Windows hangs when shutting down

[ppills]

All right this has been plaguing me for a very long time, hopefully I can get to the bottom of it.

My problem is that WinXP SP2, usually hangs for 30-60 when trying to shut down. But lately, it's been taking more than 2 minutes. It zooms quickly through the "saving settings" message but takes forever on the "windows is shutting down" message.

This never happens at all when I have SP1 installed. But as soon I upgrade to SP2, I start having this problem sometime soon after.

I already tried disabling all startup items, and also a few windows services I don't need, but that didn't help at all. I'm also pretty sure it's not virus/adware/spyware related.

Anybody have ideas what could cause this? Any help is greatly appreciated. Thanks.

[tommie gorman]

Welcome to the forum ppills 

You already; used a couple of my guess's, but...

I already tried disabling all startup items, and also a few windows services I don't need, but that didn't help at all. I'm also pretty sure it's not virus/adware/spyware related.

.

when you said that, then you know you need to go to safe mode and do your duty. I do it every weekend as a ritual. It keeps things speedy that way.

Here do these here. Every step.

Achieve the Best Performance Out of Your Computer

http://www.testmy.net/t-4257

Also post a speed test first along with your advertised speed, and then we will have something to work from. 

[Voltageman]

Try shutting down all running programs before you shutdown/restart (under task manager), and see how fast it is.  If it reboots fast, then one by one, leave a program running while shutting down.  If eventually it slows down when leaving a specific program running, then there is a problem with that software, or it conflicts with some other software.

You can also try terminating Terminal Services, under Admin Tools/Services.  I've heard of that slowing down the shutdown/reboot.

Good Luck 

[ppills]

@tommie gorman: I'll scan later in safe mode to see if it picks up anything. ya never know

here are my speed test results, although isn't this pretty irrelevant to my problem?:

:::::::::::::::::.. Download Stats ..:::::::::::::::::

Download Connection is:: 2185 Kbps about 2.2 Mbps (tested with 2992 kB)

Download Speed is:: 267 kB/s

Tested From:: https://testmy.net/ (Server 1)

Test Time:: 2007/01/27 - 6:16pm

Bottom Line:: 38X faster than 56K 1MB Download in 3.84 sec

Tested from a 2992 kB file and took 11.217 seconds to complete

Download Diagnosis:: May need help : running at only 44.66 % of your hosts average (grandenetworks.net)

D-Validation Link:: https://testmy.net/stats/id-CYN12ZP09

User Agent:: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9

:::::::::::::::::.. Upload Stats ..:::::::::::::::::

Upload Connection is:: 422 Kbps about 0.4 Mbps (tested with 748 kB)

Upload Speed is:: 52 kB/s

Tested From:: https://testmy.net/ (Server 1)

Test Time:: 2007/01/27 - 6:19pm

Bottom Line:: 7X faster than 56K 1MB Upload in 19.69 sec

Tested from a 748 kB file and took 14.531 seconds to complete

Upload Diagnosis:: 90% + Okay : running at 91.54 % of your hosts average (grandenetworks.net)

U-Validation Link:: https://testmy.net/stats/id-7GMZR8FOH

User Agent:: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9

Almost all the time when I try to run a speed test, the servers are always slow for me, thus, I get poor results. My advertised speed is 6.0Mbps/384Kbps. Torrents and downloading always max out my d/l speed and work fine though, so I don't know what's the deal with this.

Also, I do everything that is in that link, and I do it quite often. BTW, what do you think is better to run, scandisk or checkdisk? Is there any difference.

@Voltageman: I always close down everything manually before shutting down... always. "Terminal Services" was started (manual) but it doesn't let me stop the service because it's greyed out.

Thanks for the responses, guys. 

[Voltageman]

Do you have any external devices like CD/DVD Rom, HD, controllers etc?

I have an external CD Burner that will hang up my system sometimes...I just turn if off before I shut down.

You can try disabling Terminal Services...You will need to reboot 2x to see if it helps..

If you haven't done so, you can also check your event viewer to see if it is logging an error. Perhaps a programs is hanging, it should log an error..Adminstrative Tools/Event Viewer/System (and Application).

[ppills]

No, I don't have any external drives. I have 3 IDE hard drives and 1 NEC combo burner.

Now that I think about it, I should try unplugging all of my devices (except my boot drive), and see if it makes any difference.

But, I forgot to mention one very important thing that could be related to this problem.

Whenever I checked the Windows Event Viewer, at the time that I shutdown, there's an event message that says the following:

Source: Userenv

Event: 1517

Windows saved user USER-3D75162827Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

I tried googling the message but there's way too many things that could cause this message. I did try one thing that recommended running the Windows Hive Cleanup Service but it didn't seem to help very much either.

[Voltageman]

Did it have a "for more information click here" when you double click the error(event properties) in event viewer?  Sometimes they will have specific instructions on how to remedy the problem.

Edit:

Try this also:

Goto run and type "gpedit.msc" then goto Computer Configuration/Administrative Templates/System, double click "Verbose vs normal status messages"(right pane) and enable it.  It should now give you status messages when it hangs to give you a better idea of what exactly is causing it.

[ppills]

Yes, it brought up the microsoft help and support center. Sorry, didn't copy that part, here's what it says:

Explanation

Windows unloads each user's profile and user's section of the registry when the user logs off. This message indicates that Windows could not unload the user's profile because a program was referencing the user's section of the registry. This locked the profile. The registry cannot unload profiles that are locked and in use. When the program that is locking the profile is no longer referencing the registry, the profile will be unloaded.

...and it just leads me to a link to Microsoft telling me to run the hive cleanup service, which I've already done

[cak46]

Give this a try:  http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

[ppills]

That's the program I was talking about. It doesn't seem to help much after running it, unless i'm doing something wrong.....

[cak46]

Try going into safemode and running the hive cleanup.

Edit: What anti-virus are you running?

[ppills]

Eset NOD32 v2.70. Although it is completely disabled right now (including the kernel service)

[cak46]

Never heard of that one...  Not good to run without an anti-virus software....  Go here, download and run hijackthis then cut and paste the results in a post here.  If you need help, let us know.

[ppills]

You never heard of NOD32? Wow.  I thought it was very well known everywhere.

Logfile of HijackThis v1.99.1

Scan saved at 9:58:13 PM, on 1/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesNetLimiter 2 Pronlsvc.exe

C:Program FilesWinKeyWinKey.exe

C:Program FilesNetMeterNetMeter.exe

D:mIRCmirc.exe

C:WINDOWSsystem32taskmgr.exe

D:My DocumentsInstall Appsutorrent-1.6.1-beta-build-483.exe

C:Program FilesGoogleGoogleToolbarNotifier1.2.908.5008GoogleToolbarNotifier.exe

C:WINDOWSSYSTEM32ATIPTAXX.EXE

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsAdminDesktophijackthisHijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:Program FilesNetLimiter 2 Pronlsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

Not much in my log, as always.

[tommie gorman]

User Profile Hive Cleanup Service

Brief Description

A service to help with slow log off and unreconciled profile problems.

Overview

The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending.

To accomplish this the service monitors for logged off users that still have registry hives loaded. When that happens the service determines which application have handles opened to the hives and releases them. It logs the application name and what registry keys were left open. After this the system finishes unloading the profile.

(the link above)

If I am not mistaken you don't run it. It just makes sure you are logged off of sites as you go along.

Why windows takes solong to shut down.

Once you run the setup wizard it will look like the installer did nothing. If you open up your services list (Click start, then run and type services.msc now click ok), you will see that a new service is running in the background:

The idea of this program is to reclaim resources when a task is finished (memory, handles, etc). It accomplishes this by monitoring for users to log off and verifying that unused resources are reclaimed. This approach is superior as it works for any known reason that profiles do not unload and also will keep working to address new unknown issues.

Now when you go to shutdown, logoff or restart it will happen within seconds. Instead of minutes.

http://www.intelliadmin.com/blog/2006/07/why-windows-takes-so-long-to-shut-down.html

I have heard of NOD 32, but why would you have it disabled?

[cak46]

Have you run SpyBot and/or Lavasoft's AdAware?  Got this hit from here:  http://www.bleepingcomputer.com/startups/NetMeter.exe-3644.html

Will check some of the other entries.....

Edit:  This don't look so good:  http://www.sophos.com/security/analyses/w32rbotaao.html

I think you have a worm, which may be causing your shutdown issue.

[ppills]

NetMeter is a very safe and non-obtrusive program. I've been using it for a long time.

http://readerror.gmxhome.de/

[tommie gorman]

Here is a very good online scan that does wonders.

http://www.ewido.net/en/onlinescan/

It gets what others usually miss.  

[cak46]

Sorry about the double post:  This is the file in your hijackthis list related to my last post: 

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

[ppills]

Sorry about the double post:  This is the file in your hijackthis list related to my last post: 

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

Eh? What does that have to do with anything? It's part of NOD32 antivirus, and not anything bad.

Did you just try to google for 'nod32krn.exe'? I noticed there isn't a single mention of nod32krn.exe on that page.

I'm fixing to scan for adware/viruses in safe mode right now. After that I'll do the online scanner as recommended above.

[cak46]

Yes, I did Google it and I trust Sophos evaluation.  Do what you will.

[tommie gorman]

Remember that Edwido online will work in safe mode with networking also.