Windows closes all my programs overnight when screen is locked

[herqulees]

This is my first post here, I have searched and searched all over Google and have not been able to find one other case of someone having this issue.
Even though I have a laptop it tends to be my desktop and stays at home 99% of the time plugged in and running. It is set to never sleep and never hibernate while plugged in, to do nothing whenever the screen is closed, and I have Windows Update automatic restart blocked. But whenever I have programs open such as web pages I'm not done looking at, stuff downloading, something in the house still using files off its hard drive over the network, an unsaved text file I used as a note pad for the day, etc. and I lock it and come back more than say... four hours later (typically this happens overnight) to log back in I find that I'm actually logging in fresh, everything is lost. Yet I look in the task manager and the up time is well over a week, so it didn't restart, I'm not sure if I'm even being logged off but everything has to start back up when I log back in like I am. The WiFi searches and reconnects, the battery symbol takes a few seconds to (I guess) connect to the battery info, Avast and some other task bar apps load back too, desktop icons take the usual few seconds to appear and load, but nothing I was using before comes back. Compared to when I usually unlock it and it's just like uncovering a picture, all is there instantly the way I left it.
Though it wasn't for this issue I even reinstalled the OS a few weeks ago and it didn't change it and this is the only computer I've had that has this problem. My old Asus netbook that was treated the same way for over a year never did this, and my girlfriends MacBook with Windows installed that is almost always running never does this. Can anyone at least give me some pointers of where to look in the event viewer? I've been aware of its existence but have never needed to use it.

 

[nommy the first]

Hello Herqulees and welcome to the SevenForums,

Do you have a screensaver enabled? If so, please check the following;

1. Click on the
   
   .
2. In the Search programs and files
   
   box, type "Personalization", and click on the first entry under Control Panel.
3. A new window will pop-up. In the right bottom corner, click on Screen Saver, another window will pop-up.
4. Is the box next to On resume, display logon screen checked?
   If so, please uncheck the box and restart your computer afterwards.

Also, does this problem occur on other accounts?
If not, please try to recreate the problem on another account. If it still doesn't occur please report back, as your user profile might be corrupted and we will need to fix it.


Good luck and keep us posted,
Nommy

 

[herqulees]

Hello Herqulees and welcome to the SevenForums,

Do you have a screensaver enabled? If so, please check the following;

1. Click on the
   
   .
2. In the Search programs and files
   
   box, type "Personalization", and click on the first entry under Control Panel.
3. A new window will pop-up. In the right bottom corner, click on Screen Saver, another window will pop-up.
4. Is the box next to On resume, display logon screen checked?
   If so, please uncheck the box and restart your computer afterwards.

Also, does this problem occur on other accounts?
If not, please try to recreate the problem on another account. If it still doesn't occur please report back, as your user profile might be corrupted and we will need to fix it.


Good luck and keep us posted,
Nommy

Nope I don't use screen savers, I think they're a waste of processing power. I'm the only user of the computer so only one account, unless theirs a hidden admin account like Windows XP, never used safe mode so dunno if that's still there. I would prefer to try other ideas first as I don't want to make another user account and have to kinda start over with setting up programs like a new computer again just to delete it a few days later and who knows how much junk that would leave in the registry, plus I don't think anything is corrupt since it's done this before and after I reinstalled Windows. Seeing as I have always had the OEM Windows 7 of this laptop installed, from when I bought it to what I reinstalled, and this is the only Windows 7 computer of mine to do this, and this laptop has a lot of proprietary power saving features that Windows does not control, I am suspecting it is something Acer changed in the OS or something they have installed that is doing this.
Is why I was wondering where in the Event Viewer I could see account log ins and outs and possibly what requested the log in/out?

 

[herqulees]

From 2013-07-27 at about 9pm to 07-28 at about 9am the computer was left unattended and locked (Windows Key + L), it was left in a rush so I can't remember what all was running but I know I had some stuff open, but when I returned and unlocked it everything was gone. Looking through the event viewer for suspicious stuff here are a few things I've found from newest to oldest;

--------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-ApplicationExperienceInfrastructure
Date:          7/28/2013 8:51:29 AM
Event ID:      1
Task Category: None
Level:         Warning
Keywords:      
User:          Michael-Laptop\Michael ********
Computer:      Michael-Laptop
Description:
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

--------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-ApplicationExperienceInfrastructure
Date:          7/28/2013 8:50:28 AM
Event ID:      1
Task Category: None
Level:         Warning
Keywords:      
User:          Michael-Laptop\Michael ********
Computer:      Michael-Laptop
Description:
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

--------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          7/28/2013 8:50:25 AM
Event ID:      6000
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

--------------------------------------------------

Log Name:      Application
Source:        gupdate
Date:          7/28/2013 8:14:01 AM
Event ID:      0
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The description for Event ID 0 from source gupdate cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Service stopped

--------------------------------------------------

Log Name:      Application
Source:        gupdate
Date:          7/28/2013 8:14:00 AM
Event ID:      0
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The description for Event ID 0 from source gupdate cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Service started

--------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          7/28/2013 3:27:07 AM
Event ID:      6000
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:27:07 AM
Event ID:      4647
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
User initiated logoff:

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0x73e9b49

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.

--------------------------------------------------

Log Name:      Application
Source:        Desktop Window Manager
Date:          7/28/2013 3:27:06 AM
Event ID:      9009
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The Desktop Window Manager has exited with code (0x40010004)

--------------------------------------------------

Log Name:      Application
Source:        gupdate
Date:          7/28/2013 3:14:01 AM
Event ID:      0
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The description for Event ID 0 from source gupdate cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Service stopped

--------------------------------------------------

Log Name:      Application
Source:        gupdate
Date:          7/28/2013 3:14:00 AM
Event ID:      0
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The description for Event ID 0 from source gupdate cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Service started

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4634
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
An account was logged off.

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0xd2ac806

Logon Type:			7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4634
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
An account was logged off.

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0xd2ac814

Logon Type:			7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4672
Task Category: Special Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
Special privileges assigned to new logon.

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0xd2ac806

Privileges:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		MICHAEL-LAPTOP$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

Logon Type:			7

New Logon:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0xd2ac814
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1d64
	Process Name:		C:\Windows\System32\winlogon.exe

Network Information:
	Workstation Name:	MICHAEL-LAPTOP
	Source Network Address:	127.0.0.1
	Source Port:		0

Detailed Authentication Information:
	Logon Process:		User32 
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		MICHAEL-LAPTOP$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

Logon Type:			7

New Logon:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0xd2ac806
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x1d64
	Process Name:		C:\Windows\System32\winlogon.exe

Network Information:
	Workstation Name:	MICHAEL-LAPTOP
	Source Network Address:	127.0.0.1
	Source Port:		0

Detailed Authentication Information:
	Logon Process:		User32 
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

--------------------------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:05:22 AM
Event ID:      4648
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
A logon was attempted using explicit credentials.

Subject:
	Security ID:		SYSTEM
	Account Name:		MICHAEL-LAPTOP$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Target Server:
	Target Server Name:	localhost
	Additional Information:	localhost

Process Information:
	Process ID:		0x1d64
	Process Name:		C:\Windows\System32\winlogon.exe

Network Information:
	Network Address:	127.0.0.1
	Port:			0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

To not have a half-page long post I wrapped everything with code tags, but it may make some stuff hard to read. At 3:05:22am multiple events show I was logged in and "special privileges" were applied to my account. Then before even a second could go by I was logged out. Then at 3:14:00 - 3:14:01am Google Update was doing something undefined and at 3:27:06am the DWM exited with 0x40010004. Finally at 3:27:07am it says I logged my account off when according to previous events I was already logged off and I wasn't even home, and at the same time an error I'm not sure about appears.

 

[Layback Bear]

Why not just save your work and shut down the laptop when not in use.
Laptop are noted for not handling heat well. Any thing in auto update or scheduling might be causing this problem.

 

[herqulees]

Why not just save your work and shut down the laptop when not in use.
Laptop are noted for not handling heat well. Any thing in auto update or scheduling might be causing this problem.

My computer is always doing something, I just use a laptop instead of a desktop because they're more efficient power-wise. As far as heat that has not been an issue. When just idling for network usage or web browsing all temps stay below 115F, under heavy use (compressing large backups) maybe it'll hit 150F.

 

[nommy the first]

It's currently 4AM here, so I'll have a look at the report first thing tomorrow


Nommy

 

[herqulees]

It's currently 4AM here, so I'll have a look at the report first thing tomorrow


Nommy

Alright, thank you

 

[nommy the first]

Hello Herqulees,

Before I start my analysis of the log I quickly read over it, and from the top of my head I see a lot of errors that are native to Windows Server 2008, and not Windows 7 (Event ID 9009, Event ID 4672, Event ID 6000 etc etc etc).
While I have quite a bit of knowledge of Windows 7 and it's event viewer logs, I have noticeably less knowledge of the Windows Server 2008 event viewer log, and so deem myself as unable to properly assist you on that.

And I also see quite a few corrupted registries.
So you might want to try and run start up repair, as explained in this tutorial, before anything else.
Please try to recreate the problem after that to see if it persists.


Good luck and keep us posted,
Nommy

 

[Kari]

Search for user log in / log off entries in Event Viewer. Although published on our sister the Eight Forums, this tutorial is also valid for Windows 7 and shows you how: Event Viewer - Monitor User Account Activity in Windows 8

Come back to tell if you found some suspicious log off entries.

Kari

 

[herqulees]

Hello Herqulees,

Before I start my analysis of the log I quickly read over it, and from the top of my head I see a lot of errors that are native to Windows Server 2008, and not Windows 7 (Event ID 9009, Event ID 4672, Event ID 6000 etc etc etc).
While I have quite a bit of knowledge of Windows 7 and it's event viewer logs, I have noticeably less knowledge of the Windows Server 2008 event viewer log, and so deem myself as unable to properly assist you on that.

And I also see quite a few corrupted registries.
So you might want to try and run start up repair, as explained in this tutorial, before anything else.
Please try to recreate the problem after that to see if it persists.


Good luck and keep us posted,
Nommy

How can you tell I have corrupt registries? Also are you saying my 7 OS is running like it's another OS, or that it's giving a bunch of errors/messages from a part of the OS you're unfamiliar with? After posting that last night I disabled all start up entries and scheduled tasks involving Google Update (gupdate). So am going to put a short pause on my investigating for a couple days to see if the issue persists. Though I will try the startup repair just to see if it comes up with anything.

 

[herqulees]

Search for user log in / log off entries in Event Viewer. Although published on our sister the Eight Forums, this tutorial is also valid for Windows 7 and shows you how: Event Viewer - Monitor User Account Activity in Windows 8

Come back to tell if you found some suspicious log off entries.

Kari

See my post up above a bit of suspicious log on/off events I found while the computer was idle. Unless you're saying doing that will give me more info of log ons and offs?

 

[Kari]

Search for user log in / log off entries in Event Viewer. Although published on our sister the Eight Forums, this tutorial is also valid for Windows 7 and shows you how: Event Viewer - Monitor User Account Activity in Windows 8

Come back to tell if you found some suspicious log off entries.

Kari

See my post up above a bit of suspicious log on/off events I found while the computer was idle. Unless you're saying doing that will give me more info of log ons and offs?

Your posted events show a lot of uninteresting events, although it also very clearly shows that you were logged off. Following my advice we would get a more specific list of log in / log off events.

Here for instance the event and time stamp of your log off. See the highlighted statement at the end of the event description:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:27:07 AM
Event ID:      4647
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
User initiated logoff:

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0x73e9b49

This event is generated when a logoff is initiated. No further user-initiated
activity can occur. [hl][B]This event can be interpreted as a logoff event[/B][/hl].

Kari

 

[nommy the first]

How can you tell I have corrupt registries? Also are you saying my 7 OS is running like it's another OS, or that it's giving a bunch of errors/messages from a part of the OS you're unfamiliar with? After posting that last night I disabled all start up entries and scheduled tasks involving Google Update (gupdate). So am going to put a short pause on my investigating for a couple days to see if the issue persists. Though I will try the startup repair just to see if it comes up with anything.

Hello Herqulees,

What I mean is that your log has errors from Windows Server 2008 in them, and that I am unfamiliar with that happening.

The corrupt registries are for instance the Event ID: 6000;

Windows logon availability determines whether the Windows logon process is able to be completed successfully. The logon process is the interface between the account for a user, process, or service and the computer that establishes authenticated credentials for the account and allocates the appropriate system and network resources.
If the Windows registry is corrupted, logon might be prevented and you will need to interrupt the startup process to boot the computer into Safe Mode or the Recovery Console.

This particular error could be caused by two things. First is a service that has failed to start, and second is a corrupt registry.
To check the failed service; navigate to the event viewer, double click on Windows Logs and then on system. Now you'll see a list of entries with an icon in front of them. Search for a white exclamation mark in a red circle, that will indicate that a service has stopped.
If you can not find such icon, then there is a corrupt registry.

It could also indicate that Windows doesn't have enough resources available, but if that were the case then you would log in with limited capabilities instead of not at all.


Good luck and keep us posted,
Nommy

 

[herqulees]

Search for user log in / log off entries in Event Viewer. Although published on our sister the Eight Forums, this tutorial is also valid for Windows 7 and shows you how: Event Viewer - Monitor User Account Activity in Windows 8

Come back to tell if you found some suspicious log off entries.

Kari

See my post up above a bit of suspicious log on/off events I found while the computer was idle. Unless you're saying doing that will give me more info of log ons and offs?

Your posted events show a lot of uninteresting events, although it also very clearly shows that you were logged off. Following my advice we would get a more specific list of log in / log off events.

Here for instance the event and time stamp of your log off. See the highlighted statement at the end of the event description:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:27:07 AM
Event ID:      4647
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
User initiated logoff:

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0x73e9b49

This event is generated when a logoff is initiated. No further user-initiated
activity can occur. [hl][B]This event can be interpreted as a logoff event[/B][/hl].

Kari

I figured at least some of the events I posted were unhelpful but since this log in and out process was only about a half hour long I figured post it all to see if someone sees something I don't. Either way, made a new custom view with that tutorial (thanks for the link) and will keep an eye on it.

 

[herqulees]

How can you tell I have corrupt registries? Also are you saying my 7 OS is running like it's another OS, or that it's giving a bunch of errors/messages from a part of the OS you're unfamiliar with? After posting that last night I disabled all start up entries and scheduled tasks involving Google Update (gupdate). So am going to put a short pause on my investigating for a couple days to see if the issue persists. Though I will try the startup repair just to see if it comes up with anything.

Hello Herqulees,

What I mean is that your log has errors from Windows Server 2008 in them, and that I am unfamiliar with that happening.

The corrupt registries are for instance the Event ID: 6000;

Windows logon availability determines whether the Windows logon process is able to be completed successfully. The logon process is the interface between the account for a user, process, or service and the computer that establishes authenticated credentials for the account and allocates the appropriate system and network resources.
If the Windows registry is corrupted, logon might be prevented and you will need to interrupt the startup process to boot the computer into Safe Mode or the Recovery Console.

This particular error could be caused by two things. First is a service that has failed to start, and second is a corrupt registry.
To check the failed service; navigate to the event viewer, double click on Windows Logs and then on system. Now you'll see a list of entries with an icon in front of them. Search for a white exclamation mark in a red circle, that will indicate that a service has stopped.
If you can not find such icon, then there is a corrupt registry.

It could also indicate that Windows doesn't have enough resources available, but if that were the case then you would log in with limited capabilities instead of not at all.


Good luck and keep us posted,
Nommy

That log goes all the way back to the end of May without anything more than informational events, so it's on to try the Startup Repair.

 

[Kari]

I figured at least some of the events I posted were unhelpful but since this log in and out process was only about a half hour long I figured post it all to see if someone sees something I don't. Either way, made a new custom view with that tutorial (thanks for the link) and will keep an eye on it.

You told us your PC was unattended from Saturday evening at about 9pm to Sunday morning at about 9am. As the quote in my last post from your Event Viewer told us, you were logged out that night at 03:27 AM.

According to your posted events there was nothing happening during the last 13 minutes before the log off, which I find quite hard to believe. Check the event viewer to see what really happened during the last few minutes before log off, let's say from 03:20 onwards.

 

[herqulees]

I figured at least some of the events I posted were unhelpful but since this log in and out process was only about a half hour long I figured post it all to see if someone sees something I don't. Either way, made a new custom view with that tutorial (thanks for the link) and will keep an eye on it.

You told us your PC was unattended from Saturday evening at about 9pm to Sunday morning at about 9am. As the quote in my last post from your Event Viewer told us, you were logged out that night at 03:27 AM.

According to your posted events there was nothing happening during the last 13 minutes before the log off, which I find quite hard to believe. Check the event viewer to see what really happened during the last few minutes before log off, let's say from 03:20 onwards.

Sadly everything I posted before were all the events I found that seemed even slightly interesting, not much was going on, but I'll go ahead and look again to see if I missed anything.
EDIT: Is their a way I can make a new tab to show EVERYTHING from 7-28 at 3am to 4am? I'm not familiar with event viewer, but am quickly finding how useful it is. Literally never opened it till this issue.
EDIT-EDIT- Nevermind that was a silly question, quickly figured it out after clicking on Custom View. Looking through everything now.

 

[herqulees]

The only time their are interesting events in this log are right around the few seconds I was logged off so that's what I posted here. It looks like I had a remote desktop connection close from address "LOCAL"? I don't use Windows Remote Desktop at all and as far as I'm aware it's disabled. I do use TeamViewer, but can't remember the last time it was actually used, only this computer is on my TeamViewer account and the only thing that connects to it is my phone when I need to transfer a file or something, like I said very rarely used. The only other thing network-wise I use is I share a couple folders over the home network. Could this be some sort of hacking? I seriously doubt it, but still.

Log Name:      Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Source:        Microsoft-Windows-TerminalServices-LocalSessionManager
Date:          7/28/2013 3:27:08 AM
Event ID:      24
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Michael-Laptop
Description:
Remote Desktop Services: Session has been disconnected:

User: Michael-Laptop\Michael ********
Session ID: 3
Source Network Address: LOCAL
--------------------------------------------------
Log Name:      System
Source:        Microsoft-Windows-Winlogon
Date:          7/28/2013 3:27:07 AM
Event ID:      7002
Task Category: (1102)
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Michael-Laptop
Description:
User Logoff Notification for Customer Experience Improvement Program
--------------------------------------------------
Log Name:      Microsoft-Windows-User Profile Service/Operational
Source:        Microsoft-Windows-User Profiles Service
Date:          7/28/2013 3:27:07 AM
Event ID:      4
Task Category: None
Level:         Information
Keywords:      
User:          Michael-Laptop\Michael ********
Computer:      Michael-Laptop
Description:
Finished processing user logoff notification on session 3.
--------------------------------------------------
Log Name:      Microsoft-Windows-User Profile Service/Operational
Source:        Microsoft-Windows-User Profiles Service
Date:          7/28/2013 3:27:07 AM
Event ID:      3
Task Category: None
Level:         Information
Keywords:      
User:          Michael-Laptop\Michael ********
Computer:      Michael-Laptop
Description:
Recieved user logoff notification on session 3.
--------------------------------------------------
Log Name:      Microsoft-Windows-GroupPolicy/Operational
Source:        Microsoft-Windows-GroupPolicy
Date:          7/28/2013 3:27:07 AM
Event ID:      5324
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Michael-Laptop
Description:
Group Policy received the notification Logoff from Winlogon for session 3.
--------------------------------------------------
Log Name:      Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Source:        Microsoft-Windows-TerminalServices-LocalSessionManager
Date:          7/28/2013 3:27:07 AM
Event ID:      23
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Michael-Laptop
Description:
Remote Desktop Services: Session logoff succeeded:

User: Michael-Laptop\Michael ********
Session ID: 3
--------------------------------------------------
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/28/2013 3:27:07 AM
Event ID:      4647
Task Category: Logoff
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Michael-Laptop
Description:
User initiated logoff:

Subject:
	Security ID:		Michael-Laptop\Michael ********
	Account Name:		Michael ********
	Account Domain:		Michael-Laptop
	Logon ID:		0x73e9b49

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
--------------------------------------------------
Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          7/28/2013 3:27:07 AM
Event ID:      6000
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
--------------------------------------------------
Log Name:      Microsoft-Windows-GroupPolicy/Operational
Source:        Microsoft-Windows-GroupPolicy
Date:          7/28/2013 3:27:06 AM
Event ID:      5324
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Michael-Laptop
Description:
Group Policy received the notification EndShell from Winlogon for session 3.
--------------------------------------------------
Log Name:      Application
Source:        Desktop Window Manager
Date:          7/28/2013 3:27:06 AM
Event ID:      9009
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-Laptop
Description:
The Desktop Window Manager has exited with code (0x40010004)
--------------------------------------------------
Log Name:      Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
Source:        Microsoft-Windows-Resource-Exhaustion-Resolver
Date:          7/28/2013 3:27:04 AM
Event ID:      1002
Task Category: Lifecycle Events
Level:         Information
Keywords:      Lifecycle
User:          Michael-Laptop\Michael ********
Computer:      Michael-Laptop
Description:
The Windows Resource Exhaustion Resolver stopped.
--------------------------------------------------

 

[bobafetthotmail]

While it could be tangential to this issue, did you see this?

Log Name:      Application 
Source:        Microsoft-Windows-ApplicationExperienceInfrastructure 
Date:          7/28/2013 8:51:29 AM 
Event ID:      1 
Task Category: None 
Level:         Warning 
Keywords:       
User:          Michael-Laptop\Michael ******** 
Computer:      Michael-Laptop 
Description: The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

I would uninstall that Acer Updater (usually useless) or at least update it.