Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 won't shut down


  • Please log in to reply

#1
mwmue

mwmue

    New Member

  • Member
  • Pip
  • 9 posts

I have a windows 7 laptop that won't shut down.  It gets to the shutdown screen and then hangs. It will shutdown properly from Safe Mode but won't after a clean boot. I did a sfc /verifyonly and it found nothing.  Malwarebytes and Kaspersky virus scanner have found nothing. I have made 2 attempts at a System Restore but when the system reboots I get a restore has failed message. Any other ideas would be appreciated.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,305 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot.  (Even if you have to hold down the power button to shut it down)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
Run Process Explorer in Safe mode and create a log.  Reboot into a Clean boot and create another log.  Compare the two.  Do you see a process that is present in clean boot and not in Safe Mode?  Right click on it and Kill the process then see if it will reboot.
 

  • 0

#3
mwmue

mwmue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have created the 2 Event Viewer and first Process Explorer logs as requested. They are attached.

 

I will work on the Process Explorer comparison next. 

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,305 posts
  • MVP
Log: 'System' Date/Time: 13/05/2016 11:37:03 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

 

 

This might be the culprit.  

 

 2) Open an elevated command prompt.  (Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, )

 


  3) Verify the WMI repository is not corrupt by running the following command:

      winmgmt  /verifyrepository

If the repository is not corrupted, a “WMI Repository is consistent” message will be returned. If you get something else, go to step 4.

4) Run the following commands:   

winmgmt  /salvagerepository

If the repository salvage fails to work, then run the following command to see if it resolves the issue: 

winmgmt  /resetrepository

After the last command, there should be a “WMI Repository has been reset” message returned.


  • 0

#5
mwmue

mwmue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I got the "WMI Repository is Consistent" message.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,305 posts
  • MVP

You might try right clicking on 

 

WmiPrvSE.exe
 
in Process Explorer and see if you can kill the process then shutdown just to make sure it's not causing the problem.

  • 0

#7
mwmue

mwmue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Still won't shutdown.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,305 posts
  • MVP

The only other error I see is from Kaspersky and winlogon

 

Log: 'Application' Date/Time: 13/05/2016 11:36:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-2888657257-1247738880-630884131-1001:
Process 1980 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2888657257-1247738880-630884131-1001
Process 888 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2888657257-1247738880-630884131-1001

 

 

 
Does avp.exe run in safe mode and clean boot?

  • 0

#9
mwmue

mwmue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I was thinking avp might be the problem.  It isn't in safe mode but is in the clean boot.  Tried to stop it in msconfig but it kept coming back on. Tried to kill it from Process Explorer and it wouldn't let me. Decided to uninstall it and the uninstall crashed. When I got the computer booted back up, the program still loaded but the uninstaller said wasn't there.  When I tried to stop the program, windows crashed. Started the computer back up. Decided to re-install the antivirus program hoping I could then try the uninstall again but the reinstall crashed too.

 

When I got the computer started again the antivirus program didn't load up. It is still listed as a program but the uninstaller will open up now.  Cancelled out of the uninstaller and decided to try a Shut Down. It actually worked.  The computer shut down just like it should.  

 

Not sure what to do next. Guess I really need to try the uninstaller again before loading a new antivirus program.  Will try it tomorrow.

 

Thanks for all the help. 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,305 posts
  • MVP

Sometimes reinstalling a program will allow you to remove it but if you need help removing Kaspersky we can move this to the malware forum and use FRST to remove it.  


  • 0

#11
mwmue

mwmue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I got the antivirus completely uninstalled and a new one installed. At this time computer boots and shuts down like it's supposed to. All is good. Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP