Techware Labs Header
Home | Reviews | Articles | Downloads | Guides | Staff | Advertising | Links
Mainboards | Networking | Video | Cases | Storage | Other




News Archives

Hardware Reviews




About TWL


The Geek Weekly


Deciphering Windows Processes

Author:  Jack Wells
Date:  2008.07.13
Topic:  Editorials
Provider:  Thermaltake
Manufacturer:  Microsoft

Deciphering Windows Processes

Process Explorer

Ever wonder what svchost is? Why it takes so much RAM? Why your explorer.exe keeps crashing?  Look no farther! Process explorer is a free utility that Microsoft redistributes that helps you take the mystery out of you processes and helps you find problem areas.  It can be used to trim down your RAM usage or even to find out what executables are running behind processes.  This is important because most of the time explorer.exe crashes it is indicative of a problem with your computer caused by executables hooking into the Microsoft process named explorer.exe.

Getting started

To begin, go grab the latest Process Explorer from Microsoft here. Alternately, you can go to, and search for “Process Explorer”, either way click the download button and save the file wherever.  Unzip the file by right clicking on it and you should have three icons now.  Only one of them is of concern to us, and that is procexp.exe.

Process Explorer Process Explorer
Search on
Click this button to download
Process Explorer
The icons

Before we go any farther it should be noted that every process (in Windows) can host one of two different things:

  • Services: These are programs that aren’t meant to interact with the user and instead provide functions to applications or perform simple tasks in the background.
  • Executables: These are programs designed to interact with the user, they will always be followed by *.exe, whereas services are generally not appended with the *.exe extension.

Technically, they are both very similar, but they are treated very differently. Keeping notation correct will be important to understanding what I am trying to explain. If what you just read is a new concept, reread it and make sure you are comfortable with the difference before moving on.

The Interface

Double click procexp.exe and you should get a window similar to this that pops up.

Process Explorer

It may seem overwhelming at first, but bear with me for a moment, let's go over each of these labels.

A) Process: This is the name of the process, once expanded it also shows the names of the executables and services working under each process. An executable is any *.exe file and a service is any program that is usually running in the background and is considered ‘important’ to your operating system functioning.

B) PID: This is a unique identifier for each process, note that even though some processes can have the same name, no two processes can have the same PID.

C) CPU: This is the percentage of your processors cycles that go to this particular process and its subcomponents.

D) Description: This should be the proper name for each process, if this isn't enough information I would suggest googling the process and seeing if it yields more information.

E) Company Name: Pay attention to this as you decide what's important and what isn't, it can give good clues. Also it should be noted that just because it says "Microsoft Corporation" does not mean that every item in that process is made by Microsoft or even good for your computer.

F) Processor Usage Graph: This graphs all of your processes in terms of processor usage. Each process is an individual color.

G) Virtual Memory: This shows you how much of your virtual memory is being used, if this gets fully yellow, you're in trouble.

H) Hard Drive Usage Graph: This graph shows how much your hard drives are being accessed by your processes. Obviously, if this bar fills the box, you have a system resource problem.

I) Summary: This is the total impact all of your processes have on your computer's resource pool.

Now that you understand the basic parts of the interface let's modify some things to make it easier to see each process's impact on your computer. First you need to change the views on the process tab, click on it 2-3 times until it has a tiered look. This will become important when you get swamped with processes in a second.

Process Explorer
It should look like this

After you get the tiered view, right click on the word "Process", the same one you clicked to change the view. Hit "Select Columns" and a dialog box should pop up. At the top hit the "Process Memory" tab and check the box that says "Working Set" and another that says "Virtual Memory". Quickly and oversimplifying (see here for more details).

  • Working Set: Amount of physical RAM used by a process
  • Virtual Memory: RAM usage plus page file usage (not precisely, read here if you're curious *technically in depth*).
Process Explorer
Right click "Process", then left click "Select Columns..."
Process Explorer
Check these two boxes

Now you can see how much memory each one of these processes take up, but we still haven't found any information that we couldn't have with task manager. This changes when you find the "services.exe" entry and expand it. Your window will get flooded with new entries including the infamous svchost.exe. What you want to do here is inspect each of the processes under each svchost.exe and then also by mousing over it and see which services are running under the processes.

Process Explorer

A lot is going on inside of the interface of process explorer right now, but don't worry, we'll go through what's important.

A) Tiered View: This view lets you see which processes are hosting what executables and so on. It shows you what task manager fails to do, and that is what exactly is running in the background. I would strongly suggest going through explorer.exe. Inspect each executable in it and see which you don’t recognize or want there. As a rule of thumb, anti-viruses, driver type applications, and open applications should be there, but if you start seeing other things there get rid of them. More on how to get rid of unwanted processes and executables later.

B) Memory usage: This item is here to give you an idea of how important each process is to your system resource pool.  A process using 1 kB of memory and almost no CPU bandwidth isn’t even worth inspecting most of the time, but one using 200 MB of Virtual memory carries a bit of weight. Notice how the memory doesn’t add up to the total, this is what we call in engineering “space math” don’t worry about it, memory is a complicated issue and you can read the articles I linked earlier if you care to learn more. If you got nothing else from this paragraph, the bigger these numbers, the worse they are.

C) Hovering over an entry will cause a pop up to appear containing a list of the services being run through that process.



I'll quickly talk about how to stop an executable from running and how to get rid of one, and then I'll spend the rest of this article talking about how to deal with services.

Hovering over an entry will cause a pop up to appear containing a list of the services being run through that process.  Literally right click on it and click "Kill Process". To prevent it from running again at start up follow these instructions:

1) Hold down the windows key and press ‘R"

2) Type in msconfig, press enter

3) Click the startup tab and uncheck it’s entry, if it doesn’t have an entry it means that something you did post-startup caused that process to run.

Process Explorer
Right click and hit "Kill Process" to close an executable
Process Explorer
Windows key + R gives you this, enter "msconfig" and hit enter
Process Explorer
Uncheck the items you don't want to run at start up, then hit apply


Finally, lets talk a bit about services and how to reclaim system resources from them. A service is a program that runs in the background to perform a task or set of tasks. Every time you hit the print button in Word or attempt to access the internet a service is called to aid in the task. Processes and services are the things that allow basic windows functions to happen and allow programs to run without being in your hair (the taskbar or the tray). Services are vital to the operation of your computer, disabling the wrong one can have staggering consequences. Basically, only do this if you are sure what you are doing.

Typically a lot of services are enabled on a computer by default, your desktop computer probably has a service running right now to manage its battery, what’s that? Your desktop doesn’t have a battery? Well, Windows doesn’t know that and will try to manage it anyways. If you have Vista you are probably aware of the fact that Vista likes to eat RAM. Vista takes your RAM and it caches frequently used programs into your RAM in order to speed them up. This means you sacrifice about 400 MB of ram so that when you hit Firefox or any other program you use frequently it opens almost instantly. If you would like your RAM back, disabling a service called SuperFetch is what you want to do.

To access the list of services on your computer, once again hit Windows key then R, this time type “services.msc”. This will open up the services control panel; let’s dissect it like we did to the process explorer interface.

Process Explorer
Click to enlarge

Once again:

A) This is how you stop a service that is already running.

B) This is the name of the service, if you do not know what a service is, do not alter it.

C) This is the status and the Start up type, the status tells you if the service is currently running. The start up type tells you when and how a service can be started.

  • Automatic: Service is started when your computer starts
  • Automatic (delayed): Service is started when your computer starts, but this service waits until other services have been loaded.
  • Manual: A call to this service to perform a task will cause it to start, it remains disabled until a function call to it is made.
  • Disabled: No circumstance can cause the service to start (other than a user override).

Using the services.msc configuration tool is has easy as it looks, find a service you don’t think you need and disable it. A word of warning, if you don’t know what a service does and you don’t understand the description DO NOT DISABLE IT. Google will also help you a lot here, just google the name of a service and read what people have written about it.


Hopefully this article will be helpful to you in your quest to free more system resources and make your computer run more efficiently. If this guide isn’t clear or you’re having trouble deciding what processes/executables are worth terminating feel free to check out our forums.  Remember, safe mode can be used to fix any mistake you make with regards to turning services off, and this is also an excellent tool to have at your disposal should you get a virus (they love to latch on to svchost.exe or explorer.exe).



« Back Home
More Articles »

Gigabyte GA-EX58-UD3R

Radeon 4890

Conficker Virus

Goliathus Mouse Pad

Hard Drive Destruction

OLPC=The Next Newton?

QPAD Gaming Mousepad

FSP BoosterX 5

Fusion Side Marker

eStarling ImpactV

Itami FiTrainer

Patriot WARP 128GB

Cyber Snipa 5.1

Game Bag 2.1

System Cache

:: Copyright © 2002-2008 Techware Labs, LLC :: All Rights Reserved

Email for spiders