Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W7/64 freeze after few seconds; strange items in WMI

08 Apr 2017   #1
Fenichel

Windows 7/64 Pro SP1
 
 
W7/64 freeze after few seconds; strange items in WMI

A week ago (April 1st, possibly pertinent), my computer became inoperable in Normal Mode. A few seconds after my desktop appears, the mouse continues to control the on-screen cursor, but no input from mouse or keyboard is recognized, and the only exit is a hardware reset. I am now in Safe Mode. Multiple diagnostic attempts have failed to find the problem. Various AV scans have found nothing.
The Event View shows that during each boot, these items
Code:
SQLServerEventProvider
    InvProv
    SQLServerEventProvider
    ActiveScriptEventConsumer
    CommandLineEventConsumer
    LogFileEventConsumer
    WpcClamperProv
    MS_NT_EVENTLOG_EVENT_PROVIDER
    HiPerfCooker_v1
are registered with the Windows Management Interface; they didn't used to be, and I think they are the problem. I also see that the only Restore Point on my system now is one that was created a few seconds after midnight on April 1st.
In another sevenforums thread, I found this sequence
Code:
Change startup type of Window Management Instrumentation (WMI) Service to disabled
     Stop the WMI Service; you may need to stop IP Helper Service first or other dependent services before it allows you to stop WMI Service
     Rename the repository folder: C:\WINDOWS\system32\wbem\Repository to Repository.old
     Open a CMD Prompt with elevated privileges
     CD windows\system32\wbem
     for /f %s in ('dir /b /s *.dll') do regsvr32 /s %s
     Set the WMI Service type back to Automatic and start WMI Service
     cd /d c:\ ((go to the root of the c drive, this is important))
     for /f %s in ('dir /s /b *.mof *.mfl') do mofcomp %s
     Reboot the server
to run in Safe Mode. The first few times I did this, the next Normal Mode boot would succeed, but then even this method stopped working, so I am stuck in Safe Mode.
Any suggestions will be welcome.


My System SpecsSystem Spec
.
09 Apr 2017   #2
Mellon Head

Win 7 Pro x64/Win 10 Pro x64 dual boot
 
 

Have you run sfc /SCANNOW from an elevated command prompt in Safe Mode? Run it three times to see if it catches everything.

It sounds like you've been had by a trojan or some kind of malware. The trick is finding it.
My System SpecsSystem Spec
09 Apr 2017   #3
Fenichel

Windows 7/64 Pro SP1
 
 

Yes, I think it's malware. You can see my results from sfc; the three files are the results of one run, not 3, broken into 3 files because of the forum's limits on uploaded file size.
The more telling result comes from chkdsk. I ran it with the /f argument at boot time, then without the argument while running in safe mode. As you see, I have an MFT problem, not fixed by chkdsk. I wish there were a way to fix this without scrubbing the disk, but I am not hopeful.


Attached Files
File Type: txt chkdsk.txt (6.6 KB, 5 views)
File Type: log CBS 1.log (639.1 KB, 2 views)
File Type: log CBS2.log (1.04 MB, 1 views)
File Type: log CBS 3.log (1.16 MB, 2 views)
My System SpecsSystem Spec
.

09 Apr 2017   #4
Fenichel

Windows 7/64 Pro SP1
 
 
how to reload a selectively-updated Windows 7/64

I said in the last message that chkdsk had found a telltale Master File Table problem, and that was true. I ran it at boot time with the /F option, its results passed by too fast to read, then I ran it from the (Safe Mode) desktop without the /F, and it showed an unfixed MFT error. Then I ran it again from the desktop, this time piping it to the text file that I uploaded for the forum. I didn't look at the text file, assuming that it would show the same MFT problem, but of course it doesn't. Now, FWIW, I have determined with other software that the MFT, whether or not it is sound, is identical to its mirror copy. I don't know what's going on.

I am not looking forward to reloading Windows, but I think I'll have to do that. Just reloading from the DVD doesn't take much time, but there are any number of wanted updates and a small number of distinctly unwanted updates that I'll need to be alert to avoid, and then there'll be a few days of reinstalling all my applications.

I vaguely remember hearing of DVDs that provided Windows 7/64 in a moderately-updated state, speeding up the reloading process by at least a few hours. Are people on this forum familiar with those?
My System SpecsSystem Spec
09 Apr 2017   #5
Mellon Head

Win 7 Pro x64/Win 10 Pro x64 dual boot
 
 

Quote   Quote: Originally Posted by Fenichel View Post
I vaguely remember hearing of DVDs that provided Windows 7/64 in a moderately-updated state, speeding up the reloading process by at least a few hours. Are people on this forum familiar with those?
I think you're thinking of a Windows ISO with some of the updates slip-streamed into it. I would highly recommend avoiding these types of ISOs, because they often come from questionable sources and are often riddled with malware.

That's not to say that you couldn't make your own slip-streamed copy with the updates that you want to include. I just don't know how to do it, personally.

But take heart and stay tuned, I've asked some more experienced members of the forum to look into this thread and perhaps offer some advice
My System SpecsSystem Spec
09 Apr 2017   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Exactly what security programs were used to scan the computer?

Just exactly what Windows 7 are you using?

Do you have any backups or Clones?

Do others have access to your computer?

Jack
My System SpecsSystem Spec
09 Apr 2017   #7
Fenichel

Windows 7/64 Pro SP1
 
 

Quote:
Exactly what security programs were used to scan the computer?
Kaspersky, MSE
Quote:
Just exactly what Windows 7 are you using?
7/64 SP1, up to date with updates through last fall, when I lost confidence in my ability to keep MS from forcing Windows 10 on me
Quote:
Do you have any backups or Clones?
I have good backups of all my data, but no clone that would allow for painless scrub-and-reload.
Quote:
Do others have access to your computer?
No.
Also, you should know that I have probably found the original source of my problem, but not how to fix it. Yesterday I tried to write a new DVD of my recent data, and the DVD writer complained during the pre-write caching phase that one file had a bad handle. The DVD writer (Nero), thought this was non-critical, so I let it go ahead. During the write phase, Nero froze, possibly trying to copy this file, and I had to stop it from the Task Manager.
The file in question was I2CDEV.cpp, a file I had extracted from a GitHub ZIP file 8 months ago. Its claimed size on my disk was 56K, probably much bigger than it legitimately should be, and it showed up green (encrypted) in Windows Explorer. I can imagine ways of hiding malware between the declared EOF and the actual end of an ASCII file like <xxx>.cpp, although I'd never heard of this as a means of malpropagation before. I deleted this file; I'm sure I have it on a backup somewhere, if anyone wants it for forensic purposes.
My System SpecsSystem Spec
09 Apr 2017   #8
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Good going Fenichel you found a problem.
It might not be a infection. Just might be a corrupt file.

These two programs I recommend using when needed to verify their are not bad guys are hanging around.

Malwarebytes and Eset free online scan.

Jack
My System SpecsSystem Spec
09 Apr 2017   #9
Ranger4

Windows 7 Home Premium 64 bit sp1
 
 

Quote   Quote: Originally Posted by Fenichel View Post
Kaspersky, MSE
7/64 SP1, up to date with updates through last fall, when I lost confidence in my ability to keep MS from forcing Windows 10 on me
I have good backups of all my data, but no clone that would allow for painless scrub-and-reload.
No.
Also, you should know that I have probably found the original source of my problem, but not how to fix it. Yesterday I tried to write a new DVD of my recent data, and the DVD writer complained during the pre-write caching phase that one file had a bad handle. The DVD writer (Nero), thought this was non-critical, so I let it go ahead. During the write phase, Nero froze, possibly trying to copy this file, and I had to stop it from the Task Manager.
The file in question was I2CDEV.cpp, a file I had extracted from a GitHub ZIP file 8 months ago. Its claimed size on my disk was 56K, probably much bigger than it legitimately should be, and it showed up green (encrypted) in Windows Explorer. I can imagine ways of hiding malware between the declared EOF and the actual end of an ASCII file like <xxx>.cpp, although I'd never heard of this as a means of malpropagation before. I deleted this file; I'm sure I have it on a backup somewhere, if anyone wants it for forensic purposes.
While I don't want to rub salt into your present problem, it is good example of why you should run regular operating system back up images. If you had a recent image you could have reinstalled it & been back working again in very short time.

You have said that you have your data backed up to DVDs, which is certainly a start, but DVD are a messy way of backing up data.

A lot of members including myself use Macrium Reflect to create system images on a regular basis. A correctly done image backs up Windows, all your data as well as any installed programs.

It's best to back up to a hard drive, either an internal one or preferably an external one, as it's not a good idea to have the back up drive connected to the computer all the time as there is a possibility of a bad virus infection hitting your main system as well as the internal back up drive.

So you can give this some thought, have a look at this Macrium website. There is a free version & some paid version.

Macrium Reflect Free | Macrium Software
My System SpecsSystem Spec
09 Apr 2017   #10
Fenichel

Windows 7/64 Pro SP1
 
 

I didn't describe my whole backup system; DVDs are a small part of it. I also use CrashPlan to provide minute-by-minute backup of data.
I hadn't thought about cloning before, but I'm glad that Layback Bear and (more forcefully) you brought it up. I will be looking into when I'm back to some sort of steady state.
My System SpecsSystem Spec
Reply

 W7/64 freeze after few seconds; strange items in WMI




Thread Tools




Similar help and support threads
Thread Forum
high dpc latency 3.8 seconds! ataport.sys intermittent a/v buzz/freeze
Microsoft drivers are running the onboard hd audio, the realtek drivers don't seem to load; i've downloaded some updates for this jurassic MB from asus for windows 7 and they can't find the hd audio device so they won't install. i've also downloaded some updated drivers from realtek but haven't...
Sound & Audio
Strange items in Downloads folder and disposal?
Absolutely not a clue how they ( see att) got there. Can anyone give me a clue what they are for and where they would normally reside? Can I just delete them, or should I ensure they exist elsewhere?
General Discussion
Firefox problem - Freeze a couple of seconds, a windows open & closes
Hi guys. I've been having this problem and it's driving me nuts. Literally. The title of the thread is a bit ambiguous. Let me explain. In certain circonstences, I don't know what they are (maybe around Flash objects), I am browsing normally, closing & opening tabs and sometimes, Firefox...
Browsers & Mail
My computer will freeze up/lock up every seconds at login
Help! My computer that I've had since '09 has been freezing up every few seconds at startup, for example, the start button glows on mouse over and when i click the start menu doesn't come up, then if I move my mouse the windows logo is still glowing, same goes for the notifications triangle. Other...
BSOD Help and Support
Freeze about 5-10 seconds after log in
This issue just started occuring today and it has me completely stumped. As I recall, I don't believe I was doing anything out of the ordinary (browsing youtube and facebook) when my system locked up then restarted after about 20 seconds. After I booted back up to the log in screen, typed in my...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:53.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App