Thread: Shutdown longer than usual
View Single Post
  #14  
Old November 23rd 19, 01:29 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default Shutdown longer than usual
Rene Lamontagne wrote:
On 2019-11-21 9:25 p.m., Paul wrote:
Rene Lamontagne wrote:


Tried following through with Procmon but did not come up with
anything specific But did notice a lot of Malwarebytes, Macrium
reflect and AMD Radeon entries , so just for kicks I uninstalled all
3 of them and have my shutdown time to 17 seconds, Reinstalled them
and it now is staying the same at a solid 17 seconds after about 5 or
6 reboots and shutdowns, so guess I will leave well enough alone.
I don't know what caused the 26 to 28 second shutdowns but I won't
lose too much sleep over it (maybe 10 seconds a night). :-)

Rene

The analysis part is the hard part, so
you've had a good result so far. At least
the problem is now leaning in the right
direction :-)

Maybe something had self-updated and got
itself in a mess.

If there were PendMoves being handled at shutdown,
at least you'd see the juggling balls. Some other
sort of shutdown problem, maybe the balls would
be done by then.

Paul

My stubbornness prevailed again, I just had to keep nipping at it's
heels and found the following Site.

https://support.microsoft.com/en-us/...status-message


which let me put the shutdown session in a verbose mode then watch it
tell me exactly what was happening.
Great stuff, in my case it is "AsusUpdatecheck.exe" which is hogging
about 13 or 15 seconds of my shutdown time, When I disable it my
shutdown falls back to about 5 seconds, This file resides in System32.

Now the problem I face is that no matter how I stop it, run manually or
disable it in services it comes back to life on a restart, Is there a
way to disable it permanently, I've uninstalled all the Asus stuff I can
find but Windows must keep a copy of it's own somewhere.
What do I need? A wooden stake or a Silver bullet. :-)

Rene

A Run key in the registry ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

Something Autoruns lists ?

Something in Scheduled Tasks ?

Is there are Startup Items folder of some sort ?

*******

https://attack.mitre.org/techniques/T1060/

"By default, the multistring BootExecute
value of the registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager

is set to

autocheck autochk *

This value causes Windows, at startup, to check the file-system
integrity of the hard disks if the system has been shut down
abnormally. Adversaries can add other programs or processes
to this registry value which will automatically launch at boot.
"

At one time, that was a favored attack vector. Asus
wouldn't use that, because it's a place people would
be checking right away. It's like "Hello World" to
put something in there.

Paul
Ads