The TuneUp Blog about Windows previously published two blog posts discussing the most common Windows processes, from very important ones to those users do not always need for day-to-day operations! In Part 3, I’ll finish off this series by diving into 11 more Windows processes you should know about. And here they are:
LogonUI.exe – your login
This process is responsible for displaying the Windows log-on screen. It shouldn’t be running unless you’re logging off or on or displaying the CTRL+ALT+DEL screen. It will also run if you’re using the Remote Desktop Connection. If the process is constantly running, it’s likely that you’re dealing with some form of malware. Again, check the location by right-clicking on “LogonUI.exe”; it should sit right in the System32 folder within your Windows directory.
Lsm.exe – your current log-on session
An important Windows process, lsm.exe handles logged-on users via Windows Terminal Server in Windows XP. In Windows Vista and Windows 7, it is responsible for essentially all logged-on users, as they are all treated as virtualized terminal sever sessions (yes, even if you’re logged onto your local PC and not via a remote Windows Terminal Server). This is done for security purposes.
Rundll32.exe – Launching DLLs
DLL files contain features and information of both Windows and third-party applications. However, it’s not possible for the user or a program to directly run DLL files. This is where “Rundll32.exe” jumps in: it executes these features within DLLs. To understand how that works and how you can figure out which DLLs are loaded, have a look at this HowToGeek article.
SCM.exe/Services.exe – the service manager
In Windows XP, Scm.exe coordinates, and is required for running,all, Windows services. In Windows 7, services.exe handles this task.
SearchIndexer.exe – find your files
This is an essential component of the Windows Search feature in Windows Vista and Windows 7. It indexes files on your drives for faster search results. If you disable this feature, Windows Explorer falls back to its slower, folder-based search, and some search features (for example, in Outlook), will not work anymore.
Spoolsv.exe/splwow64.exe – Your Printer Spooler
This is a critical task for printing. If you disable the “Spool Service”, you won’t be able to send files to your printer. Even if you don’t want to print or don’t own a printer, I recommend you keep this process turned on; some third-party plug-ins that use the printing feature to export files may depend on it.
Sidebar.exe – your gadget platform
That’s the Sidebar, which is an integral user interface element of Windows Vista and part of the gadget platform in Windows 7.
Taskhost.exe – for your DLL needs
Another integral part of the Windows operating system, Taskhost.exe is a generic process that makes others run from a DLL file (Dynamic Link Library) instead of a typical EXE (Executable) file. Depending on how many of your programs and services solely exist as DLLs, you might see several instances of Taskhost.exe crop up in Windows Task Manager. Again, this is nothing to be worried about as long as Taskhost.exe sits in the System32 folder. If you want to find out which programs are executed by Taskhost.exe, use Process Explorer.
In Windows XP, the VSSvc.exe (Volume Shadow Copy Service) task is responsible for creating backups. It may be needed by a third-party tool in order to create backups of files that are currently in use, so I’d advise against disabling it. Don’t confuse this with the Volume Shadow Copy Service of Windows Vista and Windows 7 which has the far more essential task of handling system restore points and the “Previous versions” functionality responsible for restoring earlier file versions.
Another integral file that’s required for proper Windows operations is Wininit.exe. Ending it would simply result in a blue screen, so steer clear!
As the name suggests, Winlogon is the main process for handling the entire log-on process in Windows XP. The responsibilities of Winlogon changed significantly in Windows Vista and Windows 7. Have a look at this MSDN article which explains the entire Winlogon architecture and the changes.
In my experience, this process is one of the most resource-hungry processes that comes enabled by default with Windows. Wmpnetwk.exe is the executable service behind the “Windows Media Player Network Sharing” feature; It gets enabled when you join a network, set it as your home network, and launch Windows Media Player. From that point, it will regularly consume precious CPU power. If you don’t share your music or other multimedia files over a network, it’s safe to disable it. Open up the Service Manager (open up your Start menu, type in services.msc and hit “Enter”), double-click on “Windows Media Player Network Sharing Service”, and make sure it’s set to “Disabled”.
In the case of most the processes listed throughout this blog post series, I’d strongly advise against disabling them. It’s likely you’ll end up with a blue screen or an immediate system shutdown. Windows has built-in mechanisms that prevent you from tampering with such critical parts of the operating system. However, in some cases, you can essentially save a bit of power by turning them off.
If you’re not sure about a certain process that’s running on your system, or if it’s causing an unusual amount of processing power, let us know in the Comments section below.