Have you just installed Cities: Skylines by any chance from a torrent?
I had the same problem, but fixed it by running Autoruns, and finding the CMD item that ran on login, and removing it.
> Basically, we have registry keys that are modified on login/startup.
How?
> but obviously they get reverted on a reboot.
Why?
If you want to set registry keys reliably across multiple machines you should be using Group Policy for it but you really need to provide a little more context as to what your issue is here.
As for startup monitoring, something like Autoruns will show you what is running, though it won't cover GPOs. Actual live monitoring is tricker but possible.
I'm sorry but I'm a bit confused on whether you mean you've reset the machine to factory settings or if you're just chose to reset the computer (instead of shutting it down). As a last resort, you can go into the start menu, type "Reset this PC" and do a factory reset through here. If you choose to wipe everything then I'd be amazed if it did not work as it will format everything on the machine and reinstall Windows from scratch. There'll be no programs hijacking his machine then.
However, before you do that, you can try running in safe mode, downloading and installing this free program https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
This program lets you see everything that runs when your machine is started up and you can disable them here too simply by unticking the check box. Note how the link I sent you is a Microsoft link, it's legit.
Go through every tab with carefully and pay particular attention to the tab called "Services". Disable anything that looks strange.
Services is the key one to look at - Anything running as a service on the machine will load up even before you log in. That's how things like Gotoassist can load up.
Here's a list of everything showing on my "Services" tab baring in mind I reinstalled my computer less than 5 hours ago. http://imgur.com/a/FEO1M
I put TeamViewer on mine which is why it shows up, disable that if it comes up on yours.
I would suggest running Autoruns from Sysinternals/Microsoft - https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx The title of the dialog is regsvr32.exe. This Windows file is used to register and unregister executables. So I assume in the startup lists you will find a startup entry that calls regsvr32.exe with the path mentioned.
Autocad Component is related to AutoDesk. "AutoCAD Startup Accelerator".
I think your problem is with AutoDesk. Autoruns allows you to see applications that are set to start when login, which I believe AutoCad does.
Quoting from the error message: > The specified module could not be found
This means it's not there thus failed to load.
Why it was trying to load is something you'll have to figure out.
I think it would be hard to say given the variables at play. The only other things I would suggest would be to...
Run AutoRuns (https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx), scan through all the startup items and see if there are items you don't need. This app just disables rather than removes so it's easier to add items back.
Look through your services: runs: services.msc, focus on those that are set to automatic but not delayed start. Are there any you know could start later and be set to delayed start. Might be worth being a bit careful here but something to consider. Also some of these might get changed back if software is updated.
Run Process Monitor (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) and get a boot trace. Once you have the boot trace saved as a .pml file following the restart, things to consider:
Take a look at the activity summary, maybe a process or two stand out.
Check the other Summary views under the Tools menu.
Add a filter for Duration > 0.1 (suggest adding the duration column) and look at file operations for read/write. Maybe a few exclusions in your AV product could help.
edit: formatting
Hey you can disable autorun for steam pretty easily in the steam options.
If for some reason it isn't there (...my dodgy memory) check out a app called Autoruns https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
You'll want to look at services related to software you have installed, non-default services, stop all that you can find and see if shutdown speed increases, then narrow down. It would be worth downloading autoruns because it points out unknown services and makes if easy to see non-Microsoft services on the services tab. https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
Is it just the one browser that's problematic? It would be useful to know if it's an extension/add-on issue or more of an operating system hook.
Can you try IE, Chrome, Firefox. Same issue?
It might even be worth installing something like Opera, to see if a new browser is affected.
If all browsers and new browsers are affected. I would suggest download and run AutoRuns
https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
I would suggest go into the "Options" menu and choose "Scan options". From there check Verifiy code signatures and Check VirusTotal.com and Submit unknown images.
Switch to the Everything tab and wait for the Virus Total lookups to complete. Have a gerneal look through for anything out of place. Given the nature of the issue the Winsock providers might be interesting.
Feel free to save and make available the arn file.
Hope it helps.
Edit: You may also want to install something like: home.sophos.com It's free for 10 devices and should only take 10 minutes to install and scan. You may wish to remove any other security software before though if you go down that route.
I would suggest running Process Explorer - https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
Look at the properties of Explorer.exe
Select the threads tab and presumably a thread or 2 will start consuming CPU when you reproduce the problem?
Does this reveal any third part modules at play?
I wonder if a context menu entry, such as a media player is to blame here.
The other option is to look at the modules loaded by explorer that aren't from Microsoft. Can you disable those to see which one might be the issue. Between Process Explorer and AutoRuns (https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx) you should be able to do that quite easily.
It could also be related to your Anti-Virus software but probably less likely. Could you try disabling on-access/realtime scanning to see if that affects it?
Process Monitor - https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx may also reveal a large duration (add the duration column) for a particular file process event. Just add a filter for Duration is greater than 0.1 If so, what does the stack look like for that event? Any third part modules at play?
Most of these desktop style alerts come from processes that have tray icons and processes launched at login.
I would probably:
Run AutoRuns - https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx
Look at the Logon tab
Look down the list for culprits you may not want running during playing a game.
You could then create a batch file (e.g. silence.bat) that runs:
taskkill /IM /F process1.exe
taskkill /IM /F process2.exe
taskkill /IM /F process3.exe
Etc.
Before launching the game.
You could also create a batch file that starts up all the processes in that same list for when you've finished to save logging off/on.
Hope it offers something.
Get autoruns, run from administrator account, save as text, post here.
There is some script or program, possibly part of computer manufacturer software, that runs on startup.
if it is extension related, there is a chrome folder in appdata which contains all the fgjghklglkljslkdfjffjjghsfior-like extension ids. (google says the file path is something like this from your user folder. \Application Data\Google\Chrome\User Data\Default\Extensions)
Other than that, for manually trying to find the problem, you can use Autoruns to try and locate unusual startup entries.
Other adware/virus stuff tends to be in various temp folders or in the base of %localappdata% or %appdata%