When in comes to Windows operating systems, knowing how to identify unknown process and when they started can be a big help when troubleshooting problems.
Being able to see how long a Windows process has been running and when it started can provide valuable information that can tell you if the problem began when Windows started or long after the system has been running.
While Windows Vista and Windows 7 has greatly improved task manager and added addition performance tools, such as resource monitor, they still fall short in some areas with providing needed information. Such as when a process started.
To find when a Windows process started and how long it has been running, I like to use Windows Sysinternals tool, Process Explorer.
Process Explorer runs on many versions of Windows including XP, Vista and Windows 7, and does not need to be installed.
To get started, download Process Explorer from Microsoft Windows Sysinternals site by clicking on the Download Process Explorer link found on the right side of the page.
NOTE: you can also run the tool directly from the Windows Sysinternals site by clicking the Run Process Explorer link.
After downloading is completed, go ahead and unzip the file ProcessExplorer.zip to your desktop (or to a folder on your hard drive).
Now go to the folder where Process Explorer was unzipped, and just double click on procexp.exeto run it.
Once Process Explorer starts you will see something similar to the screen shot below:
While it may look daunting, don't let Process Explorer scare you. First I like to sort the processes by alphabetical order by clicking on the Process column.
Now to find when a process started, just double click on a process, (in my example I clicked on Firefox) to open the properties page.
Make sure the Image tab is selected, and look for the Started field.
Listed will be the date and time the process was started. In the above example Firefox was started at 6:53:15 AM on 8/30/2010.
With this information I can determine how long Firefox has been running and and when it was started based on when the operating system was booted.
Keep in mind, if you hibernate your computer, it does not effect the time and date listed in Process Explorer. In other words, Process Explorer correctly reports the time the process was first started, not after you brought your computer out of hibernation.
As you can see, having this type of information when troubleshooting can be a big help in fixing problems. All it takes is the right tools or utilities.