New
#31
ask2solve turned off BITS and still seeing memory being consumed. The svchost process that is taking the memory is the on that contains the nsi service.
Nedly, im seeing a problem with memory be consumed not a cpu issue, thanks.
ask2solve turned off BITS and still seeing memory being consumed. The svchost process that is taking the memory is the on that contains the nsi service.
Nedly, im seeing a problem with memory be consumed not a cpu issue, thanks.
O I agree that it is not a cpu issue, but the other issues with these services intertwine with the same conflicts, the issue varies based on a specific combination of services. The machines I have dealt with so far have been memory issues as well. I watched a Windows system power on and instantly fill 4gb's of nonsense. It is a memory leak issue.
We are on the right trail though. I am currently firing up some stuff to try tracking it down. I have to try and replicate some different hardware to get to the issues. From what I can tell so far it is system based, not software based. Even if the software aspect is caused because of specific hardware, it still seems to be a conflict based on specific services with specific hardware.
I have to compile case information to try and find the similarities first. I might have something good to post by tonight. Full time CIS/ISS student so I am pretty busy but I plan to try and figure this out. Personally I love tracking down bugs.
Startup type for BITS should be manual
If disabled windows will not be able to check for updates.
Refer again to Brink's script:
Note: Personally I needed to manually run some of the above commands using a command prompt window and also use Powershell for some of them. I also needed to enable access to cmd. powershell and regsvr32 (usually blocked on my machine by certain security software). I needed to run each command and confirm results before running the next one.Code::: Created by: Shawn Brink :: https://www.sevenforums.com :: Tutorial: https://www.sevenforums.com/tutorials/91738-windows-update-reset.html net stop bits net stop wuauserv net stop appidsvc net stop cryptsvc Ipconfig /flushdns del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" del /f /s /q %SystemRoot%\SoftwareDistribution\*.* del /f /s /q %SystemRoot%\system32\catroot2\*.* del /f /q %SystemRoot%\WindowsUpdate.log sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) cd /d %windir%\system32 Ren %systemroot%\system32\catroot2 catroot2.bak regsvr32.exe /s atl.dll regsvr32.exe /s urlmon.dll regsvr32.exe /s mshtml.dll regsvr32.exe /s shdocvw.dll regsvr32.exe /s browseui.dll regsvr32.exe /s jscript.dll regsvr32.exe /s vbscript.dll regsvr32.exe /s scrrun.dll regsvr32.exe /s msxml.dll regsvr32.exe /s msxml3.dll regsvr32.exe /s msxml6.dll regsvr32.exe /s actxprxy.dll regsvr32.exe /s softpub.dll regsvr32.exe /s wintrust.dll regsvr32.exe /s dssenh.dll regsvr32.exe /s rsaenh.dll regsvr32.exe /s gpkcsp.dll regsvr32.exe /s sccbase.dll regsvr32.exe /s slbcsp.dll regsvr32.exe /s cryptdlg.dll regsvr32.exe /s oleaut32.dll regsvr32.exe /s ole32.dll regsvr32.exe /s shell32.dll regsvr32.exe /s initpki.dll regsvr32.exe /s wuapi.dll regsvr32.exe /s wuaueng.dll regsvr32.exe /s wuaueng1.dll regsvr32.exe /s wucltui.dll regsvr32.exe /s wups.dll regsvr32.exe /s wups2.dll regsvr32.exe /s wuweb.dll regsvr32.exe /s qmgr.dll regsvr32.exe /s qmgrprxy.dll regsvr32.exe /s wucltux.dll regsvr32.exe /s muweb.dll regsvr32.exe /s wuwebv.dll regsvr32 /s wudriver.dll REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f netsh winsock reset net start bits net start wuauserv net start appidsvc net start cryptsvc bitsadmin.exe /reset /allusers
I also had to manually force delete windowsupdate.log
@ Nedly. Let us know if you manage to track it down. I have only suspicions about what caused the memory leak on my machine. I managed to fix it.
Here's what might have caused the issue for me:
IE 11 was disabled by a registry hack (by me) and needed to be re-enabled, reset and all updates applied including a pending update that had been downloaded but not applied.
System Restore was disabled (by me) and needed to be enabled when downloading and installing those Freak attack update fixes for SSL that patched numerous important system files (including IE 11 fixes). rstrui.exe was one of the patched files and the update failed in left disabled.
Also in order to fix:
Needed to run advanced disk cleanup including windows update cleanup.
Needed to clear windows update temp files and delete windows update history.
Needed to delete datastore.edb
Needed to force re-install Windows Update Agent.
Note: Just running though some of the stuff that helped me and that's not to say that it applies in every case!
:)
It is definitely a memory leak, we can see that in ripsw's stats. It is like loop and other scripting issues, all of the data is nonsense, possibly even issues much like split packets - the starts and ends are shifted or there is a collision like I/O errors.
Big clues are:
Same software on different machines and only certain machines have the issue.
Windows updates as of recently, and only once or twice in the past contain the cause.
Windows without updates fresh off the install should not have the same errors, and I would bet for the most part Windows 8, 8.1, and soon to be 10 users are not facing the issue. So far I have found it in Vista and 7, all pro, home, and server systems.
I think it is a developing issue which is the reason we cannot find any good bug statistics. When I first got into the issue I found using SEO tools that there was a huge spike in this issue around a month - month and a half ago.
It is not the same on all machines either. I could, for example, set up a replica of your system on my Thinkpad and it will not show the same result. I know this cause I have all systems here, including 10 previews, and I have never faced the issue on my local machines.
What I am trying to do now is compile the common machine types who have the issue. Then map out the updates' dates and updates codes to match the dates (using SEO tools) of those issues beginning on the net. Then I should be able to compile the updates informations regarding which components and services they work for. Then we should be able to narrow down possibilities and have some play time - in a virtual machine of course.