A friend reported that his XP Pro machine would not shut down and I've now looked at it and the following is what I've discovered.

1. In the first place the machine comes up with an error message as it loads XP, before it gets to the logon screen. The dialog is titled "Parser Message" and the message reads "Parse error 'pd' at line 595". Pressing the OK button causes the error to appear again and this happens 10 times in all and then the machine shows the logon screen.

2. If either the Turnoff or Restart option is selected, nothing apparent happens (though see below). The machine doesn't freeze or anything nasty and nothing gets written to the event log.

3. If Logoff is selected then it does so, although shows the parser error 10 times before showing the logon window. From here it is possible to shutdown or restart HOWEVER if the turnoff option (2 above) has previously been tried then it will not logoff.

4. I've tried the troubleshooter for startup problems but to no avail. Disabling the various msconfig options makes no difference.

5. The troubleshooter for shutdown problems doesn't even recognise this type of problem. It wants the system to freeze before it's interested!

6. Booting into safe mode shows the same problem.

7. The only error shown by the event viewer is a system message from the Service Control Manager saying that it couldn't start the Software Cinemaster NT4.0 Driver because it couldn't find the file specified.

8. Looking at services running, there are two set to start automatically which are not running; ATI Smart (which, upon request, starts and then stops, I assume having nothing to do) and Script Blocking Service (part of Symantec's stuff which starts when requested).

9. Looking for a previous system restore point, there aren't any! The facility appears to be switched on but the only ne seems to be from today which it took while I was looking at things.

10. Logging the boot process shows nothing that immediately leaps out at me, although I'm not really familiar with this sort of thing. In case there is any clue within it, I'm adding it to the bottom of this message.

11. I've scanned for viruses using the Norton product which is on the machine and also with a bang up to date version of AVG and nothing is found. Despite this...

12. If I go to the System Restore function and then select 'System Restore Settings', Norton leaps into action with "Malicious Script Detected", identifying the Windows Script Host Shell Object and the file rstrui.exe. It then suggests I stop it running. If I allow it to run, the normal window comes up. If I use the alternative route via control panel (classic view) -> system then nothing pops up.

13. Thinking it might be theme related (anything's worth a try!) I tried "Windows XP" amd "Windows Classic" but after rebooting, the problem remained (ge'd not used a specific theme, anyway, just changed the background AFAICT)

At this point I've run out of ideas and would welcome any of yours! The word 'script' does seem to feature rather a lot in this so for now I'm off to see what I can find out about that start up message.

**********

The boot log produced is as follows...

Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Microsoft (R) Windows (R) Version 5.1 (Build 2600)
1 19 2004 11:04:54.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver sr.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\processr.sys
Loaded driver \SystemRoot\System32\DRIVERS\ati2mtag.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\Drivers\Imapi.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\sisnic.sys
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\System32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\System32\drivers\ctac32k.sys
Loaded driver \SystemRoot\System32\drivers\emupia2k.sys
Loaded driver \SystemRoot\System32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ATINTTXX.sys
Loaded driver \SystemRoot\System32\DRIVERS\atinmdxx.sys
Loaded driver \SystemRoot\System32\DRIVERS\atinxsxx.sys
Loaded driver \SystemRoot\System32\DRIVERS\atinraxx.sys
Loaded driver \SystemRoot\System32\DRIVERS\atinrvxx.sys
Loaded driver \SystemRoot\System32\DRIVERS\atintuxx.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \??\F:\WINDOWS\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\drivers\afd.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\SYSTEM32\DRIVERS\CINEMSUP.SYS
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\F:\Program Files\Symantec\SYMEVENT.SYS
Loaded driver \??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20010808.016\NAVENG.SYS
Loaded driver \??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20010808.016\NAVEX15.SYS
Loaded driver \??\F:\WINDOWS\System32\Drivers\NAVAP.SYS
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \??\F:\WINDOWS\System32\Drivers\SYMREDRV.SYS