Jump to content
Sign in to follow this  
makongma

Windows shutting down.

Recommended Posts

I am having a problem with the windows 7 ultimate 'shutting down'. After all the windows process completed the 'shutting down' screen do not close down. Also  I notice CCleaner icon after the cleanup does not close. I left it overnight to see the 'shutting down' whether it close by itself, but it did not close and I have to close it from the power panel. I hope someone can solve my problem. Thanks.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks to Emderbel71 and  Rædwulf for your reply.  I still need win 7 as I am use to it and not familiar with the OS as mention by you. As Raedwulf suggested ' try disabling windows update in services..' I tried as you said it did not help, I try CCleaner to do a cleaning job it seem it hang or rather to say it stuck at 2% at internet explorer cleaning some .dat files and stay there forever. I hope you all can help to solve it. 

  • Like 1

Share this post


Link to post
Share on other sites

if u have system restore enabled.. try to restore to a better system.. let me know.. we will all work together to help u figure this out..  :sun:

  • Like 1

Share this post


Link to post
Share on other sites

Thanks Rædwulf I have seen in the system restore and there are many dates available. As mentioned by you to try system restore do you mean to try every dates in the list until it help with the problem is resolve.

 
  • Like 1

Share this post


Link to post
Share on other sites

Restore to the last date you know your system was running right

 

Also if you need to restore your system (Backup all Music, Documents, Pictures, Ext) Below is Windows 10 & Windows 7 OEM (ISO)

 

http://www.cyberphoenix.org/forum/topic/575655-cp-upload-windows-10-windows-7-oem-iso/

Share this post


Link to post
Share on other sites

Hmmmm I sure ope you don't have a virus (You would need another computer that you know is clean to burn a bootable scanner)

 

Have you thought about saving all you pictures, documents, music, ect to a USB drive and dump then do a full install of Win 7

 

Windows 8.1 and 10 you can refresh the OS 

  • Like 2

Share this post


Link to post
Share on other sites

Thanks for the prompt reply. My C drive now is almost 300GB. of data and if I dump it I may lost some files or programs if as you said 'full install of Win 7'. Can you recommend a good bootable scanner.

  • Like 1

Share this post


Link to post
Share on other sites

alright so from here on out we will treat ur system as having malware in it, which in all cases if its nasty it will affect ur system restore.. i want u to download and install the newest version of Malwarebytes and update it and run it as a first off tactic..

 

http://www.cyberphoenix.org/forum/topic/571472-malwarebytes-premium-3312183-multilingual/?hl=malwarebytes

 

do this then post the results in a readme.txt file here so i can look at it.. we will proceed afer this on what to do next..  :sun:

  • Like 2

Share this post


Link to post
Share on other sites

Here are some info on bootable virus scan ISO images

 

 

https://www.lifewire.com/free-bootable-antivirus-tools-2625785
  • Like 2

Share this post


Link to post
Share on other sites

if u need a bootable rescue disk try one of this :

https://livecdlist.com/
  • Like 2

Share this post


Link to post
Share on other sites

Thanks Tech 425 and Emderbel71 for your reply. I will try it out later. As for Rædwulf suggested using Malwarebytes do it revert back to free version after sometimes, I am running the older version and it did not detect any new treat.

 

Share this post


Link to post
Share on other sites

Hello again as mentioned by Rædwulf, here is the scan result : Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/3/17
Scan Time: 7:03 PM
Log File: 96668cd2-d819-11e7-b6f5-00241dbb1f53.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3151
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: xxxx-PC\xxxx

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329072
Threats Detected: 4
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Generic.Malware/Suspicious, C:\USERS\CHEE\APPDATA\ROAMING\THINSTALL\MICROSOFT VISUAL C++ 2005 REDISTRIBUTABLE\400000DC00002I\OPAGENT.EXE, No Action By User, [0], [392686],1.0.3151
Generic.Malware/Suspicious, C:\PROGRAM FILES\PORTABLE OFFLINE BROWSER\KEYGEN.EXE, No Action By User, [0], [392686],1.0.3151
Generic.Malware/Suspicious, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDM.6.28.X-PATCH.EXE, No Action By User, [0], [392686],1.0.3151
Generic.Malware/Suspicious, C:\USERS\CHEE\DOWNLOADS\TRASHREG_PORTABLE.SOFTARCHIVE.NET.RAR, No Action By User, [0], [392686],1.0.3151

Physical Sector: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

alright then lets try a different approach to this very annoying situation we find ourselves in..

 

You could try the sfc/ scannow command and have Windows scan and fix corrupted system files, since it seems to be a system file that's corrupt causing your problem. Here is an article with more information 

 

To put it in a nutshell, right-click on command prompt shortcut in the start menu, select run as administrator, type sfc /scannow in the command window and it will scan your system files and attempt to fix any corrupted files it finds.

 

 

try this then post the log file back on here to see what it finds out..  :sun:

  • Like 2

Share this post


Link to post
Share on other sites

@makongma, what browser do you currently use.?. Is it IE and if so would you consider changing and removing IE completely.?. If not I would suggest removing it completely and all traces of connected files, then deleting your prefetch manually before reinstalling. The reason I say this is you mentioned ccleaner is hanging on a .dat file. If you knew what .dat file it could give more direction to the possible cause. I would suggest doing all this in safe mode also as whatever it is wouldn't be running from boot. It does sound like you have something malicious there that is protecting itself from being stopped and eliminated.

 

You also may want to check what services and processors are running, especially from boot. I suggest downloading and trying HiJackThis, it is an older open source log creator picked up and developed by Trend Micro which is very simple to utilize and gives detailed information for finding the source of such malicious software manually. (Don't know if anyone else knows of something similar more up to date but using win 7 it should be quite effective still.)

https://filehippo.com/download_hijackthis/

 

One other question, why did you not scan for rootkits.?.

 

 

 

so-ill-remove-the-cause-but-not-the-symp

  • Like 2

Share this post


Link to post
Share on other sites

Thanks again for the reply. As for Rædwulf I did a scan from  sfc /scannow but it gives 'C: Windows\system32>sfc /scannow
Windows Resource Protection could not start the repair service.' And NeophobiA I will try it later can you suggest a rootkits application.

 

I wish to bring to the attention of  Rædwulf why the malwarebytes could not updates it lists always updates not current.

  • Like 1

Share this post


Link to post
Share on other sites

have u recently installed any new hardware, llike new gfx card, external hdd, ect?? or installed a new antivirus system??

Share this post


Link to post
Share on other sites

Thanks Rædwulf the answer is no except the one you mentioned. I t seem I may revert back to the ols versioned as it slow down almost every thing.

  • Like 1

Share this post


Link to post
Share on other sites

i save nothin my c:.. back everything up on external hdd's.. i takes me bout a hour to wipe, reinstall and pluggin new software.. and i have a new OS.. do u have ur importants backed up??

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for all prompt reply. NeophobiA I have scan with hijackthis can you please have a look and find out any thing wrong.

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:25:01 PM, on 12/4/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17609)

FIREFOX: 57.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Shadow Defender\DefenderDaemon.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\Adguard\Adguard.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\explorer.exe
C:\Users\Chee\Desktop\COPY HijackThis 2.0.5 Beta\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe"
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /Auto
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup                                                                                                                                                                                                             
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplash
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplash /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplash /nosplash (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe








O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by easyMule - E:\PORTABLES\easyMule-1.2.1\IE2EM.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adguard Service - Performix LLC - C:\Program Files\Adguard\AdguardSvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service  (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Plus-Service.exe
O23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - C:\Program Files\BWMeter\BWMeterConSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Users\Chee\Desktop\port\DUMeter.6.30.Portable\App\DUMeter\DUMeterSvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Free Firewall Service (firewallsvce) - Unknown owner - C:\Program Files\Evorim\Free Firewall\firewallsvc.exe
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: WIFIPR Passcape Loader Service (WifiprPasscapeLoader) - Unknown owner - E:\PORTABLES\Passcape Wireless Password Recovery 390399 Professional Edition Portable\Passcape Wireless Password Recovery 3.9.0.399 Professional Edition Portable\loader.exe
O23 - Service: WinTab Service (WinTabService) - UC-Logic Technology Corp. - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service: Windows Firewall Control (_wfcs) - BiniSoft.org - C:\Program Files\Windows Firewall Control\wfcs.exe
O23 - Service: {0CBD4F48-3751-475D-BE88-4F271385B672} - SHADOWDEFENDER.COM - C:\Program Files\Shadow Defender\Service.exe

--
End of file - 10168 bytes
 

Share this post


Link to post
Share on other sites

Malwarebytes can't update because the virus is stopping it, It's self protection. This is why I say you need to download a bootable ISO and burn it to disk (Download and Burn on a Clean Computer) Then boot your system to one of these Bootable Virus Scanners

 
 
IMPORTANT! You must carry out the burning of the ISO image from a computer that is not infected with viruses or ransomware.
 
 
Norton Bootable Recovery Tool
https://security.symantec.com/nbrt/nbrt.aspx
 
ESET SysRescue Live
https://www.eset.com/int/support/sysrescue/
 
Kaspersky Rescue Disk 10
https://support.kaspersky.com/viruses/rescuedisk
 
Panda Cloud Cleaner Rescue ISO
https://www.pandasecurity.com/malaysia/support/card?id=1681
 
Anvi Rescue Disk v1.1
http://www.anvisoft.com/rescue-disk.html
 
AVG Rescue CD
https://www.avg.com/en-ww/rescue-cd-business-edition
 
Avira Rescue CD
https://www.avira.com/en/download/product/avira-rescue-system
 
Bitdefender Rescue CD
https://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html
 
Comodo Rescue Disk (CRD)
https://www.comodo.com/business-security/network-protection/rescue-disk.php
 
F-Secure Rescue CD
ftp://ftp.f-secure.com/anti-virus/tools/Rescue%20CD/
 
Sophos Bootable Anti-Virus
https://community.sophos.com/kb/en-us/52011
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×