If you want to understand what’s really going on with the programs on your computer, then look no further than Microsoft’s excellent (and free) Process Explorer. Think of it as the “Task Manager on steroids”, with the ability to show all processes, threads, handles, and of course, Windows Services running on your PC.
When launched, Process Explorer shows a colorful tree of all the active processes. The interface automatically refreshes itself every few seconds to highlight processes as they come and go. All Windows Services run under the wninit.exe > services.exe branch:
Double-clicking an entry allows you to dig into a specific process. For example, here is what is shown for spoolsv.exe, the Windows Print Spooler:
You can start, stop, restart or even change the permissions of the Spooler service from the Services tab:
Back on Process Explorer’s main screen, summon the Lower Pane (View > Show Lower Pane) for some serious detective work. You can review all DLLs loaded, or even better, see all the files, registry keys and other objects locked by a process by viewing Handles for the lower pane (View > Lower Pane View > Handles). Here we see that iTunes (being run as a service with AlwaysUp) is using the “counters.dat” file:
And perhaps most useful of all, Process Explorer can help you track down which application is preventing you from deleting a file or folder! Choose Find > Find Handle or DLL… and search for the file by name. Here we can see that the counters.dat file used by iTunes is also being held by Explorer and QuickBooks:
Process Explorer has many other interesting features. Easily terminate any process (and all its sup-processes if necessary), boost the priority of any process to make it run faster, and much more. Enjoy!