and remove any

>> hijackware/spyware with assistance from an expert. **Post your log to

>> http://aumha.net/viewforum.php?f=30,

>> http://forums.spybot.info/forumdisplay.php?f=22,

>> http://castlecops.com/forum67.html, or other appropriate forums for

>> review

>> by an expert in such matters, not here.**

TrevorJ wrote:

> Thanks again. I have now done a few checks and it gets worse. I can now no

> longer access Task Manager and cannot restore to an earlier date. I

> think

> it's time I reinstated the Acronis image I made a few months ago before it

> all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

> but at least I'll feel more confident that I havn't caught anything nasty.

> BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

> from

> the net.

> Thanks again.

> Trev

>

> "PA Bear [MS MVP]" wrote:

>

>> Unexplained computer behavior may be caused by deceptive software

>> http://support.microsoft.com/kb/827315

>>

>> Run a /thorough/ check for hijackware, including posting your hijackthis

>> log to an appropriate forum.

>>

>> Checking for/Help with Hijackware

>> http://aumha.org/a/parasite.htm

>> http://aumha.org/a/quickfix.htm

>> http://aumha.net/viewtopic.php?t=5878

>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

>> http://mvps.org/winhelp2002/unwanted.htm

>> http://inetexplorer.mvps.org/data/prevention.htm

>> http://inetexplorer.mvps.org/tshoot.html

>> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> http://defendingyourmachine2.blogspot.com/

>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>

>> When all else fails, HijackThis v2.0.2

>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>> (in conjuction with some other utilities). HijackThis will NOT fix

>> anything on its own, but it will help you to both identify and remove any

>> hijackware/spyware with assistance from an expert. **Post your log to

>> http://aumha.net/viewforum.php?f=30,

>> http://forums.spybot.info/forumdisplay.php?f=22,

>> http://castlecops.com/forum67.html, or other appropriate forums for

>> review

>> by an expert in such matters, not here.**

>>

>> If the procedures look too complex - and there is no shame in admitting

>> this isn't your cup of tea - take the machine to a local, reputable and

>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair

>> shop.

>>

>> --

>> ~Robear Dyer (PA Bear)

>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>> AumHa VSOP & Admin http://aumha.net

>> DTS-L http://dts-l.net/

>>

>> TrevorJ wrote:

>>> Thanks again for your input.

>>> Just done all you suggest (but I don't know what you mean by 'Background

>>> Intellegent Transfer'), but svchost still takes up to 99% processor

>>> time.

>>> A

>>> manual check on Windows update sticks on 'Checking your system for

>>> latest

>>> updates' (or something like that) It did not do this the first time I

>>> tried

>>> it this morning after switching off ZA and AVG.

>>> I have to end the scvhost process to do anything with the computer.

>>> All AV and antiSpyware and ZA off.

>>> Please clkarify how to get the log, you seem to have missed the critical

>>> bit

>>> about what to paste into the Run dialog. Please repeat.

>>> Trevor

>>>

>>> "TrevorJ" wrote:

>>>

>>>> Just done The RealTruth's svhosts patch, switched off AVGa and ZA,

>>>> Update

>>>> site responds OK without a 98% cpu useage. There were no updates, so I

>>>> will

>>>> try again later, and see if the comp locks up on a restart.

>>>> I will close the loop here once I think have fixed the prob.

>>>> Thanks again for the pointers

>>>>

>>>> "TrevorJ" wrote:

>>>>

>>>>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have

>>>>> tried

>>>>> switching ZA off to no avail. I'll try the other suggestions

>>>>> latertoday

>>>>> when I have time. PS my Vista Lappie does not have this problem.

>>>>>

>>>>> Thanks for now, will report back later

>>>>>

>>>>> "MowGreen [MVP]" wrote:

>>>>>

>>>>>> This issue should *not* be occurring after the application of SP3 and

>>>>>> had been addressed in prior KB articles.

>>>>>>

>>>>>> What is the installed antivirus\security software and is a 3rd party

>>>>>> firewall being used ?

>>>>>> Is/are they configured to scan this location ? -

>>>>>> WINDOWS\SoftwareDistribution\DataStore

>>>>>>

>>>>>> If it/they are, then please exclude that location from any real-time

>>>>>> monitoring or scanning.

>>>>>>

>>>>>> Then do a manual visit to Windows Update with the AU service set to

>>>>>> Automatic and the Background Intelligent Transfer service set to

>>>>>> Manual.

>>>>>>

>>>>>> What happened when you did that ?

>>>>>>

>>>>>> Next, go to Start > Run > type in or copy&paste the below into the

>>>>>> Open:

>>>>>> line and then click OK or press Enter.

>>>>>> The WindowsUpdate.log will open.

>>>>>> Scroll all the way to the bottom for the most recent entries.

>>>>>> Copy and paste the last 50 or so lines into your reply, Trevor.

>>>>>>

>>>>>> MowGreen [MVP 2003-2008]

>>>>>> ===============

>>>>>> *-343-* FDNY

>>>>>> Never Forgotten

>>>>>> ===============

>>>>>>

>>>>>> TrevorJ wrote:

>>>>>>

>>>>>>> I have XP SP3 installed and when (I think it's) Windows update

>>>>>>> accesses

>>>>>>> the internet just after startup, the rest of the computer almost

>>>>>>> comes

>>>>>>> to a standstill. If I start Task manager > Processes one of the

>>>>>>> several

>>>>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4

>>>>>>> mins

>>>>>>> after startup. I have 'Download updates and let me choose..' set.

>>>>>>> If I select 'Turn off Automatic Updates' my computer starts

>>>>>>> normally.

>>>>>>> This has developed lately, but I cannot deffinitely associate it

>>>>>>> with

>>>>>>> the installation of SP3.

>>>>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband

>>>>>>> connection.

>>>>>>> Any suggestions would be more than welcome.

August 18, 2008

Re: Windows Update nearly kills my computer

Thanks again. I am at present running all the anti malware programs as

recommended by Major Geeks. I will be submitting the reports to them for

analysis. There was no malware detected on my machine, just a few tracking

cookies. I have also run AVG free which detected nothing untoward.

Still MS Update pretty much kills the machine and system restore fails to

restore as well; even to a point deliberately set last night.

As I said before, the processor goes up to 97 - 99% on the update task. This

can last several mins.

Here is a log of last couple of attempts of update. The latest one shows a 2

min gap between 09:50:30 and 09:52:44 at which time the processor was flat

out on the svc task.

2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing

Automatic Updates ###########

2008-08-18 08:57:41:968 1344 31c Service *********

2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit

[Exit code = 0x240001]

2008-08-18 08:57:41:968 1344 31c Service *************

2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized

(build: 7.0.6000.381, tz: +0100) ===========

2008-08-18 08:59:18:437 1300 5b8 Misc = Process:

C:\WINDOWS\System32\svchost.exe

2008-08-18 08:59:18:468 1300 5b8 Misc = Module:

C:\WINDOWS\system32\wuaueng.dll

2008-08-18 08:59:18:375 1300 5b8 Service *************

2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup

2008-08-18 08:59:18:468 1300 5b8 Service *********

2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381

2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory:

C:\WINDOWS\SoftwareDistribution

2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy

2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected

2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

Windows Update Agent ***********

2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

global settings cache ***********

2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL>

2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL>

2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned

Computers)

2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No

2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0

downloads

2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic

Updates ###########

2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify

(User preference)

2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User

preference)

2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization

2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing

static reporting data ***********

2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792

2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2

2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID

2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00

2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS

2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date =

2005-04-01T00:00:00

2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057

2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing

Automatic Updates ###########

2008-08-18 09:22:48:515 1300 5b8 Service *********

2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit

[Exit code = 0x240001]

2008-08-18 09:22:48:515 1300 5b8 Service *************

2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized

(build: 7.0.6000.381, tz: +0100) ===========

2008-08-18 09:27:39:421 1344 1a8 Misc = Process:

C:\WINDOWS\System32\svchost.exe

2008-08-18 09:27:39:421 1344 1a8 Misc = Module:

C:\WINDOWS\system32\wuaueng.dll

2008-08-18 09:27:39:062 1344 1a8 Service *************

2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup

2008-08-18 09:27:39:421 1344 1a8 Service *********

2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381

2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory:

C:\WINDOWS\SoftwareDistribution

2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy

2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected

2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

Windows Update Agent ***********

2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

global settings cache ***********

2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL>

2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL>

2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned

Computers)

2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No

2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0

downloads

2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic

Updates ###########

2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify

(User preference)

2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User

preference)

2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization

2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing

static reporting data ***********

2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792

2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2

2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID

2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00

2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS

2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date =

2005-04-01T00:00:00

2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057

2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing

Automatic Updates ###########

2008-08-18 09:30:03:937 1344 1a8 Service *********

2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit

[Exit code = 0x240001]

2008-08-18 09:30:03:937 1344 1a8 Service *************

2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized

(build: 7.0.6000.381, tz: +0100) ===========

2008-08-18 09:34:39:015 1344 10c Misc = Process:

C:\WINDOWS\System32\svchost.exe

2008-08-18 09:34:39:015 1344 10c Misc = Module:

C:\WINDOWS\system32\wuaueng.dll

2008-08-18 09:34:38:750 1344 10c Service *************

2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup

2008-08-18 09:34:39:015 1344 10c Service *********

2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381

2008-08-18 09:34:39:140 1344 10c Agent * Base directory:

C:\WINDOWS\SoftwareDistribution

2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy

2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected

2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

Windows Update Agent ***********

2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

global settings cache ***********

2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL>

2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL>

2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned

Computers)

2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No

2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0

downloads

2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic

Updates ###########

2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify

(User preference)

2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User

preference)

2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization

2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing

static reporting data ***********

2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792

2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2

2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID

2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00

2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS

2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date =

2005-04-01T00:00:00

2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057

2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing

Automatic Updates ###########

2008-08-18 09:50:30:671 1344 10c Service *********

2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit

[Exit code = 0x240001]

2008-08-18 09:50:30:671 1344 10c Service *************

2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized

(build: 7.0.6000.381, tz: +0100) ===========

2008-08-18 09:52:44:265 1344 6d0 Misc = Process:

C:\WINDOWS\System32\svchost.exe

2008-08-18 09:52:44:265 1344 6d0 Misc = Module:

C:\WINDOWS\system32\wuaueng.dll

2008-08-18 09:52:44:015 1344 6d0 Service *************

2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup

2008-08-18 09:52:44:281 1344 6d0 Service *********

2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381

2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory:

C:\WINDOWS\SoftwareDistribution

2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy

2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected

2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

Windows Update Agent ***********

2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

global settings cache ***********

2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL>

2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL>

2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned

Computers)

2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No

2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0

downloads

2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic

Updates ###########

2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify

(User preference)

2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User

preference)

2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization

2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing

static reporting data ***********

2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792

2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2

2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID

2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00

2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS

2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date =

2005-04-01T00:00:00

2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057

"PA Bear [MS MVP]" wrote:

> Repost:

> >> When all else fails, HijackThis v2.0.2

> >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >> (in conjuction with some other utilities). HijackThis will NOT fix

> >> anything on its own, but it will help you to both identify and remove any

> >> hijackware/spyware with assistance from an expert. **Post your log to

> >> http://aumha.net/viewforum.php?f=30,

> >> http://forums.spybot.info/forumdisplay.php?f=22,

> >> http://castlecops.com/forum67.html, or other appropriate forums for

> >> review

> >> by an expert in such matters, not here.**

>

> TrevorJ wrote:

> > Thanks again. I have now done a few checks and it gets worse. I can now no

> > longer access Task Manager and cannot restore to an earlier date. I

> > think

> > it's time I reinstated the Acronis image I made a few months ago before it

> > all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

> > but at least I'll feel more confident that I havn't caught anything nasty.

> > BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

> > from

> > the net.

> > Thanks again.

> > Trev

> >

> > "PA Bear [MS MVP]" wrote:

> >

> >> Unexplained computer behavior may be caused by deceptive software

> >> http://support.microsoft.com/kb/827315

> >>

> >> Run a /thorough/ check for hijackware, including posting your hijackthis

> >> log to an appropriate forum.

> >>

> >> Checking for/Help with Hijackware

> >> http://aumha.org/a/parasite.htm

> >> http://aumha.org/a/quickfix.htm

> >> http://aumha.net/viewtopic.php?t=5878

> >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> >> http://mvps.org/winhelp2002/unwanted.htm

> >> http://inetexplorer.mvps.org/data/prevention.htm

> >> http://inetexplorer.mvps.org/tshoot.html

> >> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> >> http://defendingyourmachine2.blogspot.com/

> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware

> >>

> >> When all else fails, HijackThis v2.0.2

> >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >> (in conjuction with some other utilities). HijackThis will NOT fix

> >> anything on its own, but it will help you to both identify and remove any

> >> hijackware/spyware with assistance from an expert. **Post your log to

> >> http://aumha.net/viewforum.php?f=30,

> >> http://forums.spybot.info/forumdisplay.php?f=22,

> >> http://castlecops.com/forum67.html, or other appropriate forums for

> >> review

> >> by an expert in such matters, not here.**

> >>

> >> If the procedures look too complex - and there is no shame in admitting

> >> this isn't your cup of tea - take the machine to a local, reputable and

> >> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair

> >> shop.

> >>

> >> --

> >> ~Robear Dyer (PA Bear)

> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> >> AumHa VSOP & Admin http://aumha.net

> >> DTS-L http://dts-l.net/

> >>

> >> TrevorJ wrote:

> >>> Thanks again for your input.

> >>> Just done all you suggest (but I don't know what you mean by 'Background

> >>> Intellegent Transfer'), but svchost still takes up to 99% processor

> >>> time.

> >>> A

> >>> manual check on Windows update sticks on 'Checking your system for

> >>> latest

> >>> updates' (or something like that) It did not do this the first time I

> >>> tried

> >>> it this morning after switching off ZA and AVG.

> >>> I have to end the scvhost process to do anything with the computer.

> >>> All AV and antiSpyware and ZA off.

> >>> Please clkarify how to get the log, you seem to have missed the critical

> >>> bit

> >>> about what to paste into the Run dialog. Please repeat.

> >>> Trevor

> >>>

> >>> "TrevorJ" wrote:

> >>>

> >>>> Just done The RealTruth's svhosts patch, switched off AVGa and ZA,

> >>>> Update

> >>>> site responds OK without a 98% cpu useage. There were no updates, so I

> >>>> will

> >>>> try again later, and see if the comp locks up on a restart.

> >>>> I will close the loop here once I think have fixed the prob.

> >>>> Thanks again for the pointers

> >>>>

> >>>> "TrevorJ" wrote:

> >>>>

> >>>>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have

> >>>>> tried

> >>>>> switching ZA off to no avail. I'll try the other suggestions

> >>>>> latertoday

> >>>>> when I have time. PS my Vista Lappie does not have this problem.

> >>>>>

> >>>>> Thanks for now, will report back later

> >>>>>

> >>>>> "MowGreen [MVP]" wrote:

> >>>>>

> >>>>>> This issue should *not* be occurring after the application of SP3 and

> >>>>>> had been addressed in prior KB articles.

> >>>>>>

> >>>>>> What is the installed antivirus\security software and is a 3rd party

> >>>>>> firewall being used ?

> >>>>>> Is/are they configured to scan this location ? -

> >>>>>> WINDOWS\SoftwareDistribution\DataStore

> >>>>>>

> >>>>>> If it/they are, then please exclude that location from any real-time

> >>>>>> monitoring or scanning.

> >>>>>>

> >>>>>> Then do a manual visit to Windows Update with the AU service set to

> >>>>>> Automatic and the Background Intelligent Transfer service set to

> >>>>>> Manual.

> >>>>>>

> >>>>>> What happened when you did that ?

> >>>>>>

> >>>>>> Next, go to Start > Run > type in or copy&paste the below into the

> >>>>>> Open:

> >>>>>> line and then click OK or press Enter.

> >>>>>> The WindowsUpdate.log will open.

> >>>>>> Scroll all the way to the bottom for the most recent entries.

> >>>>>> Copy and paste the last 50 or so lines into your reply, Trevor.

> >>>>>>

> >>>>>> MowGreen [MVP 2003-2008]

> >>>>>> ===============

> >>>>>> *-343-* FDNY

> >>>>>> Never Forgotten

> >>>>>> ===============

> >>>>>>

> >>>>>> TrevorJ wrote:

> >>>>>>

> >>>>>>> I have XP SP3 installed and when (I think it's) Windows update

> >>>>>>> accesses

> >>>>>>> the internet just after startup, the rest of the computer almost

> >>>>>>> comes

> >>>>>>> to a standstill. If I start Task manager > Processes one of the

> >>>>>>> several

> >>>>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4

> >>>>>>> mins

> >>>>>>> after startup. I have 'Download updates and let me choose..' set.

> >>>>>>> If I select 'Turn off Automatic Updates' my computer starts

> >>>>>>> normally.

> >>>>>>> This has developed lately, but I cannot deffinitely associate it

> >>>>>>> with

> >>>>>>> the installation of SP3.

> >>>>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband

> >>>>>>> connection.

> >>>>>>> Any suggestions would be more than welcome.

>

August 18, 2008

Re: Windows Update nearly kills my computer

svchost needs to be allowed to contact the update servers, Trevor. Is ZA

blocking it ?

BITS is Background Intelligent File Transfer service [sorry about

leaving out File ;) ]

The 'RealTruth' is a troll who suffers from a mental disorder brought

about by a car accident. Ignore 'it' for the sake of your system's

health, please.

The WU.log is fine and will not show CPU useage.

> All AV and antiSpyware and ZA off.

What other anti-spyware software is installed, Trevor. And, was the

native XP firewall enabled with ZA off ?

> I can now no

> longer access Task Manager and cannot restore to an earlier date.

That's definitely a sign that something is "not right". Either the OS

needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

downhill since Checkpoint took it over.

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

TrevorJ wrote:

> Thanks again. I am at present running all the anti malware programs as

> recommended by Major Geeks. I will be submitting the reports to them for

> analysis. There was no malware detected on my machine, just a few tracking

> cookies. I have also run AVG free which detected nothing untoward.

> Still MS Update pretty much kills the machine and system restore fails to

> restore as well; even to a point deliberately set last night.

>

> As I said before, the processor goes up to 97 - 99% on the update task. This

> can last several mins.

> Here is a log of last couple of attempts of update. The latest one shows a 2

> min gap between 09:50:30 and 09:52:44 at which time the processor was flat

> out on the svc task.

>

> 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing

> Automatic Updates ###########

> 2008-08-18 08:57:41:968 1344 31c Service *********

> 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit

> [Exit code = 0x240001]

> 2008-08-18 08:57:41:968 1344 31c Service *************

> 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized

> (build: 7.0.6000.381, tz: +0100) ===========

> 2008-08-18 08:59:18:437 1300 5b8 Misc = Process:

> C:\WINDOWS\System32\svchost.exe

> 2008-08-18 08:59:18:468 1300 5b8 Misc = Module:

> C:\WINDOWS\system32\wuaueng.dll

> 2008-08-18 08:59:18:375 1300 5b8 Service *************

> 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup

> 2008-08-18 08:59:18:468 1300 5b8 Service *********

> 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381

> 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory:

> C:\WINDOWS\SoftwareDistribution

> 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy

> 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected

> 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> Windows Update Agent ***********

> 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> global settings cache ***********

> 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL>

> 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL>

> 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned

> Computers)

> 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No

> 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0

> downloads

> 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic

> Updates ###########

> 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify

> (User preference)

> 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User

> preference)

> 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization

> 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing

> static reporting data ***********

> 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792

> 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2

> 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID

> 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00

> 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS

> 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date =

> 2005-04-01T00:00:00

> 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057

> 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing

> Automatic Updates ###########

> 2008-08-18 09:22:48:515 1300 5b8 Service *********

> 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit

> [Exit code = 0x240001]

> 2008-08-18 09:22:48:515 1300 5b8 Service *************

> 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized

> (build: 7.0.6000.381, tz: +0100) ===========

> 2008-08-18 09:27:39:421 1344 1a8 Misc = Process:

> C:\WINDOWS\System32\svchost.exe

> 2008-08-18 09:27:39:421 1344 1a8 Misc = Module:

> C:\WINDOWS\system32\wuaueng.dll

> 2008-08-18 09:27:39:062 1344 1a8 Service *************

> 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup

> 2008-08-18 09:27:39:421 1344 1a8 Service *********

> 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381

> 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory:

> C:\WINDOWS\SoftwareDistribution

> 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy

> 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected

> 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> Windows Update Agent ***********

> 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> global settings cache ***********

> 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL>

> 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL>

> 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned

> Computers)

> 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No

> 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0

> downloads

> 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic

> Updates ###########

> 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify

> (User preference)

> 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User

> preference)

> 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization

> 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing

> static reporting data ***********

> 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792

> 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2

> 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID

> 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00

> 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS

> 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date =

> 2005-04-01T00:00:00

> 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057

> 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing

> Automatic Updates ###########

> 2008-08-18 09:30:03:937 1344 1a8 Service *********

> 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit

> [Exit code = 0x240001]

> 2008-08-18 09:30:03:937 1344 1a8 Service *************

> 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized

> (build: 7.0.6000.381, tz: +0100) ===========

> 2008-08-18 09:34:39:015 1344 10c Misc = Process:

> C:\WINDOWS\System32\svchost.exe

> 2008-08-18 09:34:39:015 1344 10c Misc = Module:

> C:\WINDOWS\system32\wuaueng.dll

> 2008-08-18 09:34:38:750 1344 10c Service *************

> 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup

> 2008-08-18 09:34:39:015 1344 10c Service *********

> 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381

> 2008-08-18 09:34:39:140 1344 10c Agent * Base directory:

> C:\WINDOWS\SoftwareDistribution

> 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy

> 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected

> 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> Windows Update Agent ***********

> 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> global settings cache ***********

> 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL>

> 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL>

> 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned

> Computers)

> 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No

> 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0

> downloads

> 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic

> Updates ###########

> 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify

> (User preference)

> 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User

> preference)

> 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization

> 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing

> static reporting data ***********

> 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792

> 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2

> 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID

> 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00

> 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS

> 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date =

> 2005-04-01T00:00:00

> 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057

> 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing

> Automatic Updates ###########

> 2008-08-18 09:50:30:671 1344 10c Service *********

> 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit

> [Exit code = 0x240001]

> 2008-08-18 09:50:30:671 1344 10c Service *************

> 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized

> (build: 7.0.6000.381, tz: +0100) ===========

> 2008-08-18 09:52:44:265 1344 6d0 Misc = Process:

> C:\WINDOWS\System32\svchost.exe

> 2008-08-18 09:52:44:265 1344 6d0 Misc = Module:

> C:\WINDOWS\system32\wuaueng.dll

> 2008-08-18 09:52:44:015 1344 6d0 Service *************

> 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup

> 2008-08-18 09:52:44:281 1344 6d0 Service *********

> 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381

> 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory:

> C:\WINDOWS\SoftwareDistribution

> 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy

> 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected

> 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> Windows Update Agent ***********

> 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> global settings cache ***********

> 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL>

> 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL>

> 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned

> Computers)

> 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No

> 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0

> downloads

> 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic

> Updates ###########

> 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify

> (User preference)

> 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User

> preference)

> 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization

> 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing

> static reporting data ***********

> 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792

> 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2

> 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID

> 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00

> 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS

> 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date =

> 2005-04-01T00:00:00

> 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057

>

> "PA Bear [MS MVP]" wrote:

>

>>Repost:

>>

>>>>When all else fails, HijackThis v2.0.2

>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>>>>(in conjuction with some other utilities). HijackThis will NOT fix

>>>>anything on its own, but it will help you to both identify and remove any

>>>>hijackware/spyware with assistance from an expert. **Post your log to

>>>>http://aumha.net/viewforum.php?f=30,

>>>>http://forums.spybot.info/forumdisplay.php?f=22,

>>>>http://castlecops.com/forum67.html, or other appropriate forums for

>>>>review

>>>>by an expert in such matters, not here.**

>>

>>TrevorJ wrote:

>>

>>>Thanks again. I have now done a few checks and it gets worse. I can now no

>>>longer access Task Manager and cannot restore to an earlier date. I

>>>think

>>>it's time I reinstated the Acronis image I made a few months ago before it

>>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

>>>but at least I'll feel more confident that I havn't caught anything nasty.

>>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

>>>from

>>>the net.

>>>Thanks again.

>>>Trev

>>>

>>>"PA Bear [MS MVP]" wrote:

>>>

>>>>Unexplained computer behavior may be caused by deceptive software

>>>>http://support.microsoft.com/kb/827315

>>>>

>>>>Run a /thorough/ check for hijackware, including posting your hijackthis

>>>>log to an appropriate forum.

>>>>

>>>>Checking for/Help with Hijackware

>>>>http://aumha.org/a/parasite.htm

>>>> http://aumha.org/a/quickfix.htm

>>>> http://aumha.net/viewtopic.php?t=5878

>>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

>>>>http://mvps.org/winhelp2002/unwanted.htm

>>>>http://inetexplorer.mvps.org/data/prevention.htm

>>>> http://inetexplorer.mvps.org/tshoot.html

>>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>http://defendingyourmachine2.blogspot.com/

>>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>

>>>>When all else fails, HijackThis v2.0.2

>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>>>>(in conjuction with some other utilities). HijackThis will NOT fix

>>>>anything on its own, but it will help you to both identify and remove any

>>>>hijackware/spyware with assistance from an expert. **Post your log to

>>>>http://aumha.net/viewforum.php?f=30,

>>>>http://forums.spybot.info/forumdisplay.php?f=22,

>>>>http://castlecops.com/forum67.html, or other appropriate forums for

>>>>review

>>>>by an expert in such matters, not here.**

>>>>

>>>>If the procedures look too complex - and there is no shame in admitting

>>>>this isn't your cup of tea - take the machine to a local, reputable and

>>>>independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair

>>>>shop.

>>>>

>>>>--

>>>>~Robear Dyer (PA Bear)

>>>>MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>>>>AumHa VSOP & Admin http://aumha.net

>>>>DTS-L http://dts-l.net/

>>>>

>>>>TrevorJ wrote:

>>>>

>>>>>Thanks again for your input.

>>>>>Just done all you suggest (but I don't know what you mean by 'Background

>>>>>Intellegent Transfer'), but svchost still takes up to 99% processor

>>>>>time.

>>>>>A

>>>>>manual check on Windows update sticks on 'Checking your system for

>>>>>latest

>>>>>updates' (or something like that) It did not do this the first time I

>>>>>tried

>>>>>it this morning after switching off ZA and AVG.

>>>>>I have to end the scvhost process to do anything with the computer.

>>>>>All AV and antiSpyware and ZA off.

>>>>>Please clkarify how to get the log, you seem to have missed the critical

>>>>>bit

>>>>>about what to paste into the Run dialog. Please repeat.

>>>>>Trevor

>>>>>

>>>>>"TrevorJ" wrote:

>>>>>

>>>>>>Just done The RealTruth's svhosts patch, switched off AVGa and ZA,

>>>>>>Update

>>>>>>site responds OK without a 98% cpu useage. There were no updates, so I

>>>>>>will

>>>>>>try again later, and see if the comp locks up on a restart.

>>>>>>I will close the loop here once I think have fixed the prob.

>>>>>>Thanks again for the pointers

>>>>>>

>>>>>>"TrevorJ" wrote:

>>>>>>

>>>>>>>Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have

>>>>>>>tried

>>>>>>>switching ZA off to no avail. I'll try the other suggestions

>>>>>>>latertoday

>>>>>>>when I have time. PS my Vista Lappie does not have this problem.

>>>>>>>

>>>>>>>Thanks for now, will report back later

>>>>>>>

>>>>>>>"MowGreen [MVP]" wrote:

>>>>>>>

>>>>>>>>This issue should *not* be occurring after the application of SP3 and

>>>>>>>>had been addressed in prior KB articles.

>>>>>>>>

>>>>>>>>What is the installed antivirus\security software and is a 3rd party

>>>>>>>>firewall being used ?

>>>>>>>>Is/are they configured to scan this location ? -

>>>>>>>>WINDOWS\SoftwareDistribution\DataStore

>>>>>>>>

>>>>>>>>If it/they are, then please exclude that location from any real-time

>>>>>>>>monitoring or scanning.

>>>>>>>>

>>>>>>>>Then do a manual visit to Windows Update with the AU service set to

>>>>>>>>Automatic and the Background Intelligent Transfer service set to

>>>>>>>>Manual.

>>>>>>>>

>>>>>>>>What happened when you did that ?

>>>>>>>>

>>>>>>>>Next, go to Start > Run > type in or copy&paste the below into the

>>>>>>>>Open:

>>>>>>>>line and then click OK or press Enter.

>>>>>>>>The WindowsUpdate.log will open.

>>>>>>>>Scroll all the way to the bottom for the most recent entries.

>>>>>>>>Copy and paste the last 50 or so lines into your reply, Trevor.

>>>>>>>>

>>>>>>>>MowGreen [MVP 2003-2008]

>>>>>>>>===============

>>>>>>>> *-343-* FDNY

>>>>>>>>Never Forgotten

>>>>>>>>===============

>>>>>>>>

>>>>>>>>TrevorJ wrote:

>>>>>>>>

>>>>>>>>>I have XP SP3 installed and when (I think it's) Windows update

>>>>>>>>>accesses

>>>>>>>>>the internet just after startup, the rest of the computer almost

>>>>>>>>>comes

>>>>>>>>>to a standstill. If I start Task manager > Processes one of the

>>>>>>>>>several

>>>>>>>>>svchost.exe is taking 98-99% CPU time for about anything up to 4

>>>>>>>>>mins

>>>>>>>>>after startup. I have 'Download updates and let me choose..' set.

>>>>>>>>>If I select 'Turn off Automatic Updates' my computer starts

>>>>>>>>>normally.

>>>>>>>>>This has developed lately, but I cannot deffinitely associate it

>>>>>>>>>with

>>>>>>>>>the installation of SP3.

>>>>>>>>>System is Athlon 3200, 1GB ram big HD and a 6Meg broadband

>>>>>>>>>connection.

>>>>>>>>>Any suggestions would be more than welcome.

>>

August 19, 2008

Re: Windows Update nearly kills my computer

Thanks again.

I have now got Task Manager back. I poked the valur in the registry, and it

has stayed enabled since.

Although I have tried with ZA and AVG disabled, I will double check in

taskman that nothing else is running in the BG from ZA, Spybot etc. and try

again. I did an update last night and there was a 2 min 'Gap' in the log, and

another 4 min gap. The total time difference between start and end was 8 mins

IIRC.

Trevor

"MowGreen [MVP]" wrote:

> svchost needs to be allowed to contact the update servers, Trevor. Is ZA

> blocking it ?

>

> BITS is Background Intelligent File Transfer service [sorry about

> leaving out File ;) ]

> The 'RealTruth' is a troll who suffers from a mental disorder brought

> about by a car accident. Ignore 'it' for the sake of your system's

> health, please.

>

> The WU.log is fine and will not show CPU useage.

>

> > All AV and antiSpyware and ZA off.

>

> What other anti-spyware software is installed, Trevor. And, was the

> native XP firewall enabled with ZA off ?

>

> > I can now no

> > longer access Task Manager and cannot restore to an earlier date.

>

> That's definitely a sign that something is "not right". Either the OS

> needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

>

> BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

> downhill since Checkpoint took it over.

>

> MowGreen [MVP 2003-2008]

> ===============

> *-343-* FDNY

> Never Forgotten

> ===============

>

> TrevorJ wrote:

>

> > Thanks again. I am at present running all the anti malware programs as

> > recommended by Major Geeks. I will be submitting the reports to them for

> > analysis. There was no malware detected on my machine, just a few tracking

> > cookies. I have also run AVG free which detected nothing untoward.

> > Still MS Update pretty much kills the machine and system restore fails to

> > restore as well; even to a point deliberately set last night.

> >

> > As I said before, the processor goes up to 97 - 99% on the update task. This

> > can last several mins.

> > Here is a log of last couple of attempts of update. The latest one shows a 2

> > min gap between 09:50:30 and 09:52:44 at which time the processor was flat

> > out on the svc task.

> >

> > 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 08:57:41:968 1344 31c Service *********

> > 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 08:57:41:968 1344 31c Service *************

> > 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 08:59:18:437 1300 5b8 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 08:59:18:468 1300 5b8 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 08:59:18:375 1300 5b8 Service *************

> > 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup

> > 2008-08-18 08:59:18:468 1300 5b8 Service *********

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy

> > 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected

> > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL>

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No

> > 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization

> > 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057

> > 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:22:48:515 1300 5b8 Service *********

> > 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:22:48:515 1300 5b8 Service *************

> > 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:27:39:421 1344 1a8 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:27:39:421 1344 1a8 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:27:39:062 1344 1a8 Service *************

> > 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup

> > 2008-08-18 09:27:39:421 1344 1a8 Service *********

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy

> > 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected

> > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL>

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No

> > 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization

> > 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057

> > 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:30:03:937 1344 1a8 Service *********

> > 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:30:03:937 1344 1a8 Service *************

> > 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:34:39:015 1344 10c Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:34:39:015 1344 10c Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:34:38:750 1344 10c Service *************

> > 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup

> > 2008-08-18 09:34:39:015 1344 10c Service *********

> > 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:34:39:140 1344 10c Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy

> > 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected

> > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL>

> > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL>

> > 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No

> > 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization

> > 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2

> > 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057

> > 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:50:30:671 1344 10c Service *********

> > 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:50:30:671 1344 10c Service *************

> > 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:52:44:265 1344 6d0 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:52:44:265 1344 6d0 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:52:44:015 1344 6d0 Service *************

> > 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup

> > 2008-08-18 09:52:44:281 1344 6d0 Service *********

> > 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy

> > 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected

> > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL>

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No

> > 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization

> > 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2

> > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057

> >

> > "PA Bear [MS MVP]" wrote:

> >

> >>Repost:

> >>

> >>>>When all else fails, HijackThis v2.0.2

> >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >>>>(in conjuction with some other utilities). HijackThis will NOT fix

> >>>>anything on its own, but it will help you to both identify and remove any

> >>>>hijackware/spyware with assistance from an expert. **Post your log to

> >>>>http://aumha.net/viewforum.php?f=30,

> >>>>http://forums.spybot.info/forumdisplay.php?f=22,

> >>>>http://castlecops.com/forum67.html, or other appropriate forums for

> >>>>review

> >>>>by an expert in such matters, not here.**

> >>

> >>TrevorJ wrote:

> >>

> >>>Thanks again. I have now done a few checks and it gets worse. I can now no

> >>>longer access Task Manager and cannot restore to an earlier date. I

> >>>think

> >>>it's time I reinstated the Acronis image I made a few months ago before it

> >>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

> >>>but at least I'll feel more confident that I havn't caught anything nasty.

> >>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

> >>>from

> >>>the net.

> >>>Thanks again.

> >>>Trev

> >>>

> >>>"PA Bear [MS MVP]" wrote:

> >>>

> >>>>Unexplained computer behavior may be caused by deceptive software

> >>>>http://support.microsoft.com/kb/827315

> >>>>

> >>>>Run a /thorough/ check for hijackware, including posting your hijackthis

> >>>>log to an appropriate forum.

> >>>>

> >>>>Checking for/Help with Hijackware

> >>>>http://aumha.org/a/parasite.htm

> >>>> http://aumha.org/a/quickfix.htm

> >>>> http://aumha.net/viewtopic.php?t=5878

> >>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> >>>>http://mvps.org/winhelp2002/unwanted.htm

> >>>>http://inetexplorer.mvps.org/data/prevention.htm

> >>>> http://inetexplorer.mvps.org/tshoot.html

> >>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm

> >>>>http://defendingyourmachine2.blogspot.com/

> >>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware

> >>>>

> >>>>When all else fails, HijackThis v2.0.2

> >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >>>>(in conjuction with some other utilities). HijackThis will NOT fix

> >>>>anything on its own, but it will help you to both identify and remove any

> >>>>hijackware/spyware with assistance from an expert. **Post your log to

> >>>>http://aumha.net/viewforum.php?f=30,

> >>>>http://forums.spybot.info/forumdisplay.php?f=22,

August 19, 2008

Re: Windows Update nearly kills my computer

MowGreen.

I have just checked that no AV, ZA or ASpy are tasks running and made sure

Windows firewall Off. Did an update and it took from 16:17:08:703 until

16:21:50:140, nearly 5 mins before I 'got my computer back' with the svchost

running pretty much at 90 odd percent most of the time.

If I dump ZA, (I have noticed problems with my webmail caused by ZA that

was'n present until recently) Which would you suggest? Unfortunately I have

just recently renewed my subs to ZA for another year. Hey Ho, who cares? Not

me!

I also mentioned in passing that system restore was not working. What about

inserting the old XP CD and repairing windows? Is this likely to give a

result without a complete re-install (which of course I am trying to avoid.)

Trevor

> I can now no

> longer access Task Manager and cannot restore to an earlier date.

That's definitely a sign that something is "not right". Either the OS

needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

downhill since Checkpoint took it over.

"MowGreen [MVP]" wrote:

> svchost needs to be allowed to contact the update servers, Trevor. Is ZA

> blocking it ?

>

> BITS is Background Intelligent File Transfer service [sorry about

> leaving out File ;) ]

> The 'RealTruth' is a troll who suffers from a mental disorder brought

> about by a car accident. Ignore 'it' for the sake of your system's

> health, please.

>

> The WU.log is fine and will not show CPU useage.

>

> > All AV and antiSpyware and ZA off.

>

> What other anti-spyware software is installed, Trevor. And, was the

> native XP firewall enabled with ZA off ?

>

> > I can now no

> > longer access Task Manager and cannot restore to an earlier date.

>

> That's definitely a sign that something is "not right". Either the OS

> needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

>

> BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

> downhill since Checkpoint took it over.

>

> MowGreen [MVP 2003-2008]

> ===============

> *-343-* FDNY

> Never Forgotten

> ===============

>

> TrevorJ wrote:

>

> > Thanks again. I am at present running all the anti malware programs as

> > recommended by Major Geeks. I will be submitting the reports to them for

> > analysis. There was no malware detected on my machine, just a few tracking

> > cookies. I have also run AVG free which detected nothing untoward.

> > Still MS Update pretty much kills the machine and system restore fails to

> > restore as well; even to a point deliberately set last night.

> >

> > As I said before, the processor goes up to 97 - 99% on the update task. This

> > can last several mins.

> > Here is a log of last couple of attempts of update. The latest one shows a 2

> > min gap between 09:50:30 and 09:52:44 at which time the processor was flat

> > out on the svc task.

> >

> > 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 08:57:41:968 1344 31c Service *********

> > 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 08:57:41:968 1344 31c Service *************

> > 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 08:59:18:437 1300 5b8 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 08:59:18:468 1300 5b8 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 08:59:18:375 1300 5b8 Service *************

> > 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup

> > 2008-08-18 08:59:18:468 1300 5b8 Service *********

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy

> > 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected

> > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL>

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No

> > 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization

> > 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057

> > 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:22:48:515 1300 5b8 Service *********

> > 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:22:48:515 1300 5b8 Service *************

> > 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:27:39:421 1344 1a8 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:27:39:421 1344 1a8 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:27:39:062 1344 1a8 Service *************

> > 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup

> > 2008-08-18 09:27:39:421 1344 1a8 Service *********

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy

> > 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected

> > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL>

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No

> > 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization

> > 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057

> > 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:30:03:937 1344 1a8 Service *********

> > 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:30:03:937 1344 1a8 Service *************

> > 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:34:39:015 1344 10c Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:34:39:015 1344 10c Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:34:38:750 1344 10c Service *************

> > 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup

> > 2008-08-18 09:34:39:015 1344 10c Service *********

> > 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:34:39:140 1344 10c Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy

> > 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected

> > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL>

> > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL>

> > 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No

> > 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization

> > 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2

> > 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS

> > 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057

> > 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing

> > Automatic Updates ###########

> > 2008-08-18 09:50:30:671 1344 10c Service *********

> > 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit

> > [Exit code = 0x240001]

> > 2008-08-18 09:50:30:671 1344 10c Service *************

> > 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized

> > (build: 7.0.6000.381, tz: +0100) ===========

> > 2008-08-18 09:52:44:265 1344 6d0 Misc = Process:

> > C:\WINDOWS\System32\svchost.exe

> > 2008-08-18 09:52:44:265 1344 6d0 Misc = Module:

> > C:\WINDOWS\system32\wuaueng.dll

> > 2008-08-18 09:52:44:015 1344 6d0 Service *************

> > 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup

> > 2008-08-18 09:52:44:281 1344 6d0 Service *********

> > 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381

> > 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory:

> > C:\WINDOWS\SoftwareDistribution

> > 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy

> > 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected

> > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> > Windows Update Agent ***********

> > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

> > global settings cache ***********

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL>

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL>

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned

> > Computers)

> > 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No

> > 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0

> > downloads

> > 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic

> > Updates ###########

> > 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify

> > (User preference)

> > 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User

> > preference)

> > 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization

> > 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing

> > static reporting data ***********

> > 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792

> > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2

> > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date =

> > 2005-04-01T00:00:00

> > 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057

> >

> > "PA Bear [MS MVP]" wrote:

> >

> >>Repost:

> >>

> >>>>When all else fails, HijackThis v2.0.2

> >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >>>>(in conjuction with some other utilities). HijackThis will NOT fix

> >>>>anything on its own, but it will help you to both identify and remove any

> >>>>hijackware/spyware with assistance from an expert. **Post your log to

> >>>>http://aumha.net/viewforum.php?f=30,

> >>>>http://forums.spybot.info/forumdisplay.php?f=22,

> >>>>http://castlecops.com/forum67.html, or other appropriate forums for

> >>>>review

> >>>>by an expert in such matters, not here.**

> >>

> >>TrevorJ wrote:

> >>

> >>>Thanks again. I have now done a few checks and it gets worse. I can now no

> >>>longer access Task Manager and cannot restore to an earlier date. I

> >>>think

> >>>it's time I reinstated the Acronis image I made a few months ago before it

> >>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

> >>>but at least I'll feel more confident that I havn't caught anything nasty.

> >>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

> >>>from

> >>>the net.

> >>>Thanks again.

> >>>Trev

> >>>

> >>>"PA Bear [MS MVP]" wrote:

> >>>

> >>>>Unexplained computer behavior may be caused by deceptive software

> >>>>http://support.microsoft.com/kb/827315

> >>>>

> >>>>Run a /thorough/ check for hijackware, including posting your hijackthis

> >>>>log to an appropriate forum.

> >>>>

> >>>>Checking for/Help with Hijackware

> >>>>http://aumha.org/a/parasite.htm

> >>>> http://aumha.org/a/quickfix.htm

> >>>> http://aumha.net/viewtopic.php?t=5878

> >>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> >>>>http://mvps.org/winhelp2002/unwanted.htm

> >>>>http://inetexplorer.mvps.org/data/prevention.htm

> >>>> http://inetexplorer.mvps.org/tshoot.html

> >>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm

> >>>>http://defendingyourmachine2.blogspot.com/

> >>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware

> >>>>

> >>>>When all else fails, HijackThis v2.0.2

> >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> >>>>(in conjuction with some other utilities). HijackThis will NOT fix

> >>>>anything on its own, but it will help you to both identify and remove any

> >>>>hijackware/spyware with assistance from an expert. **Post your log to

> >>>>http://aumha.net/viewforum.php?f=30,

> >>>>http://forums.spybot.info/forumdisplay.php?f=22,

August 19, 2008

Re: Windows Update nearly kills my computer

What is " ASpy" ?

Was ZA active [ and AVG and "ASpy" ]when SP3 was installed and where was

SP3 obtained [ via Windows Update, Automatic Update, etc] ?

*Please do NOT allow the system on the net without at least enabling the

native XP firewall * It is not the cause of the CPU issue.

From a ZA User who had updating issues traced to ZA:

" Go to your ZASS Privacy Site List, click on the 'add' button, then

enter update.microsoft.com (if it isn't already there) and click 'ok'.

Now locate the new entry on the Site List, right click on it, then

select 'options'.

Next go through all three tabs to uncheck everything that is checked

clicking 'apply' as you go through. Finally clean your browser cache and

try the site again.

BTW, it is Mobile Code control blocking the ActiveX object. "

Online Armor Free is highly rated and so far, does not present the

issues that ZA does:

http://www.tallemu.com/free-firewall-protection-software.html

Is the system going accessing the net through a router ?

Let's check something else out, Trevor.

Show hidden files, folders, and system files:

http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp

Using Windows Explorer [ Start> All Programs> Accessories ]

navigate to

WINDOWS\SoftwareDistribution\DataStore

Right click DataStore.edb and choose Properties.

What is the file's size ?

Now open the

WINDOWS\SoftwareDistribution\Download subfolder

Click Edit, Select All

Now click File, Properties.

What is the size of all the files in Download ?

How many folders are present ?

Please answer all the questions so we can determine the cause of the

svchost|CPU issue.

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

TrevorJ wrote:

> MowGreen.

> I have just checked that no AV, ZA or ASpy are tasks running and made sure

> Windows firewall Off. Did an update and it took from 16:17:08:703 until

> 16:21:50:140, nearly 5 mins before I 'got my computer back' with the svchost

> running pretty much at 90 odd percent most of the time.

>

> If I dump ZA, (I have noticed problems with my webmail caused by ZA that

> was'n present until recently) Which would you suggest? Unfortunately I have

> just recently renewed my subs to ZA for another year. Hey Ho, who cares? Not

> me!

>

> I also mentioned in passing that system restore was not working. What about

> inserting the old XP CD and repairing windows? Is this likely to give a

> result without a complete re-install (which of course I am trying to avoid.)

> Trevor

>

>>I can now no

>>longer access Task Manager and cannot restore to an earlier date.

>

> That's definitely a sign that something is "not right". Either the OS

> needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

>

> BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

> downhill since Checkpoint took it over.

>

> "MowGreen [MVP]" wrote:

>

>>svchost needs to be allowed to contact the update servers, Trevor. Is ZA

>>blocking it ?

>>

>>BITS is Background Intelligent File Transfer service [sorry about

>>leaving out File ;) ]

>>The 'RealTruth' is a troll who suffers from a mental disorder brought

>>about by a car accident. Ignore 'it' for the sake of your system's

>>health, please.

>>

>>The WU.log is fine and will not show CPU useage.

>>

>>>All AV and antiSpyware and ZA off.

>>

>>What other anti-spyware software is installed, Trevor. And, was the

>>native XP firewall enabled with ZA off ?

>>

>>>I can now no

>>>longer access Task Manager and cannot restore to an earlier date.

>>

>>That's definitely a sign that something is "not right". Either the OS

>>needs to be reinstalled or there's some nasty 'unwanted visitors' resident.

>>

>>BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone

>>downhill since Checkpoint took it over.

>>

>>MowGreen [MVP 2003-2008]

>>===============

>> *-343-* FDNY

>>Never Forgotten

>>===============

>>

>>TrevorJ wrote:

>>

>>>Thanks again. I am at present running all the anti malware programs as

>>>recommended by Major Geeks. I will be submitting the reports to them for

>>>analysis. There was no malware detected on my machine, just a few tracking

>>>cookies. I have also run AVG free which detected nothing untoward.

>>>Still MS Update pretty much kills the machine and system restore fails to

>>>restore as well; even to a point deliberately set last night.

>>>

>>>As I said before, the processor goes up to 97 - 99% on the update task. This

>>>can last several mins.

>>>Here is a log of last couple of attempts of update. The latest one shows a 2

>>>min gap between 09:50:30 and 09:52:44 at which time the processor was flat

>>>out on the svc task.

>>>

>>>2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing

>>>Automatic Updates ###########

>>>2008-08-18 08:57:41:968 1344 31c Service *********

>>>2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit

>>>[Exit code = 0x240001]

>>>2008-08-18 08:57:41:968 1344 31c Service *************

>>>2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized

>>>(build: 7.0.6000.381, tz: +0100) ===========

>>>2008-08-18 08:59:18:437 1300 5b8 Misc = Process:

>>>C:\WINDOWS\System32\svchost.exe

>>>2008-08-18 08:59:18:468 1300 5b8 Misc = Module:

>>>C:\WINDOWS\system32\wuaueng.dll

>>>2008-08-18 08:59:18:375 1300 5b8 Service *************

>>>2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup

>>>2008-08-18 08:59:18:468 1300 5b8 Service *********

>>>2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381

>>>2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory:

>>>C:\WINDOWS\SoftwareDistribution

>>>2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy

>>>2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected

>>>2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

>>>Windows Update Agent ***********

>>>2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing

>>>global settings cache ***********

>>>2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL>

>>>2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL>

>>>2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned

>>>Computers)

>>>2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No

>>>2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0

>>>downloads

>>>2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic

>>>Updates ###########

>>>2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify

>>>(User preference)

>>>2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User

>>>preference)

>>>2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization

>>>2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing

>>>static reporting data ***********

>>>2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date =

>>>2005-04-01T00:00:00

>>>2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057

>>>2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing

>>>Automatic Updates ###########

>>>2008-08-18 09:22:48:515 1300 5b8 Service *********

>>>2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit

>>>[Exit code = 0x240001]

>>>2008-08-18 09:22:48:515 1300 5b8 Service *************

>>>2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized

>>>(build: 7.0.6000.381, tz: +0100) ===========

>>>2008-08-18 09:27:39:421 1344 1a8 Misc = Process:

>>>C:\WINDOWS\System32\svchost.exe

>>>2008-08-18 09:27:39:421 1344 1a8 Misc = Module:

>>>C:\WINDOWS\system32\wuaueng.dll

>>>2008-08-18 09:27:39:062 1344 1a8 Service *************

>>>2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup

>>>2008-08-18 09:27:39:421 1344 1a8 Service *********

>>>2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381

>>>2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory:

>>>C:\WINDOWS\SoftwareDistribution

>>>2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy

>>>2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected

>>>2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

>>>Windows Update Agent ***********

>>>2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing

>>>global settings cache ***********

>>>2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL>

>>>2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL>

>>>2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned

>>>Computers)

>>>2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No

>>>2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0

>>>downloads

>>>2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic

>>>Updates ###########

>>>2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify

>>>(User preference)

>>>2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User

>>>preference)

>>>2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization

>>>2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing

>>>static reporting data ***********

>>>2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date =

>>>2005-04-01T00:00:00

>>>2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057

>>>2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing

>>>Automatic Updates ###########

>>>2008-08-18 09:30:03:937 1344 1a8 Service *********

>>>2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit

>>>[Exit code = 0x240001]

>>>2008-08-18 09:30:03:937 1344 1a8 Service *************

>>>2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized

>>>(build: 7.0.6000.381, tz: +0100) ===========

>>>2008-08-18 09:34:39:015 1344 10c Misc = Process:

>>>C:\WINDOWS\System32\svchost.exe

>>>2008-08-18 09:34:39:015 1344 10c Misc = Module:

>>>C:\WINDOWS\system32\wuaueng.dll

>>>2008-08-18 09:34:38:750 1344 10c Service *************

>>>2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup

>>>2008-08-18 09:34:39:015 1344 10c Service *********

>>>2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381

>>>2008-08-18 09:34:39:140 1344 10c Agent * Base directory:

>>>C:\WINDOWS\SoftwareDistribution

>>>2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy

>>>2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected

>>>2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

>>>Windows Update Agent ***********

>>>2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing

>>>global settings cache ***********

>>>2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL>

>>>2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL>

>>>2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned

>>>Computers)

>>>2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No

>>>2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0

>>>downloads

>>>2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic

>>>Updates ###########

>>>2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify

>>>(User preference)

>>>2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User

>>>preference)

>>>2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization

>>>2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing

>>>static reporting data ***********

>>>2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792

>>>2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2

>>>2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID

>>>2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00

>>>2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS

>>>2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date =

>>>2005-04-01T00:00:00

>>>2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057

>>>2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing

>>>Automatic Updates ###########

>>>2008-08-18 09:50:30:671 1344 10c Service *********

>>>2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit

>>>[Exit code = 0x240001]

>>>2008-08-18 09:50:30:671 1344 10c Service *************

>>>2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized

>>>(build: 7.0.6000.381, tz: +0100) ===========

>>>2008-08-18 09:52:44:265 1344 6d0 Misc = Process:

>>>C:\WINDOWS\System32\svchost.exe

>>>2008-08-18 09:52:44:265 1344 6d0 Misc = Module:

>>>C:\WINDOWS\system32\wuaueng.dll

>>>2008-08-18 09:52:44:015 1344 6d0 Service *************

>>>2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup

>>>2008-08-18 09:52:44:281 1344 6d0 Service *********

>>>2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381

>>>2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory:

>>>C:\WINDOWS\SoftwareDistribution

>>>2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy

>>>2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected

>>>2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

>>>Windows Update Agent ***********

>>>2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing

>>>global settings cache ***********

>>>2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL>

>>>2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL>

>>>2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned

>>>Computers)

>>>2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No

>>>2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0

>>>downloads

>>>2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic

>>>Updates ###########

>>>2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify

>>>(User preference)

>>>2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User

>>>preference)

>>>2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization

>>>2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing

>>>static reporting data ***********

>>>2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792

>>>2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2

>>>2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID

>>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00

>>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS

>>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date =

>>>2005-04-01T00:00:00

>>>2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057

>>>

>>>"PA Bear [MS MVP]" wrote:

>>>

>>>>Repost:

>>>>

>>>>>>When all else fails, HijackThis v2.0.2

>>>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>>>>>>(in conjuction with some other utilities). HijackThis will NOT fix

>>>>>>anything on its own, but it will help you to both identify and remove any

>>>>>>hijackware/spyware with assistance from an expert. **Post your log to

>>>>>>http://aumha.net/viewforum.php?f=30,

>>>>>>http://forums.spybot.info/forumdisplay.php?f=22,

>>>>>>http://castlecops.com/forum67.html, or other appropriate forums for

>>>>>>review

>>>>>>by an expert in such matters, not here.**

>>>>

>>>>TrevorJ wrote:

>>>>

>>>>>Thanks again. I have now done a few checks and it gets worse. I can now no

>>>>>longer access Task Manager and cannot restore to an earlier date. I

>>>>>think

>>>>>it's time I reinstated the Acronis image I made a few months ago before it

>>>>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches,

>>>>>but at least I'll feel more confident that I havn't caught anything nasty.

>>>>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected

>>>>>from

>>>>>the net.

>>>>>Thanks again.

>>>>>Trev

>>>>>

>>>>>"PA Bear [MS MVP]" wrote:

>>>>>

>>>>>>Unexplained computer behavior may be caused by deceptive software

>>>>>>http://support.microsoft.com/kb/827315

>>>>>>

>>>>>>Run a /thorough/ check for hijackware, including posting your hijackthis

>>>>>>log to an appropriate forum.

>>>>>>

>>>>>>Checking for/Help with Hijackware

>>>>>>http://aumha.org/a/parasite.htm

>>>>>> http://aumha.org/a/quickfix.htm

>>>>>> http://aumha.net/viewtopic.php?t=5878

>>>>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

>>>>>>http://mvps.org/winhelp2002/unwanted.htm

>>>>>>http://inetexplorer.mvps.org/data/prevention.htm

>>>>>> http://inetexplorer.mvps.org/tshoot.html

>>>>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>http://defendingyourmachine2.blogspot.com/

>>>>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>

>>>>>>When all else fails, HijackThis v2.0.2

>>>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

>>>>>>(in conjuction with some other utilities). HijackThis will NOT fix

>>>>>>anything on its own, but it will help you to both identify and remove any

>>>>>>hijackware/spyware with assistance from an expert. **Post your log to

>>>>>>http://aumha.net/viewforum.php?f=30,

>>>>>>http://forums.spybot.info/forumdisplay.php?f=22,

Sign In

Windows Update nearly kills my computer

Recommended Posts

Guest TrevorJ

Popular Days

Popular Days

Guest MowGreen [MVP]

Guest The Real Truth MVP

Guest PA Bear [MS MVP]

Guest TrevorJ

Guest TrevorJ

Guest TrevorJ

Guest TrevorJ

Guest PA Bear [MS MVP]

Guest TrevorJ

Guest PA Bear [MS MVP]

Guest TrevorJ

Guest MowGreen [MVP]

Guest TrevorJ

Guest TrevorJ

Guest MowGreen [MVP]

Similar Content

computer at updating

Why are question sections nearly ALWAYS LOCKED?

Windows 11 stuck at 99% whilst resetting. It’s been nearly 24hrs….

Windows 11 updated

Amazon Is Trying to Kill the Meeting Before the Meeting

Browse

Activity

Site Info