1. From a browser, navigate to: live.sysinternals.com/procmon.exe to download Process Monitor directly to your system.
2. Navigate to the directory where ProcMon is saved.
3. Run the following command to enable bootlogging:
Procmon.exe /AcceptEula /Quiet /EnableBootLogging
4. Ready to reboot your system:
shutdown /r /t 0
5. Once your system boots back up, open a Command Prompt where your ProcMon.exe resides.
NOTE: Process Monitor temporarily stores the boot logging events at: C:\Windows\procmon.pmb – this is where you would go to collect the boot trace logs if you had to do so remotely.
6. Run the following command to automate the converting of the unsaved boot log and skip the dialog box:
Procmon.exe /AcceptEula /ConvertBootLog C:\My\Bootlog.pml
7. Make sure you open your ProcMon to make sure that it’s readable, and not corrupt!