Windows – services.exe batters disk writes on startup

bootwindows 7

I have a Windows 7 Professional workstation that takes about ~3 full minutes to boot from cold. The CPU runs nice and low throughout the boot, but the disks are being battered. Resource Monitor suggests that 'services.exe' within C:\Windows\System32\ is to blame.

I have run virus checks and run 'msconfig' to clear the startup, but with no luck. What is services doing that is taking so long?

Some Googling revealed a possible virus/trojan – but I'm not quite willing to jump to that conclusion quite yet.

Help and suggestions appreciated.

Best Answer

Enable boot logging using Process Monitor, then you can attempt to find the problem.

.

Step 1: Execute the procmon.exe; Goto Options menu, and Click Enable Boot Logging.

. enter image description here

. Step 2: This will further give you this below Boot logging options. You can choose to Enable the Profiling Events, if you need.

. enter image description here

. Step 3: You can now reboot your PC. When the machine restarts, the process monitor will start monitoring all the processes and applications which gets invoked during the system boot and generates a dump file.

Step 4: Execute procmon.exe again. You will see this below dialog which tells you that, a log of the boot-time activity was created by the previous instance of process monitor. To save the collected Data, press the Yes Button.

. enter image description here

. Step 5: The file will initially be saved as a dump file in C:\Windows, you will need to convert it to Process Monitor Log (pml) log files. Save the Log file using this below dialog. This will start converting the dump file to pml file.

. enter image description here enter image description here

. Once the Log is converted, it will open in the Process Monitor tool.

Here you can get an idea on all the applications and processes which was executed during the system boot. This report will help you identify, which process was invoked by whom and how much time did it take to for its complete execution. You can also identify if any malwares are running in your PC, which is affecting your system boot.

. enter image description here

. Step 6: You can choose to filter these reports; when you click on any entry you will get the below dialog which will give you a complete snapshot on the process attributes, Who invoked it, its architecture, the Parent Process Id, along with information on when did the process transition from User mode to a Kernel mode through the Stack.

. enter image description here

.

Source of Information

.