I occasionally have "glitches" on my Windoze 10 box. An Explorer
window inexplicably refreshing by itself. The mouse pointer
blinking a few times between arrow and semi-busy arrow-and-wheel.
Music or videos pausing themselves briefly, including local file
playback that isn't network congestion sensitive.

If I quickly go to Process Explorer I will often see a bunch of
svchosts or similar background tasks just turning red and
disappearing. Sorting by start time will usually show a
BackgroundTaskHost and/or a RuntimeBroker, and often other
svchosts still lingering. Mousing over them usually shows either
"[error opening process]" or gobbledegook, but once in a while
it will be some MSOffice thing (I don't even have MSOffice
installed here), Client License Service, or Windows Update Medic
Service. Very often there's a TrustedInstaller and tiworker
instances, and on one occasion I traced a bandwidth issue to a
svchost with Background Intelligent Transfer Service saturating my
down-pipe.

The obvious inference from the last few items in particular would
be that it was downloading and installing updates. The problem
with that is, it lacks permission to. Indeed, not only are updates
almost *always* paused on this machine but the network connection
is almost *always* set to "metered".

(I will deliberately unpause them once a month to let security patches
install, then reboot, so that this stuff happens at a time of my
choosing and cannot just up and happen while I'm working at the machine,
or interrupt a background task of my own halfway through the night when
I'm not there to promptly resume it after the reboot completes.)

Now, perhaps once in a while this is the Edge browser auto-updating
(assuming, that is, that it ever does so if the user never has it open),
but that doesn't explain tasks that reference MSOffice, or explicitly
refer to Windows Update, showing up.

*So far* none of these "updates", if updates they are, has triggered a
poorly timed reboot. So far.

Does anyone know what might be causing these disturbances? Also, after
one I will often discover a Microsoft Photos task (and often an
associated RuntimeBroker) in the task list despite not having any
Microsoft Photos windows open at the time. Is this likely to be
lingering after the last time I had such a window open, or is it also
being caused by these phantom updates?

It seems that W10 needs a bit more taming than "switch off all the
telemetry stuff, switch on metered network, and pause updates".

I have two other persistent nuisance issues with W10, which may or
may not be connected.

First, sometimes a background task called HxTsr runs, and it often
causes significant paging when it does. Worse, it often seems to be
triggered by user interaction with the machine after it has been
idle for a while, so the machine often is sluggish and balky for
the first minute or two when I go to use it for anything. I could
not trace what was causing this process to launch, either forwards
(searching through Task Scheduler) or backwards (parent process,
its parent, etc.; just grounds out at services). Googling indicates
it's a component of Outlook; I use Thunderbird for mail on this
machine so I've no use for Outlook, never installed it to my
knowledge, and if it came preinstalled I never configured it with
any accounts. So it would not know of a server to try to check for
new mail on, and since checking for new mail is the only obvious
background task for a mail client to do without any user interaction,
that leaves me at a complete loss as to why this activity is occurring.

Second, *usually* after the machine has accrued a significant uptime
but occasionally sooner, a set of symptoms will develop.

1. The sihost process may become bloated, with gigs of private bytes,
and/or get into a busy loop that ties up one CPU core.
2. The explorer process may become bloated, also to the tune of
multiple gigabytes.
3. In addition to sluggish all-around performance of the sort that
could be expected to occur with a large amount of memory tied up,
some specific functions become particularly balky, all of which to
my knowledge involve Explorer. The Start Menu is a particular
nuisance as the start button often just ignores clicks and one must
hammer on it for a while until the menu starts flickering open and
closed, then stop and if it's closed click once more to reopen it,
*and* it may then come up as a blank black rectangle and need to be
closed and reopened one or more *additional* times before it comes
up *properly*. The photo viewer, sluggish at the best of times, also
seems to become much worse in this condition, sometimes just coming
up blank or with an endlessly spinning wheel and needing to be closed
and retried as well.

This latter nuisance situation can only be fixed by restarting the
sihost process, which crashes Explorer so all open folder windows have to
be recreated afterward, itself a nuisance. But it will run in "as if
freshly rebooted" performance again for a while after.

"A while" is usually days, occasionally over two weeks, and sometimes
mere hours. Once the machine came up from a reboot with the sihost already
grabbing lots of CPU until I restarted it.

So, we have phantom updates; HxTsr; and sihost/Explorer evidently leaking
shit.

Also, does anyone have any Windoze newsreader advice? I'm currently using
Pan, because Thunderbird doesn't have good scorefile capabilities, but the
Pan Windoze port has problems of its own. For starters, the bottom pane is
unusable as so much as touching it with the mouse pointer makes Pan
*hemmorhage* GDI handles and it will quickly crash if you spend much time
scrolling in or otherwise interacting with that panel at all. So to read,
one must hit "f" and read the quoted text in the followup composition
window, then discard (unless one decides to actually write a followup).
If the post had a properly delimited sig you won't even see it. Pan on
Windoze also cannot reply to crossposts reliably. It seems if the
Newsgroups: line is longer than about 80 characters when sending a reply
that will also crash it. Other crashes that have proved reproducible
mostly involved replying to threads started by Google Groups users, but
any thread where the first message-ID in the References line is very
long seems to trigger that one. It's just most common with Google Groups,
whose message-IDs are excessively large and which all the newbies tend to
use.

The version I'm using now is perhaps a bit more stable than earlier or
later ones. The latest few seem to lack Windoze ports entirely, and I've
not been successful at using provided contact information to contact the
Windoze port maintainer.

Is there a better Windoze port available, or else a better (free, and
preferably free-licensed too) Windoze newsreader?

On 4/15/2023 5:43 AM, Tom Niven wrote:
> I occasionally have "glitches" on my Windoze 10 box.
<some very nice stuff deleted>

"OMG, you seek Yoda!"

So what you're telling us right now, is you don't have
a computer. You have a mere bucket of glitchy bolts.

For fun:

Start : Run : winver

and tell us what version you are running.

Version 21H2 (OS Build 19044.2673) <=== one rev behind, one patch behind
still in support

Windows 10 Pro <=== does not indicate x86 or x64

OK, after a bit of work, mine is

Version 22H2 (OS Build 19045.2846) <=== up to date

Windows 10 Pro

BITS is no longer used for Windows Update. DoSVC is used.
Both have GPEDIT policies. DoSVC has better controls of
network usage. BITS may remain as a fallback subsystem.
For example, there is some Powershell thing similar to a
"wget" command, which names BITS explicitly.

You can run Windows Memory Diagnostic (if you can find it!).
I don't think your computer has bad memory, but running a
memory test is the first step of "mere bucket".

Windows Defender has an offline scan it can do. It prepares
materials, then on a reboot, it does its thing.

Assuming your update system is compromised, you can manually
install the latest definitions. I use this sometimes, for
systems isolated from the internet. Deliver on USB stick
(only good if you know the machine isn't dirty).

https://www.microsoft.com/en-us/wdsi/defenderupdates

No, the EXE is "un-expressive" and you cannot tell what it is
doing (unfortunately). But this is all part of shoring up a machine.
After this runs and loads definitions, and one reboot, then you would
do the Windows Defender offline scan (involving another reboot).

If you open Windows Security, in the lower-right corner is "Settings".
Near the bottom-middle of "Settings" is the "About" item. Since it
won't let me wipe over the text, I'll just photo it.

[Picture]

https://i.postimg.cc/2SKNSSGX/windows-defender-ABOUT-window.gif

That's enough for a start.

*******

Your problem does not sound like a video card driver issue.

If you had an FX5200 in the machine (no valid driver), then
the Microsoft Basic Display Adapter (software based) driver is likely
more stable than some of the in-support cards :-)

I don't particularly like to wave around bland recipes
like the web sites. I seek evidence they will help.

A Repair Install, by mounting the ISO of the same version of OS
as you are currently running, this would correct the contents
of System32 for example. However, it does not clean the registry.
If a pest is present, the pest may have its own protections
from the Repair Install.

System Restore points are useless at a time like this. Doing a minor
rollback, if a pest is present, the pest injects itself into the
rollbacks. AV products normally erase all the Restore Points, so that
the user cannot use them (because even the most amateur malware,
attacks Restore Points).

Nuking and paving works. But why would I tell you to do that ? :-)

If you do the Repair Install, by running Setup.exe from the
mounted Windows installer ISO9660 file, that is a relatively
cheap (and relatively ineffective) fix. But I would save this
step, for after your Windows Defender offline scan. You want
to scan first, to see how good the malware is.

On Windows 7, the Windows Defender offline scan is a separate
download. On the more modern OSes, this is built for you and
you have the "convenience" of not needing to make media. It's
debatable how safe and effective it is. I'm not the best person
to quantify this stuff (I don't fix malware). It was more fun in
the past, when custom cleaners were available for some of the
pests.

Paul