Use Process Monitor To Optimize The Windows Boot Process

Martin Brinkmann
Oct 9, 2009
Updated • Nov 22, 2009
Software, Windows, Windows software

There are not a lot of tools available for the Windows operating system that measure and optimize the Windows boot process. The mysterious Microsoft Bootvis, which was later retracted by Microsoft, or Boot Timer, a program that can only measure the boot speed, are just two programs to measure the boot speed. Many tips exist on how to reduce the boot speed of the operating system. Some solid, like reducing the number of installed fonts or programs that run on startup, while others, like clearing the Windows prefetch folder, will have the opposite effect.

Process Monitor comes with an option to log the Windows boot process. It will log everything which usually results in boot logs that are larger than 100 Megabytes. The program can however be used - with some expertise - to locate problematic drivers that slow down the boot process.

Here is how this is done. Download and start Process Monitor. Select the Options menu at the top and the Enable Boot Logging option in that menu. This makes Process Monitor log the next boot process of the operating system.

Restart the computer afterwards and start Process Monitor once the operating system has loaded. You will be asked to save the boot log to a directory on the hard drive. Load that boot log afterwards using [Ctrl O] or File > Open. This is a huge log file and the first thing that needs to be done is to filter for entries that are related to system drivers. You can do that by pressing [Ctrl L]. This will open the filter menu.

Locate the filter Process Name is System Exclude and remove it from the list of filters. Now add the following two filters to the list:

Process Name is System Include
Path ends with .sys Include

A click on ok will only display the entries that match both filters that have been added. This is still a list of 2500+ entries. The important part is to look at the time of day column. This lists the load time for all operations. All you need to do now is to locate gaps between events. Gaps of a few seconds need to be analyses, everything else is usually not worth analysis.

process monitor

The example above shows a gap of almost 16 seconds between the two marked entries. Look at the path of the entry that is using that much boot time, the driver name is located at the end of the path. In this example it was sptd.sys. A quick Google search revealed that it is a driver used by Daemon Tools. There are two options available once the program has been identified.

It is possible to research the topic further by visiting forums (see if other users have the problem, find possible solutions), contacting the developer and updating the program or hardware (if possible). The other option is to remove the program from the computer system if it is not needed or if alternatives are available that do not increase the boot time by that amount.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. hpearce said on October 9, 2009 at 3:29 pm

    My machine failed to reboot after setting that, had to repair :|

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.