Thread: Shutdown longer than usual
View Single Post
  #15  
Old November 23rd 19, 02:45 AM posted to alt.comp.os.windows-10
Rene Lamontagne
external usenet poster
  
Posts: 2,549
Default Shutdown longer than usual
On 2019-11-22 7:29 p.m., Paul wrote:
Rene Lamontagne wrote:
On 2019-11-21 9:25 p.m., Paul wrote:
Rene Lamontagne wrote:


Tried following through with Procmon but did not come up with
anything specific But did notice a lot of Malwarebytes, Macrium
reflect and AMD Radeon entries , so just for kicks I uninstalled all
3 of them and have my shutdown time to 17 seconds, Reinstalled them
and it now is staying the same at a solid 17 seconds after about 5
or 6 reboots and shutdowns, so guess I will leave well enough alone.
I don't know what caused the 26 to 28 second shutdowns but I won't
lose too much sleep over itÂ* (maybe 10 seconds a night).Â* :-)

Rene

The analysis part is the hard part, so
you've had a good result so far. At least
the problem is now leaning in the right
direction :-)

Maybe something had self-updated and got
itself in a mess.

If there were PendMoves being handled at shutdown,
at least you'd see the juggling balls. Some other
sort of shutdown problem, maybe the balls would
be done by then.

Â*Â*Â* Paul

My stubbornness prevailed again, I just had to keep nipping at it's
heels and found the following Site.

https://support.microsoft.com/en-us/...status-message


Â*which let me put the shutdown session in a verbose mode then watch it
tell me exactly what was happening.
Great stuff, in my case it is "AsusUpdatecheck.exe" which is hogging
about 13 or 15 seconds of my shutdown time, When I disable it my
shutdown falls back to about 5 seconds, This file resides in System32.

Now the problem I face is that no matter how I stop it, run manually
or disable it in services it comes back to life on a restart, Is there
a way to disable it permanently, I've uninstalled all the Asus stuff I
can find but Windows must keep a copy of it's own somewhere.
What do I need? A wooden stake or a Silver bullet. :-)

Rene

A Run key in the registry ?

Â*Â* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

Nope, only fan control


Something Autoruns lists ?

Yep entries there, deleted all I can find.


Something in Scheduled Tasks ?

Nope, no scheduled tasks.


Is there are Startup Items folder of some sort ?

Startup folder is clean, all items disabled for now.


*******

https://attack.mitre.org/techniques/T1060/

Â*Â* "By default, the multistring BootExecute
Â*Â*Â* value of the registry key

Â*Â*Â*Â*Â*Â* HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager

Â*Â*Â* is set to

Â*Â*Â*Â*Â*Â* autocheck autochk *

I left as is, Above my payscale.


Â*Â*Â* This value causes Windows, at startup, to check the file-system
Â*Â*Â* integrity of the hard disks if the system has been shut down
Â*Â*Â* abnormally. Adversaries can add other programs or processes
Â*Â*Â* to this registry value which will automatically launch at boot.
Â*Â* "

At one time, that was a favored attack vector. Asus
wouldn't use that, because it's a place people would
be checking right away. It's like "Hello World" to
put something in there.

Â*Â* Paul

After that it still comes back.

Thanks Rene
Ads