OT: AU Autoupdates Self??

[Guest]

AU Autoupdates Self?

As mentioned in a previous post I use the DUN icon in the system tray to
note the status of my modem connection.

Odd thing happened yesterday on my home machine.

About 7:00 pm I logged on to the internet.
I gave the connection it's usual moment to check for updates from MS before
doing anything.
I noticed that the connection was very busy.
Usually it takes about 20 sec to do it's thing and then stops.
Usually between 30 KB and 80 KB of data is downloaded during a check.
The whole process took about 3.5 minutes and about a Megabyte and a half was
transmitted.

During this I used the task manager to see if there were any suspicious
processes going on
(Yes, on my home machine I am qualified to identify suspicious processes ).
There were none.

Note none of my programs is set to autoupdate, especially if they are not
running.
This includes my AV, Java, Adobe, etc.
FireFox's AntiPhinsing DB will autoupdate but only if FF is running which it
was not.

This all made me a little nervous.
I checked the windowsupdate log and there was in fact Windows Update
activity going on at that time.

I am a work right now and cannot post that portion of the log but it seemed
to at the very least have updated:
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\wups.dll
[note I am pasting the path from the work machine and cannot confirem the
"7.0.6000.374" part of the path, but you get the idea.]

The file wups.dll was "created" 8/20/2007 at about 7:0x PM, though it was
"modified",I think, in late July.
[for those of you who don't understand how Windows can consider a file to be
"modified" before it was "created" don't worry about it].

Now mind you wups.dll appears to be only 33 KB !!!
So what all that other data transmission was about I don't know.

My point is this:
It "seems" that Automatic Updates updated "itself" without my permission!
I double checked and it is set to "notify" of updates with out downloading.

The only thing I can think of that might justify an unauthorized update is
that since I update Windows Defender by downloading the file myself perhaps
AU could need to "sync" something between it self and the AU database. But
1, should that not have happened on Thurs or Friday (I was online both days)
and 2, a megabyte and a half is a lot of data for "syncing".

Very Strange
/* Rod Serling Voice On */
Summited for your consideration

?
Tim
Geek w/o Portfolio

 

[Bill Sanderson MVP]

I'd be interested in seeing the tail of the log you mention. I'm not sure
what the right answer is here. I believe that if you blow away parts of AU
or MU, it is self-healing--i.e. it replaces those parts. I don't know
whether, if AU is set to ask before downloading, whether it does that for
such a download. For consistency, you would expect that, but maybe the part
that "knows" isn't working (in some hypothetical situation!)

At any rate--it'd be interesting to see what the update was, and see whether
I can spot it on other machines.

--

AU Autoupdates Self?

As mentioned in a previous post I use the DUN icon in the system tray to
note the status of my modem connection.

Odd thing happened yesterday on my home machine.

About 7:00 pm I logged on to the internet.
I gave the connection it's usual moment to check for updates from MS
before
doing anything.
I noticed that the connection was very busy.
Usually it takes about 20 sec to do it's thing and then stops.
Usually between 30 KB and 80 KB of data is downloaded during a check.
The whole process took about 3.5 minutes and about a Megabyte and a half
was
transmitted.

During this I used the task manager to see if there were any suspicious
processes going on
(Yes, on my home machine I am qualified to identify suspicious processes
).
There were none.

Note none of my programs is set to autoupdate, especially if they are not
running.
This includes my AV, Java, Adobe, etc.
FireFox's AntiPhinsing DB will autoupdate but only if FF is running which
it
was not.

This all made me a little nervous.
I checked the windowsupdate log and there was in fact Windows Update
activity going on at that time.

I am a work right now and cannot post that portion of the log but it
seemed
to at the very least have updated:
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\wups.dll
[note I am pasting the path from the work machine and cannot confirem the
"7.0.6000.374" part of the path, but you get the idea.]

The file wups.dll was "created" 8/20/2007 at about 7:0x PM, though it was
"modified",I think, in late July.
[for those of you who don't understand how Windows can consider a file to
be
"modified" before it was "created" don't worry about it].

Now mind you wups.dll appears to be only 33 KB !!!
So what all that other data transmission was about I don't know.

My point is this:
It "seems" that Automatic Updates updated "itself" without my permission!
I double checked and it is set to "notify" of updates with out
downloading.

The only thing I can think of that might justify an unauthorized update is
that since I update Windows Defender by downloading the file myself
perhaps
AU could need to "sync" something between it self and the AU database.
But
1, should that not have happened on Thurs or Friday (I was online both
days)
and 2, a megabyte and a half is a lot of data for "syncing".

Very Strange
/* Rod Serling Voice On */
Summited for your consideration

?
Tim
Geek w/o Portfolio

 

[Guest]

Bill,

Thanks for the interest,
I will try to post it tomorrow.

Tim

 

[Guest]

Bill S,

The time frame in question from windowsupdate.log
Things start to get interesting at: 2007-08-20 19:03:21:218

Part 1 [log too long to post in one part]

2007-08-20 04:58:35:109 1024 6c8 Service ** END ** Service: Service exit
[Exit code = 0x240001]
2007-08-20 04:58:35:109 1024 6c8 Service *************

2007-08-20 19:01:47:687 1024 6cc Misc =========== Logging initialized
(build: 7.0.6000.374, tz: -0500) ===========
2007-08-20 19:01:48:859 1024 6cc Misc = Process:
C:\WINDOWS\System32\svchost.exe
2007-08-20 19:01:48:875 1024 6cc Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2007-08-20 19:01:47:687 1024 6cc Service *************
2007-08-20 19:01:48:875 1024 6cc Service ** START ** Service: Service startup
2007-08-20 19:01:48:875 1024 6cc Service *********
2007-08-20 19:01:48:875 1024 6cc Agent * WU client version 7.0.6000.374
2007-08-20 19:01:48:875 1024 6cc Agent * Base directory:
C:\WINDOWS\SoftwareDistribution
2007-08-20 19:01:48:875 1024 6cc Agent * Access type: No proxy
2007-08-20 19:01:48:875 1024 6cc Agent * Network state: Disconnected
2007-08-20 19:02:34:171 1024 6cc Agent *********** Agent: Initializing
Windows Update Agent ***********
2007-08-20 19:02:34:171 1024 6cc Agent *********** Agent: Initializing
global settings cache ***********
2007-08-20 19:02:34:171 1024 6cc Agent * WSUS server: <NULL>
2007-08-20 19:02:34:171 1024 6cc Agent * WSUS status server: <NULL>
2007-08-20 19:02:34:171 1024 6cc Agent * Target group: (Unassigned
Computers)
2007-08-20 19:02:34:171 1024 6cc Agent * Windows Update access disabled: No
2007-08-20 19:02:34:859 1024 6cc DnldMgr Download manager restoring 0
downloads
2007-08-20 19:02:34:859 1024 6cc AU ########### AU: Initializing Automatic
Updates ###########
2007-08-20 19:02:34:859 1024 6cc AU AU setting next detection timeout to
2007-08-21 00:02:34
2007-08-20 19:02:34:859 1024 6cc AU # Approval type: Pre-download notify
(User preference)
2007-08-20 19:02:34:859 1024 6cc AU AU finished delayed initialization
2007-08-20 19:02:34:937 1024 6cc Report *********** Report: Initializing
static reporting data ***********
2007-08-20 19:02:34:937 1024 6cc Report * OS Version = 5.1.2600.2.0.65792
2007-08-20 19:02:34:968 1024 6cc Report * Computer Brand = Dell Inc.

2007-08-20 19:02:34:968 1024 6cc Report * Computer Model = OptiPlex GX280

2007-08-20 19:02:34:984 1024 6cc Report * Bios Revision = A04
2007-08-20 19:02:34:984 1024 6cc Report * Bios Name = Phoenix ROM BIOS
PLUS Version 1.10 A04
2007-08-20 19:02:34:984 1024 6cc Report * Bios Release Date =
2005-02-09T00:00:00
2007-08-20 19:02:34:984 1024 6cc Report * Locale ID = 1033
2007-08-20 19:02:34:984 1024 6cc AU #############
2007-08-20 19:02:34:984 1024 6cc AU ## START ## AU: Search for updates
2007-08-20 19:02:34:984 1024 6cc AU #########
2007-08-20 19:02:34:984 1024 6cc AU # WARNING: Failed to find updates with
error code 8024001F
2007-08-20 19:02:34:984 1024 6cc AU #########
2007-08-20 19:02:34:984 1024 6cc AU ## END ## AU: Search for updates
[CallId = {00000000-0000-0000-0000-000000000000}]
2007-08-20 19:02:34:984 1024 6cc AU #############
2007-08-20 19:02:34:984 1024 6cc AU Network connection not detected,
subscribing for network reconnect for AU detection to happen
2007-08-20 19:02:56:906 1024 6cc AU Network connection established, AU can
do detection now
2007-08-20 19:02:56:937 1024 6cc AU #############
2007-08-20 19:02:56:937 1024 6cc AU ## START ## AU: Search for updates
2007-08-20 19:02:56:937 1024 6cc AU #########
2007-08-20 19:02:57:015 1024 6cc AU <<## SUBMITTED ## AU: Search for updates
[CallId = {9EB658E6-77AA-4BDC-BADD-B70EA60761C1}]
2007-08-20 19:02:57:031 1024 87c Agent *************
2007-08-20 19:02:57:031 1024 87c Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:02:57:046 1024 87c Agent *********
2007-08-20 19:02:57:046 1024 87c Agent * Online = Yes; Ignore download
priority = No
2007-08-20 19:02:57:046 1024 87c Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2007-08-20 19:02:57:046 1024 87c Agent * ServiceID =
{9482F4B4-E343-43B6-B170-9A65BC822C77}
2007-08-20 19:02:57:437 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:02:57:484 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:03:11:078 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:03:11:078 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:03:11:109 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2007-08-20 19:03:11:140 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:03:15:406 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2007-08-20 19:03:15:421 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:03:20:937 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2007-08-20 19:03:20:937 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:03:20:953 1024 87c Setup *********** Setup: Checking whether
self-update is required ***********
2007-08-20 19:03:20:953 1024 87c Setup * Inf file:
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2007-08-20 19:03:21:015 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.374, required version
= 7.0.6000.381
2007-08-20 19:03:21:015 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:078 1024 87c Setup Update required for
C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:078 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:093 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:125 1024 87c Setup Update required for
C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:125 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:156 1024 87c Setup Update required for
C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:156 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:187 1024 87c Setup Update required for
C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:187 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.374, required version
= 7.0.6000.381
2007-08-20 19:03:21:187 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:203 1024 87c Setup FATAL: Update required for
C:\WINDOWS\system32\wuweb.dll: target version = 7.0.6000.374, required
version = 7.0.6000.381
2007-08-20 19:03:21:218 1024 87c Setup * IsUpdateRequired = Yes
2007-08-20 19:03:21:234 1024 87c Setup *************
2007-08-20 19:03:21:234 1024 87c Setup ** START ** Setup: Downloading
client CABs
2007-08-20 19:03:21:234 1024 87c Setup *********
2007-08-20 19:03:21:234 1024 87c Setup * Main CAB URL:
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x86/Other
2007-08-20 19:03:21:234 1024 87c Setup * MUI CAB URL:
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x86/Other
2007-08-20 19:03:21:234 1024 87c Setup * Download directory:
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default
2007-08-20 19:03:33:890 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\cdm.cab:
2007-08-20 19:03:33:906 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:04:15:437 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuapi.cab:
2007-08-20 19:04:15:437 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:04:19:421 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuapi_en.cab:
2007-08-20 19:04:19:421 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:04:26:625 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuauclt.cab:
2007-08-20 19:04:26:625 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:04:48:062 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaucpl.cab:
2007-08-20 19:04:48:062 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:04:51:890 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaucpl_en.cab:
2007-08-20 19:04:51:906 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:07:02:375 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaueng.cab:
2007-08-20 19:07:02:390 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:07:06:281 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaueng_en.cab:
2007-08-20 19:07:06:281 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:07:34:828 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wucltui.cab:
2007-08-20 19:07:34:843 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:07:54:046 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wucltui_en.cab:
2007-08-20 19:07:54:062 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:07:59:031 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wups.cab:
2007-08-20 19:07:59:031 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:08:06:000 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wups2.cab:
2007-08-20 19:08:06:000 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:08:25:421 1024 87c Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuweb.cab:
2007-08-20 19:08:25:421 1024 87c Misc Microsoft signed: Yes
2007-08-20 19:08:25:484 1024 87c Setup *********
2007-08-20 19:08:25:484 1024 87c Setup ** END ** Setup: Downloading
client CABs
2007-08-20 19:08:25:484 1024 87c Setup *************
2007-08-20 19:08:25:484 1024 87c Agent * WARNING: Skipping scan,
self-update check returned 0x8024001B
2007-08-20 19:08:25:484 1024 6cc AU ########### AU: Uninitializing
Automatic Updates ###########
2007-08-20 19:08:26:078 1024 6cc Setup *************
2007-08-20 19:08:26:078 1024 6cc Setup ** START ** Setup: Installing client
binaries
2007-08-20 19:08:26:078 1024 6cc Setup *********
2007-08-20 19:08:26:078 1024 6cc Setup * Download directory:
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default
2007-08-20 19:08:26:078 1024 6cc Setup * Stop and start service: No
2007-08-20 19:08:26:203 1024 6cc Setup Starting file operations for section
cdm
2007-08-20 19:08:27:484 1024 87c Agent * WARNING: Exit code = 0x8024001B
2007-08-20 19:08:27:484 1024 87c Agent *********
2007-08-20 19:08:27:484 1024 87c Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:08:27:484 1024 87c Agent *************
2007-08-20 19:08:27:484 1024 87c Agent WARNING: WU client failed Searching
for update with error 0x8024001b
2007-08-20 19:08:29:109 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\cdm.dll to
C:\WINDOWS\system32\cdm.dll.wusetup.426515.new
2007-08-20 19:08:29:140 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\cdm.dll.wusetup.426515.new to C:\WINDOWS\system32\cdm.dll
2007-08-20 19:08:29:140 1024 6cc Setup File operations for section cdm
completed successfully
2007-08-20 19:08:29:171 1024 6cc Setup Starting file operations for section
wuapi
2007-08-20 19:08:30:296 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuapi.dll to
C:\WINDOWS\system32\wuapi.dll.wusetup.427765.new
2007-08-20 19:08:30:343 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wuapi.dll.wusetup.427765.new to
C:\WINDOWS\system32\wuapi.dll
2007-08-20 19:08:30:343 1024 6cc Setup File operations for section wuapi
completed successfully
2007-08-20 19:08:30:359 1024 6cc Setup Setup successfully moved MUI file
C:\WINDOWS\system32\wuapi.dll.mui to
C:\WINDOWS\system32\wuapi.dll.mui.wusetup.427906.bak
2007-08-20 19:08:30:375 1024 6cc Setup Setup successfully copied MUI file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuapi.dll.mui_en to
C:\WINDOWS\system32\wuapi.dll.mui
2007-08-20 19:08:30:375 1024 6cc Setup Starting file operations for section
wuauclt
2007-08-20 19:08:30:531 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe to
C:\WINDOWS\system32\wuauclt.exe.wusetup.428046.new
2007-08-20 19:08:30:593 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wuauclt.exe.wusetup.428046.new to
C:\WINDOWS\system32\wuauclt.exe
2007-08-20 19:08:30:593 1024 6cc Setup File operations for section wuauclt
completed successfully
2007-08-20 19:08:30:593 1024 6cc Setup Starting file operations for section
wuaucpl
2007-08-20 19:08:30:718 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaucpl.cpl to
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.428234.new
2007-08-20 19:08:30:750 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.428234.new to
C:\WINDOWS\system32\wuaucpl.cpl
2007-08-20 19:08:30:750 1024 6cc Setup File operations for section wuaucpl
completed successfully
2007-08-20 19:08:30:750 1024 6cc Setup Setup successfully moved MUI file
C:\WINDOWS\system32\wuaucpl.cpl.mui to
C:\WINDOWS\system32\wuaucpl.cpl.mui.wusetup.428296.bak
2007-08-20 19:08:30:765 1024 6cc Setup Setup successfully copied MUI file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaucpl.cpl.mui_en to
C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-08-20 19:08:30:765 1024 6cc Setup Starting file operations for section
wuaueng_SelfUpdate
2007-08-20 19:08:30:890 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll to
C:\WINDOWS\system32\wuaueng.dll.wusetup.428406.new
2007-08-20 19:08:31:078 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wuaueng.dll.wusetup.428406.new to
C:\WINDOWS\system32\wuaueng.dll
2007-08-20 19:08:31:078 1024 6cc Setup File operations for section
wuaueng_SelfUpdate completed successfully
2007-08-20 19:08:31:078 1024 6cc Setup Setup successfully moved MUI file
C:\WINDOWS\system32\wuaueng.dll.mui to
C:\WINDOWS\system32\wuaueng.dll.mui.wusetup.428625.bak
2007-08-20 19:08:31:109 1024 6cc Setup Setup successfully copied MUI file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll.mui_en to
C:\WINDOWS\system32\wuaueng.dll.mui
2007-08-20 19:08:31:109 1024 6cc Setup Starting file operations for section
wucltui
2007-08-20 19:08:31:234 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wucltui.dll to
C:\WINDOWS\system32\wucltui.dll.wusetup.428765.new
2007-08-20 19:08:31:281 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wucltui.dll.wusetup.428765.new to
C:\WINDOWS\system32\wucltui.dll
2007-08-20 19:08:31:437 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\en\wuau.adm to
C:\WINDOWS\INF\wuau.adm.wusetup.428968.new
2007-08-20 19:08:31:437 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\INF\wuau.adm.wusetup.428968.new to C:\WINDOWS\INF\wuau.adm
2007-08-20 19:08:31:437 1024 6cc Setup File operations for section wucltui
completed successfully
2007-08-20 19:08:31:437 1024 6cc Setup Setup successfully moved MUI file
C:\WINDOWS\system32\wucltui.dll.mui to
C:\WINDOWS\system32\wucltui.dll.mui.wusetup.428984.bak
2007-08-20 19:08:31:468 1024 6cc Setup Setup successfully copied MUI file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wucltui.dll.mui_en to
C:\WINDOWS\system32\wucltui.dll.mui
2007-08-20 19:08:31:500 1024 6cc Setup Setup successfully moved MUI file
C:\WINDOWS\HELP\wuauhelp.chm to
C:\WINDOWS\HELP\wuauhelp.chm.wusetup.429015.bak
2007-08-20 19:08:31:515 1024 6cc Setup Setup successfully copied MUI help
file C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuauhelp.chm_en to
C:\WINDOWS\HELP\wuauhelp.chm
2007-08-20 19:08:31:515 1024 6cc Setup Starting file operations for section
wups
2007-08-20 19:08:31:640 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wups.dll to
C:\WINDOWS\system32\wups.dll.wusetup.429156.new
2007-08-20 19:08:31:687 1024 6cc Setup File operations for section wups
completed successfully
2007-08-20 19:08:31:687 1024 6cc Setup Starting file operations for section
wups2
2007-08-20 19:08:31:796 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wups2.dll to
C:\WINDOWS\system32\wups2.dll.wusetup.429312.new
2007-08-20 19:08:31:812 1024 6cc Setup File operations for section wups2
completed successfully
2007-08-20 19:08:31:812 1024 6cc Setup Starting file operations for section
wuweb
2007-08-20 19:08:31:937 1024 6cc Setup Successfully copied source file
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuweb.dll to
C:\WINDOWS\system32\wuweb.dll.wusetup.429453.new
2007-08-20 19:08:32:046 1024 6cc Setup Setup successfullly moved
C:\WINDOWS\system32\wuweb.dll.wusetup.429453.new to
C:\WINDOWS\system32\wuweb.dll
2007-08-20 19:08:32:046 1024 6cc Setup File operations for section wuweb
completed successfully
2007-08-20 19:08:32:046 1024 6cc Setup Starting registry operations for
section cdm
2007-08-20 19:08:32:046 1024 6cc Setup Completed registration operations for
section cdm: status 0
2007-08-20 19:08:32:046 1024 6cc Setup Starting registry operations for
section wuapi
2007-08-20 19:08:32:046 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wuapi.dll"
2007-08-20 19:08:32:250 1024 6cc Setup Completed registration operations for
section wuapi: status 0
2007-08-20 19:08:32:250 1024 6cc Setup Starting registry operations for
section wuauclt
2007-08-20 19:08:32:312 1024 6cc Setup Completed registration operations for
section wuauclt: status 0
2007-08-20 19:08:32:312 1024 6cc Setup Starting registry operations for
section wuaucpl
2007-08-20 19:08:32:312 1024 6cc Setup Completed registration operations for
section wuaucpl: status 0
2007-08-20 19:08:32:312 1024 6cc Setup Starting registry operations for
section wuaueng_SelfUpdate
2007-08-20 19:08:32:328 1024 6cc Setup Completed registration operations for
section wuaueng_SelfUpdate: status 0
2007-08-20 19:08:32:328 1024 6cc Setup Starting registry operations for
section wucltui
2007-08-20 19:08:32:328 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wucltui.dll"
2007-08-20 19:08:32:421 1024 6cc Setup Completed registration operations for
section wucltui: status 0
2007-08-20 19:08:32:421 1024 6cc Setup Starting registry operations for
section wups
2007-08-20 19:08:32:453 1024 6cc Setup Completed registration operations for
section wups: status 0
2007-08-20 19:08:32:453 1024 6cc Setup Starting registry operations for
section wups2
2007-08-20 19:08:32:468 1024 6cc Setup Completed registration operations for
section wups2: status 0
2007-08-20 19:08:32:468 1024 6cc Setup Starting registry operations for
section wuweb
2007-08-20 19:08:32:468 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wuweb.dll"
2007-08-20 19:08:32:609 1024 6cc Setup Completed registration operations for
section wuweb: status 0
2007-08-20 19:08:32:609 1024 6cc Setup Processing registry operations
completed. Deleting backup files.
2007-08-20 19:08:32:609 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\cdm.dll.wusetup.426656.bak
2007-08-20 19:08:32:609 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuapi.dll.wusetup.427843.bak
2007-08-20 19:08:32:609 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuapi.dll.mui.wusetup.427906.bak
2007-08-20 19:08:32:609 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.428265.bak
2007-08-20 19:08:32:609 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuaucpl.cpl.mui.wusetup.428296.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuaueng.dll.mui.wusetup.428625.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wucltui.dll.wusetup.428781.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\INF\wuau.adm.wusetup.428984.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wucltui.dll.mui.wusetup.428984.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\HELP\wuauhelp.chm.wusetup.429015.bak
2007-08-20 19:08:32:625 1024 6cc Setup Successfully deleted backup file
C:\WINDOWS\system32\wuweb.dll.wusetup.429484.bak
2007-08-20 19:08:32:625 1024 6cc Setup *********
2007-08-20 19:08:32:625 1024 6cc Setup ** END ** Setup: Installing client
binaries
2007-08-20 19:08:32:625 1024 6cc Setup *************
2007-08-20 19:08:32:625 1024 6cc Report REPORT EVENT:
{E80719EF-3043-40FE-B5FB-735A636E548B} 2007-08-20
19:08:25:484-0500 1 162 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 0 SelfUpdate Success Content Download Download succeeded.
2007-08-20 19:08:32:640 1024 6cc Report REPORT EVENT:
{B969F7C6-3A30-4986-B28D-F1235786025C} 2007-08-20
19:08:32:625-0500 1 201 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 0 SelfUpdate Success Content Install Installation pending.
2007-08-20 19:08:32:703 1024 6cc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:08:32:703 1024 6cc Misc Microsoft signed: Yes
2007-08-20 19:08:32:718 1024 6cc Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:08:32:734 1024 6cc Misc Microsoft signed: Yes
2007-08-20 19:08:32:734 1024 6cc Report Uploading 1 events using cached
cookie, reporting URL =
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
2007-08-20 19:08:36:218 1024 6cc Report Reporter successfully uploaded 1
events.
2007-08-20 19:08:36:328 1024 6cc Service *********
2007-08-20 19:08:36:328 1024 6cc Service ** END ** Service: Service exit
[Exit code = 0x240002]
2007-08-20 19:08:36:328 1024 6cc Service *************
2007-08-20 19:08:36:421 1024 6cc Misc =========== Logging initialized
(build: 7.0.6000.381, tz: -0500) ===========
2007-08-20 19:08:36:421 1024 6cc Misc = Process:
C:\WINDOWS\System32\svchost.exe
2007-08-20 19:08:36:421 1024 6cc Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2007-08-20 19:08:36:421 1024 6cc Service *************
2007-08-20 19:08:36:421 1024 6cc Service ** START ** Service: Service startup
2007-08-20 19:08:36:421 1024 6cc Service *********
2007-08-20 19:08:36:437 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s
"C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll"
2007-08-20 19:08:36:500 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s
"C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll"
2007-08-20 19:08:36:625 1024 6cc Agent * WU client version 7.0.6000.381
2007-08-20 19:08:36:625 1024 6cc Agent * Base directory:
C:\WINDOWS\SoftwareDistribution
2007-08-20 19:08:36:625 1024 6cc Agent * Access type: No proxy
2007-08-20 19:08:36:625 1024 6cc Agent * Network state: Connected
2007-08-20 19:08:37:203 1024 6cc Report *********** Report: Initializing
static reporting data ***********
2007-08-20 19:08:37:203 1024 6cc Report * OS Version = 5.1.2600.2.0.65792
2007-08-20 19:08:37:484 1024 6cc Report * Computer Brand = Dell Inc.

2007-08-20 19:08:37:484 1024 6cc Report * Computer Model = OptiPlex GX280

2007-08-20 19:08:37:484 1024 6cc Report * Bios Revision = A04
2007-08-20 19:08:37:484 1024 6cc Report * Bios Name = Phoenix ROM BIOS
PLUS Version 1.10 A04
2007-08-20 19:08:37:484 1024 6cc Report * Bios Release Date =
2005-02-09T00:00:00
2007-08-20 19:08:37:484 1024 6cc Report * Locale ID = 1033
2007-08-20 19:08:37:515 1024 6cc Service * Service restarted after self
update
2007-08-20 19:08:42:515 1024 b50 Report REPORT EVENT:
{F30F969D-BB28-4ADF-9E38-EDE25CF08E85} 2007-08-20
19:08:36:656-0500 1 183 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 0 SelfUpdate Success Content
Install Installation Successful: Windows successfully installed the following
update: Automatic Updates

 

[Guest]

Bill S,

Part 2 [ continued from part one at : 2007-08-20 19:08:36:656]

Success Content Install Installation Successful: Windows successfully
installed the following update: Automatic Updates
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
Windows Update Agent ***********
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
global settings cache ***********
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS status server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * Target group: (Unassigned
Computers)
2007-08-20 19:09:21:640 1024 6cc Agent * Windows Update access disabled: No
2007-08-20 19:09:22:265 1024 6cc DnldMgr Download manager restoring 0
downloads
2007-08-20 19:09:22:265 1024 6cc AU ########### AU: Initializing Automatic
Updates ###########
2007-08-20 19:09:22:265 1024 6cc AU AU setting next detection timeout to
2007-08-21 00:09:22
2007-08-20 19:09:22:281 1024 6cc AU # Approval type: Pre-download notify
(User preference)
2007-08-20 19:09:22:296 1024 6cc AU AU finished delayed initialization
2007-08-20 19:09:22:296 1024 6cc AU #############
2007-08-20 19:09:22:296 1024 6cc AU ## START ## AU: Search for updates
2007-08-20 19:09:22:296 1024 6cc AU #########
2007-08-20 19:09:22:296 1024 6cc AU <<## SUBMITTED ## AU: Search for updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:22:953 1024 b50 Agent *************
2007-08-20 19:09:22:953 1024 b50 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:22:953 1024 b50 Agent *********
2007-08-20 19:09:22:953 1024 b50 Agent * Online = Yes; Ignore download
priority = No
2007-08-20 19:09:22:953 1024 b50 Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2007-08-20 19:09:22:953 1024 b50 Agent * ServiceID =
{9482F4B4-E343-43B6-B170-9A65BC822C77}
2007-08-20 19:09:22:953 1024 b50 Setup Agent skipping selfupdate check
following a successful selfupdate
2007-08-20 19:09:24:234 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:24:250 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:27:281 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-08-20 19:09:27:281 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:56:578 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:578 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:890 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2007-08-20 19:09:56:890 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:58:156 1024 b50 Agent * Found 0 updates and 13 categories
in search; evaluated appl. rules of 582 out of 902 deployed entities
2007-08-20 19:09:58:203 1024 b50 Agent *********
2007-08-20 19:09:58:203 1024 b50 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:58:203 1024 b50 Agent *************
2007-08-20 19:09:58:203 1024 bd8 AU >>## RESUMED ## AU: Search for updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU # 0 updates detected
2007-08-20 19:09:58:203 1024 bd8 AU #########
2007-08-20 19:09:58:203 1024 bd8 AU ## END ## AU: Search for updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU #############
2007-08-20 19:09:58:203 1024 bd8 AU AU setting next detection timeout to
2007-08-21 19:36:53
2007-08-20 19:10:03:203 1024 b50 Report REPORT EVENT:
{C785453E-ED64-4C4E-8C8C-74A6297FF665} 2007-08-20
19:09:58:203-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.

 

[Bill Sanderson MVP]

Thanks!

I've now seen this on one machine myself. When I saw reports in the groups,
I thought "Aha--WGA." However, it isn't that at all--it really does appear
to be an update of the WU and MU code.

--

Bill S,

Part 2 [ continued from part one at : 2007-08-20 19:08:36:656]

Success Content Install Installation Successful: Windows successfully
installed the following update: Automatic Updates
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
Windows Update Agent ***********
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
global settings cache ***********
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS status server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * Target group: (Unassigned
Computers)
2007-08-20 19:09:21:640 1024 6cc Agent * Windows Update access disabled:
No
2007-08-20 19:09:22:265 1024 6cc DnldMgr Download manager restoring 0
downloads
2007-08-20 19:09:22:265 1024 6cc AU ########### AU: Initializing
Automatic
Updates ###########
2007-08-20 19:09:22:265 1024 6cc AU AU setting next detection timeout to
2007-08-21 00:09:22
2007-08-20 19:09:22:281 1024 6cc AU # Approval type: Pre-download notify
(User preference)
2007-08-20 19:09:22:296 1024 6cc AU AU finished delayed initialization
2007-08-20 19:09:22:296 1024 6cc AU #############
2007-08-20 19:09:22:296 1024 6cc AU ## START ## AU: Search for updates
2007-08-20 19:09:22:296 1024 6cc AU #########
2007-08-20 19:09:22:296 1024 6cc AU <<## SUBMITTED ## AU: Search for
updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:22:953 1024 b50 Agent *************
2007-08-20 19:09:22:953 1024 b50 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:22:953 1024 b50 Agent *********
2007-08-20 19:09:22:953 1024 b50 Agent * Online = Yes; Ignore download
priority = No
2007-08-20 19:09:22:953 1024 b50 Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2007-08-20 19:09:22:953 1024 b50 Agent * ServiceID =
{9482F4B4-E343-43B6-B170-9A65BC822C77}
2007-08-20 19:09:22:953 1024 b50 Setup Agent skipping selfupdate check
following a successful selfupdate
2007-08-20 19:09:24:234 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:24:250 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:27:281 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-08-20 19:09:27:281 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:56:578 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:578 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:890 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 PT +++++++++++ PT: Synchronizing
extended
update info +++++++++++
2007-08-20 19:09:56:890 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:58:156 1024 b50 Agent * Found 0 updates and 13
categories
in search; evaluated appl. rules of 582 out of 902 deployed entities
2007-08-20 19:09:58:203 1024 b50 Agent *********
2007-08-20 19:09:58:203 1024 b50 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:58:203 1024 b50 Agent *************
2007-08-20 19:09:58:203 1024 bd8 AU >>## RESUMED ## AU: Search for
updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU # 0 updates detected
2007-08-20 19:09:58:203 1024 bd8 AU #########
2007-08-20 19:09:58:203 1024 bd8 AU ## END ## AU: Search for updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU #############
2007-08-20 19:09:58:203 1024 bd8 AU AU setting next detection timeout to
2007-08-21 19:36:53
2007-08-20 19:10:03:203 1024 b50 Report REPORT EVENT:
{C785453E-ED64-4C4E-8C8C-74A6297FF665} 2007-08-20
19:09:58:203-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0
AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.

 

[Guest]

Hi Tim,

Reading your log,

2007-08-20 19:01:48:875 1024 6cc Agent * WU client version 7.0.6000.374

At that time you was running 7.0.6000.374

And now you was updated to 7.0.6000.381

2007-08-20 19:08:36:437 1024 6cc Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s
"C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll"

Welcome to the club ;-)
--


FATE
Heaven know its time; the bullet has its billet.—Scott

Thanks!

I've now seen this on one machine myself. When I saw reports in the groups,
I thought "Aha--WGA." However, it isn't that at all--it really does appear
to be an update of the WU and MU code.

--

Bill S,

Part 2 [ continued from part one at : 2007-08-20 19:08:36:656]

Success Content Install Installation Successful: Windows successfully
installed the following update: Automatic Updates
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
Windows Update Agent ***********
2007-08-20 19:09:21:640 1024 6cc Agent *********** Agent: Initializing
global settings cache ***********
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * WSUS status server: <NULL>
2007-08-20 19:09:21:640 1024 6cc Agent * Target group: (Unassigned
Computers)
2007-08-20 19:09:21:640 1024 6cc Agent * Windows Update access disabled:
No
2007-08-20 19:09:22:265 1024 6cc DnldMgr Download manager restoring 0
downloads
2007-08-20 19:09:22:265 1024 6cc AU ########### AU: Initializing
Automatic
Updates ###########
2007-08-20 19:09:22:265 1024 6cc AU AU setting next detection timeout to
2007-08-21 00:09:22
2007-08-20 19:09:22:281 1024 6cc AU # Approval type: Pre-download notify
(User preference)
2007-08-20 19:09:22:296 1024 6cc AU AU finished delayed initialization
2007-08-20 19:09:22:296 1024 6cc AU #############
2007-08-20 19:09:22:296 1024 6cc AU ## START ## AU: Search for updates
2007-08-20 19:09:22:296 1024 6cc AU #########
2007-08-20 19:09:22:296 1024 6cc AU <<## SUBMITTED ## AU: Search for
updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:22:953 1024 b50 Agent *************
2007-08-20 19:09:22:953 1024 b50 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:22:953 1024 b50 Agent *********
2007-08-20 19:09:22:953 1024 b50 Agent * Online = Yes; Ignore download
priority = No
2007-08-20 19:09:22:953 1024 b50 Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2007-08-20 19:09:22:953 1024 b50 Agent * ServiceID =
{9482F4B4-E343-43B6-B170-9A65BC822C77}
2007-08-20 19:09:22:953 1024 b50 Setup Agent skipping selfupdate check
following a successful selfupdate
2007-08-20 19:09:24:234 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:24:250 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:27:281 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:27:281 1024 b50 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2007-08-20 19:09:27:281 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:56:578 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:578 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 Misc Validating signature for
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-08-20 19:09:56:890 1024 b50 Misc Microsoft signed: Yes
2007-08-20 19:09:56:890 1024 b50 PT +++++++++++ PT: Synchronizing
extended
update info +++++++++++
2007-08-20 19:09:56:890 1024 b50 PT + ServiceId =
{9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =
https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2007-08-20 19:09:58:156 1024 b50 Agent * Found 0 updates and 13
categories
in search; evaluated appl. rules of 582 out of 902 deployed entities
2007-08-20 19:09:58:203 1024 b50 Agent *********
2007-08-20 19:09:58:203 1024 b50 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2007-08-20 19:09:58:203 1024 b50 Agent *************
2007-08-20 19:09:58:203 1024 bd8 AU >>## RESUMED ## AU: Search for
updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU # 0 updates detected
2007-08-20 19:09:58:203 1024 bd8 AU #########
2007-08-20 19:09:58:203 1024 bd8 AU ## END ## AU: Search for updates
[CallId = {5A2C4CD7-B2C2-4417-AD67-6B7B784AABE9}]
2007-08-20 19:09:58:203 1024 bd8 AU #############
2007-08-20 19:09:58:203 1024 bd8 AU AU setting next detection timeout to
2007-08-21 19:36:53
2007-08-20 19:10:03:203 1024 b50 Report REPORT EVENT:
{C785453E-ED64-4C4E-8C8C-74A6297FF665} 2007-08-20
19:09:58:203-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0
AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.

 

[Guest]

Welcome to the club ;-)

Sorry Engel, but if you check the date and time of my original post
" 8/21/2007 9:00 AM PST "
Which was referring to an event the night before,
I am the Founding Member [ergo President} of the Club

I was very busy yesterday at work and could not chime in to the discussions
but I was wondering when someone would realize that you were all discussing
something I had already found

The question is still valid though, "Should Windows be updating without
permission when set to notify only".

This by the way, is the reason why I always go to WU and Office update the
day Before Patch Tuesday. I don't want to find out on Patch Tuesday itself
that WU needs to Update itself before it will give me the Critical updates.
I've seen it happen before and don't like it. MS should inform people when
the requirements of Au/WU/MU change so we can be prepared.

?
Tim

 

[Dave M]

A question for U Tim;

From what I noticed yesterday, the updated DLL and EXE versions did not
change after I started a manual Ms Update, although it was obvious that
something was downloaded and I actually approved it, before the usual
Custom/Express choice window appeared . At that point I had to re-boot to
see the changed files, because (I think?) the old originals were either in
my memory, or more likely they didn't actually get installed until the
re-boot. So doesn't that mean that the new downloads would not have been
available if invoking the Update would have found a critical download that
might have required the new Update code files be there first? That must
have created the need for this forced update to the Update code itself,
figuring that a re-boot would naturally happen before our next Update
Tuesday. There was obviously no view refresh involved after the download.
Is that your concern here - a re-boot required in the middle of updates -
or am I reading you incorrectly?

--

Regards, Dave

(snip)

 

[Guest]

Dave,

Not sure I understood the "givens' at beginning of the posts details so I
cut to the chase.

Is that your concern here - a re-boot required in the middle of updates -
or am I reading you incorrectly?

Not really. As I use a modem I want the amount of data transfered by WU on
Patch Tuesday to be as small and quick as possible.

In a 25MB upate scenario the updates would take an hour and 15 minutes
given a "good" connection speed of 48K.
A lot can happen during a 75 minute continuous download.
e.g.
1. The power could go out due excessive drain in summer months .
2. A thunderstorm could knock out the power.
3. A fuse could blow when the air conditioning kicks in.
4. The server could reset the connection.
5. My ISP could drop my connection.
6. The Gremlins could come into play, etc, etc, etc.

I try to get as much out of the way as possible before Patch Tuesday updates
at home and try to figure how much time it will take to finish the updates.
I download the MS Malicious Software Removal Tool (now at 7.57MB or a 23
minute download all by itself) at work and install it at home before I go
online, same with Defender updates if there are any ( A Full now clocks in at
4.22 MB or 13 minutes).

I do Windows updates on Patch Tueday and Office updates on Patch Wednesday.

By the way, a word about required reboots, my theory is this.
1. If it does not require a reboot, REBOOT ANYWAY.
2. If is does require a REBOOT, REBOOT TWICE.

There are important things that go on during a reboot.

MS "TRIES" to not require a reboot because of Corporate environments but my
feeling is that this just complicates things and that their updates would be
simpler if they were all followed by a reboot rather than have them
thinking, "Okay, this patch would be easier if if we reboot and this point,
but what can we do to avoid it."

The fact that the recent "unauthorized" update to AU did not require a
reboot does not mean the next one on Patch Tuesday wont, and I'd rather not
discover that at 7:39 PM.

By the way, have I mentioned that MS should be fined for every Patch Tuesday
that goes of 10 MBs.

Tim
?:-\

 

[Dave M]

Tim, OK, I really do understand about low bandwidth.

However, I also think this would have been a Big problem, or at least more
of a problem, if Ms had waited until patch Tuesday to force this sneaker
update along with any concurrent high priority updates. By that I mean
those updates that could only be located for potential install if your
system was using those newly downloaded Ms/Win/Au Update versions, and then
followed it with a system re-boot well in advance of the next patch
Tuesday. Looks like a case of damned if you do, and damed if you don't to
me.