Interpreting ProcessExplorer values, need Help

  • Thread starter Thread starter Davide
  • Start date Start date
D

Davide

Hi, i've downloaded Process Explorer and Process Monitor to investigate why
svchost.exe keeps using 100% of my cpu when the system boots up.

With process explorer i found svchost.exe uses 100% of the cpu, as task
manager already says, but associated to svchost.exe there is a process
called dwm.exe.

The way Process Explorer shows me this fact is the following:

-- other svchost processes here ----

- svchost.exe Process Host for Windows Services
dwm.exe Desktop Windows Manager

-- other svcohst processes here ---


Now: after the boot, i got 1 minute where at the right side of svchost.exe i
got 100% cpu and dwm.exe rarely passes 5 - 10%.

I would like to know if is svchost.exe that take 100% cpu or if is his "son
process", dwm.exe, that takes all the CPU time.

And in both cases, how can i operate?

Thanks
Davide
 
In Process Explorer, if you hover your mouse over the svchost.exe that is
using 100% of the CPU, you'll see a tooltip of all the services that are
operating under that particular configuration of svchost.exe. There are
quite a few. If you right-click on that process, and choose Properties,
you'll get more details.

The Desktop Windows Manager is basically
responsible for the Aero User Interface. See:

Under the Hood of the Desktop Window Manager
http://blogs.msdn.com/greg_schechter/archive/2006/03/05/544314.aspx

Vista takes a little time to get itself organized at first, it seems. On my
computer, about 3 or 4 minutes after booting, that particular svchost
process occasionally shows a 1.45% CPU blink, and that's about it.
 
Ok, i right click on the svchost.exe process, choose services, and task
manager shows me all the processes included in that istance of svchost. i
got one svchost proess with 10 sub process, how can i understand wich is
using all my cpu? There is not the CPU usage column... and no way to add
that column.
 
When you right-click on the svchost that you are interested in, choose
Properties. When that window pops up, click on the Threads tab, which has a
column for CPU. You may have to do a little detective work (like clicking
on the Module button on that page, to find out, under the Start Address
column, what file is in play, and what service might be using it.
 
Ok, i think i have found the guilt. I run Vista in italian, and the service
is called "Ottimizzazione avvio" i suppose is translated into "Optimize
boot" or something like this. The service name is SysMain. I disabled this
one and now after the boot my system runs perfectly without degree of
performance.

Now: what does this service? Is essential?

Davide
 
Davide

That does not sound like a default Windows service? It may be from a third
party product that you have installed.

Go to Start, type services and click on Services in the Programs list.
Locate the service and double click the service in question to see a
description of what it is and which application is using it.
 
Sysmain.dll is the Superfetch Service Host, and yes, it's supposed to
optimize the opening of applications much like Prefetch did in Windows XP.
Logically, it's the Superfetch service.

"SuperFetch monitors which applications you use the most and preloads these
into your system memory so they'll be ready when you need them." Quoted
from:

http://www.microsoft.com/windows/products/windowsvista/features/details/superfetch.mspx

If you Google "Superfetch" you'll get a lot of information. Here's a pretty
in depth article:

Windows Vista's SuperFetch and ReadyBoost Analyzed
http://www.tomshardware.com/2007/01/31/windows-vista-superfetch-and-readyboostanalyzed/

On my computer, it's not causing much commotion. However, there are other
posts in the Vista newsgroups by people experiencing what you are. The
service is responsible for the folder C:\Windows\Prefetch, where it keeps
its data. The service's default startup type is automatic. I do know that
you have to let your computer "idle" for a period for it to initially get
organized, creating your special layout.ini, as well as doing a certain
amount of defragmenting. If you sort the Prefetch folder's files by Date
Modified, you'll see the chronological order of data it has collected, as
you use your computer, and what it has done while computer is on, but not
used (i.e., "idle")(it does redo the layout.ini during this time (pretty
much always), as well as a "miniature" defragmentation (not always). I
would try leaving your computer on for about a half hour, at least, without
it being used, to see if that helped your startup situation.

It seems to have a direct bearing on this key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction

You might want to look at the values "OptimizeComplete" and "OptimizeError"
to see what your data is for those values, in the above key.
 
Thanks, dean-dean, i'll try looking into those values. Anyway, disabling it
i do not experience heavy hard disk use and partial system block for high
CPU Utilization any more

Davide
 
rundll32.exe advapi32.dll,ProcessIdleTasks

Still does something on Vista. My hard drive is now chattering away. In XP
it optimised the files for prefetch (and other unspecified things). However
it runs till it completes unlike automatic invocation.
 
Back
Top