• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

XP shutdown when I logon

My computer reboots itself at startup. I am running XP pro.
I get a message on my desktop when I log on. The message states "DB2JDS.exe has encountered a problem and needs to close." A short time later the computer reboots.
OK here are the sequence of events leading up to this problem.

1) My master hard drive was near capacity and XP was sending messages about the space left on the hard drive. To aleviate the problem I started deleting programs. This freed up enough space where I did not get anymore "space" messages.
2) Almost immediately my computer started rebootting itself and I starting getting the DB2JDS message.
I have tired the following with no success:
A) Tried to restore computer to 2 previous restore points.
B) Downloaded and ran Symantec's cleanup programs for the following virus'
     Sasser
     Beagle
     Blaster.worm
None of these were found on my system.
3) I tried to run a Norton virus scan on my system. This fails everytime I try. I am getting a message that states " can not scan due to a critical error"
4) I can boot up into Safe Mode.
5) In a Norton Virus log, from about seven days ago, i found an entry stating Beagle virus detected.
6) The DB2jds.exe file maybe from one of the programs I deleted.

Can someone please help?  

Gary
0
sufabooma
Asked:
sufabooma
  • 9
  • 7
  • 4
2 Solutions
 
jjk16Commented:
start, run, msconfig

click on start up tab, post what you see


start, run, eventvwr

click on on system look for yellow or red

post error contents here please

DB2JDS.exe  sounds like some ibm database or something

it works in safe mode so you can bet its probably some software/driver causing the restart.

should be a quick fix,  you can always run system restore back before you had this problem as well


0
 
SheharyaarSaahilCommented:
Hello sufabooma =)

This file doesn't seem to be a virus to me, have a search on google for it and you will come to know that all hits show that its related to some IBM Windows DB2 DoS thingie :-?

And this file runs as a service on the system, and this is the reason that you can start the system in safemode, becasue in safemode NO third party services are loaded !!

So no try this, in safemode goto Start>Run>regedit, and search for DB2jds.exe, if you can find its entry in Run Keys or in CurrentControlSet\Services folder, then backup its folder first, and then delete it from registry, restart and now try to boot in normal mode to check if it can start there or not ?? Good Luck :)
0
 
sufaboomaAuthor Commented:
I found entries of DB2jds.exe, I backed up the folders and deleted all entries to no avail. The problem still exists.

Here are the logs from the events viewer:

I could not find the "Run" function in Safe Mode so I could not run msconfig  and it won't run from a command line

Here are the logs from the event viewer:

Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10005
Date:            11/15/2004
Time:            7:27:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      GARYSDELL
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Application Popup
Event Category:      None
Event ID:      875
Date:            11/15/2004
Time:            7:26:21 AM
User:            N/A
Computer:      GARYSDELL
Description:
Driver UdfReadr.SYS has been blocked from loading.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 10 00 02 00 74 00   ......t.
0008: 00 00 00 00 6b 03 00 c0   ....k..À
0010: 00 00 00 00 6b 03 00 c0   ....k..À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0028: 66 e3 d9 7d ef 34 4f 40   fãÙ}ï4O@
0030: bf 69 57 4a 81 54 ba 5d   ¿iWJTº]

Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10005
Date:            11/15/2004
Time:            7:27:43 AM
User:            NT AUTHORITY\SYSTEM
Computer:      GARYSDELL
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The SYMTDI service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The DHCP Client service depends on the NetBT service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7001
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7026
Date:            11/15/2004
Time:            7:28:17 AM
User:            N/A
Computer:      GARYSDELL
Description:
The following boot-start or system-start driver(s) failed to load:
Fips
IPSec
MRxSmb
NetBIOS
NetBT
P3
RasAcd
Rdbss
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10005
Date:            11/15/2004
Time:            7:29:48 AM
User:            NT AUTHORITY\SYSTEM
Computer:      GARYSDELL
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jjk16Commented:
the windows key + r        will open up a run menu

a work around is to post your hijack this log

download here and save log, copy and past to here
http://www.spywareinfo.com/~merijn/downloads.html

THe good thing is your computer works in safe mode so we know it is some device or service/setting that is causing the crash, I was hoping you look for the red and yellow errors about the time when your computer reset as safe mode will show those errors all the time if you have IIS etc installed, the hijack this log will allow me see what is starting up with the computer, also try safe mode w/networking

you have email servers and web servers running on your computer...  ?
that would explain the database... what is this computer used for?

i look forward to reading your post...
0
 
SheharyaarSaahilCommented:
You are in safemode right now, so from Control Panel>USer Accoutns try creating a new user accoutn with Administrative rights and restart to login with the new user...... check if same error with the new user also ??
0
 
sufaboomaAuthor Commented:
I tried the msconfig thing using the windows -r
I looked at the Startup.
Here is some of what I saw.
If you want to see all of it can I email the screens shots to you? There is quite a bit and I can't copy and paste.

Startup:
dumprep 0 -u            %systemroot%\system32\dumprep 0 -u
dumprep 0 -k            %systemroot%\system32\dumprep 0 -k
ctfmon                      c:\WINDOWS\system32\ctfmon.exe
RUNDLL32                 RUNDLL32.EXE NvQTwk,NvCplDaemon inialize

What is IIS? Do you mean Service Pack 2?

I am a RPG programmer that is why the DB2 stuff was on my computer.
I'm not sure what you want me to do with the posting of the log? Can you further explain.

I created a new user but the computer rebooted even before it got to my desktop. With the existing users on that PC we can at least get to our desktops for a few moments.


0
 
SheharyaarSaahilCommented:
>> RUNDLL32                 RUNDLL32.EXE NvQTwk,NvCplDaemon inialize

are you using a Nvidia video card ?? if Yes then from safemode, goto Device manager and uninstall this card, this will uninstall its present drivers.... and if you have loaded any software realted to it, uninstall it also !!
now restart and boot in normal mode to check for the problem now ??
0
 
sufaboomaAuthor Commented:
deleted the driver - restarted still rebooting.
Should I try a setting my system to a good restore point?
0
 
SheharyaarSaahilCommented:
you said you already tried it :-\
0
 
jjk16Commented:
sorry for the long wait, your problems are software related, thats why i want your startup, i highly doubt that you posted all items from msconfig that were shown,

I think your starting to get more familiar with the computer though, so atleast your getting something out of this..       WHeres the HIJACK THIS log ???

so here we go..

windows key + pause/break key or you can right click on my computer and click on properties

click on advanced tab, click on start up and recovery button on bottom half of windows

uncheck the restart on errors,  notice the send an event to event viewer check box in case your wondering where the progression is...
that is why i asked you to check event viewer
those dump preps seem like programs crashing to me
event viewer is the key to this but its hard to teach someone to know what to look for
so...

also removing and reinstalling the drivers would not do any good. upgrading the drivers might(rare) on windowsupdate.com or by from the manufacturer of the device might help

when in doubt you can fix the major culprits

adaware se, fixes pop ups, spyware
http://downloads-zdnet.com.com/Ad-Aware-SE-Personal-Edition/3000-8022_2-10319876.html?tag=lst-0-5

windows + r,   sfc /scannow      need xp cd though

everything else gets messy, goodluck
0
 
sufaboomaAuthor Commented:
What are you talking about-------"WHeres the HIJACK THIS log ???"
0
 
jjk16Commented:
umm here


a work around is to post your hijack this log

download here and save log, copy and past to here
http://www.spywareinfo.com/~merijn/downloads.html
0
 
SheharyaarSaahilCommented:
If you wanna use Hijackthis, follow these instructions,

Download v1.98.2 from here >> http://tools.radiosplace.com/HijackThis.exe
Run it, hit scan, then hit Save log, save the notepad file, then copy the contents from notepad log file, and paste them here >> http://www.hijackthis.de/index.php?langselect=english

hit Analyse, then scroll down to the page, hit Save Analyse, a new page will open, copy the address of that new page and paste it here :)
0
 
sufaboomaAuthor Commented:
Sheharyaar thanks for the good instructions about HijackThis.
I followed your instructions and here is the link to the analysis.

http://www.hijackthis.de/logfiles/8f428f6e222144d5b93c4334de40f0ba.html
0
 
SheharyaarSaahilCommented:
Well you log sodesn't show anything related to DB2jds.exe!
tell me are you having the WinXP standard CD or the restore cds which you got with the system ??
0
 
SheharyaarSaahilCommented:
>> you log sodesn't show
your log doesn't show*
0
 
sufaboomaAuthor Commented:
I am going to reload my system. I have a good backup. I would like to give both you guys the points 350 to Sheharyaar and 150 to jjk16. How do I do that?
0
 
SheharyaarSaahilCommented:
hmmmmm means you are thingking about a Format and Clean Install...... well i will not say anything, but if you still want,,,,, dont you think that a Repair install can be done before the format! :)

But still... its just a suggestion, final decision is all yours, if you think that a format is needed,,,, then please go with it as data is already backed up :)

>> I would like to give both you guys the points 350 to Sheharyaar and 150 to jjk16. How do I do that?
You can use the Split Points feature which you can see above the box where you type the comments :)
for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
0
 
sufaboomaAuthor Commented:
How would I do a repair install? I'll give more points if I can.
0
 
SheharyaarSaahilCommented:
Well its same as doing a clean install.... i mean the procedure is same but it lacks one thing, i.e Formatting the hard drive
in a clean install we format and erase everything from the hard drive, and in repair we take the old installation and try to "repair" it to solve the problems its having :)

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP:
http://support.microsoft.com/?kbid=315341

How to Perform a Windows XP Repair Install:
http://www.michaelstevenstech.com/XPrepairinstall.htm

Click here on How To Run a Repair Install:
http://www.webtree.ca/windowsxp/repair_xp.htm
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 9
  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now