Something odd with System Restore - Software Distribution Service 2.0 and Installed Your Application

[Miss Perspicacia Tick]

I have Googled for this until I am blue in the face but there is something
definitely up with my SR. There are points there that I KNOW I didn't create
(Software Distribution Service 2.0 and Installed Your Application Name) and
they're occuring at the rate of around one every eight seconds (I have
added up the difference between the points that are listed and averaged
them) and the Software Distribution Service with the same monotonous
regularity.

Running XP Pro with SP2 (and all latter updates). Also running .NET
Framework 1.1 SP1 (required for some of my apps)
MP10 (fully updated)
Office 2003 Pro SP1

I am convinced it's caused by a hotfix, but which one I have no idea.

I have uploaded an image here
(http://paintedover.com/uploads/show.php?loc=15&f=image1_9.jpg) because I'm
not very good at explaining what I mean. I hope the image helps. As it is,
in effect, killing SR (I cannot restore to points post-SDS2.0 - and, yes,
I've purged and reset). The system is on 24/7, yet no automatic points have
been created in over a week and, as I've just said, I cannot restore
post-SDS.

Is this a known issue (KB didn't help either)? If so, what's the solution?
If not, has this happened to anyone else and, if so, did you solve it - and
how?

Thanks

 

[Bert Kinney]

Hi,

I would suggest you start by doing a virus scan with up to date virus
software, then scan for and removing any installed spyware.
If you are in need of virus software, here are a couple to choose
from, for free.
Download the software, and in Update Manager run Update
then do a complete virus scan.
Free Offer: eTrust EZ Armor Security Suite from Computer Associates
http://www.my-etrust.com/microsoft/index.cfm

Here is a combination of utilities that works very well in the removal
of Spyware, Parasites and the like:
Ad-aware Personal Edition from Lavasoft http://www.lavasoftusa.com/ is
a free multi spyware removal utility that scans your memory, registry
and hard drives for known spyware components and lets you remove them
safely. Ad-aware PE is does not prevent spyware from being installed.
After installing Ad-Aware and before each scan make sure to run the
update feature before scanning. For large amounts of installed
spyware and such, it may be necessary to run Ad-Aware several times to
clear them all.

Here are a couple more removal tools that should also be run.
CWShredder -
http://www.intermute.com/spysubtract/cwshredder_download.html

Spybot: http://www.safer-networking.org/
Spybot Search and Destroy is more powerful and there is a slight
chance of problems. Using WinXP create a restore point first and see
the Parasite Fight link below.

SpywareBlaster:
http://www.wilderssecurity.net/spywareblaster.html
SpywareBlaster is a preventative non-memory resident program.
Spywareblaster does not scan and clean. Instead, it sets flags (or
kill bits) in the registry to prevent the running of a specific list
of bad spyware related ActiveX controls. This includes general spyware
and malicious dialers. It also blocks a list of known spyware related
cookies in IE6.

 

[Tom]

I have Googled for this until I am blue in the face but there is something
definitely up with my SR. There are points there that I KNOW I didn't
create (Software Distribution Service 2.0 and Installed Your Application
Name) and they're occuring at the rate of around one every eight seconds
(I have added up the difference between the points that are listed and
averaged them) and the Software Distribution Service with the same
monotonous regularity.

Running XP Pro with SP2 (and all latter updates). Also running .NET
Framework 1.1 SP1 (required for some of my apps)
MP10 (fully updated)
Office 2003 Pro SP1

I am convinced it's caused by a hotfix, but which one I have no idea.

I have uploaded an image here
(http://paintedover.com/uploads/show.php?loc=15&f=image1_9.jpg) because
I'm not very good at explaining what I mean. I hope the image helps. As it
is, in effect, killing SR (I cannot restore to points post-SDS2.0 - and,
yes, I've purged and reset). The system is on 24/7, yet no automatic
points have been created in over a week and, as I've just said, I cannot
restore post-SDS.

Is this a known issue (KB didn't help either)? If so, what's the solution?
If not, has this happened to anyone else and, if so, did you solve it -
and how?

You're right, it is caused by a hotfix, as I remember seeing that line item
in SR with that reference you're getting hit with in multitudes. But mine
didn't generate over and over again likes yours, so it may be acting upon
another installed application or two that you have. here is the KB article
http://support.microsoft.com/kb/887742.

Just to reassure you that this is it, after I did a restore to before that
was
installed, I got a notice from WU to that fix again, I reinstalled it, and
it
shows up again as the "Software Distribution Service 2.0 " in SR.

 

[Miss Perspicacia Tick]

Hi,

I would suggest you start by doing a virus scan with up to date virus
software, then scan for and removing any installed spyware.
If you are in need of virus software, here are a couple to choose
from, for free.
Download the software, and in Update Manager run Update
then do a complete virus scan.
Free Offer: eTrust EZ Armor Security Suite from Computer Associates
http://www.my-etrust.com/microsoft/index.cfm

Here is a combination of utilities that works very well in the removal
of Spyware, Parasites and the like:
Ad-aware Personal Edition from Lavasoft http://www.lavasoftusa.com/ is
a free multi spyware removal utility that scans your memory, registry
and hard drives for known spyware components and lets you remove them
safely. Ad-aware PE is does not prevent spyware from being installed.
After installing Ad-Aware and before each scan make sure to run the
update feature before scanning. For large amounts of installed
spyware and such, it may be necessary to run Ad-Aware several times to
clear them all.

Here are a couple more removal tools that should also be run.
CWShredder -
http://www.intermute.com/spysubtract/cwshredder_download.html

Spybot: http://www.safer-networking.org/
Spybot Search and Destroy is more powerful and there is a slight
chance of problems. Using WinXP create a restore point first and see
the Parasite Fight link below.

SpywareBlaster:
http://www.wilderssecurity.net/spywareblaster.html
SpywareBlaster is a preventative non-memory resident program.
Spywareblaster does not scan and clean. Instead, it sets flags (or
kill bits) in the registry to prevent the running of a specific list
of bad spyware related ActiveX controls. This includes general spyware
and malicious dialers. It also blocks a list of known spyware related
cookies in IE6.

Bert,

I don't mean to sound ungrateful, and I thank you for the advice, but you
should know me by now. I run a tight ship here and AVG, Spybot and AdAware
are run twice daily, so I know my system is clean. I have just had emails
from two friends (of which Will Denny (MVP) was one) who are reporting
similar occurrances and I know that both are also scrupulous about system
'hygiene'.

So thanks, but that's not it.

 

[Colin Barnhorst]

It's also possible that it is a brand new malware and the definition isn't
in the updates yet.

 

[WTC]

I have Googled for this until I am blue in the face but there is something
definitely up with my SR. There are points there that I KNOW I didn't
create (Software Distribution Service 2.0 and Installed Your Application
Name) and they're occuring at the rate of around one every eight seconds
(I have added up the difference between the points that are listed and
averaged them) and the Software Distribution Service with the same
monotonous regularity.

Running XP Pro with SP2 (and all latter updates). Also running .NET
Framework 1.1 SP1 (required for some of my apps)
MP10 (fully updated)
Office 2003 Pro SP1

I am convinced it's caused by a hotfix, but which one I have no idea.

I have uploaded an image here
(http://paintedover.com/uploads/show.php?loc=15&f=image1_9.jpg) because
I'm not very good at explaining what I mean. I hope the image helps. As it
is, in effect, killing SR (I cannot restore to points post-SDS2.0 - and,
yes, I've purged and reset). The system is on 24/7, yet no automatic
points have been created in over a week and, as I've just said, I cannot
restore post-SDS.

Is this a known issue (KB didn't help either)? If so, what's the solution?
If not, has this happened to anyone else and, if so, did you solve it -
and how?

Thanks

There is a System Restore Diagnostics Utility you could try to see if it is
Malfunctioning.

%SYTEMROOT%/System32/Restore/srdiag.exe

 

[Gerry Cornell]

Miss P

You have a high profile so you could be targeted! I would add HijackThis
to Bert's list!

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~

 

[Gerry Cornell]

Tom

Windows update suddenly offered me that update earlier this week
completely out of the blue. No idea why as I had not been experiencing
any problems, The release date is November 2004!

--


Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~

 

[Tom]

Me either, no problems whatsoever. So I find it interesting why MPT is
getting those multiple hit within such a short period of time. I already
speculated on that anyway to her. I have it, but I haven't had any issues.

 

[Joan Archer]

After reading this I thought I'd check and I have 2 of those checkpoints
one created on the 8th and one on the 23rd so like you have no idea what
they are, and like Will and yourself keep this machine clean.
Joan

 

[Yabbadoo]

Being curious - I ran it. All it does is provide a black DOS window with a
blinking/flashing cursor, no root, just the "minus" sign. No text or other
characters whatsoever. Closes down with the X top right.
So - what's wrong?

Sincerely, Len

 

[Miss Perspicacia Tick]

Tom

Windows update suddenly offered me that update earlier this week
completely out of the blue. No idea why as I had not been experiencing
any problems, The release date is November 2004!

Thank you all for your replies. Joan, I have told Will that you, too, have
odd entries. I have checked my parents' system and they do, too. I've no
idea what's going on.

 

[WTC]

Being curious - I ran it. All it does is provide a black DOS window with a
blinking/flashing cursor, no root, just the "minus" sign. No text or
other characters whatsoever. Closes down with the X top right.
So - what's wrong?

Sincerely, Len

A command window will open while the Srdiag.exe runs. The command session
will automatically close when complete, and the .cab file will be created in
your Windows\system32\restore directory. This can take several minutes.

A few different text files will be inside the cab file.

 

[Joan Archer]

Thought I'd just check my installation history at windows update and the
dates that I mentioned are the dates I installed updates, the 8th was
the monthly one that needed 9 updates and the 23rd was the update
KB887742, but so far they are the only two I see in SR.
Joan

 

[Bert Kinney]

Hi Len,

Be patient, it takes several minutes.

 

[Bert Kinney]

Sorry, but I do not know you, will until now.

Running these three app will not guarantee that all malware will be
found and removed.

Run Windows Update - Custom install, and look at "View Installation
History".
Look for hotfixes installed just prior to this problem. Some may be
able to be uninstalled from within
Add/remove programs.

 

[Tdazzler]

I have Googled for this until I am blue in the face but there is
something
definitely up with my SR. There are points there that I KNOW I didn't
create
(Software Distribution Service 2.0 and Installed Your Application Name)
and
they're occuring at the rate of around one every eight seconds (I
have
added up the difference between the points that are listed and
averaged
them) and the Software Distribution Service with the same monotonous
regularity.

Running XP Pro with SP2 (and all latter updates). Also running .NET
Framework 1.1 SP1 (required for some of my apps)
MP10 (fully updated)
Office 2003 Pro SP1

I am convinced it's caused by a hotfix, but which one I have no idea.

I have uploaded an image here
(http://tinyurl.com/6rkoa) because I'm
not very good at explaining what I mean. I hope the image helps. As it
is,
in effect, killing SR (I cannot restore to points post-SDS2.0 - and,
yes,
I've purged and reset). The system is on 24/7, yet no automatic points
have
been created in over a week and, as I've just said, I cannot restore
post-SDS.

Is this a known issue (KB didn't help either)? If so, what's the
solution?
If not, has this happened to anyone else and, if so, did you solve it -
and
how?

Thanks

Miss P
I have been struggling with "something" taking over or disabling my
internet explorer browser for about a month now. At first is suspected
AOL 9.0 security edition because the symtoms appeared just after I
installed that. I would get DNS error cannot connect to server.
Actually I could ping a numeric internet address with IE but not a
name.
I tried numerous things to no avail. I was about to Reformat, clean
install Windows XP and just prior to that, I uninstalled Norton
Internet Security.
My Internet Explorer came back working fine! Since then, I downloaded
AVG, Zone Alarm, and Microsoft Antispyware Beta. Now if I leave my
computor on overnight. I'll show the "Software Distribution Service
2" appearing overnight about 3:05 AM wich is usually just after the
Microsoft Anti-spyware finishes running. When "SDS2" appears as a
restore point, neither of my browser's IE or Firefox will work until
I restore before that. I know how to cure the problem, I just don't
know how to prevent it. It is a great nusiance as I recently installed
a Dell printer. After I had to restore, the printer could not be found.
What else will I be losing if I have to keep restoring every day I
leave my CPU on overnight. Feel free to contact me (e-mail address removed)

 

[Guest]

I have reviewed Google(confused) and Miss Perspicacia Tick thru the 3/26
response of Tdazzler. Also another community on this sub. thru July.
Has anyone come up with a solution.
I realize this should proberly be a new posting but since this stopped on
3/26,
thought might have been resolved thru individual e-mail correspondence.
Any solution...Please advise and thank.

 

[Bert Kinney]

Hi,

Please describe the problem your having with System Restore.

All About System Restore in WinXP
http://bertk.mvps.org/

 

[Guest]

Sorry Bert,
Ms. P's problem was not with System Restore but the "Software Distribution
Service Ver. 2.0" that keeps showing up as a restore point. Other's including
myself have problems with lost sound, lost printer connections, etc. When
these things happen, you can restore at that point and the problems are
solved until the program
runs again. What determines when it runs is undetimed. Sometimes it will
run once, twice a day or run itself but once a week or month.
You never know when it will happen but you certainly know when it does.

As I understand the original basic question: Where did the program come from
and How do you get rid of it?

There are any number of sites discussing this problem and it seems to be
eluding the best minds.

Microsoft seems to be avoiding the problem because I think it came from in
house and they don't know who or where or how to get rid of it.

Still looking?????????