How do I read what is happening during Log Off / Restart / Shut Down?

By JADavis9
My pc has been wearing me out needing to hit the same 12 End Nows every time I log off or restart. Is there an easy way to record or read what is happening in the background that keeps it from shutting down? I have a very clean pc with a pretty recent clean install of Windows XP and Office 2003 and my programs and all available software and driver updates were just done. Read my bio for more info - it is all in there about this tablet pc. I only use this one pc and it is always here on my desk at home. It has rarely ever been out of the house and it hasn't been out of the house in 3+ years.
Maybe some hardware piece is failing? I don't know but I've gotta get this figured out on this Motion Computing LE1600 tablet.

In the Run box, type

by seanferd


See the boot.ini tab. Check the boxes noguiboot, sos, and bootlog. Reboot. Bootlog is found in the root of the C: drive. Copy and rename these if you want to refer to them as the bootlog is overwritten each time.

You can also try play with the Selective Startup options on the General tab. Independently of the above test, of course.

Have you looked at the event logs? Run box: eventvwr.msc

Now, if you have to kill processes at each startup/shutdown, start looking for malware. What tasks are these which you must force to end? Those will be your biggest hint. Are they normal and expected processes?

edit to add: , an explanation of the boot options.

Reponse To Answer

by JADavis9

Seanferd - I'm not sure what to look at on the event logs you mention. Can you tell me where to look on it and what to look for?
By the way, I don't think I have any malware issues since I did a clean install pretty recently and started over on this pc. The tasks that I am forced to end are normal. I swear that I had made a list of them, but I can't find it to give you the list right now. Trust me, they are normal stuff like keyboard software, backup software, password/fingerprint reader software, explorer.exe etc.

Also look at xperf.

by gechurch

I agree with seanferds suggestions; you should try them first. In particular msconfig (or better, download Autoruns by Sysinternals/Microsoft). Also check your memory/CPU usage. Closing 12 programs down sounds excessive. Whenever I've seen this many programs not responding its been because the system is way under-resourced. Normally adding more RAM fixes the issue. (Note: I started looking at your bio to see if the specs of your tablet are underpowered. In your 364 word bio I saw no mention of your tablet specs. As a rule if you are asking others for help, it's really bad form to expect them to do the groundwork of finding out info like this.... copy the info into your post instead).

Occasionally this won't solve the problem though. There is a free tool from Microsoft called Xperf that gives you more info. You tell it to run and where to put a log file, then you restart and load the log file into xperf. It gives you a graphical representation of what was going on during shutdown (or startup if you choose), and shows how long Windows was waiting for each program. As an example, to log shutdown you might run:
xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\BootTrace

One other note - there is a registry setting you can change that tells Windows XP not to wait for programs at shutdown. By default it asks each running program to shutdown and it will wait, indefinitely if needed, until the program has cleanly shut down before Windows will shutdown. The registry key changes this behaviour so it gives each program a set amount of time to close, and if it takes too long it will force shutdown anyway.

Reponse To Answer

by JADavis9

Sean. Thanks for this tip on Xperf. I just found it even though you gave it to me a long time ago. I'm gonna do it right now and report back.

end program

by Strayer

I had that for a time and now I don't.
This won't be helpful, but it was one program or another that didn't close completely and so at shutdown, the program would close. There can be more than one program that does that.
I write down everything I do on computers. I won't remember if I don't.
The other answers are better.
I didn't do anything to stop the end program.
I have XP pro.

can't put Xperf on Windows XP

by JADavis9

So I couldn't install it. Is there anything like it for my Windows XP tablet?

Reponse To Answer

by gechurch

Ah, that's right. It's been ages since I've used it, so I forgot about this.

The command line I gave does work on XP, but the GUI used to analyse the resultant log file won't run; you need a Vista/Win7 PC for that.

You have the boot log.

by seanferd

You can make it even more verbose:

In event logs, look for errors. Make it easy on yourself by clearing the logs. Then shut down, reboot, and immediately look at the logs.

Reponse To Answer

by JADavis9

I'm sorry, but I know nothing about event logs or clearing them. Can you tell me what to do Sean?

Reponse To Answer

by gechurch


Right-click on a log file (usually you want Application and System) and choose to clear log.

Tracking down these sorts of problems can be a real pain. If you aren't overly familiar with clearing event logs and the like I'd suggest taking your PC in to a local IT shop. They should be able to sort it out fairly quickly. I also wouldn't recommend going down the xperf track for the same reason - I've always found it to be a confusing tool to use.

