Ever have a moment when the silence of your office is disturbed by your Windows machine just grinding away on its hard drives for no apparent reason? No amount of quitting applications, cursing, begging, and staring at the various tabs in the Windows Task Manager gives you clue to what’s happening? Not sure what the heck is causing it? This is driving me a bit apeshiznit. It’s definitely worse in Vista, BTW. I probably wouldn’t mind or even notice, but my drives are noticeably loud when they enter this ‘wtf is my machine doing’ mode. I’m so tempted to go out back to my breaker box and just flip them all the hell off so I can sit in my house and just bask in the absence of harddrives acting out some sort of frenetic caffeine high. Jeez.

Here’s how to find out what your machine is doing.

1. Down load “process monitor” here. This is a free tool from the Sysinternals folk (recently bought by Microsoft, btw). They make some very outstanding tools. Check out some more here.
2. Extract it into a folder somewhere appropriate. (I use a folder called “Sysinternals Tools” at the root of my C: drive.) Note the application is called “procmon.exe”.
3. If you’re running on Vista, go to this folder. Right click the application. Go to the “Compatibility” tab. Click the “run as administrator” checkbox (this is so it has permissions to sniff around in your system).
4. Launch the application.
5. You’ll see a massive amount of stuff start scrolling by, but what we’re interested in are files. So let’s filter out everything else.
6. Choose “filter…” from the “Filter” menu.
7. We’re going to add two rules here.
8. Click on the top left popup menu and choose “operation”
9. Leave the middle pop as “is”
10. Choose “read file” from third popup menu
11. Click the “add” button
12. Repeat steps 8 – 9
13. Choose “write file” from third popup menu
14. Click the “add” button
15. Click ok to close the filter edit window

You should now see a bunch of stuff happening in the main window. These are all file reads and writes. Prepare to be shocked. I was.

Some things I’ve learned.

1. The clock widget in the Vista sidebar does not cache its clock graphic (wtf?). I turned it off, cause shiznit like that bugs me.
2. Computer Associates eTrust antivirus has 3 services that continually run, even if you quit the application. And they are very aggressive. Anti-virus software good. Services that continually read from your harddrives when you don’t want them to, bad. I disabled the services with Autoruns. Note, you’d have to be pretty stupid to disable your antivirus software like this. Guilty as charged. DO NOT TRY THIS AT HOME, I’m a trained perfesshunal.
3. Outlook is a very busy application (no surprise there). I basically consider Outlook as a necessary evil in my life. But I digress.
4. Windows Messenger is a very busy application (somewhat surprising to me).
5. The Vista Search indexer is very busy. Sigh. Does anyone know if there is a good way to schedule this better? I basically don’t want it to index within like ten minutes of my latest keyboard or mouse activity. Keep my computer quiet when I’m around please.

What I want to learn:

1. Every day at midnight, the grinding starts. I suspect either the Search Indexer or eTrust. We’ll see tonight.
2. Some of the entries are not very understandable, like this one (anyone have a clue?):

276092 2:04:15.2887771 PM svchost.exe 1116 WriteFile C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf SUCCESS Offset: 0, Length: 47,060, Priority: Normal
276139 2:04:15.4285546 PM svchost.exe 1116 WriteFile C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf SUCCESS Offset: 0, Length: 14,216, Priority: Normal
278337 2:04:24.6788616 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 2,023,424, Length: 8,192
278339 2:04:24.6789638 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 2,555,904, Length: 8,192
278341 2:04:24.6790130 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 2,220,032, Length: 8,192
278343 2:04:24.6790627 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\OBJECTS.DATA SUCCESS Offset: 20,496,384, Length: 8,192
278345 2:04:24.6791074 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 1,753,088, Length: 8,192
278347 2:04:24.6791535 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\OBJECTS.DATA SUCCESS Offset: 20,414,464, Length: 8,192
278362 2:04:24.6805665 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 1,884,160, Length: 8,192
278364 2:04:24.6806059 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 8,192, Length: 8,192
278366 2:04:24.6806517 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 2,408,448, Length: 8,192
278368 2:04:24.6806847 PM svchost.exe 1136 ReadFile C:\Windows\System32\wbem\Repository\INDEX.BTR SUCCESS Offset: 2,424,832, Length: 8,192