repeated install upon shut down

When I shut down, every time I get "installing update 1 of 1". This is EVERY
TIME.

I looked at my installed programs to see if anything looked suspicious and
saw that Microsoft.net Framework 1.1 hotfix (KB886903) was listed. Could
this be the problem and if it is how do I stop this?

Does anyone have an idea of why this is happening? This is an update put
there by Microsoft and is not recognizing it has installed the update and
repeats this every time I close down.

"LJB1125" <> wrote in message
news:A540EA6C-E85B-45E8-8C18-...
> When I shut down, every time I get "installing update 1 of 1". This is EVERY
> TIME.
>
> I looked at my installed programs to see if anything looked suspicious and
> saw that Microsoft.net Framework 1.1 hotfix (KB886903) was listed. Could
> this be the problem and if it is how do I stop this?
>
> Does anyone have an idea of why this is happening? This is an update put
> there by Microsoft and is not recognizing it has installed the update and
> repeats this every time I close down.


A more likely explanation is that the update has found some modules
which need to be replaced that are in use and can't even be renamed.
Therefore (assuming the OS involved is NTx) it lists such modules
under a registry value named: PendingFileRenameOperations

A problem might be that you have some (nondisclosed) security package
in effect which allows that registry value to be updated but prevents
the actual replacement of the modules (e.g. during a boot).
That would result in a loop featuring all the symptoms that you have
so far disclosed (regardless of which update it really is.)

Next time, before shutting down check that registry value.
E.g. open it and capture the value's contents.
Use that list of modules to understand what names and versions of files
are involved. E.g. find them in their stated directories and use File Properties
to check their versions. Tip: filever.exe from the XP Support Tools package
is handy way of doing this more conveniently from the command line.

Depending on the update you may also get enough related clues using
just the Event Viewer. Who knows, perhaps the unknown (hypothesised)
security package even logs things when it blocks suspected attempts
at creating Trojans? Etc.

This is why I suggest that security packages may have to be disabled
(or even uninstalled), not just stopped. (Stopping a security package
would only stop it for the current boot but leave it free to become active
again on the next boot, which is when (depending on how soon it becomes
active in the boot) it could do the (hypothesised) blocking.)

Another alternative, doing a so-called "safe" boot, might prevent the security
package from starting but it's not clear to me if that system would see
the PendingFileRenameOperations (which I see only in the CurrentControlSet).
I'm really not keen on experimenting to find out exactly how these two
variables interact but don't think it would be any worse than the whatever
it is that is happening for you now.


Good luck

Robert Aldwinckle
---

"Robert Aldwinckle" wrote:

> "LJB1125" <> wrote in message
> news:A540EA6C-E85B-45E8-8C18-...
> > When I shut down, every time I get "installing update 1 of 1". This is EVERY
> > TIME.
> >
> > I looked at my installed programs to see if anything looked suspicious and
> > saw that Microsoft.net Framework 1.1 hotfix (KB886903) was listed. Could
> > this be the problem and if it is how do I stop this?
> >
> > Does anyone have an idea of why this is happening? This is an update put
> > there by Microsoft and is not recognizing it has installed the update and
> > repeats this every time I close down.
>
>
> A more likely explanation is that the update has found some modules
> which need to be replaced that are in use and can't even be renamed.
> Therefore (assuming the OS involved is NTx) it lists such modules
> under a registry value named: PendingFileRenameOperations
>
> A problem might be that you have some (nondisclosed) security package
> in effect which allows that registry value to be updated but prevents
> the actual replacement of the modules (e.g. during a boot).
> That would result in a loop featuring all the symptoms that you have
> so far disclosed (regardless of which update it really is.)
>
> Next time, before shutting down check that registry value.
> E.g. open it and capture the value's contents.
> Use that list of modules to understand what names and versions of files
> are involved. E.g. find them in their stated directories and use File Properties
> to check their versions. Tip: filever.exe from the XP Support Tools package
> is handy way of doing this more conveniently from the command line.
>
> Depending on the update you may also get enough related clues using
> just the Event Viewer. Who knows, perhaps the unknown (hypothesised)
> security package even logs things when it blocks suspected attempts
> at creating Trojans? Etc.
>
> This is why I suggest that security packages may have to be disabled
> (or even uninstalled), not just stopped. (Stopping a security package
> would only stop it for the current boot but leave it free to become active
> again on the next boot, which is when (depending on how soon it becomes
> active in the boot) it could do the (hypothesised) blocking.)
>
> Another alternative, doing a so-called "safe" boot, might prevent the security
> package from starting but it's not clear to me if that system would see
> the PendingFileRenameOperations (which I see only in the CurrentControlSet).
> I'm really not keen on experimenting to find out exactly how these two
> variables interact but don't think it would be any worse than the whatever
> it is that is happening for you now.
>
>
> Good luck
>
> Robert Aldwinckle
> ---
>
>
> Thanks Robert