Let’s start off by finding out the exact time the Windows 7 client needs to start up. And guess what, no stopwatch is required! Windows 7’s very own Event Viewer does the trick. In the following four steps you learn to measure both the raw boot time and the real life boot time (and what both mean).

• Open up “Control Panel,” go to “System and Security” and head over to “Administrative Tools.” From here, launch “Event Viewer.”

• Expand “Applications and Services Logs,” “Microsoft,” “Windows,” “Diagnostics / Performance,” and finally “Operational.” Now look out for the Event ID 100:

This Event details how long your Windows 7 client takes for a full boot. This is what I call raw boot time.

The value represents the exact time necessary to go from the first startup phase (right before the animated Windows boot logo appear) to the final stages. This is when the desktop is visible, startup programs are being loaded, and network connectivity is up and running. Remember to take this value with a grain of salt — more in Step 4!

• As seen on the screenshot above, my test bed needed 103 seconds. That’s okay, but pretty bad compared to the original performance. The week after I installed and configured Windows 7, it needed about 46 seconds to start:

In my example, this is quite a loss in performance: From 46 to 103 seconds!

You can find the original boot up time if you sort the list by “Event ID” and look for the earlier couple of entries.

Note: I wouldn’t necessarily take the very first boot log for a comparison. In the first couple of days after installation, Windows 7 needs to adapt the SuperFetch feature to all programs and install updates during boot up.

• You have the “Raw boot time” value now. As I said, this value doesn’t necessarily represent the actual startup performance. Even though the desktop is visible and you have a working internet connection your PC may behave incredible sluggishly. For example, even launching a small footprint browser like Google Chrome can take up to 10 seconds in the first minute after boot. No surprise here; Windows is still busy initializing services and paging data in and out of RAM.To get the real life boot time, double-click on the latest Event ID 100 entry, go to “Details” and check the “MainPathBootTime” value:

Phew! Another 38 seconds until Windows 7 is done with all its “post-boot” workload and I am actually able to work with the PC.

It’s important to watch both the raw boot time and real life boot time to troubleshoot a slow startup!

If you’re plagued by a slow startup, there is probably more than one problem going on. And guess what: Windows 7 knows them all. The “Diagnostic Performance” category (mentioned above) keeps a record of all startup issues. Simply sort the list by “Task Category”…

and go through all the events you see in the “Boot Performance” category. Look for “Warnings” and “Critical” errors. The following entry is a prime example:

This event clearly shows that MsMpEng.exe needs 26 seconds to start, which is 10 seconds longer than normal! If this event only crops up once, you don’t need to go to Red Alert. However, if you see the same warning more than once, then this is definitely a call to action.

In some cases, boot delays are not detected by Event Viewer, possibly because a specific process eats up CPU for a constant period of time. Finding this bottleneck is pretty easy using the Sysinternals Process Monitor utility. Here’s how it works:

• Download Process Monitor. Unzip the file and open Procmon.exe with administrative privileges:

• Stop Process Monitor from logging all the current events by clicking on “File/Capture Events.” Now go to “Options,” where you will find the crucial entry: “Enable Boot Logging.” Enable it, click on “Generate profiling events” and click “OK.”

• Now reboot your PC. After the startup process is done, launch Process Monitor again and click on “Yes” once you see the following message:

• Save the boot log wherever you want (on your desktop, for example). Process Monitor now generates a huge list of basically each and every boot event.

591,892 events?! This is too much to bear, even for the geekiest of us. Instead, let’s focus on process that use a lot of CPU usage during boot time. To do that, click on “Tools” and go to “Process Activity Summary.”

You’ll get a list of all processes that keep your PC busy. Click on “CPU” and see for yourself which is the all-time CPU hog:

To get more information of its resource usage, double-click on the entry. In our example, CPU hog number one is – yet again – Microsoft’s Security Essentials. While it is relatively lightweight when Windows 7 is up and running, it can be quite a boot hog. All the advice I gave above still stands: Go through the entire list and get rid of processes and programs that you don’t need. If you don’t know what is behind certain entries like this one…

…use your search engine to find and troubleshoot them.

• In this list you might come across a (unnecessary) process that you can’t find using any conventional means (for example, using msconfig). In that case, try out SysInternals very own Autoruns. Autoruns lists all processes and files that are used during boot up and lets you disable them individually – no exception!

That’s it! With all the given advice you should be able to handle each and every boot delay that crosses your way. Go back to the Event Viewer to check if and how much all these steps affected raw boot time and real life boot time — I bet there’s a huge difference! On my client’s PCs I was able to cut boot times in half (or even less). A nice side effect that you should also consider: Now that you’ve gotten problematic services and processes out of the way, overall Windows responsiveness and performance probably has gotten a lot of better as well.