What’s this program running on my machine?
As you use your Windows machine there may be many programs
running – some of which you can see and some of which are running
in the background. In Windows 95, 98 and Me, pressing
CTRL-ALT-DEL will present you with a list of the programs
running on your machine. On Windows NT, 2000, XP and 2003,
running task manager (right click on the clock or any open
space on the task bar and select Task Manager) and selecting
the Processes tab will show you that list.
It’s probably a longer list than you expected.
So what are all those programs running on your machine?
Become a Patron of Ask Leo! and go ad-free!
Some will be fairly obvious based on their name. For
example a program called “msnmsngr” is MSN Messenger, the MSN
Instant messaging program. “CMD” is the “Command Prompt”. But
CSRSS? LSASS? SVCHOST? For these and many of the others we
don’t immediately recognize we need to look a little
One of the tools I use the most is
Process Explorer (procexp) by the folks out at
Sysinternals.com. Think of it as
task manager on steroids.
Just running procexp will answer the question for a number
of programs running on your machine. Procexp will list them
much like task manager did except with much more available
information including a description if there is one.
The columns available to be displayed in procexp are
extensive – one that I’ve added to my default display is
“Command Line”. Much like a previous article about
What’s This DLL? simply
knowing where the program was loaded from on disk will often
tell us what application it is a part of. For example it didn’t
dawn on me what “ypager” was until I saw that it had been
loaded from “\Program Files\Yahoo!\Messenger”. That made it
fairly clear that it’s Yahoo’s instant messaging client.
If it’s not obvious from the description or the command
line then my next step, again much like the DLL search, is
Google. For example search on
“LSASS.EXE” provided me with a site that told me it was the
“The Windows Local Security Authority Server Process” the
component of windows that handles local security related
requests. In other words, a key component of the operating
I also recommend
Microsoft’s Support Site. The problem
with both it and Google is simply that there are often a lot
of unhelpful entries to wade through. LSASS, for example,
returns a plethora of articles on the Microsoft Support site
dealing with specific issues relating to LSASS but not a clear
definition of what it is. Nonetheless, both can be valuable
aids if you can sort the wheat from the chaff.
Most of programs can be identified by the steps above, at
least to the point of understanding what application they
belong to or whether they are part of the operating system.
One program, “svchost”, usually has multiple copies running
at the same time on Windows NT, XP, 2000, and 2003. Labeled only
as “Generic Host Process”, it deserves a little more attention
that I’ll save for a separate article.