LogonUI.exe / wininnit.exe huge delays before shutdown

[computationalprince]

l did an Event Trace using xbootmgr.exe from Windows SDK and found LogonUI.exe causing huge delay along with wininnit.exe before the system can actually shutdown completely. l remember modifying DisableLogonBackgroundImage string in regedit along with modifying "C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri" the file that contains the logon background image and also "C:\Windows\System32\Windows.UI.Logon.dll" but l made backups, and restored everything to default, even used sfc /scannow or /scanfile on those specific files but had absolutely no success with fixing the problem. What else could cause the huge delays?(You can also hear the HDD doing weird I/O's when trying to kill that damn LogonUI proccess; sometimes l would assume that my HDD head is scratching the platters because of it)

 

[johnbl]

you should google "Enable Verbose Service Startup/Shutdown Messages" and make the registry setting.
it should force windows to display what it is doing during shutdown.

there are lots of things that can force a delay in the shutdown. Anything that can cause a loss of data can block shutdown. IE flushing data from memory to disk (when there are disk errors).
network data might need to be flushed to disk. media devices like xbox extensions might have to ask for permission before the service is stopped. even on a small network, there can be a lot of peer networking going on between two machines.

as a test, unplug the network before you attempt the shutdown to see if it has any effect.
otherwise try the verbose mode registry setting to see if you can see where it is waiting

 

[computationalprince]

The Verbose thing is just completely useless here. I had it enabled since l installed my Windows, and the last message it displays is the common "Shutting down" for shutdown and "Restarting" for a restart. Xbootmgr.exe gives much more details, and like l said, it's these two system applications that cause the delay. lf l left my Wi-Fi driver enabled(meaning leave it in a working state) along with my audio driver, l'd get huge delays from them as well, but disabling them will no longer bother the shutdown time duration. A few months ago l got a BSOD and some programs running in the background got corrupted completely (probably due to write caching feature enabled on HDD but l disabled it for now.) Could it be that some system files also got corrupted? I even did a restart/shutdown in Safe mode but it had the same effect.
Side note: In (Event Viewer > Applications and Services Logs > Microsoft > Windows > Diagnostics-Performance > Operational) I have tons of "Critical" shutdown logs in which the most prominent entry is ShutdownKernelTime with a value of 615180 (I assume those are measured in miliseconds)

 

[johnbl]

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Bootxecute key have any entries other than autocheck autochk *


you might create a local account on you machine so you don't have to log via the network (just for testing to see if the network is involved in the problem)

you could move the machine closer to the wireless router to make sure you are not having a bandwidth problem.

I assume you have turned off lazy writes to the hard drive already.

 

[computationalprince]

nah, all good with Bootexecute, it only has autocheck autochk *
local account has the same behaviour unfortunately.

 

[johnbl]

well, maybe you can eliminate the network as a source if you start cmd.exe as an admin and run the command
net.exe stop rdr
and run
netstat.exe -a -b
after all of the tcp connections are closed and the time out has expired then try your shutdown to see if it is still slow.
(should only take 350 seconds for all the ports to close)

the -b switch will name the binary that is using the connection. Sometimes you might have some app that is using a loopback driver and preventing shutdown for 350 seconds.
(something like shadowplay for recording streamed video)

nah, all good with Bootexecute, it only has autocheck autochk *
local account has the same behaviour unfortunately.

 

[computationalprince]

problem solved.
The hiberfil.sys system file located at "C:\" was corrupted as a result of the BSOD that happened few months ago; and after turning the hibernation feature off completely (cmd.exe >"powercfg /hibernate off" which took me just as long as a shutdown/restart because, again, the hibernation file was corrupted so for some reason cmd decided to completely freeze and the HDD start to use almost 100% disk usage) no delays and weird disk I/O's seemed to bother me anymore.