Windows 7: WONT SHUT DOWN! not sure if its a virus or not

hey guys. new to the forums here so be nice please

currently running win 7 x64, just recently opened computer and it seemed reeeeely slow, not just slow, realy slow ok so you get my point, so i go to do task manager and that wont start, i try to run any program and it wont start!, i try the classic cntrl alt delete and al that gives me after 2 minutes of waiting is a black screen with cursor and error box saying the windows log in and task service failed to start, well no kidding it didn't , i try to shut down and all it gives me after i have to force quit the programs that are running is a black screen with cursor! it dosent go to the loging out screen!

please help!

Hi,

Boot into Safe Mode, and then do the following:

1. Click Start
2. In the search box, type cmd
3. In the list that appears, right-click on cmd.exe and choose Run as administrator
4. In the command window that opens, type sfc /scannow and hit enter.

Report the output once it finishes.

Regards,
Golden

it said corrupted files were found and repaired, it gave an output log, here it is

2013-02-16 06:15:06, Info CSI 0000003e Repair results created:
POQ 12 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d295266580cce012605000090079c07._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\3dec5666580cce012705000090079c07.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\feae5b66580cce012805000090079c07.$$_branding_1728f5d8b15e526 3.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\feae5b66580cce012905000090079c07.$$_branding_shellbrd_be1f63 2087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
4: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\7f346566580cce012a05000090079c07.$$_diagnostics_system_audio _9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\813f7866580cce012b05000090079c07.$$_diagnostics_system_aero_ 8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"
6: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\834a8b66580cce012c05000090079c07.$$_resources_fbee56ab048ab2 39.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012d05000090079c07.$$_resources_themes_4d0d491 0e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
8: Move File: Source = [l:240{120}]"
2013-02-16 06:15:06, Info CSI \SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012e05000090079c07.$$_resources_themes_aero_3fd 78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
9: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012f05000090079c07.$$_resources_themes_aero_sh ell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
10: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce013005000090079c07.$$_resources_themes_aero_sh ell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
11: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\6b52d066580cce013105000090079c07.$$_branding_basebrd_9ee9a17 6c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
12: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\cbb3d266580cce013205000090079c07.$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms"
13: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d0c9f866580cce013305000090079c07.$$_system32_21f9a9c4a2f8b51 4.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
14: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\908cfd66580cce013405000090079c07.$$_system32_boot_06654401df 2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms"

POQ 12 ends.
2013-02-16 06:15:06, Info CSI 0000003f [SR] Verify complete
2013-02-16 06:15:06, Info CSI 00000040 [SR] Verifying 100 (0x0000000000000064) components
2013-02-16 06:15:06, Info CSI 00000041 [SR] Beginning Verify and Repair transaction
2013-02-16 06:15:10, Info CSI 00000042 Ignoring duplicate ownership for directory [l:62{31}]"\??\C:\windows\Branding\Basebrd" in component Microsoft-Windows-Branding-Base-HomePremium, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-16 06:15:10, Info CSI 00000043 Repair results created:
POQ 13 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\eee41969580cce019905000090079c07._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019a05000090079c07.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019b05000090079c07.$$_branding_1728f5d8b15e526 3.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019c05000090079c07.$$_branding_basebrd_9ee9a17 6c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
4: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\74804969580cce019d05000090079c07.$$_inf_3f581daba4c8c835 .cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\95a45069580cce019e05000090079c07.$$_inf_bits_0ef6f148bde367d 9.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0ef6f148bde367d9.cdf-ms"
6: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\95a45069580cce019f05000090079c07.$$_inf_bits_0000_a03dbf7d63 e833bd.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0000_a03dbf7d63e833bd.cdf-ms"
7: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5055369580cce01a005000090079c07.$$_branding_shellbrd_be1f63 2087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
8: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\768b5c69580cce01a10500009
2013-02-16 06:15:10, Info CSI 0079c07.$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms"

POQ 13 ends.
2013-02-16 06:15:10, Info CSI 00000044 [SR] Verify complete
2013-02-16 06:15:10, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2013-02-16 06:15:10, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2013-02-16 06:15:13, Info CSI 00000047 Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

a LOT of that and then this:

Reboot mark refs incremented to: 1

thanks!

started into normal mode, tried to do anything, still unable to open programs and it gives me this message whenever it tries to shut down

shutdown.exe failed to initiate right before it goes into the dark screen saying that it is waiting for background programs to close

Looks like you may have a file content does not match the operating system.

1. Please download http://go.microsoft.com/fwlink/?linkid=52012 MGADiag and save it to your desktop.
2. Double click the icon on your desktop.
3. Push
4. Push
5. Go to Start -> Run and type in "Notepad"
6. Go to Edit -> Paste in notepad.
7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
8. Copy and paste that log here.

here is the log

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x8007043c

Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {7BA7AA79-4D26-44AD-A797-B0A39361A38F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7BA7AA79-4D26-44AD-A797-B0A39361A38F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-2336931222-4255698723-996352277</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P755</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>2.80</Version><SMBIOSVersion major="2" minor="6"/><Date>20121030000000.000000+000</Date></BIOS><HWID>892F3B07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Alaskan Standard Time(GMT-09:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8007043C' to display the error text.
Error: 0x8007043C

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x8007043c
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAAAAAAAAwABAAEA6GG+lo4WPOTEIIy3AgJCKfgrLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSCPL TOSCPL00
FACP TOSCPL TOSCPL00
HPET TOSCPL TOSCPL00
MCFG TOSCPL TOSCPL00
SLIC TOSCPL TOSCPL00
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist

That looks OK, apart from this error "Cached Online Validation Code: N/A, hr = 0x8007043c"

Normally, a sfc /scannow is recommended, but you've only been able to do that in Safe Mode, correct?

Please do this:

1. Click Start
2. In the search box, type cmd
3. In the list that appears, right-click on cmd.exe and choose Run as administrator
4. In the command window that opens, type chkdsk /R and hit enter.

You will be prompted whether you wish to schedule a check disk at next boot up, choose "Y" and then reboot the PC, and let it perform the chkdsk. Report the output once it finishes.

Regards,
Golden

already did that, was at a robotics competition and my tech coordinator for my school scared it into working for a little bit (he didn't do anything, it just started working) and just to note i have done everything suggested to no avail and have run various anti malware/virus programs and come up with nothing

You may have malware on this machine.....


Please download Rkill by Grinler and save it to your desktop.

• Link 1 Link 2

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista, right-click on it and Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.

Like Jacee said:
My thoughts also.

When the scan for RKill is done, Notepad opens with the RKill report.

It would be good for you to post the RKill report in your reply.

It will provide information as to what is going on.

• RKill checks for:
  Malware services found to stop
  Processes to terminate
  Registry malware related settings
  Hosts file

...and some more items.