Windows – Get complete stats of process started/terminated during login of user account

bootcpu usagewindowwindows 10

When I login, I notice many process quickly start and terminate in task manager. But it happens very fast and I cannot save details about them (like process name, command line, CPU usage,..)

How can I collect stats about them so I can view them later

Best Answer

Install the WPT (part of the Win10 SDK), run WPRUI.exe, select First Level, CPU Usage, DiskIO, FileIO and under Performance Scenario select Boot. Number of iteration can be set to 1 and click to start.

enter image description here

This reboots Windows and captures all activity during boot. After the reboot let the countdown tick to 0.

Now make a double click on the generated ETL file, click on Profile-> Apply, "browse catalog" and select the file FullBoot.Boot.wpaprofile

Now you see an overview of the boot process.

enter image description here

Now drag & drop the graph Processes under System Activity to the analysis pane:

enter image description here

In the top level graph zoom into the PostBoot line and look at the times. Here it starts at 145s, now scroll down the process table list to around 140s. Here you see all programs that are started with the command line. Here a lot of Chrome tools run at startup.

I also captured CPU, disk and file activity. You can also analyze the trace for high cpu usage, diskIO and FileIO. In the graphs also zoom to the time where PostBoot starts to only analyze the cpu usage at that time and not earlier boot phases.