the Zen of Communication.

I realized that for the first time since getting a new computer, I’d not run a deep-deep trace of what was actively running.  I’d run rootkit-revealer, I run virus sweeps, and I  run AdAware and Spybot regularly, but I was finding things like the GoogleUpdater app running, even though a) the entry for it under Startup in MSConfig is disabled, and b) the service in the Services MMC is also disabled.  So I started to get curious.

On a whim, I ran a Google (ironic, huh) for "advanced process manager" or some such query.  First thing that came back was a blogger linking to "ProcessScanner", software created by UniBlue (http://www.processlibrary.com/processscan/) – the folks behind www.processlibrary.com.  This particular blog entry went on about how it will give you detailed this and that about anything on your system, it’s quick, there’s no installation required, etc. etc.

Well allow me to say first hand, that’s all a load of bull.  The download itself was only 900k.  But it’s a full on installer that makes you accept a very lengthy EULA (including details about opening a CD-Rom package?  For a download?), and then installs itself.

Once you’ve signed your life over and installed the app, then you run it.  Not only are there splashy graphics for such a simple app, but then … Well, for a meager "process scanner" this sucker starts to eat up around 20mb of memory.  The icing on the cake is – it phones home!  After running its scan, it will send details of the processes you’re running (probably just exe names and reg key entries, I didn’t run a packetsniff to be certain) back to the UniBlue servers, and presumably fetches details about each one from ProcessLibrary.com, and report the results back to you – what’s good, what’s not, what’s virii, what’s Windows, etc.  I, personally, never allowed it to get that far – My firewall alerted me, and I nixed it.  I’m just not OK with a list of my services/active reg-keys, and processes being dispatched over the internet to an unknown server for someone else to analyze.  But I’m a bit paranoid anyway.

Again, for a meager process scanner?  This app is seriously overkill, and not in a good way.  It’s got no huge or one-of-a-kind features to wow you, and on top of that it’s one great big ad for ProcessLibrary.com .  I’m all for self promotion, but if I wanted shareware-type crap, I’d have gone to C|Net’s download.com . 

So I went hunting again.  And lo and behold, my old friends SysInternals crop up in the results (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx).  Knowing full well they produce 99% gold, I took a look.  Sure enough Process Monitor (ProcMon) was updated in August of ’08 to v1.37.  I downloaded it, and though the zip file was 1.1megs, you extract the file to a directory (in \Program Files or on your desktop, it doesn’t matter) and presto – your application is ready.  No installer, no 20 page contract (though it’s all implied from the SysInternals website, I’m sure), just your tool waiting to be used.  Shut up, Beavis. 

I won’t give you all the details about it, because it’s fairly self explanatory, and the screen-shots on the TechNet link will explain more than I could in 1000 words.  But in case you’ve never used it before – definitely give it a shot.  It’s functionally very similar to a PacketSniffer (like WireShark) in that it will give you a running history of every process, .exe, .dll, thread, and registry entry that’s accessed on your computer, as it’s happening, with timestamp, sequence, process, operation, and path.  Try just running it for one second, literally, and you’ll be amazed at everything your system is doing behind the scenes.  And we wonder why processors get so hot?

Once you run it for a while, you’ll see long long lists of things which you know are supposed to be there (firefox, explorer, outlook, etc.) so you can add filters to hide those entries, so they don’t fill up the few hundred thousand lines you have to gaze upon.  That just leaves … everything else.

Again, if you’ve never tried it before, give it a shot.  It’s quick, it’s free, it’s small, and I’m not paid by Microsoft.  And, I’ve been watching my firewall logs for several minutes and it’s never even so much as checked for an update, or pinged anyone at The Borg – and this is an instance where I’m OK with that.  Now I just need to find that damned GoogleUpdater exe…

Found an interesting little tidbit today.  When opening a folder that contains a Quicktime file (.mov or .qtw), Windows tries to load a handler – WLXQuickTimeControlHost.exe .  Nothing reports exactly what this is supposed to do. What it is doing is bringing the desktop, and often times the system itself, to a grinding halt sometimes using over 50% of available resources.

A quick search on your system, specifying c:\windows\ and c:\program files\ (or your %systemroot% and Program Files directories, respectively) should yield:

C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe

as the culprit.  While it is rumored that actually uninstalling QuickTime will cure this (sounds like a Microsoft snipe at Apple if ever I’ve heard one), renaming this file to WLXQuickTimeControlHost.exe.nuked or whatnot, so that it’s no longer executable, will bring you an instant performance boost whenever you’re dealing with QuickTime files.  Miracles.