No shutdown.

botheredbothered Manchester UK
edited May 2004 in Science & Tech
I've just got in from work and too tired to look but the PC has been left on again. This happened last night as well, came in to a login screen.
If I shutdown the PC, it doesn't shutdown, it restarts.
Where shall I look guys?

Comments

  • LINLIN Tri_State Area
    edited May 2004
    a quick fix for now might be to disable "restart on system failure" :

    right-click on My Computer | Properties | Advanced tab.
    under “Startup & Recovery”, click Settings.
    under “System Failure”, untick “Automatically restart”.


    this isn't the cure but should at least get you shut down on the first attempt.


    it's doing that for a reason. BIOS power settings maybe? i don't know. i'll leave that for the big guns to answer. :)


    LIN
  • DexterDexter Vancouver, BC Canada
    edited May 2004
    Are you saying that if you go to START -> SHUTDOWN, you do not shutdown, but restart?

    There are a lot of things that can cause this, but the most likely is that a program is overriding the shutdown command because it has processes it wishes to execute, such as scheduled tasks. This can be either from benevolent software - Norton Antivirus has been known to cause such behaviour - to malevolent software, such as a trojan virus that is trying to use your box as a file server.

    Step 1 - post a Hijack This log for us to peek at.

    Step 2 - rather than shutting down, try logging off your username, then shut down from the login screen and see what happens.

    Dexter...
  • botheredbothered Manchester UK
    edited May 2004
    Gone through msconfig and turned a couple of things off, ran a full virus scan, ran spybot s+d (found two items) no viruses. No change.
    Yes dexter, that's what happens. Start, shudown, shutdown pc. then it reboots. Here is the hijack log.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:49:47, on 30/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\explorer.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
    C:\Program Files\Folding@Home\FahCore_78.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Dad\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Startup: Folding@home 4.00.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

    Cheers Lin but under my advanced tab there isn't a startup to click on???
  • botheredbothered Manchester UK
    edited May 2004
    I have just fixed the Q2 BHO's in the log (both of them) then logged off and shutdown. It restarted.
    Just popping out for some ink. I'll be back in an hour or so.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited May 2004
    Ok, a few things can cause tis, but my XP Pro boxes have done this with lnks missing (.lnk files are shortcuts, you have some with ? after them meaning that your software run could not find the files referred to as targets, I would delete also any such shortcuts for starters.

    I have had weird things like this also happen with Trend Micro's software on a couple versions of Trend Micro software adn on boxes with acouple versions of Windows, and disabled the firewall in that software to solve some. Trend Micro also refunded to me the price of a Trend Micro PC-Cillin + Firewall purchase, and that proved to be the firewall.

    Try this:

    Just before you do a malware scan, disable the Trend Mirco stuff and see if box behaves as far as shutdown versus reboot. After a malware scan you DO want to reboot\restart, not SHUTDOWN, also. EVEN with XP. After your reboot, reenable it if it is not reenabling itself.

    ESPECIALLY the firewall needs to be disabled if you have the bundled PC-Cillin plus firewall software, when you are doing a malware scan. TREND MCIRO stuff may be forcing the reboot indirectly or directly, especially if it is active and you have the innoculation and\or firewall parts going.

    I will leave the techese details out, except to say this: The firewall is not pure 32 bit code, nor is the innoculation protection code. I had a 98 SE pklus software install almost destroyed with the Trend Micro stuff and XP acted strange when all Trend Micro features were run at once on same box. I doc'd details and got a forced refund via Tech Support at Trend Micro. The mix of 16 bit and 32 bit code used, for backward version support, was not fully stbale with all features allowed to run. With just the AV running, the Trend Micro code was more stable. I had to hand edit the registry on the boxes concerned to get just the AV to work.

    This was with the version 2003 Trend Micro product for desktops and end node workstations, consumer type. Thier enterprise products are much better coded, and PC-Cillin sans the firewall works reasonably well.

    John D.
  • DexterDexter Vancouver, BC Canada
    edited May 2004
    I don't have time right now for a full analysis, but notice you have 2 "explorer.exe" processes running? The one in the System32 folder is BOGUS, and can be any number of things.

    Fix this entry in HJT:

    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe

    Do that in safe mode of course. Then find and rename that file to Explorer.xxx. Reboot normally, then try your shutdown and see what happens.

    Dexter...
  • botheredbothered Manchester UK
    edited May 2004
    Ageek, Dexter, Done all that and it still reboots.
    Any other suggestions guys?
  • botheredbothered Manchester UK
    edited May 2004
    Lin, sorry, there was an auto restart option. I was right clicking the desktop instead of my computor. D'oh!. But it wasn't that.
    I look at this site
    http://aumha.org/win5/a/shtdwnxp.htm
    Which says half of xp shudown problems are down to Roxios easy CD, which I installed a couple of days ago. The shutdown problem didn't start right away but a few days after I installed easy CD. I have uninstalled it and the PC now shuts down.
    Thanks for all the help guys and gals.
    Why are learning curves always uphill?
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited May 2004
    Because what works with one total software set invariably is buggy with another somewhere.... No software is truely IDIC or Universal. Unfortunately, one person's treasure can be another person's waterloo as even firmware is made and calced as software algorithms first.

    John D.
  • LINLIN Tri_State Area
    edited May 2004
    bothered wrote:
    Lin, sorry, there was an auto restart option. I was right clicking the desktop instead of my computor. D'oh!. But it wasn't that.
    I look at this site
    http://aumha.org/win5/a/shtdwnxp.htm
    Which says half of xp shudown problems are down to Roxios easy CD, which I installed a couple of days ago. The shutdown problem didn't start right away but a few days after I installed easy CD. I have uninstalled it and the PC now shuts down.
    Thanks for all the help guys and gals.
    Why are learning curves always uphill?
    ..and i almost asked if you had installed something recently, but didn't! :banghead:
    glad it's all sorted out for you, bothered. :)


    LIN
Sign In or Register to comment.