WONT SHUT DOWN! not sure if its a virus or not

Page 1 of 7 123 ... LastLast

  1. alaska skier
    Posts : 39
    Windows 7 home premium 64bit
       New #1

    WONT SHUT DOWN! not sure if its a virus or not


    hey guys. new to the forums here so be nice please

    currently running win 7 x64, just recently opened computer and it seemed reeeeely slow, not just slow, realy slow ok so you get my point, so i go to do task manager and that wont start, i try to run any program and it wont start!, i try the classic cntrl alt delete and al that gives me after 2 minutes of waiting is a black screen with cursor and error box saying the windows log in and task service failed to start, well no kidding it didn't , i try to shut down and all it gives me after i have to force quit the programs that are running is a black screen with cursor! it dosent go to the loging out screen!

    please help!
      My Computer
    Quote Quote

  3. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #2

    Hi,

    Boot into Safe Mode, and then do the following:

    1. Click Start
    2. In the search box, type cmd
    3. In the list that appears, right-click on cmd.exe and choose Run as administrator
    4. In the command window that opens, type sfc /scannow and hit enter.

    Report the output once it finishes.

    Regards,
    Golden
      My Computer
    Quote Quote

  4. alaska skier
    Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       New #3

    it said corrupted files were found and repaired, it gave an output log, here it is

    2013-02-16 06:15:06, Info CSI 0000003e Repair results created:
    POQ 12 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d295266580cce012605000090079c07._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\3dec5666580cce012705000090079c07.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\feae5b66580cce012805000090079c07.$$_branding_1728f5d8b15e526 3.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
    3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\feae5b66580cce012905000090079c07.$$_branding_shellbrd_be1f63 2087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
    4: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\7f346566580cce012a05000090079c07.$$_diagnostics_system_audio _9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
    5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\813f7866580cce012b05000090079c07.$$_diagnostics_system_aero_ 8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"
    6: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\834a8b66580cce012c05000090079c07.$$_resources_fbee56ab048ab2 39.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
    7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012d05000090079c07.$$_resources_themes_4d0d491 0e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
    8: Move File: Source = [l:240{120}]"
    2013-02-16 06:15:06, Info CSI \SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012e05000090079c07.$$_resources_themes_aero_3fd 78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
    9: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce012f05000090079c07.$$_resources_themes_aero_sh ell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
    10: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\e3ab8d66580cce013005000090079c07.$$_resources_themes_aero_sh ell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
    11: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\6b52d066580cce013105000090079c07.$$_branding_basebrd_9ee9a17 6c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
    12: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\cbb3d266580cce013205000090079c07.$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms"
    13: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\d0c9f866580cce013305000090079c07.$$_system32_21f9a9c4a2f8b51 4.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    14: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\908cfd66580cce013405000090079c07.$$_system32_boot_06654401df 2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms"

    POQ 12 ends.
    2013-02-16 06:15:06, Info CSI 0000003f [SR] Verify complete
    2013-02-16 06:15:06, Info CSI 00000040 [SR] Verifying 100 (0x0000000000000064) components
    2013-02-16 06:15:06, Info CSI 00000041 [SR] Beginning Verify and Repair transaction
    2013-02-16 06:15:10, Info CSI 00000042 Ignoring duplicate ownership for directory [l:62{31}]"\??\C:\windows\Branding\Basebrd" in component Microsoft-Windows-Branding-Base-HomePremium, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    2013-02-16 06:15:10, Info CSI 00000043 Repair results created:
    POQ 13 starts:
    0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\eee41969580cce019905000090079c07._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019a05000090079c07.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019b05000090079c07.$$_branding_1728f5d8b15e526 3.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
    3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\302d2869580cce019c05000090079c07.$$_branding_basebrd_9ee9a17 6c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
    4: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\74804969580cce019d05000090079c07.$$_inf_3f581daba4c8c835 .cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
    5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\95a45069580cce019e05000090079c07.$$_inf_bits_0ef6f148bde367d 9.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0ef6f148bde367d9.cdf-ms"
    6: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\95a45069580cce019f05000090079c07.$$_inf_bits_0000_a03dbf7d63 e833bd.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0000_a03dbf7d63e833bd.cdf-ms"
    7: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5055369580cce01a005000090079c07.$$_branding_shellbrd_be1f63 2087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
    8: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\768b5c69580cce01a10500009
    2013-02-16 06:15:10, Info CSI 0079c07.$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms"

    POQ 13 ends.
    2013-02-16 06:15:10, Info CSI 00000044 [SR] Verify complete
    2013-02-16 06:15:10, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
    2013-02-16 06:15:10, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
    2013-02-16 06:15:13, Info CSI 00000047 Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

    a LOT of that and then this:

    Reboot mark refs incremented to: 1

    thanks!
      My Computer
    Quote Quote

  6. alaska skier
    Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       New #4

    started into normal mode, tried to do anything, still unable to open programs and it gives me this message whenever it tries to shut down

    shutdown.exe failed to initiate right before it goes into the dark screen saying that it is waiting for background programs to close
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Looks like you may have a file content does not match the operating system.

    1. Please download http://go.microsoft.com/fwlink/?linkid=52012 MGADiag and save it to your desktop.
    2. Double click the icon on your desktop.
    3. Push
    4. Push
    5. Go to Start -> Run and type in "Notepad"
    6. Go to Edit -> Paste in notepad.
    7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
    8. Copy and paste that log here.
      My Computer
    Quote Quote

  8. alaska skier
    Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       New #6

    here is the log

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0x8007043c

    Windows Product ID: 00359-OEM-8992687-00057
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {7BA7AA79-4D26-44AD-A797-B0A39361A38F}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130104-1431
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7BA7AA79-4D26-44AD-A797-B0A39361A38F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-2336931222-4255698723-996352277</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P755</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>2.80</Version><SMBIOSVersion major="2" minor="6"/><Date>20121030000000.000000+000</Date></BIOS><HWID>892F3B07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Alaskan Standard Time(GMT-09:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8007043C' to display the error text.
    Error: 0x8007043C

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x8007043c
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAAAAAAAAwABAAEA6GG+lo4WPOTEIIy3AgJCKfgrLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC TOSCPL TOSCPL00
    FACP TOSCPL TOSCPL00
    HPET TOSCPL TOSCPL00
    MCFG TOSCPL TOSCPL00
    SLIC TOSCPL TOSCPL00
    SSDT PmRef Cpu0Ist
    SSDT PmRef Cpu0Ist
      My Computer
    Quote Quote

  10. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #7

    That looks OK, apart from this error "Cached Online Validation Code: N/A, hr = 0x8007043c"

    Normally, a sfc /scannow is recommended, but you've only been able to do that in Safe Mode, correct?

    Please do this:

    1. Click Start
    2. In the search box, type cmd
    3. In the list that appears, right-click on cmd.exe and choose Run as administrator
    4. In the command window that opens, type chkdsk /R and hit enter.

    You will be prompted whether you wish to schedule a check disk at next boot up, choose "Y" and then reboot the PC, and let it perform the chkdsk. Report the output once it finishes.

    Regards,
    Golden
      My Computer
    Quote Quote

  11. alaska skier
    Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       New #8

    already did that, was at a robotics competition and my tech coordinator for my school scared it into working for a little bit (he didn't do anything, it just started working) and just to note i have done everything suggested to no avail and have run various anti malware/virus programs and come up with nothing
      My Computer
    Quote Quote

  12. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #9

    You may have malware on this machine.....


    Please download Rkill by Grinler and save it to your desktop.

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
    Do not reboot the computer, you will need to run the application again.
      My Computer
    Quote Quote

  13. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #10

    Like Jacee said:
    You may have malware on this machine.....
    My thoughts also.

    When the scan for RKill is done, Notepad opens with the RKill report.

    It would be good for you to post the RKill report in your reply.

    It will provide information as to what is going on.

    • RKill checks for:
      Malware services found to stop
      Processes to terminate
      Registry malware related settings
      Hosts file
    ...and some more items.
      My Computer
    Quote Quote

 
Page 1 of 7 123 ... LastLast

  Related Discussions
BSOD and wont shut down
in BSOD Help and Support

I get the BSOD when I try to shut my computer down from the start button, and it just powers back on, not shutting down. I have to turn it off from the power button. Any suggestions. Henry Cee Sorry don't know how to upload yet.
wont shut down
in General Discussion

when i try to shut down windows it gets stuck on the shutting down and i have to force shut it by holding the power button
Windows wont shut down !
in General Discussion

I get some different messages when i try to shut down Windows. Sometimes i get a message that a program is running, and sometimes it just says "shutting down". I waited up to 2 hours but nothing happends. I have of course tried Ctrl-alt-delete, and the task manager, but all the proceses running...
PC wont boot after being shut off
in BSOD Help and Support

My PC froze so I was forced to shut off by holding power button for 8 seconds. When i tried to reboot I got some boot error. I took the drive out (Im assuming by now partition table is messed up so I want to load some partition recovery tool) and i put the drive in an enclosure and hooked it up...
Wont shut down
in BSOD Help and Support

i just upgraded to windows 7 from vista and now it wont shut down it just says it shutting down and stays on that screen
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:55.
Find Us