Guest TrevorJ Posted August 15, 2008 Posted August 15, 2008 I have XP SP3 installed and when (I think it's) Windows update accesses the internet just after startup, the rest of the computer almost comes to a standstill. If I start Task manager > Processes one of the several svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after startup. I have 'Download updates and let me choose..' set. If I select 'Turn off Automatic Updates' my computer starts normally. This has developed lately, but I cannot deffinitely associate it with the installation of SP3. System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. Any suggestions would be more than welcome.
Guest MowGreen [MVP] Posted August 15, 2008 Posted August 15, 2008 Re: Windows Update nearly kills my computer This issue should *not* be occurring after the application of SP3 and had been addressed in prior KB articles. What is the installed antivirus\security software and is a 3rd party firewall being used ? Is/are they configured to scan this location ? - WINDOWS\SoftwareDistribution\DataStore If it/they are, then please exclude that location from any real-time monitoring or scanning. Then do a manual visit to Windows Update with the AU service set to Automatic and the Background Intelligent Transfer service set to Manual. What happened when you did that ? Next, go to Start > Run > type in or copy&paste the below into the Open: line and then click OK or press Enter. The WindowsUpdate.log will open. Scroll all the way to the bottom for the most recent entries. Copy and paste the last 50 or so lines into your reply, Trevor. MowGreen [MVP 2003-2008] =============== *-343-* FDNY Never Forgotten =============== TrevorJ wrote: > I have XP SP3 installed and when (I think it's) Windows update accesses the > internet just after startup, the rest of the computer almost comes to a > standstill. If I start Task manager > Processes one of the several > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after > startup. I have 'Download updates and let me choose..' set. > If I select 'Turn off Automatic Updates' my computer starts normally. This > has developed lately, but I cannot deffinitely associate it with the > installation of SP3. > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > Any suggestions would be more than welcome. >
Guest The Real Truth MVP Posted August 15, 2008 Posted August 15, 2008 Re: Windows Update nearly kills my computer Try my Svchosts Fix tool. Download it here http://pcbutts1.com/downloads/tools/tools.htm -- Cyberstalking is a crime. If you had one as bad as I did simply ignoring them is not an option. "TrevorJ" <TrevorJ@discussions.microsoft.com> wrote in message news:4BA897B1-351A-4F9D-9BF4-4F82572B63A5@microsoft.com... >I have XP SP3 installed and when (I think it's) Windows update accesses the > internet just after startup, the rest of the computer almost comes to a > standstill. If I start Task manager > Processes one of the several > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins > after > startup. I have 'Download updates and let me choose..' set. > If I select 'Turn off Automatic Updates' my computer starts normally. This > has developed lately, but I cannot deffinitely associate it with the > installation of SP3. > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > Any suggestions would be more than welcome. >
Guest PA Bear [MS MVP] Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Free unlimited installation and compatibility support is available for Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and e-mail support is available only in the United States and Canada. • US: http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131 • CA: http://support.microsoft.com/oas/default.aspx?ln=en-ca&prid=11273&gprid=522131 • UK: http://support.microsoft.com/oas/default.aspx?ln=en-gb&prid=11273&gprid=522131 • AU: http://support.microsoft.com/oas/default.aspx?ln=en-au&prid=11273&gprid=522131 • Other: http://support.microsoft.com/oas/default.aspx?gprid=1173 | select Windows XP | select Windows XP Service Pack 3 -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ TrevorJ wrote: > I have XP SP3 installed and when (I think it's) Windows update accesses > the > internet just after startup, the rest of the computer almost comes to a > standstill. If I start Task manager > Processes one of the several > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins > after > startup. I have 'Download updates and let me choose..' set. > If I select 'Turn off Automatic Updates' my computer starts normally. This > has developed lately, but I cannot deffinitely associate it with the > installation of SP3. > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > Any suggestions would be more than welcome.
Guest TrevorJ Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried switching ZA off to no avail. I'll try the other suggestions latertoday when I have time. PS my Vista Lappie does not have this problem. Thanks for now, will report back later "MowGreen [MVP]" wrote: > This issue should *not* be occurring after the application of SP3 and > had been addressed in prior KB articles. > > What is the installed antivirus\security software and is a 3rd party > firewall being used ? > Is/are they configured to scan this location ? - > WINDOWS\SoftwareDistribution\DataStore > > If it/they are, then please exclude that location from any real-time > monitoring or scanning. > > Then do a manual visit to Windows Update with the AU service set to > Automatic and the Background Intelligent Transfer service set to Manual. > > What happened when you did that ? > > Next, go to Start > Run > type in or copy&paste the below into the Open: > line and then click OK or press Enter. > The WindowsUpdate.log will open. > Scroll all the way to the bottom for the most recent entries. > Copy and paste the last 50 or so lines into your reply, Trevor. > > > MowGreen [MVP 2003-2008] > =============== > *-343-* FDNY > Never Forgotten > =============== > > > > TrevorJ wrote: > > > I have XP SP3 installed and when (I think it's) Windows update accesses the > > internet just after startup, the rest of the computer almost comes to a > > standstill. If I start Task manager > Processes one of the several > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after > > startup. I have 'Download updates and let me choose..' set. > > If I select 'Turn off Automatic Updates' my computer starts normally. This > > has developed lately, but I cannot deffinitely associate it with the > > installation of SP3. > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > > Any suggestions would be more than welcome. > > >
Guest TrevorJ Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Did that. Switched off ZA and AVG. Update site now does not seem to lock up computer. Now I have a better idea of What's wrong (hopefully) I'll try another update later today. "The Real Truth MVP" wrote: > Try my Svchosts Fix tool. Download it here > http://pcbutts1.com/downloads/tools/tools.htm > > > -- > Cyberstalking is a crime. If you had one as bad as I did simply ignoring > them is not an option. > > > > > "TrevorJ" <TrevorJ@discussions.microsoft.com> wrote in message > news:4BA897B1-351A-4F9D-9BF4-4F82572B63A5@microsoft.com... > >I have XP SP3 installed and when (I think it's) Windows update accesses the > > internet just after startup, the rest of the computer almost comes to a > > standstill. If I start Task manager > Processes one of the several > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins > > after > > startup. I have 'Download updates and let me choose..' set. > > If I select 'Turn off Automatic Updates' my computer starts normally. This > > has developed lately, but I cannot deffinitely associate it with the > > installation of SP3. > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > > Any suggestions would be more than welcome. > > > >
Guest TrevorJ Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update site responds OK without a 98% cpu useage. There were no updates, so I will try again later, and see if the comp locks up on a restart. I will close the loop here once I think have fixed the prob. Thanks again for the pointers "TrevorJ" wrote: > Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried > switching ZA off to no avail. I'll try the other suggestions latertoday when > I have time. PS my Vista Lappie does not have this problem. > > Thanks for now, will report back later > > > "MowGreen [MVP]" wrote: > > > This issue should *not* be occurring after the application of SP3 and > > had been addressed in prior KB articles. > > > > What is the installed antivirus\security software and is a 3rd party > > firewall being used ? > > Is/are they configured to scan this location ? - > > WINDOWS\SoftwareDistribution\DataStore > > > > If it/they are, then please exclude that location from any real-time > > monitoring or scanning. > > > > Then do a manual visit to Windows Update with the AU service set to > > Automatic and the Background Intelligent Transfer service set to Manual. > > > > What happened when you did that ? > > > > Next, go to Start > Run > type in or copy&paste the below into the Open: > > line and then click OK or press Enter. > > The WindowsUpdate.log will open. > > Scroll all the way to the bottom for the most recent entries. > > Copy and paste the last 50 or so lines into your reply, Trevor. > > > > > > MowGreen [MVP 2003-2008] > > =============== > > *-343-* FDNY > > Never Forgotten > > =============== > > > > > > > > TrevorJ wrote: > > > > > I have XP SP3 installed and when (I think it's) Windows update accesses the > > > internet just after startup, the rest of the computer almost comes to a > > > standstill. If I start Task manager > Processes one of the several > > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after > > > startup. I have 'Download updates and let me choose..' set. > > > If I select 'Turn off Automatic Updates' my computer starts normally. This > > > has developed lately, but I cannot deffinitely associate it with the > > > installation of SP3. > > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > > > Any suggestions would be more than welcome. > > > > >
Guest TrevorJ Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Thanks again for your input. Just done all you suggest (but I don't know what you mean by 'Background Intellegent Transfer'), but svchost still takes up to 99% processor time. A manual check on Windows update sticks on 'Checking your system for latest updates' (or something like that) It did not do this the first time I tried it this morning after switching off ZA and AVG. I have to end the scvhost process to do anything with the computer. All AV and antiSpyware and ZA off. Please clkarify how to get the log, you seem to have missed the critical bit about what to paste into the Run dialog. Please repeat. Trevor "TrevorJ" wrote: > Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update > site responds OK without a 98% cpu useage. There were no updates, so I will > try again later, and see if the comp locks up on a restart. > I will close the loop here once I think have fixed the prob. > Thanks again for the pointers > > "TrevorJ" wrote: > > > Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried > > switching ZA off to no avail. I'll try the other suggestions latertoday when > > I have time. PS my Vista Lappie does not have this problem. > > > > Thanks for now, will report back later > > > > > > "MowGreen [MVP]" wrote: > > > > > This issue should *not* be occurring after the application of SP3 and > > > had been addressed in prior KB articles. > > > > > > What is the installed antivirus\security software and is a 3rd party > > > firewall being used ? > > > Is/are they configured to scan this location ? - > > > WINDOWS\SoftwareDistribution\DataStore > > > > > > If it/they are, then please exclude that location from any real-time > > > monitoring or scanning. > > > > > > Then do a manual visit to Windows Update with the AU service set to > > > Automatic and the Background Intelligent Transfer service set to Manual. > > > > > > What happened when you did that ? > > > > > > Next, go to Start > Run > type in or copy&paste the below into the Open: > > > line and then click OK or press Enter. > > > The WindowsUpdate.log will open. > > > Scroll all the way to the bottom for the most recent entries. > > > Copy and paste the last 50 or so lines into your reply, Trevor. > > > > > > > > > MowGreen [MVP 2003-2008] > > > =============== > > > *-343-* FDNY > > > Never Forgotten > > > =============== > > > > > > > > > > > > TrevorJ wrote: > > > > > > > I have XP SP3 installed and when (I think it's) Windows update accesses the > > > > internet just after startup, the rest of the computer almost comes to a > > > > standstill. If I start Task manager > Processes one of the several > > > > svchost.exe is taking 98-99% CPU time for about anything up to 4 mins after > > > > startup. I have 'Download updates and let me choose..' set. > > > > If I select 'Turn off Automatic Updates' my computer starts normally. This > > > > has developed lately, but I cannot deffinitely associate it with the > > > > installation of SP3. > > > > System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > > > > Any suggestions would be more than welcome. > > > > > > >
Guest PA Bear [MS MVP] Posted August 16, 2008 Posted August 16, 2008 Re: Windows Update nearly kills my computer Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ TrevorJ wrote: > Thanks again for your input. > Just done all you suggest (but I don't know what you mean by 'Background > Intellegent Transfer'), but svchost still takes up to 99% processor time. > A > manual check on Windows update sticks on 'Checking your system for latest > updates' (or something like that) It did not do this the first time I > tried > it this morning after switching off ZA and AVG. > I have to end the scvhost process to do anything with the computer. > All AV and antiSpyware and ZA off. > Please clkarify how to get the log, you seem to have missed the critical > bit > about what to paste into the Run dialog. Please repeat. > Trevor > > > "TrevorJ" wrote: > >> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update >> site responds OK without a 98% cpu useage. There were no updates, so I >> will >> try again later, and see if the comp locks up on a restart. >> I will close the loop here once I think have fixed the prob. >> Thanks again for the pointers >> >> "TrevorJ" wrote: >> >>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried >>> switching ZA off to no avail. I'll try the other suggestions latertoday >>> when I have time. PS my Vista Lappie does not have this problem. >>> >>> Thanks for now, will report back later >>> >>> >>> "MowGreen [MVP]" wrote: >>> >>>> This issue should *not* be occurring after the application of SP3 and >>>> had been addressed in prior KB articles. >>>> >>>> What is the installed antivirus\security software and is a 3rd party >>>> firewall being used ? >>>> Is/are they configured to scan this location ? - >>>> WINDOWS\SoftwareDistribution\DataStore >>>> >>>> If it/they are, then please exclude that location from any real-time >>>> monitoring or scanning. >>>> >>>> Then do a manual visit to Windows Update with the AU service set to >>>> Automatic and the Background Intelligent Transfer service set to >>>> Manual. >>>> >>>> What happened when you did that ? >>>> >>>> Next, go to Start > Run > type in or copy&paste the below into the >>>> Open: >>>> line and then click OK or press Enter. >>>> The WindowsUpdate.log will open. >>>> Scroll all the way to the bottom for the most recent entries. >>>> Copy and paste the last 50 or so lines into your reply, Trevor. >>>> >>>> >>>> MowGreen [MVP 2003-2008] >>>> =============== >>>> *-343-* FDNY >>>> Never Forgotten >>>> =============== >>>> >>>> >>>> >>>> TrevorJ wrote: >>>> >>>>> I have XP SP3 installed and when (I think it's) Windows update >>>>> accesses >>>>> the internet just after startup, the rest of the computer almost comes >>>>> to a standstill. If I start Task manager > Processes one of the >>>>> several >>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins >>>>> after startup. I have 'Download updates and let me choose..' set. >>>>> If I select 'Turn off Automatic Updates' my computer starts normally. >>>>> This has developed lately, but I cannot deffinitely associate it with >>>>> the installation of SP3. >>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. >>>>> Any suggestions would be more than welcome.
Guest TrevorJ Posted August 17, 2008 Posted August 17, 2008 Re: Windows Update nearly kills my computer Thanks again. I have now done a few checks and it gets worse. I can now no longer access Task Manager and cannot restore to an earlier date. I think it's time I reinstated the Acronis image I made a few months ago before it all went wrong. OK, so I'll have to reapply SP3 and all the other patches, but at least I'll feel more confident that I havn't caught anything nasty. BTW, I am now using my laptop, and my 'dodgy' computer is disconnected from the net. Thanks again. Trev "PA Bear [MS MVP]" wrote: > Unexplained computer behavior may be caused by deceptive software > http://support.microsoft.com/kb/827315 > > Run a /thorough/ check for hijackware, including posting your hijackthis log > to an appropriate forum. > > Checking for/Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://aumha.net/viewtopic.php?t=5878 > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/data/prevention.htm > http://inetexplorer.mvps.org/tshoot.html > http://www.mvps.org/sramesh2k/Malware_Defence.htm > http://defendingyourmachine2.blogspot.com/ > http://www.elephantboycomputers.com/page2.html#Removing_Malware > > When all else fails, HijackThis v2.0.2 > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in > conjuction with some other utilities). HijackThis will NOT fix anything on > its own, but it will help you to both identify and remove any > hijackware/spyware with assistance from an expert. **Post your log to > http://aumha.net/viewforum.php?f=30, > http://forums.spybot.info/forumdisplay.php?f=22, > http://castlecops.com/forum67.html, or other appropriate forums for review > by an expert in such matters, not here.** > > If the procedures look too complex - and there is no shame in admitting this > isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. > > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > TrevorJ wrote: > > Thanks again for your input. > > Just done all you suggest (but I don't know what you mean by 'Background > > Intellegent Transfer'), but svchost still takes up to 99% processor time. > > A > > manual check on Windows update sticks on 'Checking your system for latest > > updates' (or something like that) It did not do this the first time I > > tried > > it this morning after switching off ZA and AVG. > > I have to end the scvhost process to do anything with the computer. > > All AV and antiSpyware and ZA off. > > Please clkarify how to get the log, you seem to have missed the critical > > bit > > about what to paste into the Run dialog. Please repeat. > > Trevor > > > > > > "TrevorJ" wrote: > > > >> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, Update > >> site responds OK without a 98% cpu useage. There were no updates, so I > >> will > >> try again later, and see if the comp locks up on a restart. > >> I will close the loop here once I think have fixed the prob. > >> Thanks again for the pointers > >> > >> "TrevorJ" wrote: > >> > >>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have tried > >>> switching ZA off to no avail. I'll try the other suggestions latertoday > >>> when I have time. PS my Vista Lappie does not have this problem. > >>> > >>> Thanks for now, will report back later > >>> > >>> > >>> "MowGreen [MVP]" wrote: > >>> > >>>> This issue should *not* be occurring after the application of SP3 and > >>>> had been addressed in prior KB articles. > >>>> > >>>> What is the installed antivirus\security software and is a 3rd party > >>>> firewall being used ? > >>>> Is/are they configured to scan this location ? - > >>>> WINDOWS\SoftwareDistribution\DataStore > >>>> > >>>> If it/they are, then please exclude that location from any real-time > >>>> monitoring or scanning. > >>>> > >>>> Then do a manual visit to Windows Update with the AU service set to > >>>> Automatic and the Background Intelligent Transfer service set to > >>>> Manual. > >>>> > >>>> What happened when you did that ? > >>>> > >>>> Next, go to Start > Run > type in or copy&paste the below into the > >>>> Open: > >>>> line and then click OK or press Enter. > >>>> The WindowsUpdate.log will open. > >>>> Scroll all the way to the bottom for the most recent entries. > >>>> Copy and paste the last 50 or so lines into your reply, Trevor. > >>>> > >>>> > >>>> MowGreen [MVP 2003-2008] > >>>> =============== > >>>> *-343-* FDNY > >>>> Never Forgotten > >>>> =============== > >>>> > >>>> > >>>> > >>>> TrevorJ wrote: > >>>> > >>>>> I have XP SP3 installed and when (I think it's) Windows update > >>>>> accesses > >>>>> the internet just after startup, the rest of the computer almost comes > >>>>> to a standstill. If I start Task manager > Processes one of the > >>>>> several > >>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 mins > >>>>> after startup. I have 'Download updates and let me choose..' set. > >>>>> If I select 'Turn off Automatic Updates' my computer starts normally. > >>>>> This has developed lately, but I cannot deffinitely associate it with > >>>>> the installation of SP3. > >>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband connection. > >>>>> Any suggestions would be more than welcome. > >
Guest PA Bear [MS MVP] Posted August 17, 2008 Posted August 17, 2008 Re: Windows Update nearly kills my computer Repost: >> When all else fails, HijackThis v2.0.2 >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >> (in conjuction with some other utilities). HijackThis will NOT fix >> anything on its own, but it will help you to both identify and remove any >> hijackware/spyware with assistance from an expert. **Post your log to >> http://aumha.net/viewforum.php?f=30, >> http://forums.spybot.info/forumdisplay.php?f=22, >> http://castlecops.com/forum67.html, or other appropriate forums for >> review >> by an expert in such matters, not here.** TrevorJ wrote: > Thanks again. I have now done a few checks and it gets worse. I can now no > longer access Task Manager and cannot restore to an earlier date. I > think > it's time I reinstated the Acronis image I made a few months ago before it > all went wrong. OK, so I'll have to reapply SP3 and all the other patches, > but at least I'll feel more confident that I havn't caught anything nasty. > BTW, I am now using my laptop, and my 'dodgy' computer is disconnected > from > the net. > Thanks again. > Trev > > "PA Bear [MS MVP]" wrote: > >> Unexplained computer behavior may be caused by deceptive software >> http://support.microsoft.com/kb/827315 >> >> Run a /thorough/ check for hijackware, including posting your hijackthis >> log to an appropriate forum. >> >> Checking for/Help with Hijackware >> http://aumha.org/a/parasite.htm >> http://aumha.org/a/quickfix.htm >> http://aumha.net/viewtopic.php?t=5878 >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction >> http://mvps.org/winhelp2002/unwanted.htm >> http://inetexplorer.mvps.org/data/prevention.htm >> http://inetexplorer.mvps.org/tshoot.html >> http://www.mvps.org/sramesh2k/Malware_Defence.htm >> http://defendingyourmachine2.blogspot.com/ >> http://www.elephantboycomputers.com/page2.html#Removing_Malware >> >> When all else fails, HijackThis v2.0.2 >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >> (in conjuction with some other utilities). HijackThis will NOT fix >> anything on its own, but it will help you to both identify and remove any >> hijackware/spyware with assistance from an expert. **Post your log to >> http://aumha.net/viewforum.php?f=30, >> http://forums.spybot.info/forumdisplay.php?f=22, >> http://castlecops.com/forum67.html, or other appropriate forums for >> review >> by an expert in such matters, not here.** >> >> If the procedures look too complex - and there is no shame in admitting >> this isn't your cup of tea - take the machine to a local, reputable and >> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair >> shop. >> >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> TrevorJ wrote: >>> Thanks again for your input. >>> Just done all you suggest (but I don't know what you mean by 'Background >>> Intellegent Transfer'), but svchost still takes up to 99% processor >>> time. >>> A >>> manual check on Windows update sticks on 'Checking your system for >>> latest >>> updates' (or something like that) It did not do this the first time I >>> tried >>> it this morning after switching off ZA and AVG. >>> I have to end the scvhost process to do anything with the computer. >>> All AV and antiSpyware and ZA off. >>> Please clkarify how to get the log, you seem to have missed the critical >>> bit >>> about what to paste into the Run dialog. Please repeat. >>> Trevor >>> >>> >>> "TrevorJ" wrote: >>> >>>> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, >>>> Update >>>> site responds OK without a 98% cpu useage. There were no updates, so I >>>> will >>>> try again later, and see if the comp locks up on a restart. >>>> I will close the loop here once I think have fixed the prob. >>>> Thanks again for the pointers >>>> >>>> "TrevorJ" wrote: >>>> >>>>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have >>>>> tried >>>>> switching ZA off to no avail. I'll try the other suggestions >>>>> latertoday >>>>> when I have time. PS my Vista Lappie does not have this problem. >>>>> >>>>> Thanks for now, will report back later >>>>> >>>>> >>>>> "MowGreen [MVP]" wrote: >>>>> >>>>>> This issue should *not* be occurring after the application of SP3 and >>>>>> had been addressed in prior KB articles. >>>>>> >>>>>> What is the installed antivirus\security software and is a 3rd party >>>>>> firewall being used ? >>>>>> Is/are they configured to scan this location ? - >>>>>> WINDOWS\SoftwareDistribution\DataStore >>>>>> >>>>>> If it/they are, then please exclude that location from any real-time >>>>>> monitoring or scanning. >>>>>> >>>>>> Then do a manual visit to Windows Update with the AU service set to >>>>>> Automatic and the Background Intelligent Transfer service set to >>>>>> Manual. >>>>>> >>>>>> What happened when you did that ? >>>>>> >>>>>> Next, go to Start > Run > type in or copy&paste the below into the >>>>>> Open: >>>>>> line and then click OK or press Enter. >>>>>> The WindowsUpdate.log will open. >>>>>> Scroll all the way to the bottom for the most recent entries. >>>>>> Copy and paste the last 50 or so lines into your reply, Trevor. >>>>>> >>>>>> >>>>>> MowGreen [MVP 2003-2008] >>>>>> =============== >>>>>> *-343-* FDNY >>>>>> Never Forgotten >>>>>> =============== >>>>>> >>>>>> >>>>>> >>>>>> TrevorJ wrote: >>>>>> >>>>>>> I have XP SP3 installed and when (I think it's) Windows update >>>>>>> accesses >>>>>>> the internet just after startup, the rest of the computer almost >>>>>>> comes >>>>>>> to a standstill. If I start Task manager > Processes one of the >>>>>>> several >>>>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 >>>>>>> mins >>>>>>> after startup. I have 'Download updates and let me choose..' set. >>>>>>> If I select 'Turn off Automatic Updates' my computer starts >>>>>>> normally. >>>>>>> This has developed lately, but I cannot deffinitely associate it >>>>>>> with >>>>>>> the installation of SP3. >>>>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband >>>>>>> connection. >>>>>>> Any suggestions would be more than welcome.
Guest TrevorJ Posted August 18, 2008 Posted August 18, 2008 Re: Windows Update nearly kills my computer Thanks again. I am at present running all the anti malware programs as recommended by Major Geeks. I will be submitting the reports to them for analysis. There was no malware detected on my machine, just a few tracking cookies. I have also run AVG free which detected nothing untoward. Still MS Update pretty much kills the machine and system restore fails to restore as well; even to a point deliberately set last night. As I said before, the processor goes up to 97 - 99% on the update task. This can last several mins. Here is a log of last couple of attempts of update. The latest one shows a 2 min gap between 09:50:30 and 09:52:44 at which time the processor was flat out on the svc task. 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing Automatic Updates ########### 2008-08-18 08:57:41:968 1344 31c Service ********* 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit [Exit code = 0x240001] 2008-08-18 08:57:41:968 1344 31c Service ************* 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0100) =========== 2008-08-18 08:59:18:437 1300 5b8 Misc = Process: C:\WINDOWS\System32\svchost.exe 2008-08-18 08:59:18:468 1300 5b8 Misc = Module: C:\WINDOWS\system32\wuaueng.dll 2008-08-18 08:59:18:375 1300 5b8 Service ************* 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup 2008-08-18 08:59:18:468 1300 5b8 Service ********* 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing Windows Update Agent *********** 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing global settings cache *********** 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL> 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL> 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned Computers) 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0 downloads 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic Updates ########### 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify (User preference) 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User preference) 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing static reporting data *********** 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date = 2005-04-01T00:00:00 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing Automatic Updates ########### 2008-08-18 09:22:48:515 1300 5b8 Service ********* 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit [Exit code = 0x240001] 2008-08-18 09:22:48:515 1300 5b8 Service ************* 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0100) =========== 2008-08-18 09:27:39:421 1344 1a8 Misc = Process: C:\WINDOWS\System32\svchost.exe 2008-08-18 09:27:39:421 1344 1a8 Misc = Module: C:\WINDOWS\system32\wuaueng.dll 2008-08-18 09:27:39:062 1344 1a8 Service ************* 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup 2008-08-18 09:27:39:421 1344 1a8 Service ********* 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing Windows Update Agent *********** 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing global settings cache *********** 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL> 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL> 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned Computers) 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0 downloads 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic Updates ########### 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify (User preference) 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User preference) 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing static reporting data *********** 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date = 2005-04-01T00:00:00 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing Automatic Updates ########### 2008-08-18 09:30:03:937 1344 1a8 Service ********* 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit [Exit code = 0x240001] 2008-08-18 09:30:03:937 1344 1a8 Service ************* 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0100) =========== 2008-08-18 09:34:39:015 1344 10c Misc = Process: C:\WINDOWS\System32\svchost.exe 2008-08-18 09:34:39:015 1344 10c Misc = Module: C:\WINDOWS\system32\wuaueng.dll 2008-08-18 09:34:38:750 1344 10c Service ************* 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup 2008-08-18 09:34:39:015 1344 10c Service ********* 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381 2008-08-18 09:34:39:140 1344 10c Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing Windows Update Agent *********** 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing global settings cache *********** 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL> 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL> 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned Computers) 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0 downloads 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic Updates ########### 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify (User preference) 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User preference) 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing static reporting data *********** 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date = 2005-04-01T00:00:00 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing Automatic Updates ########### 2008-08-18 09:50:30:671 1344 10c Service ********* 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit [Exit code = 0x240001] 2008-08-18 09:50:30:671 1344 10c Service ************* 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +0100) =========== 2008-08-18 09:52:44:265 1344 6d0 Misc = Process: C:\WINDOWS\System32\svchost.exe 2008-08-18 09:52:44:265 1344 6d0 Misc = Module: C:\WINDOWS\system32\wuaueng.dll 2008-08-18 09:52:44:015 1344 6d0 Service ************* 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup 2008-08-18 09:52:44:281 1344 6d0 Service ********* 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing Windows Update Agent *********** 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing global settings cache *********** 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL> 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL> 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned Computers) 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0 downloads 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic Updates ########### 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify (User preference) 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User preference) 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing static reporting data *********** 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date = 2005-04-01T00:00:00 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057 "PA Bear [MS MVP]" wrote: > Repost: > >> When all else fails, HijackThis v2.0.2 > >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >> (in conjuction with some other utilities). HijackThis will NOT fix > >> anything on its own, but it will help you to both identify and remove any > >> hijackware/spyware with assistance from an expert. **Post your log to > >> http://aumha.net/viewforum.php?f=30, > >> http://forums.spybot.info/forumdisplay.php?f=22, > >> http://castlecops.com/forum67.html, or other appropriate forums for > >> review > >> by an expert in such matters, not here.** > > TrevorJ wrote: > > Thanks again. I have now done a few checks and it gets worse. I can now no > > longer access Task Manager and cannot restore to an earlier date. I > > think > > it's time I reinstated the Acronis image I made a few months ago before it > > all went wrong. OK, so I'll have to reapply SP3 and all the other patches, > > but at least I'll feel more confident that I havn't caught anything nasty. > > BTW, I am now using my laptop, and my 'dodgy' computer is disconnected > > from > > the net. > > Thanks again. > > Trev > > > > "PA Bear [MS MVP]" wrote: > > > >> Unexplained computer behavior may be caused by deceptive software > >> http://support.microsoft.com/kb/827315 > >> > >> Run a /thorough/ check for hijackware, including posting your hijackthis > >> log to an appropriate forum. > >> > >> Checking for/Help with Hijackware > >> http://aumha.org/a/parasite.htm > >> http://aumha.org/a/quickfix.htm > >> http://aumha.net/viewtopic.php?t=5878 > >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > >> http://mvps.org/winhelp2002/unwanted.htm > >> http://inetexplorer.mvps.org/data/prevention.htm > >> http://inetexplorer.mvps.org/tshoot.html > >> http://www.mvps.org/sramesh2k/Malware_Defence.htm > >> http://defendingyourmachine2.blogspot.com/ > >> http://www.elephantboycomputers.com/page2.html#Removing_Malware > >> > >> When all else fails, HijackThis v2.0.2 > >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >> (in conjuction with some other utilities). HijackThis will NOT fix > >> anything on its own, but it will help you to both identify and remove any > >> hijackware/spyware with assistance from an expert. **Post your log to > >> http://aumha.net/viewforum.php?f=30, > >> http://forums.spybot.info/forumdisplay.php?f=22, > >> http://castlecops.com/forum67.html, or other appropriate forums for > >> review > >> by an expert in such matters, not here.** > >> > >> If the procedures look too complex - and there is no shame in admitting > >> this isn't your cup of tea - take the machine to a local, reputable and > >> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair > >> shop. > >> > >> -- > >> ~Robear Dyer (PA Bear) > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > >> AumHa VSOP & Admin http://aumha.net > >> DTS-L http://dts-l.net/ > >> > >> TrevorJ wrote: > >>> Thanks again for your input. > >>> Just done all you suggest (but I don't know what you mean by 'Background > >>> Intellegent Transfer'), but svchost still takes up to 99% processor > >>> time. > >>> A > >>> manual check on Windows update sticks on 'Checking your system for > >>> latest > >>> updates' (or something like that) It did not do this the first time I > >>> tried > >>> it this morning after switching off ZA and AVG. > >>> I have to end the scvhost process to do anything with the computer. > >>> All AV and antiSpyware and ZA off. > >>> Please clkarify how to get the log, you seem to have missed the critical > >>> bit > >>> about what to paste into the Run dialog. Please repeat. > >>> Trevor > >>> > >>> > >>> "TrevorJ" wrote: > >>> > >>>> Just done The RealTruth's svhosts patch, switched off AVGa and ZA, > >>>> Update > >>>> site responds OK without a 98% cpu useage. There were no updates, so I > >>>> will > >>>> try again later, and see if the comp locks up on a restart. > >>>> I will close the loop here once I think have fixed the prob. > >>>> Thanks again for the pointers > >>>> > >>>> "TrevorJ" wrote: > >>>> > >>>>> Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have > >>>>> tried > >>>>> switching ZA off to no avail. I'll try the other suggestions > >>>>> latertoday > >>>>> when I have time. PS my Vista Lappie does not have this problem. > >>>>> > >>>>> Thanks for now, will report back later > >>>>> > >>>>> > >>>>> "MowGreen [MVP]" wrote: > >>>>> > >>>>>> This issue should *not* be occurring after the application of SP3 and > >>>>>> had been addressed in prior KB articles. > >>>>>> > >>>>>> What is the installed antivirus\security software and is a 3rd party > >>>>>> firewall being used ? > >>>>>> Is/are they configured to scan this location ? - > >>>>>> WINDOWS\SoftwareDistribution\DataStore > >>>>>> > >>>>>> If it/they are, then please exclude that location from any real-time > >>>>>> monitoring or scanning. > >>>>>> > >>>>>> Then do a manual visit to Windows Update with the AU service set to > >>>>>> Automatic and the Background Intelligent Transfer service set to > >>>>>> Manual. > >>>>>> > >>>>>> What happened when you did that ? > >>>>>> > >>>>>> Next, go to Start > Run > type in or copy&paste the below into the > >>>>>> Open: > >>>>>> line and then click OK or press Enter. > >>>>>> The WindowsUpdate.log will open. > >>>>>> Scroll all the way to the bottom for the most recent entries. > >>>>>> Copy and paste the last 50 or so lines into your reply, Trevor. > >>>>>> > >>>>>> > >>>>>> MowGreen [MVP 2003-2008] > >>>>>> =============== > >>>>>> *-343-* FDNY > >>>>>> Never Forgotten > >>>>>> =============== > >>>>>> > >>>>>> > >>>>>> > >>>>>> TrevorJ wrote: > >>>>>> > >>>>>>> I have XP SP3 installed and when (I think it's) Windows update > >>>>>>> accesses > >>>>>>> the internet just after startup, the rest of the computer almost > >>>>>>> comes > >>>>>>> to a standstill. If I start Task manager > Processes one of the > >>>>>>> several > >>>>>>> svchost.exe is taking 98-99% CPU time for about anything up to 4 > >>>>>>> mins > >>>>>>> after startup. I have 'Download updates and let me choose..' set. > >>>>>>> If I select 'Turn off Automatic Updates' my computer starts > >>>>>>> normally. > >>>>>>> This has developed lately, but I cannot deffinitely associate it > >>>>>>> with > >>>>>>> the installation of SP3. > >>>>>>> System is Athlon 3200, 1GB ram big HD and a 6Meg broadband > >>>>>>> connection. > >>>>>>> Any suggestions would be more than welcome. > >
Guest MowGreen [MVP] Posted August 18, 2008 Posted August 18, 2008 Re: Windows Update nearly kills my computer svchost needs to be allowed to contact the update servers, Trevor. Is ZA blocking it ? BITS is Background Intelligent File Transfer service [sorry about leaving out File ;) ] The 'RealTruth' is a troll who suffers from a mental disorder brought about by a car accident. Ignore 'it' for the sake of your system's health, please. The WU.log is fine and will not show CPU useage. > All AV and antiSpyware and ZA off. What other anti-spyware software is installed, Trevor. And, was the native XP firewall enabled with ZA off ? > I can now no > longer access Task Manager and cannot restore to an earlier date. That's definitely a sign that something is "not right". Either the OS needs to be reinstalled or there's some nasty 'unwanted visitors' resident. BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone downhill since Checkpoint took it over. MowGreen [MVP 2003-2008] =============== *-343-* FDNY Never Forgotten =============== TrevorJ wrote: > Thanks again. I am at present running all the anti malware programs as > recommended by Major Geeks. I will be submitting the reports to them for > analysis. There was no malware detected on my machine, just a few tracking > cookies. I have also run AVG free which detected nothing untoward. > Still MS Update pretty much kills the machine and system restore fails to > restore as well; even to a point deliberately set last night. > > As I said before, the processor goes up to 97 - 99% on the update task. This > can last several mins. > Here is a log of last couple of attempts of update. The latest one shows a 2 > min gap between 09:50:30 and 09:52:44 at which time the processor was flat > out on the svc task. > > 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing > Automatic Updates ########### > 2008-08-18 08:57:41:968 1344 31c Service ********* > 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit > [Exit code = 0x240001] > 2008-08-18 08:57:41:968 1344 31c Service ************* > 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized > (build: 7.0.6000.381, tz: +0100) =========== > 2008-08-18 08:59:18:437 1300 5b8 Misc = Process: > C:\WINDOWS\System32\svchost.exe > 2008-08-18 08:59:18:468 1300 5b8 Misc = Module: > C:\WINDOWS\system32\wuaueng.dll > 2008-08-18 08:59:18:375 1300 5b8 Service ************* > 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup > 2008-08-18 08:59:18:468 1300 5b8 Service ********* > 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381 > 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory: > C:\WINDOWS\SoftwareDistribution > 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy > 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > Windows Update Agent *********** > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > global settings cache *********** > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL> > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL> > 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned > Computers) > 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No > 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0 > downloads > 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic > Updates ########### > 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify > (User preference) > 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User > preference) > 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization > 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing > static reporting data *********** > 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792 > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2 > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00 > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date = > 2005-04-01T00:00:00 > 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057 > 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing > Automatic Updates ########### > 2008-08-18 09:22:48:515 1300 5b8 Service ********* > 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit > [Exit code = 0x240001] > 2008-08-18 09:22:48:515 1300 5b8 Service ************* > 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized > (build: 7.0.6000.381, tz: +0100) =========== > 2008-08-18 09:27:39:421 1344 1a8 Misc = Process: > C:\WINDOWS\System32\svchost.exe > 2008-08-18 09:27:39:421 1344 1a8 Misc = Module: > C:\WINDOWS\system32\wuaueng.dll > 2008-08-18 09:27:39:062 1344 1a8 Service ************* > 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup > 2008-08-18 09:27:39:421 1344 1a8 Service ********* > 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381 > 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory: > C:\WINDOWS\SoftwareDistribution > 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy > 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > Windows Update Agent *********** > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > global settings cache *********** > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL> > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL> > 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned > Computers) > 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No > 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0 > downloads > 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic > Updates ########### > 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify > (User preference) > 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User > preference) > 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization > 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing > static reporting data *********** > 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792 > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2 > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00 > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date = > 2005-04-01T00:00:00 > 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057 > 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing > Automatic Updates ########### > 2008-08-18 09:30:03:937 1344 1a8 Service ********* > 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit > [Exit code = 0x240001] > 2008-08-18 09:30:03:937 1344 1a8 Service ************* > 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized > (build: 7.0.6000.381, tz: +0100) =========== > 2008-08-18 09:34:39:015 1344 10c Misc = Process: > C:\WINDOWS\System32\svchost.exe > 2008-08-18 09:34:39:015 1344 10c Misc = Module: > C:\WINDOWS\system32\wuaueng.dll > 2008-08-18 09:34:38:750 1344 10c Service ************* > 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup > 2008-08-18 09:34:39:015 1344 10c Service ********* > 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381 > 2008-08-18 09:34:39:140 1344 10c Agent * Base directory: > C:\WINDOWS\SoftwareDistribution > 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy > 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > Windows Update Agent *********** > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > global settings cache *********** > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL> > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL> > 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned > Computers) > 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No > 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0 > downloads > 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic > Updates ########### > 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify > (User preference) > 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User > preference) > 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization > 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing > static reporting data *********** > 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792 > 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2 > 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID > 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00 > 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS > 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date = > 2005-04-01T00:00:00 > 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057 > 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing > Automatic Updates ########### > 2008-08-18 09:50:30:671 1344 10c Service ********* > 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit > [Exit code = 0x240001] > 2008-08-18 09:50:30:671 1344 10c Service ************* > 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized > (build: 7.0.6000.381, tz: +0100) =========== > 2008-08-18 09:52:44:265 1344 6d0 Misc = Process: > C:\WINDOWS\System32\svchost.exe > 2008-08-18 09:52:44:265 1344 6d0 Misc = Module: > C:\WINDOWS\system32\wuaueng.dll > 2008-08-18 09:52:44:015 1344 6d0 Service ************* > 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup > 2008-08-18 09:52:44:281 1344 6d0 Service ********* > 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381 > 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory: > C:\WINDOWS\SoftwareDistribution > 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy > 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > Windows Update Agent *********** > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > global settings cache *********** > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL> > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL> > 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned > Computers) > 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No > 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0 > downloads > 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic > Updates ########### > 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify > (User preference) > 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User > preference) > 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization > 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing > static reporting data *********** > 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792 > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2 > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00 > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date = > 2005-04-01T00:00:00 > 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057 > > > "PA Bear [MS MVP]" wrote: > > >>Repost: >> >>>>When all else fails, HijackThis v2.0.2 >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >>>>(in conjuction with some other utilities). HijackThis will NOT fix >>>>anything on its own, but it will help you to both identify and remove any >>>>hijackware/spyware with assistance from an expert. **Post your log to >>>>http://aumha.net/viewforum.php?f=30, >>>>http://forums.spybot.info/forumdisplay.php?f=22, >>>>http://castlecops.com/forum67.html, or other appropriate forums for >>>>review >>>>by an expert in such matters, not here.** >> >>TrevorJ wrote: >> >>>Thanks again. I have now done a few checks and it gets worse. I can now no >>>longer access Task Manager and cannot restore to an earlier date. I >>>think >>>it's time I reinstated the Acronis image I made a few months ago before it >>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches, >>>but at least I'll feel more confident that I havn't caught anything nasty. >>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected >>>from >>>the net. >>>Thanks again. >>>Trev >>> >>>"PA Bear [MS MVP]" wrote: >>> >>> >>>>Unexplained computer behavior may be caused by deceptive software >>>>http://support.microsoft.com/kb/827315 >>>> >>>>Run a /thorough/ check for hijackware, including posting your hijackthis >>>>log to an appropriate forum. >>>> >>>>Checking for/Help with Hijackware >>>>http://aumha.org/a/parasite.htm >>>> http://aumha.org/a/quickfix.htm >>>> http://aumha.net/viewtopic.php?t=5878 >>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction >>>>http://mvps.org/winhelp2002/unwanted.htm >>>>http://inetexplorer.mvps.org/data/prevention.htm >>>> http://inetexplorer.mvps.org/tshoot.html >>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>>http://defendingyourmachine2.blogspot.com/ >>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware >>>> >>>>When all else fails, HijackThis v2.0.2 >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >>>>(in conjuction with some other utilities). HijackThis will NOT fix >>>>anything on its own, but it will help you to both identify and remove any >>>>hijackware/spyware with assistance from an expert. **Post your log to >>>>http://aumha.net/viewforum.php?f=30, >>>>http://forums.spybot.info/forumdisplay.php?f=22, >>>>http://castlecops.com/forum67.html, or other appropriate forums for >>>>review >>>>by an expert in such matters, not here.** >>>> >>>>If the procedures look too complex - and there is no shame in admitting >>>>this isn't your cup of tea - take the machine to a local, reputable and >>>>independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair >>>>shop. >>>> >>>>-- >>>>~Robear Dyer (PA Bear) >>>>MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >>>>AumHa VSOP & Admin http://aumha.net >>>>DTS-L http://dts-l.net/ >>>> >>>>TrevorJ wrote: >>>> >>>>>Thanks again for your input. >>>>>Just done all you suggest (but I don't know what you mean by 'Background >>>>>Intellegent Transfer'), but svchost still takes up to 99% processor >>>>>time. >>>>>A >>>>>manual check on Windows update sticks on 'Checking your system for >>>>>latest >>>>>updates' (or something like that) It did not do this the first time I >>>>>tried >>>>>it this morning after switching off ZA and AVG. >>>>>I have to end the scvhost process to do anything with the computer. >>>>>All AV and antiSpyware and ZA off. >>>>>Please clkarify how to get the log, you seem to have missed the critical >>>>>bit >>>>>about what to paste into the Run dialog. Please repeat. >>>>>Trevor >>>>> >>>>> >>>>>"TrevorJ" wrote: >>>>> >>>>> >>>>>>Just done The RealTruth's svhosts patch, switched off AVGa and ZA, >>>>>>Update >>>>>>site responds OK without a 98% cpu useage. There were no updates, so I >>>>>>will >>>>>>try again later, and see if the comp locks up on a restart. >>>>>>I will close the loop here once I think have fixed the prob. >>>>>>Thanks again for the pointers >>>>>> >>>>>>"TrevorJ" wrote: >>>>>> >>>>>> >>>>>>>Thanks for your answer. I'm using AVG free and ZoneAlarm pro (Have >>>>>>>tried >>>>>>>switching ZA off to no avail. I'll try the other suggestions >>>>>>>latertoday >>>>>>>when I have time. PS my Vista Lappie does not have this problem. >>>>>>> >>>>>>>Thanks for now, will report back later >>>>>>> >>>>>>> >>>>>>>"MowGreen [MVP]" wrote: >>>>>>> >>>>>>> >>>>>>>>This issue should *not* be occurring after the application of SP3 and >>>>>>>>had been addressed in prior KB articles. >>>>>>>> >>>>>>>>What is the installed antivirus\security software and is a 3rd party >>>>>>>>firewall being used ? >>>>>>>>Is/are they configured to scan this location ? - >>>>>>>>WINDOWS\SoftwareDistribution\DataStore >>>>>>>> >>>>>>>>If it/they are, then please exclude that location from any real-time >>>>>>>>monitoring or scanning. >>>>>>>> >>>>>>>>Then do a manual visit to Windows Update with the AU service set to >>>>>>>>Automatic and the Background Intelligent Transfer service set to >>>>>>>>Manual. >>>>>>>> >>>>>>>>What happened when you did that ? >>>>>>>> >>>>>>>>Next, go to Start > Run > type in or copy&paste the below into the >>>>>>>>Open: >>>>>>>>line and then click OK or press Enter. >>>>>>>>The WindowsUpdate.log will open. >>>>>>>>Scroll all the way to the bottom for the most recent entries. >>>>>>>>Copy and paste the last 50 or so lines into your reply, Trevor. >>>>>>>> >>>>>>>> >>>>>>>>MowGreen [MVP 2003-2008] >>>>>>>>=============== >>>>>>>> *-343-* FDNY >>>>>>>>Never Forgotten >>>>>>>>=============== >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>TrevorJ wrote: >>>>>>>> >>>>>>>> >>>>>>>>>I have XP SP3 installed and when (I think it's) Windows update >>>>>>>>>accesses >>>>>>>>>the internet just after startup, the rest of the computer almost >>>>>>>>>comes >>>>>>>>>to a standstill. If I start Task manager > Processes one of the >>>>>>>>>several >>>>>>>>>svchost.exe is taking 98-99% CPU time for about anything up to 4 >>>>>>>>>mins >>>>>>>>>after startup. I have 'Download updates and let me choose..' set. >>>>>>>>>If I select 'Turn off Automatic Updates' my computer starts >>>>>>>>>normally. >>>>>>>>>This has developed lately, but I cannot deffinitely associate it >>>>>>>>>with >>>>>>>>>the installation of SP3. >>>>>>>>>System is Athlon 3200, 1GB ram big HD and a 6Meg broadband >>>>>>>>>connection. >>>>>>>>>Any suggestions would be more than welcome. >> >>
Guest TrevorJ Posted August 19, 2008 Posted August 19, 2008 Re: Windows Update nearly kills my computer Thanks again. I have now got Task Manager back. I poked the valur in the registry, and it has stayed enabled since. Although I have tried with ZA and AVG disabled, I will double check in taskman that nothing else is running in the BG from ZA, Spybot etc. and try again. I did an update last night and there was a 2 min 'Gap' in the log, and another 4 min gap. The total time difference between start and end was 8 mins IIRC. Trevor "MowGreen [MVP]" wrote: > svchost needs to be allowed to contact the update servers, Trevor. Is ZA > blocking it ? > > BITS is Background Intelligent File Transfer service [sorry about > leaving out File ;) ] > The 'RealTruth' is a troll who suffers from a mental disorder brought > about by a car accident. Ignore 'it' for the sake of your system's > health, please. > > The WU.log is fine and will not show CPU useage. > > > All AV and antiSpyware and ZA off. > > What other anti-spyware software is installed, Trevor. And, was the > native XP firewall enabled with ZA off ? > > > I can now no > > longer access Task Manager and cannot restore to an earlier date. > > That's definitely a sign that something is "not right". Either the OS > needs to be reinstalled or there's some nasty 'unwanted visitors' resident. > > BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone > downhill since Checkpoint took it over. > > MowGreen [MVP 2003-2008] > =============== > *-343-* FDNY > Never Forgotten > =============== > > > > TrevorJ wrote: > > > Thanks again. I am at present running all the anti malware programs as > > recommended by Major Geeks. I will be submitting the reports to them for > > analysis. There was no malware detected on my machine, just a few tracking > > cookies. I have also run AVG free which detected nothing untoward. > > Still MS Update pretty much kills the machine and system restore fails to > > restore as well; even to a point deliberately set last night. > > > > As I said before, the processor goes up to 97 - 99% on the update task. This > > can last several mins. > > Here is a log of last couple of attempts of update. The latest one shows a 2 > > min gap between 09:50:30 and 09:52:44 at which time the processor was flat > > out on the svc task. > > > > 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 08:57:41:968 1344 31c Service ********* > > 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 08:57:41:968 1344 31c Service ************* > > 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 08:59:18:437 1300 5b8 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 08:59:18:468 1300 5b8 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 08:59:18:375 1300 5b8 Service ************* > > 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup > > 2008-08-18 08:59:18:468 1300 5b8 Service ********* > > 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381 > > 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy > > 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected > > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL> > > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL> > > 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No > > 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization > > 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057 > > 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:22:48:515 1300 5b8 Service ********* > > 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:22:48:515 1300 5b8 Service ************* > > 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:27:39:421 1344 1a8 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:27:39:421 1344 1a8 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:27:39:062 1344 1a8 Service ************* > > 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup > > 2008-08-18 09:27:39:421 1344 1a8 Service ********* > > 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy > > 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected > > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL> > > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL> > > 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No > > 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization > > 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057 > > 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:30:03:937 1344 1a8 Service ********* > > 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:30:03:937 1344 1a8 Service ************* > > 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:34:39:015 1344 10c Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:34:39:015 1344 10c Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:34:38:750 1344 10c Service ************* > > 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup > > 2008-08-18 09:34:39:015 1344 10c Service ********* > > 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:34:39:140 1344 10c Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy > > 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected > > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL> > > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL> > > 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No > > 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization > > 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2 > > 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00 > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057 > > 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:50:30:671 1344 10c Service ********* > > 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:50:30:671 1344 10c Service ************* > > 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:52:44:265 1344 6d0 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:52:44:265 1344 6d0 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:52:44:015 1344 6d0 Service ************* > > 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup > > 2008-08-18 09:52:44:281 1344 6d0 Service ********* > > 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy > > 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected > > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL> > > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL> > > 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No > > 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization > > 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2 > > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00 > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057 > > > > > > "PA Bear [MS MVP]" wrote: > > > > > >>Repost: > >> > >>>>When all else fails, HijackThis v2.0.2 > >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >>>>(in conjuction with some other utilities). HijackThis will NOT fix > >>>>anything on its own, but it will help you to both identify and remove any > >>>>hijackware/spyware with assistance from an expert. **Post your log to > >>>>http://aumha.net/viewforum.php?f=30, > >>>>http://forums.spybot.info/forumdisplay.php?f=22, > >>>>http://castlecops.com/forum67.html, or other appropriate forums for > >>>>review > >>>>by an expert in such matters, not here.** > >> > >>TrevorJ wrote: > >> > >>>Thanks again. I have now done a few checks and it gets worse. I can now no > >>>longer access Task Manager and cannot restore to an earlier date. I > >>>think > >>>it's time I reinstated the Acronis image I made a few months ago before it > >>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches, > >>>but at least I'll feel more confident that I havn't caught anything nasty. > >>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected > >>>from > >>>the net. > >>>Thanks again. > >>>Trev > >>> > >>>"PA Bear [MS MVP]" wrote: > >>> > >>> > >>>>Unexplained computer behavior may be caused by deceptive software > >>>>http://support.microsoft.com/kb/827315 > >>>> > >>>>Run a /thorough/ check for hijackware, including posting your hijackthis > >>>>log to an appropriate forum. > >>>> > >>>>Checking for/Help with Hijackware > >>>>http://aumha.org/a/parasite.htm > >>>> http://aumha.org/a/quickfix.htm > >>>> http://aumha.net/viewtopic.php?t=5878 > >>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > >>>>http://mvps.org/winhelp2002/unwanted.htm > >>>>http://inetexplorer.mvps.org/data/prevention.htm > >>>> http://inetexplorer.mvps.org/tshoot.html > >>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm > >>>>http://defendingyourmachine2.blogspot.com/ > >>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware > >>>> > >>>>When all else fails, HijackThis v2.0.2 > >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >>>>(in conjuction with some other utilities). HijackThis will NOT fix > >>>>anything on its own, but it will help you to both identify and remove any > >>>>hijackware/spyware with assistance from an expert. **Post your log to > >>>>http://aumha.net/viewforum.php?f=30, > >>>>http://forums.spybot.info/forumdisplay.php?f=22,
Guest TrevorJ Posted August 19, 2008 Posted August 19, 2008 Re: Windows Update nearly kills my computer MowGreen. I have just checked that no AV, ZA or ASpy are tasks running and made sure Windows firewall Off. Did an update and it took from 16:17:08:703 until 16:21:50:140, nearly 5 mins before I 'got my computer back' with the svchost running pretty much at 90 odd percent most of the time. If I dump ZA, (I have noticed problems with my webmail caused by ZA that was'n present until recently) Which would you suggest? Unfortunately I have just recently renewed my subs to ZA for another year. Hey Ho, who cares? Not me! I also mentioned in passing that system restore was not working. What about inserting the old XP CD and repairing windows? Is this likely to give a result without a complete re-install (which of course I am trying to avoid.) Trevor > I can now no > longer access Task Manager and cannot restore to an earlier date. That's definitely a sign that something is "not right". Either the OS needs to be reinstalled or there's some nasty 'unwanted visitors' resident. BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone downhill since Checkpoint took it over. "MowGreen [MVP]" wrote: > svchost needs to be allowed to contact the update servers, Trevor. Is ZA > blocking it ? > > BITS is Background Intelligent File Transfer service [sorry about > leaving out File ;) ] > The 'RealTruth' is a troll who suffers from a mental disorder brought > about by a car accident. Ignore 'it' for the sake of your system's > health, please. > > The WU.log is fine and will not show CPU useage. > > > All AV and antiSpyware and ZA off. > > What other anti-spyware software is installed, Trevor. And, was the > native XP firewall enabled with ZA off ? > > > I can now no > > longer access Task Manager and cannot restore to an earlier date. > > That's definitely a sign that something is "not right". Either the OS > needs to be reinstalled or there's some nasty 'unwanted visitors' resident. > > BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone > downhill since Checkpoint took it over. > > MowGreen [MVP 2003-2008] > =============== > *-343-* FDNY > Never Forgotten > =============== > > > > TrevorJ wrote: > > > Thanks again. I am at present running all the anti malware programs as > > recommended by Major Geeks. I will be submitting the reports to them for > > analysis. There was no malware detected on my machine, just a few tracking > > cookies. I have also run AVG free which detected nothing untoward. > > Still MS Update pretty much kills the machine and system restore fails to > > restore as well; even to a point deliberately set last night. > > > > As I said before, the processor goes up to 97 - 99% on the update task. This > > can last several mins. > > Here is a log of last couple of attempts of update. The latest one shows a 2 > > min gap between 09:50:30 and 09:52:44 at which time the processor was flat > > out on the svc task. > > > > 2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 08:57:41:968 1344 31c Service ********* > > 2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 08:57:41:968 1344 31c Service ************* > > 2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 08:59:18:437 1300 5b8 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 08:59:18:468 1300 5b8 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 08:59:18:375 1300 5b8 Service ************* > > 2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup > > 2008-08-18 08:59:18:468 1300 5b8 Service ********* > > 2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381 > > 2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy > > 2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected > > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL> > > 2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL> > > 2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No > > 2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization > > 2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS > > 2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057 > > 2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:22:48:515 1300 5b8 Service ********* > > 2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:22:48:515 1300 5b8 Service ************* > > 2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:27:39:421 1344 1a8 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:27:39:421 1344 1a8 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:27:39:062 1344 1a8 Service ************* > > 2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup > > 2008-08-18 09:27:39:421 1344 1a8 Service ********* > > 2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy > > 2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected > > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL> > > 2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL> > > 2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No > > 2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization > > 2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS > > 2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057 > > 2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:30:03:937 1344 1a8 Service ********* > > 2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:30:03:937 1344 1a8 Service ************* > > 2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:34:39:015 1344 10c Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:34:39:015 1344 10c Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:34:38:750 1344 10c Service ************* > > 2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup > > 2008-08-18 09:34:39:015 1344 10c Service ********* > > 2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:34:39:140 1344 10c Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy > > 2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected > > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL> > > 2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL> > > 2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No > > 2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization > > 2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2 > > 2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00 > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS > > 2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057 > > 2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing > > Automatic Updates ########### > > 2008-08-18 09:50:30:671 1344 10c Service ********* > > 2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit > > [Exit code = 0x240001] > > 2008-08-18 09:50:30:671 1344 10c Service ************* > > 2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized > > (build: 7.0.6000.381, tz: +0100) =========== > > 2008-08-18 09:52:44:265 1344 6d0 Misc = Process: > > C:\WINDOWS\System32\svchost.exe > > 2008-08-18 09:52:44:265 1344 6d0 Misc = Module: > > C:\WINDOWS\system32\wuaueng.dll > > 2008-08-18 09:52:44:015 1344 6d0 Service ************* > > 2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup > > 2008-08-18 09:52:44:281 1344 6d0 Service ********* > > 2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381 > > 2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory: > > C:\WINDOWS\SoftwareDistribution > > 2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy > > 2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected > > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > > Windows Update Agent *********** > > 2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing > > global settings cache *********** > > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL> > > 2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL> > > 2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned > > Computers) > > 2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No > > 2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0 > > downloads > > 2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic > > Updates ########### > > 2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify > > (User preference) > > 2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User > > preference) > > 2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization > > 2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing > > static reporting data *********** > > 2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792 > > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2 > > 2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00 > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS > > 2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date = > > 2005-04-01T00:00:00 > > 2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057 > > > > > > "PA Bear [MS MVP]" wrote: > > > > > >>Repost: > >> > >>>>When all else fails, HijackThis v2.0.2 > >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >>>>(in conjuction with some other utilities). HijackThis will NOT fix > >>>>anything on its own, but it will help you to both identify and remove any > >>>>hijackware/spyware with assistance from an expert. **Post your log to > >>>>http://aumha.net/viewforum.php?f=30, > >>>>http://forums.spybot.info/forumdisplay.php?f=22, > >>>>http://castlecops.com/forum67.html, or other appropriate forums for > >>>>review > >>>>by an expert in such matters, not here.** > >> > >>TrevorJ wrote: > >> > >>>Thanks again. I have now done a few checks and it gets worse. I can now no > >>>longer access Task Manager and cannot restore to an earlier date. I > >>>think > >>>it's time I reinstated the Acronis image I made a few months ago before it > >>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches, > >>>but at least I'll feel more confident that I havn't caught anything nasty. > >>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected > >>>from > >>>the net. > >>>Thanks again. > >>>Trev > >>> > >>>"PA Bear [MS MVP]" wrote: > >>> > >>> > >>>>Unexplained computer behavior may be caused by deceptive software > >>>>http://support.microsoft.com/kb/827315 > >>>> > >>>>Run a /thorough/ check for hijackware, including posting your hijackthis > >>>>log to an appropriate forum. > >>>> > >>>>Checking for/Help with Hijackware > >>>>http://aumha.org/a/parasite.htm > >>>> http://aumha.org/a/quickfix.htm > >>>> http://aumha.net/viewtopic.php?t=5878 > >>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > >>>>http://mvps.org/winhelp2002/unwanted.htm > >>>>http://inetexplorer.mvps.org/data/prevention.htm > >>>> http://inetexplorer.mvps.org/tshoot.html > >>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm > >>>>http://defendingyourmachine2.blogspot.com/ > >>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware > >>>> > >>>>When all else fails, HijackThis v2.0.2 > >>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >>>>(in conjuction with some other utilities). HijackThis will NOT fix > >>>>anything on its own, but it will help you to both identify and remove any > >>>>hijackware/spyware with assistance from an expert. **Post your log to > >>>>http://aumha.net/viewforum.php?f=30, > >>>>http://forums.spybot.info/forumdisplay.php?f=22,
Guest MowGreen [MVP] Posted August 19, 2008 Posted August 19, 2008 Re: Windows Update nearly kills my computer What is " ASpy" ? Was ZA active [ and AVG and "ASpy" ]when SP3 was installed and where was SP3 obtained [ via Windows Update, Automatic Update, etc] ? *Please do NOT allow the system on the net without at least enabling the native XP firewall * It is not the cause of the CPU issue. From a ZA User who had updating issues traced to ZA: " Go to your ZASS Privacy Site List, click on the 'add' button, then enter update.microsoft.com (if it isn't already there) and click 'ok'. Now locate the new entry on the Site List, right click on it, then select 'options'. Next go through all three tabs to uncheck everything that is checked clicking 'apply' as you go through. Finally clean your browser cache and try the site again. BTW, it is Mobile Code control blocking the ActiveX object. " Online Armor Free is highly rated and so far, does not present the issues that ZA does: http://www.tallemu.com/free-firewall-protection-software.html Is the system going accessing the net through a router ? Let's check something else out, Trevor. Show hidden files, folders, and system files: http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp Using Windows Explorer [ Start> All Programs> Accessories ] navigate to WINDOWS\SoftwareDistribution\DataStore Right click DataStore.edb and choose Properties. What is the file's size ? Now open the WINDOWS\SoftwareDistribution\Download subfolder Click Edit, Select All Now click File, Properties. What is the size of all the files in Download ? How many folders are present ? Please answer all the questions so we can determine the cause of the svchost|CPU issue. MowGreen [MVP 2003-2008] =============== *-343-* FDNY Never Forgotten =============== TrevorJ wrote: > MowGreen. > I have just checked that no AV, ZA or ASpy are tasks running and made sure > Windows firewall Off. Did an update and it took from 16:17:08:703 until > 16:21:50:140, nearly 5 mins before I 'got my computer back' with the svchost > running pretty much at 90 odd percent most of the time. > > If I dump ZA, (I have noticed problems with my webmail caused by ZA that > was'n present until recently) Which would you suggest? Unfortunately I have > just recently renewed my subs to ZA for another year. Hey Ho, who cares? Not > me! > > I also mentioned in passing that system restore was not working. What about > inserting the old XP CD and repairing windows? Is this likely to give a > result without a complete re-install (which of course I am trying to avoid.) > Trevor > > > > > >>I can now no >>longer access Task Manager and cannot restore to an earlier date. > > > That's definitely a sign that something is "not right". Either the OS > needs to be reinstalled or there's some nasty 'unwanted visitors' resident. > > BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone > downhill since Checkpoint took it over. > > > "MowGreen [MVP]" wrote: > > >>svchost needs to be allowed to contact the update servers, Trevor. Is ZA >>blocking it ? >> >>BITS is Background Intelligent File Transfer service [sorry about >>leaving out File ;) ] >>The 'RealTruth' is a troll who suffers from a mental disorder brought >>about by a car accident. Ignore 'it' for the sake of your system's >>health, please. >> >>The WU.log is fine and will not show CPU useage. >> >> >>>All AV and antiSpyware and ZA off. >> >>What other anti-spyware software is installed, Trevor. And, was the >>native XP firewall enabled with ZA off ? >> >> >>>I can now no >>>longer access Task Manager and cannot restore to an earlier date. >> >>That's definitely a sign that something is "not right". Either the OS >>needs to be reinstalled or there's some nasty 'unwanted visitors' resident. >> >>BTW, *strongly* suggest you dump ZA as a firewall as it's steadily gone >>downhill since Checkpoint took it over. >> >>MowGreen [MVP 2003-2008] >>=============== >> *-343-* FDNY >>Never Forgotten >>=============== >> >> >> >>TrevorJ wrote: >> >> >>>Thanks again. I am at present running all the anti malware programs as >>>recommended by Major Geeks. I will be submitting the reports to them for >>>analysis. There was no malware detected on my machine, just a few tracking >>>cookies. I have also run AVG free which detected nothing untoward. >>>Still MS Update pretty much kills the machine and system restore fails to >>>restore as well; even to a point deliberately set last night. >>> >>>As I said before, the processor goes up to 97 - 99% on the update task. This >>>can last several mins. >>>Here is a log of last couple of attempts of update. The latest one shows a 2 >>>min gap between 09:50:30 and 09:52:44 at which time the processor was flat >>>out on the svc task. >>> >>>2008-08-18 08:57:40:546 1344 31c AU ########### AU: Uninitializing >>>Automatic Updates ########### >>>2008-08-18 08:57:41:968 1344 31c Service ********* >>>2008-08-18 08:57:41:968 1344 31c Service ** END ** Service: Service exit >>>[Exit code = 0x240001] >>>2008-08-18 08:57:41:968 1344 31c Service ************* >>>2008-08-18 08:59:18:375 1300 5b8 Misc =========== Logging initialized >>>(build: 7.0.6000.381, tz: +0100) =========== >>>2008-08-18 08:59:18:437 1300 5b8 Misc = Process: >>>C:\WINDOWS\System32\svchost.exe >>>2008-08-18 08:59:18:468 1300 5b8 Misc = Module: >>>C:\WINDOWS\system32\wuaueng.dll >>>2008-08-18 08:59:18:375 1300 5b8 Service ************* >>>2008-08-18 08:59:18:468 1300 5b8 Service ** START ** Service: Service startup >>>2008-08-18 08:59:18:468 1300 5b8 Service ********* >>>2008-08-18 08:59:18:562 1300 5b8 Agent * WU client version 7.0.6000.381 >>>2008-08-18 08:59:18:562 1300 5b8 Agent * Base directory: >>>C:\WINDOWS\SoftwareDistribution >>>2008-08-18 08:59:18:562 1300 5b8 Agent * Access type: No proxy >>>2008-08-18 08:59:18:609 1300 5b8 Agent * Network state: Connected >>>2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing >>>Windows Update Agent *********** >>>2008-08-18 09:00:03:906 1300 5b8 Agent *********** Agent: Initializing >>>global settings cache *********** >>>2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS server: <NULL> >>>2008-08-18 09:00:03:906 1300 5b8 Agent * WSUS status server: <NULL> >>>2008-08-18 09:00:03:906 1300 5b8 Agent * Target group: (Unassigned >>>Computers) >>>2008-08-18 09:00:03:906 1300 5b8 Agent * Windows Update access disabled: No >>>2008-08-18 09:00:04:921 1300 5b8 DnldMgr Download manager restoring 0 >>>downloads >>>2008-08-18 09:00:04:968 1300 5b8 AU ########### AU: Initializing Automatic >>>Updates ########### >>>2008-08-18 09:00:04:984 1300 5b8 AU # Approval type: Pre-install notify >>>(User preference) >>>2008-08-18 09:00:04:984 1300 5b8 AU # Auto-install minor updates: No (User >>>preference) >>>2008-08-18 09:00:04:984 1300 5b8 AU AU finished delayed initialization >>>2008-08-18 09:00:05:546 1300 5b8 Report *********** Report: Initializing >>>static reporting data *********** >>>2008-08-18 09:00:05:546 1300 5b8 Report * OS Version = 5.1.2600.3.0.65792 >>>2008-08-18 09:00:05:578 1300 5b8 Report * Computer Brand = K7NF2 >>>2008-08-18 09:00:05:578 1300 5b8 Report * Computer Model = K7NF2-RAID >>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Revision = P1.00 >>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Name = Default System BIOS >>>2008-08-18 09:00:05:578 1300 5b8 Report * Bios Release Date = >>>2005-04-01T00:00:00 >>>2008-08-18 09:00:05:578 1300 5b8 Report * Locale ID = 2057 >>>2008-08-18 09:22:46:328 1300 5b8 AU ########### AU: Uninitializing >>>Automatic Updates ########### >>>2008-08-18 09:22:48:515 1300 5b8 Service ********* >>>2008-08-18 09:22:48:515 1300 5b8 Service ** END ** Service: Service exit >>>[Exit code = 0x240001] >>>2008-08-18 09:22:48:515 1300 5b8 Service ************* >>>2008-08-18 09:27:39:062 1344 1a8 Misc =========== Logging initialized >>>(build: 7.0.6000.381, tz: +0100) =========== >>>2008-08-18 09:27:39:421 1344 1a8 Misc = Process: >>>C:\WINDOWS\System32\svchost.exe >>>2008-08-18 09:27:39:421 1344 1a8 Misc = Module: >>>C:\WINDOWS\system32\wuaueng.dll >>>2008-08-18 09:27:39:062 1344 1a8 Service ************* >>>2008-08-18 09:27:39:421 1344 1a8 Service ** START ** Service: Service startup >>>2008-08-18 09:27:39:421 1344 1a8 Service ********* >>>2008-08-18 09:27:39:546 1344 1a8 Agent * WU client version 7.0.6000.381 >>>2008-08-18 09:27:39:546 1344 1a8 Agent * Base directory: >>>C:\WINDOWS\SoftwareDistribution >>>2008-08-18 09:27:39:546 1344 1a8 Agent * Access type: No proxy >>>2008-08-18 09:27:39:562 1344 1a8 Agent * Network state: Connected >>>2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing >>>Windows Update Agent *********** >>>2008-08-18 09:28:24:765 1344 1a8 Agent *********** Agent: Initializing >>>global settings cache *********** >>>2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS server: <NULL> >>>2008-08-18 09:28:24:765 1344 1a8 Agent * WSUS status server: <NULL> >>>2008-08-18 09:28:24:765 1344 1a8 Agent * Target group: (Unassigned >>>Computers) >>>2008-08-18 09:28:24:765 1344 1a8 Agent * Windows Update access disabled: No >>>2008-08-18 09:28:25:515 1344 1a8 DnldMgr Download manager restoring 0 >>>downloads >>>2008-08-18 09:28:25:546 1344 1a8 AU ########### AU: Initializing Automatic >>>Updates ########### >>>2008-08-18 09:28:25:546 1344 1a8 AU # Approval type: Pre-install notify >>>(User preference) >>>2008-08-18 09:28:25:546 1344 1a8 AU # Auto-install minor updates: No (User >>>preference) >>>2008-08-18 09:28:25:546 1344 1a8 AU AU finished delayed initialization >>>2008-08-18 09:28:25:953 1344 1a8 Report *********** Report: Initializing >>>static reporting data *********** >>>2008-08-18 09:28:25:953 1344 1a8 Report * OS Version = 5.1.2600.3.0.65792 >>>2008-08-18 09:28:25:984 1344 1a8 Report * Computer Brand = K7NF2 >>>2008-08-18 09:28:25:984 1344 1a8 Report * Computer Model = K7NF2-RAID >>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Revision = P1.00 >>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Name = Default System BIOS >>>2008-08-18 09:28:25:984 1344 1a8 Report * Bios Release Date = >>>2005-04-01T00:00:00 >>>2008-08-18 09:28:25:984 1344 1a8 Report * Locale ID = 2057 >>>2008-08-18 09:30:03:703 1344 1a8 AU ########### AU: Uninitializing >>>Automatic Updates ########### >>>2008-08-18 09:30:03:937 1344 1a8 Service ********* >>>2008-08-18 09:30:03:937 1344 1a8 Service ** END ** Service: Service exit >>>[Exit code = 0x240001] >>>2008-08-18 09:30:03:937 1344 1a8 Service ************* >>>2008-08-18 09:34:38:750 1344 10c Misc =========== Logging initialized >>>(build: 7.0.6000.381, tz: +0100) =========== >>>2008-08-18 09:34:39:015 1344 10c Misc = Process: >>>C:\WINDOWS\System32\svchost.exe >>>2008-08-18 09:34:39:015 1344 10c Misc = Module: >>>C:\WINDOWS\system32\wuaueng.dll >>>2008-08-18 09:34:38:750 1344 10c Service ************* >>>2008-08-18 09:34:39:015 1344 10c Service ** START ** Service: Service startup >>>2008-08-18 09:34:39:015 1344 10c Service ********* >>>2008-08-18 09:34:39:140 1344 10c Agent * WU client version 7.0.6000.381 >>>2008-08-18 09:34:39:140 1344 10c Agent * Base directory: >>>C:\WINDOWS\SoftwareDistribution >>>2008-08-18 09:34:39:140 1344 10c Agent * Access type: No proxy >>>2008-08-18 09:34:39:140 1344 10c Agent * Network state: Connected >>>2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing >>>Windows Update Agent *********** >>>2008-08-18 09:35:24:281 1344 10c Agent *********** Agent: Initializing >>>global settings cache *********** >>>2008-08-18 09:35:24:281 1344 10c Agent * WSUS server: <NULL> >>>2008-08-18 09:35:24:281 1344 10c Agent * WSUS status server: <NULL> >>>2008-08-18 09:35:24:281 1344 10c Agent * Target group: (Unassigned >>>Computers) >>>2008-08-18 09:35:24:281 1344 10c Agent * Windows Update access disabled: No >>>2008-08-18 09:35:25:781 1344 10c DnldMgr Download manager restoring 0 >>>downloads >>>2008-08-18 09:35:25:890 1344 10c AU ########### AU: Initializing Automatic >>>Updates ########### >>>2008-08-18 09:35:25:937 1344 10c AU # Approval type: Pre-install notify >>>(User preference) >>>2008-08-18 09:35:25:937 1344 10c AU # Auto-install minor updates: No (User >>>preference) >>>2008-08-18 09:35:25:968 1344 10c AU AU finished delayed initialization >>>2008-08-18 09:35:26:593 1344 10c Report *********** Report: Initializing >>>static reporting data *********** >>>2008-08-18 09:35:26:593 1344 10c Report * OS Version = 5.1.2600.3.0.65792 >>>2008-08-18 09:35:26:640 1344 10c Report * Computer Brand = K7NF2 >>>2008-08-18 09:35:26:640 1344 10c Report * Computer Model = K7NF2-RAID >>>2008-08-18 09:35:26:640 1344 10c Report * Bios Revision = P1.00 >>>2008-08-18 09:35:26:640 1344 10c Report * Bios Name = Default System BIOS >>>2008-08-18 09:35:26:640 1344 10c Report * Bios Release Date = >>>2005-04-01T00:00:00 >>>2008-08-18 09:35:26:640 1344 10c Report * Locale ID = 2057 >>>2008-08-18 09:50:29:109 1344 10c AU ########### AU: Uninitializing >>>Automatic Updates ########### >>>2008-08-18 09:50:30:671 1344 10c Service ********* >>>2008-08-18 09:50:30:671 1344 10c Service ** END ** Service: Service exit >>>[Exit code = 0x240001] >>>2008-08-18 09:50:30:671 1344 10c Service ************* >>>2008-08-18 09:52:44:015 1344 6d0 Misc =========== Logging initialized >>>(build: 7.0.6000.381, tz: +0100) =========== >>>2008-08-18 09:52:44:265 1344 6d0 Misc = Process: >>>C:\WINDOWS\System32\svchost.exe >>>2008-08-18 09:52:44:265 1344 6d0 Misc = Module: >>>C:\WINDOWS\system32\wuaueng.dll >>>2008-08-18 09:52:44:015 1344 6d0 Service ************* >>>2008-08-18 09:52:44:281 1344 6d0 Service ** START ** Service: Service startup >>>2008-08-18 09:52:44:281 1344 6d0 Service ********* >>>2008-08-18 09:52:44:375 1344 6d0 Agent * WU client version 7.0.6000.381 >>>2008-08-18 09:52:44:390 1344 6d0 Agent * Base directory: >>>C:\WINDOWS\SoftwareDistribution >>>2008-08-18 09:52:44:390 1344 6d0 Agent * Access type: No proxy >>>2008-08-18 09:52:44:406 1344 6d0 Agent * Network state: Connected >>>2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing >>>Windows Update Agent *********** >>>2008-08-18 09:53:30:000 1344 6d0 Agent *********** Agent: Initializing >>>global settings cache *********** >>>2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS server: <NULL> >>>2008-08-18 09:53:30:000 1344 6d0 Agent * WSUS status server: <NULL> >>>2008-08-18 09:53:30:000 1344 6d0 Agent * Target group: (Unassigned >>>Computers) >>>2008-08-18 09:53:30:000 1344 6d0 Agent * Windows Update access disabled: No >>>2008-08-18 09:53:32:062 1344 6d0 DnldMgr Download manager restoring 0 >>>downloads >>>2008-08-18 09:53:32:390 1344 6d0 AU ########### AU: Initializing Automatic >>>Updates ########### >>>2008-08-18 09:53:32:406 1344 6d0 AU # Approval type: Pre-install notify >>>(User preference) >>>2008-08-18 09:53:32:406 1344 6d0 AU # Auto-install minor updates: No (User >>>preference) >>>2008-08-18 09:53:32:531 1344 6d0 AU AU finished delayed initialization >>>2008-08-18 09:53:34:296 1344 6d0 Report *********** Report: Initializing >>>static reporting data *********** >>>2008-08-18 09:53:34:296 1344 6d0 Report * OS Version = 5.1.2600.3.0.65792 >>>2008-08-18 09:53:35:234 1344 6d0 Report * Computer Brand = K7NF2 >>>2008-08-18 09:53:35:234 1344 6d0 Report * Computer Model = K7NF2-RAID >>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Revision = P1.00 >>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Name = Default System BIOS >>>2008-08-18 09:53:35:296 1344 6d0 Report * Bios Release Date = >>>2005-04-01T00:00:00 >>>2008-08-18 09:53:35:296 1344 6d0 Report * Locale ID = 2057 >>> >>> >>>"PA Bear [MS MVP]" wrote: >>> >>> >>> >>>>Repost: >>>> >>>> >>>>>>When all else fails, HijackThis v2.0.2 >>>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >>>>>>(in conjuction with some other utilities). HijackThis will NOT fix >>>>>>anything on its own, but it will help you to both identify and remove any >>>>>>hijackware/spyware with assistance from an expert. **Post your log to >>>>>>http://aumha.net/viewforum.php?f=30, >>>>>>http://forums.spybot.info/forumdisplay.php?f=22, >>>>>>http://castlecops.com/forum67.html, or other appropriate forums for >>>>>>review >>>>>>by an expert in such matters, not here.** >>>> >>>>TrevorJ wrote: >>>> >>>> >>>>>Thanks again. I have now done a few checks and it gets worse. I can now no >>>>>longer access Task Manager and cannot restore to an earlier date. I >>>>>think >>>>>it's time I reinstated the Acronis image I made a few months ago before it >>>>>all went wrong. OK, so I'll have to reapply SP3 and all the other patches, >>>>>but at least I'll feel more confident that I havn't caught anything nasty. >>>>>BTW, I am now using my laptop, and my 'dodgy' computer is disconnected >>>>>from >>>>>the net. >>>>>Thanks again. >>>>>Trev >>>>> >>>>>"PA Bear [MS MVP]" wrote: >>>>> >>>>> >>>>> >>>>>>Unexplained computer behavior may be caused by deceptive software >>>>>>http://support.microsoft.com/kb/827315 >>>>>> >>>>>>Run a /thorough/ check for hijackware, including posting your hijackthis >>>>>>log to an appropriate forum. >>>>>> >>>>>>Checking for/Help with Hijackware >>>>>>http://aumha.org/a/parasite.htm >>>>>> http://aumha.org/a/quickfix.htm >>>>>> http://aumha.net/viewtopic.php?t=5878 >>>>>>http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction >>>>>>http://mvps.org/winhelp2002/unwanted.htm >>>>>>http://inetexplorer.mvps.org/data/prevention.htm >>>>>> http://inetexplorer.mvps.org/tshoot.html >>>>>>http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>>>>http://defendingyourmachine2.blogspot.com/ >>>>>>http://www.elephantboycomputers.com/page2.html#Removing_Malware >>>>>> >>>>>>When all else fails, HijackThis v2.0.2 >>>>>>(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >>>>>>(in conjuction with some other utilities). HijackThis will NOT fix >>>>>>anything on its own, but it will help you to both identify and remove any >>>>>>hijackware/spyware with assistance from an expert. **Post your log to >>>>>>http://aumha.net/viewforum.php?f=30, >>>>>>http://forums.spybot.info/forumdisplay.php?f=22,
Recommended Posts