Windows Vista constantly examines performance problems. If your curious about the busiest processes and the slowest drivers on your computer, check out the performance diagnostics log. First, open the Computer Management console by following these steps:

1. Click Start, right-click Computer, and then click Manage.

2.  The Computer Management console opens. Expand Event Viewer, Applications and Services Logs, Microsoft, Windows, and Diagnostics-Performance.

3. Click Operational.

The middle pane shows your performance diagnostics events.

It’s interesting just to browse these. Events in the 400-449 range cover system performance monitoring. Event ID 401 shows processes that Windows Vista felt were using up all your processor time. For example, I was using WinRAR to compress a backup:

This process is using up processor time and is impacting the performance of Windows:
File Name        :    DeviceHarddiskVolume2Program FilesWinRARWinRAR.exe
Friendly Name        :
Version        :
Thread time        :    146ms
Blocked Time        :    35ms
Incident Time (UTC)    :    1/3/2007 10:07:05 PM

Event ID 407 shows a process that is using too much memory:

This process is using up too much system memory:
File Name        :    firefox.exe
Friendly Name        :    Firefox
Version        :    1.8.1.1: 2006120418
Workingset size    :    132012Kb
Percent memory    :    6.30250415831979
Incident Time (UTC)    :    12/24/2006 8:00:23 PM

This example of Event ID 402 is funny… Should I stop using that file? :)

This process is doing excessive disk activities and is impacting the performance of Windows:
File Name        :    ntoskrnl.exe
Friendly Name        :
Version        :
Thread time        :    12057ms
Blocked Time        :    2422ms
Incident Time (UTC)    :    12/18/2006 6:07:23 PM

Event ID 400 also covers system performance monitoring, but it’s not especially useful. Here are two examples:

Information about the system performance monitoring event:
Scenario        :    Start Menu
Analysis result        :    Analysis was successful and rootcauses were found
Incident Time (UTC)    :    1/3/2007 10:07:05 PM

Information about the system performance monitoring event:
Scenario        :    System Responsiveness
Analysis result        :    Analysis could not be performed in time. There is a possible serious performance issue
Incident Time (UTC)    :    1/3/2007 4:03:29 PM

I’ll let you know when I figure out where the root cause is actually documented. Events 100 and 101 (and everything in the 1xx range) document boot performance monitoring:

Windows has started up:
Boot Duration        :    438900ms
IsDegradation        :    false
Incident Time (UTC)    :    1/3/2007 2:30:06 PM

This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name        :    SearchIndexer.exe
Friendly Name        :    Microsoft Windows Search Indexer
Version        :    6.0.6000.16386 (vista_rtm.061101-2205)
Total Time        :    2717ms
Degradation Time    :    217ms
Incident Time (UTC)    :    1/3/2007 2:30:06 PM

This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process:
File Name        :    audiosrv
Friendly Name        :    Windows Audio Service
Version        :    6.0.6000.16386 (vista_rtm.061101-2205)
Total Time        :    453ms
Degradation Time    :    290ms
Incident Time (UTC)    :    12/23/2006 1:40:53 PM

Session manager initialization caused a slow down in the startup process:
Name        :    SMSSInit
Total Time        :    12559ms
Degradation Time    :    6403ms
Incident Time (UTC)    :    12/23/2006 1:40:53 PM

Note that my boot times are all over the map, at least according to boot performance monitoring.

Check out events 200, 201, and 203 if you’re having problems with shutdown performance. Here are examples of each (I have frequent shutdown problems):

Windows has shutdown:
Shutdown Duration    :    55639ms
IsDegradation        :    true
Incident Time (UTC)    :    1/1/2007 7:28:37 PM

This application caused a delay in the system shutdown process:
File Name        :    mobsync.exe
Friendly Name        :    Microsoft Sync Center
Version        :    6.0.6000.16386 (vista_rtm.061101-2205)
Total Time        :    5008ms
Degradation Time    :    3508ms
Incident Time (UTC)    :    1/1/2007 7:28:37 PM

This service caused a delay in the system shutdown process:
File Name        :    WSearch
Friendly Name        :
Version        :
Total Time        :    19830ms
Degradation Time    :    15852ms
Incident Time (UTC)    :    1/1/2007 7:28:37 PM

Now, that’s actually useful, because it shows the process that is causing the performance problem. Note that 201 and 203 are basically the same event; 201 is a warning, and 203 is an error. Of course, the processes that are causing my shutdown problems are both parts of the OS, so I’m not sure what I can do to fix it.

Event ID 351 (and probably 352 or 353) show drivers that might be causing performance problems. For me, all the problems are with core OS drivers, so it doesn’t leave me with a clear path to fixing the problem. Here are some examples of event 351:

This driver responded slower than expected to the resume request while servicing this device:
Driver File Name        :    DriverACPI
Driver Friendly Name        :    ACPI Driver for NT
Driver Version            :    6.0.6000.16386 (vista_rtm.061101-2205)
Driver Total Time        :    69ms
Driver Degradation Time    :    32ms
Incident Time (UTC)        :    12/28/2006 1:09:08 AM
Device Name            :    ACPI_HALPNP0C08
Device Friendly Name        :    Microsoft ACPI-Compliant System
Device Total Time        :    69ms
Device Degradation Time    :    0ms

This driver responded slower than expected to the resume request while servicing this device:
Driver File Name        :    Driverpci
Driver Friendly Name        :    NT Plug and Play PCI Enumerator
Driver Version            :    6.0.6000.16386 (vista_rtm.061101-2205)
Driver Total Time        :    54ms
Driver Degradation Time    :    28ms
Incident Time (UTC)        :    12/29/2006 12:31:42 AM
Device Name            :    PCIVEN_1217&DEV_00F7&SUBSYS_01CC1028&REV_024&2e5a3e7b&0&0CF0
Device Friendly Name        :    OHCI Compliant IEEE 1394 Host Controller
Device Total Time        :    121ms
Device Degradation Time    :    0ms

Events in the 500-549 range cover the Desktop Window Manager. For example:

The Desktop Window Manager is experiencing heavy resource contention.
Scenario    :    The Desktop Window Manager responsiveness has degraded.

The Desktop Window Manager is experiencing heavy resource contention.
Reason    :    Graphics subsystem resources are over-utilized.
Diagnosis    :    A consistent degradation in frame rate for the Desktop Window Manager was observed over a period of time.

So, what do you do with these? I don’t know, because there seems to be a very low signal-to-noise ratio. In other words, most of the events aren’t useful. It’s a place to start, though. Please add a comment if you figure out a useful way to analyze this.