makongma 43 Report post Posted November 29, 2017 I am having a problem with the windows 7 ultimate 'shutting down'. After all the windows process completed the 'shutting down' screen do not close down. Also I notice CCleaner icon after the cleanup does not close. I left it overnight to see the 'shutting down' whether it close by itself, but it did not close and I have to close it from the power panel. I hope someone can solve my problem. Thanks. 1 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted November 29, 2017 try disabling windows update in services.. Share this post Link to post Share on other sites
makongma 43 Report post Posted November 30, 2017 Thanks for the reply. I will try after my work done. 2 Share this post Link to post Share on other sites
iskey 221 Report post Posted November 30, 2017 try Linux ... and reply 3 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted November 30, 2017 try Linux ... and reply linux is awesome.. i have lubuntu and windows 10 for gaming.. 3 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 1, 2017 Thanks to Emderbel71 and Rædwulf for your reply. I still need win 7 as I am use to it and not familiar with the OS as mention by you. As Raedwulf suggested ' try disabling windows update in services..' I tried as you said it did not help, I try CCleaner to do a cleaning job it seem it hang or rather to say it stuck at 2% at internet explorer cleaning some .dat files and stay there forever. I hope you all can help to solve it. 1 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted December 1, 2017 if u have system restore enabled.. try to restore to a better system.. let me know.. we will all work together to help u figure this out.. 1 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 1, 2017 Thanks Rædwulf I have seen in the system restore and there are many dates available. As mentioned by you to try system restore do you mean to try every dates in the list until it help with the problem is resolve. 1 Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted December 1, 2017 Restore to the last date you know your system was running right Also if you need to restore your system (Backup all Music, Documents, Pictures, Ext) Below is Windows 10 & Windows 7 OEM (ISO) http://www.cyberphoenix.org/forum/topic/575655-cp-upload-windows-10-windows-7-oem-iso/ Share this post Link to post Share on other sites
makongma 43 Report post Posted December 2, 2017 Thanks Tech 425 I try a few back dated restore points but it did not help. Waiting for further help. 1 Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted December 2, 2017 Hmmmm I sure ope you don't have a virus (You would need another computer that you know is clean to burn a bootable scanner) Have you thought about saving all you pictures, documents, music, ect to a USB drive and dump then do a full install of Win 7 Windows 8.1 and 10 you can refresh the OS 2 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 2, 2017 Thanks for the prompt reply. My C drive now is almost 300GB. of data and if I dump it I may lost some files or programs if as you said 'full install of Win 7'. Can you recommend a good bootable scanner. 1 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted December 2, 2017 alright so from here on out we will treat ur system as having malware in it, which in all cases if its nasty it will affect ur system restore.. i want u to download and install the newest version of Malwarebytes and update it and run it as a first off tactic.. http://www.cyberphoenix.org/forum/topic/571472-malwarebytes-premium-3312183-multilingual/?hl=malwarebytes do this then post the results in a readme.txt file here so i can look at it.. we will proceed afer this on what to do next.. 2 Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted December 2, 2017 Here are some info on bootable virus scan ISO images https://www.lifewire.com/free-bootable-antivirus-tools-2625785 2 Share this post Link to post Share on other sites
iskey 221 Report post Posted December 3, 2017 if u need a bootable rescue disk try one of this : https://livecdlist.com/ 2 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 3, 2017 Thanks Tech 425 and Emderbel71 for your reply. I will try it out later. As for Rædwulf suggested using Malwarebytes do it revert back to free version after sometimes, I am running the older version and it did not detect any new treat. Share this post Link to post Share on other sites
makongma 43 Report post Posted December 3, 2017 Hello again as mentioned by Rædwulf, here is the scan result : Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 12/3/17Scan Time: 7:03 PMLog File: 96668cd2-d819-11e7-b6f5-00241dbb1f53.jsonAdministrator: Yes-Software Information-Version: 3.3.1.2183Components Version: 1.0.236Update Package Version: 1.0.3151License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: xxxx-PC\xxxx-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 329072Threats Detected: 4Threats Quarantined: 0(No malicious items detected)Time Elapsed: 6 min, 22 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 4Generic.Malware/Suspicious, C:\USERS\CHEE\APPDATA\ROAMING\THINSTALL\MICROSOFT VISUAL C++ 2005 REDISTRIBUTABLE\400000DC00002I\OPAGENT.EXE, No Action By User, [0], [392686],1.0.3151Generic.Malware/Suspicious, C:\PROGRAM FILES\PORTABLE OFFLINE BROWSER\KEYGEN.EXE, No Action By User, [0], [392686],1.0.3151Generic.Malware/Suspicious, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDM.6.28.X-PATCH.EXE, No Action By User, [0], [392686],1.0.3151Generic.Malware/Suspicious, C:\USERS\CHEE\DOWNLOADS\TRASHREG_PORTABLE.SOFTARCHIVE.NET.RAR, No Action By User, [0], [392686],1.0.3151Physical Sector: 0(No malicious items detected)(end) Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted December 3, 2017 alright then lets try a different approach to this very annoying situation we find ourselves in.. You could try the sfc/ scannow command and have Windows scan and fix corrupted system files, since it seems to be a system file that's corrupt causing your problem. Here is an article with more information To put it in a nutshell, right-click on command prompt shortcut in the start menu, select run as administrator, type sfc /scannow in the command window and it will scan your system files and attempt to fix any corrupted files it finds. try this then post the log file back on here to see what it finds out.. 2 Share this post Link to post Share on other sites
NeophobiA 1,503 Report post Posted December 4, 2017 @makongma, what browser do you currently use.?. Is it IE and if so would you consider changing and removing IE completely.?. If not I would suggest removing it completely and all traces of connected files, then deleting your prefetch manually before reinstalling. The reason I say this is you mentioned ccleaner is hanging on a .dat file. If you knew what .dat file it could give more direction to the possible cause. I would suggest doing all this in safe mode also as whatever it is wouldn't be running from boot. It does sound like you have something malicious there that is protecting itself from being stopped and eliminated. You also may want to check what services and processors are running, especially from boot. I suggest downloading and trying HiJackThis, it is an older open source log creator picked up and developed by Trend Micro which is very simple to utilize and gives detailed information for finding the source of such malicious software manually. (Don't know if anyone else knows of something similar more up to date but using win 7 it should be quite effective still.) https://filehippo.com/download_hijackthis/ One other question, why did you not scan for rootkits.?. 2 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 4, 2017 Thanks again for the reply. As for Rædwulf I did a scan from sfc /scannow but it gives 'C: Windows\system32>sfc /scannowWindows Resource Protection could not start the repair service.' And NeophobiA I will try it later can you suggest a rootkits application. I wish to bring to the attention of Rædwulf why the malwarebytes could not updates it lists always updates not current. 1 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted December 4, 2017 have u recently installed any new hardware, llike new gfx card, external hdd, ect?? or installed a new antivirus system?? Share this post Link to post Share on other sites
makongma 43 Report post Posted December 4, 2017 Thanks Rædwulf the answer is no except the one you mentioned. I t seem I may revert back to the ols versioned as it slow down almost every thing. 1 Share this post Link to post Share on other sites
Rædwulf 1,441 Report post Posted December 4, 2017 i save nothin my c:.. back everything up on external hdd's.. i takes me bout a hour to wipe, reinstall and pluggin new software.. and i have a new OS.. do u have ur importants backed up?? 1 Share this post Link to post Share on other sites
makongma 43 Report post Posted December 4, 2017 Thanks for all prompt reply. NeophobiA I have scan with hijackthis can you please have a look and find out any thing wrong. Logfile of Trend Micro HijackThis v2.0.5Scan saved at 4:25:01 PM, on 12/4/2017Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.17609)FIREFOX: 57.0.1 (x86 en-US)Boot mode: NormalRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Shadow Defender\DefenderDaemon.exeC:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exeC:\Program Files\AVG\Framework\Common\avguix.exeC:\Program Files\Adguard\Adguard.exeC:\Program Files\BWMeter\BWMeter.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Windows\eHome\EhTray.exeC:\Windows\System32\wbem\unsecapp.exeC:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exeC:\Windows\explorer.exeC:\Users\Chee\Desktop\COPY HijackThis 2.0.5 Beta\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO4 - HKLM\..\Run: [simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe"O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /AutoO4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmwO4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exeO4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startupO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKCU\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplashO4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTOO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplash /nosplash (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Adguard] C:\Program Files\Adguard\Adguard.exe /nosplash /nosplash (User 'Default user')O4 - Startup: AutorunsDisabledO4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download by easyMule - E:\PORTABLES\easyMule-1.2.1\IE2EM.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missingO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://help.eset.com (HKLM)O15 - ESC Trusted Zone: http://help.eset.com (HKLM)O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLLO23 - Service: Adguard Service - Performix LLC - C:\Program Files\Adguard\AdguardSvc.exeO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exeO23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exeO23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exeO23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exeO23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Plus-Service.exeO23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - C:\Program Files\BWMeter\BWMeterConSvc.exeO23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Users\Chee\Desktop\port\DUMeter.6.30.Portable\App\DUMeter\DUMeterSvc.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Free Firewall Service (firewallsvce) - Unknown owner - C:\Program Files\Evorim\Free Firewall\firewallsvc.exeO23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exeO23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exeO23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exeO23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exeO23 - Service: WIFIPR Passcape Loader Service (WifiprPasscapeLoader) - Unknown owner - E:\PORTABLES\Passcape Wireless Password Recovery 390399 Professional Edition Portable\Passcape Wireless Password Recovery 3.9.0.399 Professional Edition Portable\loader.exeO23 - Service: WinTab Service (WinTabService) - UC-Logic Technology Corp. - C:\Windows\System32\Drivers\WTSRV.EXEO23 - Service: Windows Firewall Control (_wfcs) - BiniSoft.org - C:\Program Files\Windows Firewall Control\wfcs.exeO23 - Service: {0CBD4F48-3751-475D-BE88-4F271385B672} - SHADOWDEFENDER.COM - C:\Program Files\Shadow Defender\Service.exe--End of file - 10168 bytes Share this post Link to post Share on other sites
Tech 425 3,942 Report post Posted December 4, 2017 Malwarebytes can't update because the virus is stopping it, It's self protection. This is why I say you need to download a bootable ISO and burn it to disk (Download and Burn on a Clean Computer) Then boot your system to one of these Bootable Virus Scanners IMPORTANT! You must carry out the burning of the ISO image from a computer that is not infected with viruses or ransomware. Norton Bootable Recovery Tool https://security.symantec.com/nbrt/nbrt.aspx ESET SysRescue Live https://www.eset.com/int/support/sysrescue/ Kaspersky Rescue Disk 10 https://support.kaspersky.com/viruses/rescuedisk Panda Cloud Cleaner Rescue ISO https://www.pandasecurity.com/malaysia/support/card?id=1681 Anvi Rescue Disk v1.1 http://www.anvisoft.com/rescue-disk.html AVG Rescue CD https://www.avg.com/en-ww/rescue-cd-business-edition Avira Rescue CD https://www.avira.com/en/download/product/avira-rescue-system Bitdefender Rescue CD https://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html Comodo Rescue Disk (CRD) https://www.comodo.com/business-security/network-protection/rescue-disk.php F-Secure Rescue CD ftp://ftp.f-secure.com/anti-virus/tools/Rescue%20CD/ Sophos Bootable Anti-Virus https://community.sophos.com/kb/en-us/52011 1 Share this post Link to post Share on other sites