Next, Windows 7. Hobbled and with elevated administrator rights perhaps.

[OutOfMyDepth]

Next Windows 7. This looks altogether more of a handful.

My laptop should automatically "sleep" after a certain period of inactivity. Two days ago it failed to "sleep" and refused to shut down, even when it was left for 5+ hours. I had to use the power button to turn it off.

Turning it back on proved difficult and "Windows Repair" was presented as the recommended option, but it could not start the computer. It was possible to open in Safe Mode but not to shut down. I tried to limit the files that started to the essentials so as to exclude problem programs, and then gradually add back.  However, to do so required a reboot and that never happened as the computer never properly shut down.

It was possible to open the computer again "normally" but the processes running were very limited and did not include the anti-virus, which was disabled and could not be started, the firewall which would open but not run, and Windows Defender which could not be opened due to "Group Policy". Some research on that latter point indicated that that would never happen other than with a bug with elevated administrator status. Starting certain programs eg malwarebytes, caused a warning to appear asking if the program should be permitted to amend files on the computer, much as you might find when seeking to run a program as a "user" without administrator rights, or a warning when editing the registry. I am the user / administrator.

An older, legacy, version of Malwarebytes started and then disappeared. It could be started, again but when minimised could not then be recovered. It has not run again. I did manage to run a Hijack log although it did not have access to the Hosts file.

The task manager can be opened and shows three iexplore.exe processes running. The computer interface has changed, changing the windows starting icon for a square box, like a stripped down system, and removing all but three of the notification area icons. It does not seem possible to connect or prevent a connection to the internet, or to shut down. It looks as if the means to add programs will be via the DVD drive but there is a question as to who is the administrator or shares such rights when it comes to running programs.

I installed the current version of Malwarebytes but it cannot start - "Unable to Start" "Unable to Connect the Service". FRST, when opened showed Unable to Update then scanned in two mins.

I have no Malwarebytes log but attach the FRST and Additional logs, and a Hijack log I grabbed earlier.

I hope this is not too far gone to fix!

 

OOMD

FRST.txt

hijackthis.log

Addition.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have reviewed your log and found that there is no malware on your computer.

I suggest we start be repaireing these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here

• Install and then run the program
• Execute the instructions on Step 1 Important
• Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
• On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
• Click Repairs - Open Repairs in the bottom right corner
• Uncheck the All repair button then select just the item(s) listed below
• 
  

  01 - Repair Registry Permissions
  03 - Reset Service permissions
  04 - Register System Files
  05 - Repair WMI
  10 - Remove Policies Set By Infections
  16 - Repair Windows Updates
  20 - Repair MSI (Windows Installer)
  25 - Restore Important Windows Services
  26 - Set Windows Service to Default Startup

• Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
• Please copy and paste the Contents of this file on your next reply.

===

Restart the computer normally.

How is the computer running now?

[OutOfMyDepth]

Hi nasdaq,

thanks for picking this up.

I've run and attached the logs from Tweaking.com.

I can now boot into a normal setup although have some issues. AVG shows as an icon but is not running and says "UI Failed to load".  The option to restart the service flags the User Account Control page, asking if I want to allow the program to make changes to the computer. I am the administrator, but clicking "yes" takes me back to the "UI Failed to load" page.

Windows Security Centre service cannot be started.

If I start the computer and open nothing, but proceed immediately to instruct it to shut down, it takes more than 8 mins to do so (although it does at least shut down - thanks).

Malwarebytes says that it is "Unable to connect to the Service", much as before, although Farbar does now update. I ran it and have attached the FRST and Addition logs from Farbar because they touch on Malwarebytes not running and, on one hand that Windows Defender is set to run, and that it is set not to run via a registry key. I did also notice that under "Modified Files and Folders" is an entry showing that there was a change to windows/system32/GroupPolicy (Windows Defender not running due to a change in Group Policy - per my original post), in case that is of any significance.

Thanks

OOMD

FRST.txt

Tweaking log ANSI.txt

Tweaking.com - Windows Repair 2018 - Pre-Scan.txt

Addition.txt

[OutOfMyDepth]

Nasdaq - an update: AVG Anti-virus has started itself, no input from me, then has frozen, as has PrivateFirewall.  No pages can be opened on the net, both programs show as not responding on Task Manager.  I cannot Log Off, in order to then shut down.  This is looking rather familiar.

 

Thanks

OOMD

[nasdaq]

Hi,

Go to tthis page.
https://www.ip-tracker.org/locator/ip-lookup.php?ip=95.211.10.3

Is this your Internet Provider?
LeaseWeb Netherlands B.V.
===

Can you log off at all?

Power Down the computer if you have too.

[OutOfMyDepth]

Hello,

I have checked that Internet Provider, but it is not the one we use.

I have been able to start the computer again and have it shut down (a straight open-and-close cycle).  When I open it again later and tried to use the internet (AVG and PrivateFirewall have started as normal and have not frozen), I can use the internet for perhaps 10-15 mins and then it will no longer operate - the page I am on remains open but I cannot open another or move from it to another. The new page  /search just hangs.

I did oblige the computer to "force close" what was preventing it logging off (waiting for explorer.exe (playing log-off sound) on this occasion) and it then shut down.

It is currently open and in the hung state.

Thanks

OOMD

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

fixlist.txt

[OutOfMyDepth]

The first thing farbar does is set a restore point, which it says can take a few minutes. That few mins has been quite some time, but I'll leave it to run for a while longer before reporting back.

OOMD

[OutOfMyDepth]

Okay, farbar/fix ran although it could not create a restore point, hence the delay.   The log file is attached.  Currently the computer is trying to log off and restart.  I'll give it a while to try before taking matters into my own hands and will let you know how it is running.

Thanks

OOMD

 

Fixlog.txt

[nasdaq]

Hi,

There is possibly not enough space available on the C:\ drive to create a new Restore point.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts. 
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.) 
The tool will open and start scanning your system. 
Please be patient as this can take a while to complete. 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open. 
Post the contents of JRT.txt into your next message.
======

[OutOfMyDepth]

Hi

I wondered if there was insufficient space, but thought that the process did run - just without a prior restore point. I attached the log.  I'm not sure if the program performed a limited operation by virtue of the absence of a restore point

I am trying to run the Junkware Removal Tool but it too has been requesting a restore point for the last 10 minutes.  The options seem to be to leave it or to exit the application.

OOMD 

[OutOfMyDepth]

I should add that if I try to create a restore point, under System Properties > System Protection > Create Restore Point, it hangs until eventually I use Task Manager to stop the process, at which point the operation then states that it is creating a restore point.  It has been supposedly doing so for the last 20 minutes.

[nasdaq]

Hi,

You can make space available by cleaning your Caches.

https://kb.iu.edu/d/ahic#firefox

Start by cleaning the IE cache if it's your preferred browser.

Do the others if you are using them.

Keep me posted.

[OutOfMyDepth]

Hello Nasdaq,

I burnt some media onto a disc and shifted it and manually created a restore point. The additional extra space should have allowed a restore point to be created by farbar when running the fix, but the log says otherwise.

The computer would not log off so I had to power it down. (I have tried a few cycles of starting up, logging on and shutting down, both normally and on safe mode, but without success - it will not log off.  If I do not first log on, it skips past the logging off to the shutting down phase, but will not shut down).  It now refuses to start normally, getting stuck at the Starting Windows page, has to be powered down again and re-tried. 

When running (!), where I use the internet, the internet stops working. It seemingly closes a page when asked but keeps it running in the background where it cannot be opened or closed. Only task manager can end the process.

Hopefully farbar / fixit works without a restore point being set by the program.

I hope the log gives some insight.

OOMD

Fixlog (2).txt

[nasdaq]

Hi,

The shutoff problems are not easy to repair.
Many things can cause this.

Try these fixes.
Restart the computer after each one of then restart the computer to verify it the probem has been solved.

Restore your Windows 7 to the Last known good configuration
Follow the instructions on this page.

https://www.sevenforums.com/tutorials/666-advanced-boot-options.html?ltr=A
===

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.
===

How to perform a clean boot in Windows Vista and above.
refer to this link.
https://helpdeskgeek.com/windows-7/perform-a-clean-boot-in-windows-7/

Read the instructions on the pages before proceeding.
===

Take your time. If you have any questions before proceeding let me know.
 

p.s.

Do you remember what programs or update was installed just before the problems started?

[OutOfMyDepth]

Thanks,

 

I'll run through those steps and see where it takes me.  I have the feeling that it may be to a fresh install of the OS, but let's see.

I was trying to fix a problem with my USB ports - there is nothing wrong with them physically, but the computer has gradually started to fail to recognise the various hard drives or USB sticks. I had installed Intel Driver and Support Assistant and the Intel chipset software.  There were no immediate issues I could point to (nor did it fix the USB problem), but a day or two later...

Looking at the internet freezing - are there particular steps I should look at there?

Many thanks for your help.

OOMD

[nasdaq]

It's a matter to disable all Non Windows application and restart the computer.

If all is well then enable half of the disabled program and restart.

If the problem persists then one of the enabled program is the culprint.

If all is well the enable the first half and do disable the rest.

etc...

[OutOfMyDepth]

Hi Nasdaq,

I have run through the various steps outlined.

The Last Known Good Configuration route does see the computer shut down, albeit after what seems like an age.

sfc /scannow produces no integrity violations and no sfcdetail.txt file as far as I can see. I attach the CBS file.  I was unable to open it.

The Clean Boot and gradual reintroduction of services is going to take a while but I'll work my way through them.

OOMD

CBS.log

[nasdaq]

Keep me posted.

[OutOfMyDepth]

Hi Nasdaq,

I'm away from my computer for much of the day but should be able to update later.

Thanks

OOMD

[OutOfMyDepth]

Hi Nasdaq,

no joy, I'm afraid.  There was little running that had to be stopped, but the problem remains.

The computer does not ever shut down correctly, and immediately cycles back to restarting with a warning that it did not shut properly.  It does not matter whether it is in safe mode or normal, whether I log in or not. That said, if I have logged in, sometimes it fails to log out, let alone shut down.

I do have the feeling that it is time to check the licence numbers, save the favourites and docs again and go back to square one - however unpalatable that may sound.

OOMD

[nasdaq]

Hi,

Follow the instructions on this page.
https://www.pcworld.com/article/247392/windows/my-computer-reboots-when-i-tell-it-to-shut-down.html

If you get a BSOD and you can see if a driver is listed as the cause let me know which one.

Or

Quoted from the article.

To do so in Vista or Windows 7, click Start, type event logger, and press ENTER. In the left pane, expand the Windows Logs section, the select System

Post or attach the log.

[OutOfMyDepth]

Hi Nasdaq,

I'll give that a go later today.

Thanks

OOMD

[OutOfMyDepth]

Hi Nasdaq,

I have suspended the automatic restart and would attach the log file but it seems to be of a file type ("Event Log") not permitted as an attachment. Should I change the file type, for you to change back, or I have I missed a trick?

OOMD

[nasdaq]

Hi,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxe:

• List last 10 Event Viewer log
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.