1
1
My Windows 10 installation boots very slowly, taking around 5 minutes. Therefore I used the Sysinternals Process Monitor to record the boot log, and in that log I discovered the following lines. The long pauses don't make any sense to me.
How can I analyze (and maybe understand) this issue in more detail, or better yet, just make it boot faster?
22:14:35,6565020 svchost.exe 824 ReadFile C:\Windows\System32\bisrv.dll 0.0002591 SUCCESS Offset: 440.832, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
22:14:37,4067777 lsass.exe 736 ReadFile C:\Windows\System32\advapi32.dll 0.0005144 SUCCESS Offset: 492.032, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
...
22:14:44,0683771 svchost.exe 872 RegOpenKey HKLM 0.0000083 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
22:14:44,0684055 svchost.exe 872 RegQueryKey HKLM 0.0000049 SUCCESS Query: HandleTags, HandleTags: 0x0
22:14:44,0684309 svchost.exe 872 RegOpenKey HKLM\Software\Microsoft\Rpc\SecurityService 0.0000215 SUCCESS Desired Access: Read
22:14:44,0684705 svchost.exe 872 RegCloseKey HKLM 0.0000039 SUCCESS
22:14:44,0684945 svchost.exe 872 RegQueryValue HKLM\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel 0.0000044 NAME NOT FOUND Length: 144
22:14:44,0685170 svchost.exe 872 RegCloseKey HKLM\SOFTWARE\Microsoft\Rpc\SecurityService 0.0000034 SUCCESS
(first pause)
22:15:25,6683843 services.exe 728 ReadFile C:\Windows\System32\services.exe 0.0001271 SUCCESS Offset: 160.768, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
22:15:25,6686346 services.exe 728 ReadFile C:\Windows\System32\services.exe 0.0002019 SUCCESS Offset: 160.768, Length: 24.576, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
22:15:25,6691729 services.exe 728 ReadFile C:\Windows\System32\services.exe 0.0001007 SUCCESS Offset: 263.168, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
22:15:25,6693949 services.exe 728 ReadFile C:\Windows\System32\services.exe 0.0001945 SUCCESS Offset: 263.168, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
22:15:25,6699703 services.exe 728 RegQueryKey HKLM 0.0000068 SUCCESS Query: HandleTags, HandleTags: 0x0
22:15:25,6700021 services.exe 728 RegOpenKey HKLM\System\CurrentControlSet\Control 0.0000166 REPARSE Desired Access: Read
22:15:25,6700343 services.exe 728 RegOpenKey HKLM\System\CurrentControlSet\Control 0.0000132 SUCCESS Desired Access: Read
22:15:25,6700641 services.exe 728 RegQueryValue HKLM\System\CurrentControlSet\Control\DisableServiceStartupMonitor 0.0000044 NAME NOT FOUND Length: 144
22:15:25,6700910 services.exe 728 RegCloseKey HKLM\System\CurrentControlSet\Control 0.0000035 SUCCESS
(second pause)
22:15:44,6999614 csrss.exe 664 RegOpenKey HKLM\System\CurrentControlSet\Enum\PCI\VEN_1002&DEV_9647&SUBSYS_1663103C&REV_00\3&2411e6fe&0&08\Device Parameters 0.0001193 SUCCESS Desired Access: Read
22:15:44,7002025 csrss.exe 664 RegQueryValue HKLM\System\CurrentControlSet\Enum\PCI\VEN_1002&DEV_9647&SUBSYS_1663103C&REV_00\3&2411e6fe&0&08\Device Parameters\VidPnLkgTopology 0.0001598 SUCCESS Type: REG_BINARY, Length: 27.520, Data: 01 00 00 00 01 00 00 00 01 00 00 00 40 06 00 00
22:15:44,7005114 csrss.exe 664 RegCloseKey HKLM\System\CurrentControlSet\Enum\PCI\VEN_1002&DEV_9647&SUBSYS_1663103C&REV_00\3&2411e6fe&0&08\Device Parameters 0.0000128 SUCCESS
...
22:15:44,8945520 csrss.exe 664 CreateFile C:\Windows\System32\cdd.dll 0.0424086 SUCCESS Desired Access: Execute/Traverse, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
cdd.dll
appears to be a display driver. We need more information – Ramhound – 2016-08-27T21:28:55.2801
Install the WPT (part of the Win10 SDK: https://dev.windows.com/en-us/downloads/windows-10-sdk), run WPRUI.exe, select First Level, DiskIO, FileIO, Registry IO and under Performance Scenario select Boot. Number of iteration can be set to 1 and click to start. This reboots Windows and captures all activity during boot. After the reboot let the countdown tick to 0 to capture 2 minutes of activity after boot. Zip the large ETL file into zip/RAR file, upload the zip (OneDrive, dropbox, google drive) and post the share link here.
– magicandre1981 – 2016-08-28T07:31:17.607