Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spontaneous restarts in Win7 Ultimate - is malware causing it?


  • Please log in to reply
14 replies to this topic

#1 svenskenr

svenskenr

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 27 April 2017 - 01:29 PM

Hi, this is my first request for advice or help so I am starting here and will move to the Malware forums where logs are allowed if anyone thinks they are needed.

 

First, my system summary:

OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit

Processor: Intel® Pentium® 4 CPU 2.80GHz, x86 Family 15 Model 3 Stepping 4

Processor Count: 1

RAM: 1527 Mb

Graphics Card: Intel® 82915G/GV/910GL Express Chipset Family, 5 Mb

Hard Drives: C: 37 GB (1 GB Free); F: 29 GB (15 GB Free);

Motherboard: Hewlett-Packard, 097Ch

Antivirus: Microsoft Security Essentials, Enabled and Updated

 

Here's the issue:

A few months ago, I took this system to a professional repair lab because it was doing unpredictable spontaneous reboots. I would be working on something and all of a sudden the screen would blank and the HP boot screen would appear and the reboot would proceed. I usually selected "Start Windows Normally."

 

At the time, I thought I had established it was a faulty power switch. The lab tech said he removed some things from the hard disk but at this point I do not recall what. The important thing is that the spontaneous reboots were not recurring.

 

Within the past month or so the problem has returned. It is almost always within the first 10 minutes or so after powering the system on. As far as I can recall it always occurs while using the Internet: Facebook, Twitter, Google search, it doesn't seem to matter what. (I always use Google Chrome.) It only happens ONCE per work session: once it happens and the system reboots and I select "Start Windows Normally," it does not recur even if I work for 6 hours or more. I cannot recall any exceptions to that.

 

These do not strike me as symptoms of a hardware problem. Does it sound worthwhile to go ask your log analyzers if there might be something in my system that is causing this?

 

Thank you.


Edited by hamluis, 27 April 2017 - 01:55 PM.
Moved from W7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dna9

dna9

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 April 2017 - 01:42 PM

reboot in safe mode and update your anti-virus.  then do a full complete scan.

 

http://lmgtfy.com/?q=windows+safe+mode


Edited by dna9, 27 April 2017 - 01:44 PM.


#3 achzone

achzone

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:05:44 PM

Posted 28 April 2017 - 01:42 PM

It's also possible you may be getting a Blue Screen of Death and not even realizing it.

 

To ensure this isn't the case, go to Advanced System Settings

 

A quick way to get there is open up a CMD prompt, type system control into it, then select the Advanced System Settings link.

 

On the Advanced Tab, click Settings under Startup and Recovery.

 

Under System Failure, remove the tick from "Automatically restart" Click OK and wait to see if it happens again.

 

If you are getting a BSOD, then you'll be able to get the error codes to help you find and resolve the cause of the random restarts.

 

Hope that helps.



#4 Havachat

Havachat

  • Members
  • 1,083 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:05:44 PM

Posted 28 April 2017 - 05:20 PM

Before you post in malware removal.

 

I see you only have 1G free on C:\ Drive.

 

Youll need to free up some space , use Ccleaner { Free } to do so.  https://www.piriform.com/ccleaner/download

Also you can do a run with Malwarebytes to scan for any other issues https://www.malwarebytes.com/

 

Delete some old Restore Points depending on what setting it is on , % of drive.{ Ccleaner can remove old points and leave the last one }

You may have continuing issues as the Drive is only 37G.

 

Single Processor / Onboard Graphics / Small Drive / 2G Ram............Maybe time to think of Upgrading !



#5 svenskenr

svenskenr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 02 May 2017 - 03:48 PM

Thanks to all three responders for your suggestions. Two of them have been followed so far:

 

> dna9:  I have not yet had time to restart in safe mode, update the anti-virus, and run a full scan. I hope to soon.

 

> achzone:  "Automatically restart" under "Advanced settings -> System failure" is already cleared (no tick mark). If I understand you correctly, this means that however I am getting into those spontaneous reboots, it is not through an "unseen" BSOD.

 

> Havachat: I downloaded and ran Ccleaner "Free" and I did gain some space; I am now up to 3.68GB free space. I have not been creating restore points so I doubt there are any to remove.

 

I have not been getting the spontaneous reboots recently. If they start recurring I will try the anti-virus "safe mode" update and full scan.



#6 Havachat

Havachat

  • Members
  • 1,083 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:05:44 PM

Posted 03 May 2017 - 03:15 AM

A Lot of Processes running after Logon / first 10 Min , could be the issue at hand with previous Low Free Space.

See how it goes for awhile , hopefully with the Freespace you freed up it may help.

If you still have any other personal Data on C:\  you could move that to your F:\ and save some more - as it has 16G free space. 

 

If system restore is currently off , thats you call , but at least look at having a Backup Plan or a Saved Image of C:\  to an External Drive.



#7 svenskenr

svenskenr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 10 May 2017 - 08:10 PM

Response to dna9:  I tried to restart in safe mode with networking and update my anti-virus but it said it could not do the update.



#8 dna9

dna9

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 10 May 2017 - 10:37 PM

go into "event viewer" just for the hell of it and see if it is a hardware issue.  there is a 95 percent chance it will show up if it is.

 

http://lmgtfy.com/?q=event+viewer+windows+7

 

Microsoft Security Essentials is pretty weak.  if you can, go to   "free.avg.com"   and get the free version.



#9 Havachat

Havachat

  • Members
  • 1,083 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:05:44 PM

Posted 11 May 2017 - 03:16 AM

Try Eset Online Scan https://www.eset.com/au/home/products/online-scanner/

Select - Free One Time Scan.

 

Or Avast Free Antivirus / Uncheck any Addons on Install.

AVG - i dont recommend  / Bloated.

 

Yes. you can run MSE in Safemode. Although, the real-time protection is disabled since the service will not run in SafeMode. You can perform all scan options at this point Quick, Full and Custom.

So Update it Normal Mode and then Reboot to Safemode and run the Scan.



#10 achzone

achzone

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:05:44 PM

Posted 13 May 2017 - 11:21 AM

I have to second Havachat's recommendation to avoid AVG for exactly the same reason - Bloated! It may or may not be a good AV, but it's so full of bloat that my clients feedback has always been negative.

 

As for MSE, I don't understand why people would continue to trust their system's security to such a lowly rated product. It's the baseline for independent AV Comparative tests and always falls well below par in detecting in the wild threats when compared to other AV solutions.

 

Avast Free - with all addons unchecked is by far one of the better AV's in my opinion.

 

Best..



#11 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:44 AM

Posted 13 May 2017 - 11:27 AM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#12 svenskenr

svenskenr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 01 June 2017 - 10:09 AM

Responding to iMacg3 (with Farbar MTB log contents).

Sorry for the delay. I didn't think I had the time. If I had known it could be done this quickly, I would have done it sooner.

------- START OF FARBAR MTB LOG FILE --------

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Owner (administrator) on 01-06-2017 at 11:04:30
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: HP Compaq dc7100 SFF(PC939A) Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Upstairs-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-79-A1-06-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc21:7cef:4d70:e200%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 01, 2017 10:44:55 AM
   Lease Expires . . . . . . . . . . : Friday, June 02, 2017 10:44:55 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234885753
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-DD-1E-6F-00-12-79-A1-06-41
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.fios-router.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:4ce:3a02:3f57:fefc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4ce:3a02:3f57:fefc%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:814::200e
 172.217.12.142
 
 
Pinging google.com [172.217.12.142] with 32 bytes of data:
Reply from 172.217.12.142: bytes=32 time=10ms TTL=56
Reply from 172.217.12.142: bytes=32 time=9ms TTL=56
 
Ping statistics for 172.217.12.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 10ms, Average = 9ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=21ms TTL=52
Reply from 98.139.183.24: bytes=32 time=21ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 21ms, Average = 21ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 12 79 a1 06 41 ......Broadcom NetXtreme Gigabit Ethernet
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    266
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:4ce:3a02:3f57:fefc/128
                                    On-link
 11    266 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::4ce:3a02:3f57:fefc/128
                                    On-link
 11    266 fe80::cc21:7cef:4d70:e200/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/01/2017 10:59:12 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).
 
Error: (06/01/2017 10:59:11 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
Error: (06/01/2017 10:59:11 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
Error: (06/01/2017 10:56:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23775, time stamp: 0x58f4dbfb
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x788
Faulting application start time: 0xesu.exe0
Faulting application path: esu.exe1
Faulting module path: esu.exe2
Report Id: esu.exe3
 
Error: (06/01/2017 10:56:51 AM) (Source: .NET Runtime) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
 
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
 
Error: (06/01/2017 10:46:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/01/2017 10:38:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (06/01/2017 10:46:38 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2017 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2017 10:37:08 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (05/31/2017 11:22:10 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/31/2017 11:21:42 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (05/30/2017 06:37:40 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/30/2017 06:37:17 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (05/29/2017 02:44:18 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/29/2017 02:37:29 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/29/2017 02:37:14 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
 
 
Microsoft Office Sessions:
=========================
Error: (06/01/2017 10:59:12 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302
 
Error: (06/01/2017 10:59:11 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (06/01/2017 10:59:11 AM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (06/01/2017 10:56:54 AM) (Source: Application Error)(User: )
Description: esu.exe1.0.0.058dac8d5KERNELBASE.dll6.1.7601.2377558f4dbfbe04343520000845d78801d2dae730ce6c6dC:\Program Files\Garmin\Express SelfUpdater\esu.exeC:\Windows\system32\KERNELBASE.dll8cc9b4d9-46da-11e7-8b82-001279a10641
 
Error: (06/01/2017 10:56:51 AM) (Source: .NET Runtime)(User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
 
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
 
Error: (06/01/2017 10:46:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/01/2017 10:38:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/31/2017 08:12:24 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{34927EBC-98D4-4D53-98BE-510DF5999F50}) (Version: 17.0.0.124 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824225037}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Alveo (HKLM\...\{42BDB58A-866A-4504-81E9-B9E6F56E6428}) (Version: 1.3.6 - Apiary Investment Fund) Hidden
Alveo (HKLM\...\Alveo 1.3.6) (Version: 1.3.6 - Apiary Investment Fund)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Digital Camera (HKLM\...\Camera) (Version:  - )
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Free Alarm Clock (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP SetRefresh (HKLM\...\{F5242227-2051-4158-AC42-0F2BAA3CD3D6}) (Version: 1.2.1.3 - Hewlett-Packard Company)
hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.131.11 - Oracle Corporation) Hidden
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microtek LightLid 35 Calibrator (HKLM\...\{238B8820-011B-11D6-9C28-0080C85A0C2D}) (Version:  - )
Pdf995 (HKLM\...\Pdf995) (Version: 14.2s - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version:  - )
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Security Task Manager 2.1i (HKLM\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Signature995 (HKLM\...\Signature995) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.1.5410 - Analog Devices)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Upwork version 4.2.153.0 (HKLM\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.153.0 - Upwork, Inc)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
========================= Devices: ================================
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F13\4&281E9DE4&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 66%
Total physical RAM: 1527.51 MB
Available physical RAM: 515.74 MB
Total Virtual: 3055.02 MB
Available Virtual: 2021.88 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:37.15 GB) (Free:4.44 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\UPSTAIRS-PC
 
Administrator            Guest                    Owner                    
 
========================= Restore Points ==================================
 
 
**** End of log ****


#13 svenskenr

svenskenr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 01 June 2017 - 10:21 AM

Looking over the log results with an amateur eye, it looks as if Garmin (for my GPS map updates) is installed more than once.

Will have to look into what this "Volume Shadow Copy Service" is. Not aware that I ever installed it. Seems to cause problems.

Will see if it appears under "Uninstall" in the Control Panel.

The connection to the printer also seems to be having problems. Will try re-running the installation CD.

Will also try reinstalling the mouse drivers.

What else do you see?



#14 svenskenr

svenskenr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern PA, USA
  • Local time:03:44 AM

Posted 01 June 2017 - 01:26 PM

Further update:

(1) Have uninstalled the Garmin map updater. I updated both devices that we own recently and they won't start notifying about old maps until next year.

(2) Have uninstalled and reinstalled the printer software from the CD.

(3) Tried to reinstall mouse drivers but it searched for better drivers and said I already had them. Note that I am actually using a Microsoft USB Wheel Mouse; I am not sure why it says "PS/2 Compatible". I think I may have used a non-USB mouse in the past on this machine. But I do not see more than one under "Device Manager."

(4) The "Volume Shadow Copy Service" is something from Microsoft. It allows copying volumes to backup while they are in active use, but the message says it may be due to its being disabled and I think it is; I have never actually used it and if it needs additional volumes present to work I doubt I will.

(5) Am currently running the Safe mode MSE full scan with up-to-date definitions.


Edited by svenskenr, 01 June 2017 - 01:29 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:44 AM

Posted 02 June 2017 - 02:24 AM

Hello,

I have to say, a 40 GB hd for windows 7 with 1,5 GB of RAM is not a setup that'll allow you to run Windows smoothly. As for the reboot problem, does it also occur if you use another browser?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users