Win 7 Freezes When Shutting Down For Restart

A month ago I replaced an XP machine with a new one with Win 7 64bit.  As with my other Win 7 PC, I'm having a lot of annoying trouble.  See most of my last 10 questions under garcpr in the EE Knowledge Base.

I've run various virus/malware scans and just ran two again and only find tracking cookies.

A few days ago I applied the MS ft Hotfix for freezeups.  Was OK for perhaps overnight.  Then got some freezes when trying to shut down or in shutdown portion of restart.

The Secunia scan for outdated applications flagged Adobe Reader and I updated it through Secunia.  A few minutes later a purported Adobe message about another Reader update appeared.  I went along with it.  After a while almost nothing worked.  I wonder if it was malware coming in through the access opened for Adobe a few minutes before.

I used a restore point from just before the second Adobe thing (I think) and that got things working a lot better.

Now when I power up or restart I get the attached screen (see end of this) right after logging on.  How do I figure out where this is coming from?

And, when I shut down or restart Win 7 freezes and never completes the process.  I have to use the power button to finish shutting down.  How do I find out what is causing this?

Who is Participating?
chilternPCConnect With a Mentor Commented:
make a restore point in case it comes back
. I still like to use malwarebyte (the free version) to check
try right clicking on the file and selecting Properties then click on the "details" tab
even malware writers can't help to sign programs :-)
you have a program (called P)  in the startup group or in msconfig startup area running.
run the msconfig program in the command line and see what programs are in the startup
press  start - run - msconfig
garcprAuthor Commented:
Must be.  I can't locate it using msconfig or in the startup folders.

Searching for p.exe didn't help.  How can I locate it or confirm that it exists on my PC?
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

run "regedit"  in the run commnd and look under the key
HKEY_LOCAL_MACHINE--SOFTWARE--microsoft--windows--current version---Run

then delete anything your don't want to run at start up
another approach..
when the box comes up withthe question bring up the task manager (ctrl-alt-del) and choose task manager
see what applications are running - right click on the one conerned and choose "go to process"
this might  show you what exe is runnng.
garcprAuthor Commented:
The process for "Open With" is rundll32.exe described as "Windows Host Process"

It's running under my user name.

I checked the C:\Windows  directory and there are 8 instances of it, half with a final suffix of mui.
If you try and run or open "P" it will probably error out. Then  just need to go to control panel, system security, view event logs. It should note the error and specify where the file is. Also check for error messages logged during shutdown. A program or process isn't shutting down properly and the event log may help.
garcprAuthor Commented:
I believe you mean the Event Viewer Logs under Computer Management?  

I "tried to open" P with Adobe Reader.  There were no error events logged at any time near when I did that, even though Reader issued a message.  I looked under all likely categories such as Applications, and also under the special Administrative summary of errors, critical events, etc.

Were you referring to some other logs?  There is no System Security item on the Win 7 Control Panel menu or on the CPnl System screen.

I'll work with the logs some more.
garcprAuthor Commented:
I just finally located the file named P.  It was in the User's directory along with Default, me, and Public.  I imagine this is an illegal or at least very bad location for a file to be.  Here's a copy of it. P  I made a copy of it and deleted it from the Users directory.

It no longer appears as needing to be opened when I restart.

Here's a copy of it as text. P.txt

I think it might be hard to tell where it came from by just looking at the text, but if either of you can do so, great. Please let me know.   If not, I'll close this question and award points.

I haven't had too much trouble with a freeze on shut down in the last 24 hours.  If that starts again, I'll study the event logs.
it looks like a nVidia nforce ethernet lookback interface
realParkerConnect With a Mentor Commented:
That is odd. There are a few forum discussions about having an interface list auto-open when starting up. You can open the command prompt and run this to see the same output route print

I see a few that mention gtalk causing this but all I came across state that once the file was deleted the problem went away.
garcprAuthor Commented:
I don't see any source info in the properties details for the file.

As soon as I get a chance, I'll do the further checks suggested.
garcprAuthor Commented:
I don't see any way to check an individual file with the free version of Matwarebytes.  I sent P to Total Virus which uses ~ 24 virus check progrms to check stuff.  It didn't find anything.

route print does give as it's first 5 lines of output the same text as in P.

I have never used or even opened gtalk.  I do use gmail and calendar but doubt I ever got near gtalk.

If the problem occurs again, I'll have to look more but let's close this question.

Thanks very much for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.