Solved

Win 7 Freezes When Shutting Down For Restart

Posted on 2010-11-30
13
573 Views
Last Modified: 2012-05-10
A month ago I replaced an XP machine with a new one with Win 7 64bit.  As with my other Win 7 PC, I'm having a lot of annoying trouble.  See most of my last 10 questions under garcpr in the EE Knowledge Base.

I've run various virus/malware scans and just ran two again and only find tracking cookies.

A few days ago I applied the MS ft Hotfix for freezeups.  Was OK for perhaps overnight.  Then got some freezes when trying to shut down or in shutdown portion of restart.

The Secunia scan for outdated applications flagged Adobe Reader and I updated it through Secunia.  A few minutes later a purported Adobe message about another Reader update appeared.  I went along with it.  After a while almost nothing worked.  I wonder if it was malware coming in through the access opened for Adobe a few minutes before.

I used a restore point from just before the second Adobe thing (I think) and that got things working a lot better.

Now when I power up or restart I get the attached screen (see end of this) right after logging on.  How do I figure out where this is coming from?

And, when I shut down or restart Win 7 freezes and never completes the process.  I have to use the power button to finish shutting down.  How do I find out what is causing this?



 StartErrorScreen.doc
0
Comment
Question by:garcpr
  • 6
  • 5
  • 2
13 Comments
 
LVL 28

Expert Comment

by:chilternPC
Comment Utility
you have a program (called P)  in the startup group or in msconfig startup area running.
run the msconfig program in the command line and see what programs are in the startup
press  start - run - msconfig
0
 

Author Comment

by:garcpr
Comment Utility
Must be.  I can't locate it using msconfig or in the startup folders.

Searching for p.exe didn't help.  How can I locate it or confirm that it exists on my PC?
0
 
LVL 28

Expert Comment

by:chilternPC
Comment Utility
run "regedit"  in the run commnd and look under the key
HKEY_LOCAL_MACHINE--SOFTWARE--microsoft--windows--current version---Run

then delete anything your don't want to run at start up
0
 
LVL 28

Expert Comment

by:chilternPC
Comment Utility
another approach..
when the box comes up withthe question bring up the task manager (ctrl-alt-del) and choose task manager
see what applications are running - right click on the one conerned and choose "go to process"
this might  show you what exe is runnng.
0
 

Author Comment

by:garcpr
Comment Utility
The process for "Open With" is rundll32.exe described as "Windows Host Process"

It's running under my user name.

I checked the C:\Windows  directory and there are 8 instances of it, half with a final suffix of mui.
0
 
LVL 4

Expert Comment

by:realParker
Comment Utility
If you try and run or open "P" it will probably error out. Then  just need to go to control panel, system security, view event logs. It should note the error and specify where the file is. Also check for error messages logged during shutdown. A program or process isn't shutting down properly and the event log may help.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:garcpr
Comment Utility
I believe you mean the Event Viewer Logs under Computer Management?  

I "tried to open" P with Adobe Reader.  There were no error events logged at any time near when I did that, even though Reader issued a message.  I looked under all likely categories such as Applications, and also under the special Administrative summary of errors, critical events, etc.

Were you referring to some other logs?  There is no System Security item on the Win 7 Control Panel menu or on the CPnl System screen.

I'll work with the logs some more.
0
 

Author Comment

by:garcpr
Comment Utility
I just finally located the file named P.  It was in the User's directory along with Default, me, and Public.  I imagine this is an illegal or at least very bad location for a file to be.  Here's a copy of it. P  I made a copy of it and deleted it from the Users directory.

It no longer appears as needing to be opened when I restart.

Here's a copy of it as text. P.txt

I think it might be hard to tell where it came from by just looking at the text, but if either of you can do so, great. Please let me know.   If not, I'll close this question and award points.

I haven't had too much trouble with a freeze on shut down in the last 24 hours.  If that starts again, I'll study the event logs.
0
 
LVL 28

Accepted Solution

by:
chilternPC earned 300 total points
Comment Utility
make a restore point in case it comes back
. I still like to use malwarebyte (the free version) to check
http://www.malwarebytes.org/
try right clicking on the file and selecting Properties then click on the "details" tab
even malware writers can't help to sign programs :-)
0
 
LVL 28

Expert Comment

by:chilternPC
Comment Utility
it looks like a nVidia nforce ethernet lookback interface
0
 
LVL 4

Assisted Solution

by:realParker
realParker earned 200 total points
Comment Utility
That is odd. There are a few forum discussions about having an interface list auto-open when starting up. You can open the command prompt and run this to see the same output route print

I see a few that mention gtalk causing this but all I came across state that once the file was deleted the problem went away.
0
 

Author Comment

by:garcpr
Comment Utility
I don't see any source info in the properties details for the file.

As soon as I get a chance, I'll do the further checks suggested.
0
 

Author Comment

by:garcpr
Comment Utility
I don't see any way to check an individual file with the free version of Matwarebytes.  I sent P to Total Virus which uses ~ 24 virus check progrms to check stuff.  It didn't find anything.

route print does give as it's first 5 lines of output the same text as in P.

I have never used or even opened gtalk.  I do use gmail and calendar but doubt I ever got near gtalk.

If the problem occurs again, I'll have to look more but let's close this question.

Thanks very much for your help.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now