WTHIMCD?
April 25, 2006 4:41 PM Subscribe
I want a computer utility called "What the hell is my computer doing?"
It happens very frequently: you're sitting there at your computer while extensive hard drive activity is going on, and you have no idea what it is. Maybe Windows is simply tidying up the disk memory, or maybe the NSA is downloading all of your secret files. Is there a utility that will peek behind the curtain and divulge what activity is going on when this happens?
It happens very frequently: you're sitting there at your computer while extensive hard drive activity is going on, and you have no idea what it is. Maybe Windows is simply tidying up the disk memory, or maybe the NSA is downloading all of your secret files. Is there a utility that will peek behind the curtain and divulge what activity is going on when this happens?
(Obviously, you're going to need to sort with the highest read/write figures at the top, and monitor which one moves the most. If there's a great deal of disk activity, this should be readily apparent, since most processes only I/O every so often at best.)
Also, you can view every statistic about your computer, though not so well linked to individual processes and applications, by choosing Start -> Control Panel -> Administrative Tools (may not be available on XP Home) -> Performance.
Search for offending processes ("hpqtra08.exe" for example) at The Elder Geek or directly on Google to determine if you actually need to keep it intact.
And *don't* end any svchost.exe owned by SYSTEM, NETWORK SERVICE or LOCAL SERVICE, ubless you know what you're doing. And you likely don't. (svchost.exe is the carrier process for a group of "services" that run in the background, instead of as individual applications. This is a nightmare when one of them takes to maxing out your CPU or something and you can't identify which individual service is causing troubles, though tasklist /svc in the command prompt tells you *which* svchost.exe is governing which services.)
posted by disillusioned at 4:50 PM on April 25, 2006
Also, you can view every statistic about your computer, though not so well linked to individual processes and applications, by choosing Start -> Control Panel -> Administrative Tools (may not be available on XP Home) -> Performance.
Search for offending processes ("hpqtra08.exe" for example) at The Elder Geek or directly on Google to determine if you actually need to keep it intact.
And *don't* end any svchost.exe owned by SYSTEM, NETWORK SERVICE or LOCAL SERVICE, ubless you know what you're doing. And you likely don't. (svchost.exe is the carrier process for a group of "services" that run in the background, instead of as individual applications. This is a nightmare when one of them takes to maxing out your CPU or something and you can't identify which individual service is causing troubles, though tasklist /svc in the command prompt tells you *which* svchost.exe is governing which services.)
posted by disillusioned at 4:50 PM on April 25, 2006
Filemon is how I figure out what's going on when I want the 411 on unknown disk activity, but it might be a bit too low-level for you.
posted by majick at 5:21 PM on April 25, 2006
posted by majick at 5:21 PM on April 25, 2006
The most common reason for lots of HD activity when nothing should be going on is the Windows Indexing Service. I hate it, and I've disabled it long since.
But doing that is a bit intricate. I'm pretty sure you have to be an administrator. Then you run the "Computer Management" utility. (On my machine, that's Start->Programs->Administrative Tools->Computer Management)
Open up "Services and Applications", and select "Services" on the left pane. (Ignore the "Indexing Service" entry.)
In the right pane, look for "Indexing Service" and set it to "Disabled". Then I think you have to reboot.
"Office" used to install an indexing demon, too, but the way to get rid of that was to delete its auto-start record in the "Run" entry of the registry. Anyway, in XP I don't think Office does that anymore because it was institutionalized in XP itself, as described above.
posted by Steven C. Den Beste at 5:22 PM on April 25, 2006
But doing that is a bit intricate. I'm pretty sure you have to be an administrator. Then you run the "Computer Management" utility. (On my machine, that's Start->Programs->Administrative Tools->Computer Management)
Open up "Services and Applications", and select "Services" on the left pane. (Ignore the "Indexing Service" entry.)
In the right pane, look for "Indexing Service" and set it to "Disabled". Then I think you have to reboot.
"Office" used to install an indexing demon, too, but the way to get rid of that was to delete its auto-start record in the "Run" entry of the registry. Anyway, in XP I don't think Office does that anymore because it was institutionalized in XP itself, as described above.
posted by Steven C. Den Beste at 5:22 PM on April 25, 2006
Also, I know you're talking about Windows machines, but if you want to list the processes on a Mac in a window showing what they are up to, open a Terminal window and type 'top'. Maybe everyone knows this but me, but I was happy to learn it.
posted by jessamyn at 6:51 PM on April 25, 2006
posted by jessamyn at 6:51 PM on April 25, 2006
fyi, top is a *nix utility, so it should work on most unix/linux/whatevs systems as well.
posted by beerbajay at 7:16 PM on April 25, 2006
posted by beerbajay at 7:16 PM on April 25, 2006
top and ps for command line process listing commands. Windows users can install cygwin for top or ps. Sysinternals makes a good gui alternative to the Task Manager called Process Explorer. For OS X users who want a gui, ActivityMonitor.App comes built in.
Also, in OS X there's a Console.App GUI utility for viewing log files. I didn't know it existed until recently (but I tend to view log files by hand).
posted by bleary at 8:14 PM on April 25, 2006
Also, in OS X there's a Console.App GUI utility for viewing log files. I didn't know it existed until recently (but I tend to view log files by hand).
posted by bleary at 8:14 PM on April 25, 2006
For network activity, would ethereal be useful to you, or too tricky?
posted by bleary at 8:16 PM on April 25, 2006
posted by bleary at 8:16 PM on April 25, 2006
My own additions: I sort Task Manager by CPU percentage. If I'm getting a slowdown, that usually brings the offender to the top. Occasionally I need to kill it, sometimes it will be transient and resolve itself. Rarely I need to kill explorer.exe and restart it (via the same dialog, File->New Task).
Task manager can also be accessed by the shortcut Ctrl-Alt-Esc.
posted by RikiTikiTavi at 9:15 PM on April 25, 2006
Task manager can also be accessed by the shortcut Ctrl-Alt-Esc.
posted by RikiTikiTavi at 9:15 PM on April 25, 2006
Task manager can also be accessed by the shortcut Ctrl-Alt-Esc.
You mean Alt+Ctrl+Del.
Fun fact: Ctrl+Alt+Esc closes firefox windows.
posted by delmoi at 10:05 PM on April 25, 2006
All good advice (I didn't know some of it myself)! I'd say your problem is most probably the indexing service that Steven mentions.
But, just in case you want to know more, I have a little nugget to add. If you go to the command prompt and type 'netstat -ano' it will list all the ports on your PC that are open (ie. out to the network) as well as the PID (process ID) of the process that is using that port.
If you use disillusioned's tip at the beginning to bring up task manager, one of the columns you can add is for PID, which you can then match with the netstat list to work out which processes are talking on the network.
Obviously, if you see a process called NSAFileDownloader that's doing a lot of disk access and also sending data out of a network port, you should probably close it! :)
posted by ranglin at 11:31 PM on April 25, 2006
But, just in case you want to know more, I have a little nugget to add. If you go to the command prompt and type 'netstat -ano' it will list all the ports on your PC that are open (ie. out to the network) as well as the PID (process ID) of the process that is using that port.
If you use disillusioned's tip at the beginning to bring up task manager, one of the columns you can add is for PID, which you can then match with the netstat list to work out which processes are talking on the network.
Obviously, if you see a process called NSAFileDownloader that's doing a lot of disk access and also sending data out of a network port, you should probably close it! :)
posted by ranglin at 11:31 PM on April 25, 2006
Actually, I presume RikiTikiTavi meant Ctrl-Shift-Esc which brings up the Task Manager directly.
posted by bsdfish at 11:31 PM on April 25, 2006
posted by bsdfish at 11:31 PM on April 25, 2006
Apart from its primary use as a spyware blocker and scanner, the excellent Spybot Search & Destroy has a very handy Process List tool (turn on Advanced mode, then select Tools in the left hand pane) which shows you the full pathname for every executable that's running along with its PID. Handy for when something with a generic sort of name (e.g. setup.exe) shows up in the standard Task Manager list.
Also, if you click on any process in that display, it shows you its parent process (who started it), any child processes, and all the DLL's it's using.
The SS&D System Startup tool shows you , on one page, everything that autostarts when you log on.
Between these and Task Manager, it's rare to find unsolvable mysteries.
posted by flabdablet at 4:23 AM on April 26, 2006
Also, if you click on any process in that display, it shows you its parent process (who started it), any child processes, and all the DLL's it's using.
The SS&D System Startup tool shows you , on one page, everything that autostarts when you log on.
Between these and Task Manager, it's rare to find unsolvable mysteries.
posted by flabdablet at 4:23 AM on April 26, 2006
'top' seems to work on my PC here at work - it's pretty nifty
posted by soplerfo at 7:37 AM on April 26, 2006
posted by soplerfo at 7:37 AM on April 26, 2006
Microsoft has a free tool called Windows Defender (formerly Microsoft AntiSpyware) which lets you keep tabs on what's running. A great companion to Spybot.
posted by anildash at 4:45 PM on April 26, 2006
posted by anildash at 4:45 PM on April 26, 2006
This thread is closed to new comments.
Click Processes Tab.
View-> Select Columns
I/O Writes (how many writes an application has, bytes shows.. bytes)
I/O Reads (reads...)
Page Faults Delta (How much the application is page faulting in a given moment)
CPU Time (How much time of your CPU the process has used since launch)
And all the other fun ones.
You're mainly wanting the I/O and CPU usage options. Click okay, and click the column names to sort by them, ascending or descending.
posted by disillusioned at 4:45 PM on April 25, 2006