How to trace the inner workings of System (drivers, services) after boot? RRS feed

  • Question

  • Hello,

    I would like to trace which services/drivers are utilizing the system right after boot.

    My workstations are experiencing slowness, likely related to anti-virus performing a simple scan immediate at boot.  I have adjusted the anti-virus client policies so that it should stop scanning at boot; however, the problem is persistent.

    I first thought of process explorer.  It appears that my I/O Read/Write/Other Bytes is quite large on the "System" item.  But, it looks like the (child) process that had caused a majority of this I/O is now closed, so it is no longer listed in Process Explorer.


    What is the best way to trace what's happening with System (services/drivers) immediately after boot?



    Matt Brown

    <small> My unanswered threads:
    DFS / RDC size estimations?
    Online backup of Active Directory / ESE DB, command line interface to ESENT.DLL's JetBackup() function. </small>
    Friday, May 27, 2011 5:28 PM


  • Procmon or xbootmgr.


    • Marked as answer by mbrownnyc Tuesday, May 31, 2011 7:36 PM
    Saturday, May 28, 2011 9:41 PM
  • xbootmgr works in xp too, but you can only look at the graphs with xperf in vista/win7.

    procmon has a boot logging feature, and is more user friendly.



    • Marked as answer by mbrownnyc Tuesday, May 31, 2011 7:36 PM
    Sunday, May 29, 2011 12:12 PM

All replies