I booted my system on 10/2/2015 in the morning as usual and found that Internet Explorer would crash. Firefox also would not work. It was trapped by EMET. However, Chrome seemed to work OK. I tried a few other programs and found that Outlook, Word and Acrobat Reader XI also would not work but Excel, Visual Studio and Quicken seemed to work OK.
I suspected a virus so ran a full scan with Norton Internet Security but it did not find a problem. I also ran chkdsk C: /F and it did not find a problem either. There was a system restore point from 9/29/2015. Restore said that the only Norton would revert to an older version. I knew I could get Norton back so I went ahead and did the restore.
After the restore, IE and Firefox both worked. So I went ahead and got Norton and updated it. After the update I ran Live Update and it found some updates which I installed. After the updates, IE and Firefox both stopped working.
I did the restore again and IE and Firefox started to work again. Then I turned on Windows Defender since Norton was not working correctly. I did a full scan with Windows Defender and it found no problems. Then I got Microsoft Security Essentials and installed it. I did a full scan with it and found no problems.
Based on entries in the system log, the problems started when Version 22.5.4.24 was installed and return when it is reinstalled.
System Information:
HP computer with Intel i7 CPU and 16GB memory
Windows 7 Professional SP1 64 bit. All recommended security and non security updates have been installed.
Norton Version 22.5.4.24. Previous version 22.5.2.15.
Info from Event log;
9/29/2015 10:45:03 System Information from Microsoft-Windows-WindowsUpdateClient ID:17
Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions: - Update for Windows 7 for x64-based Systems (KB3035583)
-- The update was installed right after this message. Installing the update created the system restore point used to restore the system as described above. Since I restored to this restore point, the update is no longer installed.
9/29/2015 19:09:55 System Information from Microsoft-Windows-FilterManager ID:1
File System Filter 'BHDrvx64' (Version 6.1, 2015-07-11T00:11:26.000000000Z) unloaded successfully.
10/1/2015 07:37:16 System Information from Service Control Manager ID:1073748864
The start type of the Symantec Network Security WFP Driver service was changed from system start to demand start
10/2/2015 07:43:17 System Information from Microsoft-Windows-Kernel-General ID:12
The operating system started at system time 2015-10-02T11:43:16.626398500Z.
10/2/2015 07:45:46 Version change for filter SRTSP
Old Version: 6.1 2015-06-14T03:19:20.000000000Z New Version 6.1 2015-08-26T20:27:39.000000000Z (Edited message)
10/2/2015 07:47:30 Application Information from SecurityCenter ID:1073741835
Program C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe with instanceID={6BFC5632-188D-B806-D13E-C607121B42A0} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.
10/2/2015 07:47:30 Application Information from SecurityCenter ID:1073741835
Program C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe with instanceID={53C7D717-52E2-B95E-FA61-6F32ECC805DB} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.
10/2/2015 07:47:30 Application Information from SecurityCenter ID:1073741835
Program C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe with instanceID={E8A636F3-74D8-B6D0-C0D1-5440974F4F66} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.
--- The last 4 messages tell me that Norton was updated yesterday from 22.5.2.15 to 22.5.4.24. 22.5.4.24 seems to cause the problem.
--- Typical entry for an Internet Explorer crash
10/2/2015 08:16:27 Application Error from Application Error ID:3221226477
Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.
Program: Internet Explorer
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00716FE8
Disk type: 0
--- Typical entry for Firefox. Other programs like Word and Acrobat reader get similar messages
10/2/2015 08:17:09 Application Error from EMET ID:2
EMET detected Caller mitigation and will close the application: firefox.exe
Caller check failed:
Application : C:\Program Files (x86)\Mozilla Firefox\firefox.exe
User Name : SBV719BL\Bill
Session ID : 1
PID : 0xC10 (3088)
TID : 0x1668 (5736)
API Name : ntdll.NtCreateFile
ReturnAddress : 0x0F7DB99A
CalledAddress : 0x778300F4
TargetAddress : 0x004A0B12
StackPtr : 0x00B8E07C