Feb 112002
 

Important Information

  • Before posting your question in the comments below, see if your question has been addressed in the FAQ!
  • All of the following services are “Strange” with Windows XP. If you discover one of these Services or processes running, they were installed by another program.
  • At the bottom of the page, I have listed some processes that are not really “Services,” but applications running in the background when looking at Task Manager. I will try to identify “why” these particular applications are now running on your system…

Table Header Information

  • Display Name ~ Is how it is displayed in the Services Control Panel.
  • Service Name ~ Is what the service is called.
  • Process Name ~ Name of Process running in the background (displayed in Task Manager).
  • Dependencies ~ What this service needs to run.
  • Need it? ~ From what I have concluded by trial and error and also the services that I have found pointless…Your computer probably will be slightly different, so use this as what it was intended for, a guide.
  • DEFAULT ~ How the program supplier thinks it should be running.
  • “SAFE” Configuration ~ This is the configuration that 95% of the people will be able to use with little side effects.
    It will also minimizes the amount of “errors” that is reported in the Event Viewer. This does not guarantee it will
    work for you, but if you are scared, this configuration should be a good starting point for you as a test.

Black Viper’s Windows XP Strange Services Configurations

Display Name Service Name Process Name Dependencies Need it? How did it get there?

(Vital, Yes, Maybe, No, Not Installed, Never)

DEFAULT “SAFE”
##Id_String1.6844F930_
1628_4223_B5CC_
5BB94B879762##
Bonjour Service mDNSResponder.exe TCP/IP Protocol Driver No. This service is installed iTunes, Safari and Adobe CS3 suite. I believe it has something to do with sharing files, however, since I do not use iTunes, nor do I share files using CS3 suite or Safari, this service can be safely disabled. It has been reported to me that TiVo Desktop uses this for PC connections. In this case, it is best left on Automatic. Automatic Disabled
Ati HotKey Poller Ati HotKey Poller Ati2evxx.exe None No. This service is installed if you update to the latest ATI video card drivers. It provides the ability to hot key your display settings for what ever reason you would need this feature. I do not change them often, so there is no point in having this service “always running.” Automatic Disabled
ATI Smart ATI Smart ati2sgag.exe None No. This service is installed if you update to the latest ATI video card drivers. It provides the ability to test your particular configuration for compatibility issues and stability issues. The location is also in the ATI display properties control panel. After testing “once,” I have found no reason to continue to have this service in memory. Automatic Disabled
Crypkey License Crypkey License crypserv.exe None No. This service is installed if you use “Swish” (swishzone.com). It is required to start up the program, otherwise an error about writing to a memory location pops up. Set this to Disabled
until you need it. Note: If set to “Manual,” this service will NOT start on its own (thus the error message).
Automatic Disabled
DefWatch DefWatch defwatch.exe None Yeah. This service is installed with Norton. “Virus Definitions Daemon.” Unless you do not want your Virus Scanner
to work properly, keep this going.
Automatic Automatic
IAA Event Monitor IAANTMon IAANTmon.exe None Yeah. This service is installed with Intel’s Application Accelerator and uses about 876 KB of memory. Automatic Automatic
InteractiveLogon InteractiveLogon Fast.exe Terminal Services No. This service is installed with Windows XP PowerToys. Uses 1.4 MB to 2 MB EACH! This service will fire off at least 2
(system and user) instances of this process.
Automatic Disabled
Machine Debug Manager MDM mdm.exe Remote Procedure Call (RPC) Maybe. This service is installed with Office components or possibly the Visual series. Make it go away if you are not
in need of “Debugging” software. You could receive errors in the Event log about the DCOM server not being started with this disabled.
Automatic Automatic
Norton AntiVirus Auto Protect Service navapsvc navapsvc.exe Remote Procedure Call (RPC) This service is installed with Norton 2002. Unless you want your Virus Scanner to not function, keep this in Manual. Manual Manual
Norton AntiVirus Server Norton AntiVirus Client rtvscan.exe None Yeah. This service is installed with Norton Corporate Edition. Unless you want your Virus Scanner to not function, keep
this going.
Automatic Automatic
NVIDIA Driver Helper Service NVSvc nvsvc32.exe None No. This service is installed when you change from the WDM drivers to nVidia’s latest and greatest version. The service
uses about 945k and zero CPU. I have even experienced EXTREME shutdown delays with this service
active, but no adverse side effects with it disabled unless you override your refresh rate. This service is required to override monitor refresh rates in OpenGL games. In DirectX games, you can disable this service and run “dxdiag” and override the refresh rate there. NOTE: If using drivers other than nVidia’s, such as
Asus, this service may have been renamed to reflect that.
Automatic Disabled
ScriptBlocking Service SBService SBServ.exe None This service is installed with Norton 2002. Unless you want your Virus Scanner to stop preventing malicious scripts from doing damage,
keep this in Automatic.
Automatic Automatic
WMDM PMSP Service WMDM PMSP Service mspmspsv.exe None No. This service is installed starting with Windows Media Player 7. If you do not use Media Player, disable this service. If you
begin using Media Player again and functions do not work properly, such as Digital Rights Management or Copy Protection, set this to Manual or Automatic.
Automatic Disabled

These are not really “Services,” but are applications or processes running at different times

Most may be disabled using “msconfig.”

csrss.exe: This is “Client Server Runtime Process” is part of the core of Windows. You cannot kill it and I am not sure why you would even want to. It is a 4k process that sucks up about 3 MB to 6 MB or so, but I do not support making it go away. Usually, if it is “difficult” to get rid of, it is needed.

ctfmon.exe: This is your “Language Bar.” Don’t know what it is? I bet you do not need it. Head to Control Panel -> Regional and Language Options -> Languages TAB -> Details BUTTON -> Advanced TAB -> Under “System Configuration” -> select the “Turn off advanced text services” check box. This little detail will save you between 1.5 MB and 4 MB of RAM. If you are using a “non-US” version, you may be required to install the English
localization to remove this “feature.”

CTHELPER.EXE: This is installed with the SoundBlaster Audigy2 drivers. It takes about 4 MB of RAM.

CTDVDDET.exe: This is also installed with the SoundBlaster Audigy2 drivers. A “DVD Detection” application. It sucks up about 2.2 MB of memory. You can disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the “Auto Start” box. It should not start up automatically again.

CTSysVol.exe: Yet another that is installed with the SoundBlaster Audigy2 Card. A “Volume Control” application that, by default, sits in the system tray. It takes about 3.8 to 5 MB of RAM doing nothing. Right click the tray icon and select “Close,” then disable it via msconfig.

devldr32.exe: This is installed if you have a Creative Sound Card (SBLive Series that I am aware of). It sucks up 2.3 MB to 2.6 MB, but I have not completed extensive testing with this NOT being there… After manually killing
the process (this is not a service, it is listed as a driver in the hardware properties of the sound card) I loaded up a game of Dungeon Siege and all EAX features and 5.1 positional sound worked (with EAX on or off). Also, all Direct Sound tests completed without errors. Do not get excited, though. After renaming the process, the Windows File Protection dialog pops up. Upon reboot, devldr32.exe is not displayed in the active processes in Task Manager, but the Creative Mixer and AudioHQ applications fail to load. I also searched for a reference in the registry and found little to nothing… Kill it if you want to recover some memory, but I do not support such “drastic” measures… so you are on your own with it. Do not E-Mail me asking for help if you killed this process. :)

explorer.exe: This is NOT related to Internet Explorer. There will ALWAYS be an explorer.exe running in the background. It is the user interface process/desktop/shell, etc. This is one of the many ways how Bill got away with “integrating” IE with Windows… If you load up “Windows Explorer” to rummage through files, you will see an additional explorer.exe in the background. This will fluctuate depending on what you have (fonts, background pics, active desktop) going at any given time. Usage of between 5.8 MB and 36 MB RAM is typical.

IAAnotif.exe: This is installed with Intel’s Application Accelerator software. It uses about 1.6 MB RAM.

Idle: This is a generic process that is used when no other program or process is requiring CPU resources. It is not a bad thing if it is using 99% of your CPU! This process is a 16 k loop that the CPU processes while it is not doing “anything” else. If you computer is called upon to do any other task than nothing, the idle process allows that to happen and the % used will decrease accordingly. You can not disable the idle process. If it is using 97% CPU, which only means that the other 3% is used by real programs. If your idle process is constantly at a low rate (for example, 3%) something else, an application or process is using the CPU.

IEXPLORE.EXE: This is the IE browser. Pops up only when you want to suck up 7.3 MB to ?? MB of memory to surf the web. I say ?? MB because every time you open an additional browser, you also start another one of these
processes. If you close “all” browser windows, a IEXPLORE.EXE process will still be running. This is a “feature” to allow faster startup the next time you open IE. Unlike Mozilla, you cannot disable this “feature” other than directly killing the offending process.

iTouch.exe: This process is installed with Logitech software for the “internet” key functions on keyboards and iTouch features on compatible mice. Plenty of functions remain with this software disabled, but some of the more “cool” stuff will not. This process takes from 3.6 MB to 12 MB of memory.

“Generic Host Process for Win32 Services”: This is what ZoneAlarm complains about while connected to the internet. “SVCHOST.EXE” is “Generic Service Host.” What that means is it is a “host” for other processes or services. Check on This Page to see “all” of the services that use SVCHOST.EXE as a front for something else.

If your internet connection seems to “no longer work,” it is due to you disallowing various “required” functions to no longer access the internet. A big one is “DNS Lookups.” If you do not allow this to get through, you will no longer be able to type in “blackviper.com” but you will always be able to type in the IP address of the systems. The internet connection is still working, but you are blocking a “vital” part of the process for surfing web pages.

mozilla.exe: This is the Mozilla browser executable. It uses between 14 MB and ?? MB of memory. Optionally, you can disable the system tray icon and not allow the “Quick Launch” feature to tell Mozilla to completely unload
from memory when the final browser window is closed. This will, of course, increase the startup time when you fire up the browser window, again.

msmsgs.exe: This is Microsoft Windows Messenger that comes with Windows XP Home and Pro. With some applications, namely, Outlook and MSN Explorer, this process will still run in the background to get all of those .NET alerts, etc, that Microsoft is saying will be so cool.

msn6.exe: This is the Microsoft “MSN Explorer” bundled with Windows XP Home and Pro. While running this application, you will also have the previous process running. See msmsgs.exe for more information.

Navapw32.exe: This is installed with Norton AntiVirus 2002 Software. Unless you want your Virus Scanner to no longer function, keep this process running. Do not “end” it. This process is also responsible for automatically
updating the virus definitions and displaying that cute little icon in the system tray.

point32.exe: This is installed with Microsoft Mouse Software, Intellimouse and the like. Most functions (if not all) are built into XP, so there is NO need to suck up 1.1 MB to 1.6 MB for a useless program also running in the background/system tray unless you require “specially mapped” key configurations for your buttons.

promon.exe: This is installed with Intel Pro family graphics adapters. It controls the application that displays in your system tray. It uses about 656K to 1.1 MB just sitting there. I hate icons in the system tray… I have none.

smss.exe: Dubbed “Windows NT Session Manager.” Another process (see csrss.exe above) that is part of the core of Windows. It is a 45k process that uses about 300k to 2 MB. You cannot kill this process manually and I
do not recommend trying other ways to get rid of it. Usually, if it is “difficult” to get rid of, it is needed.

svchost.exe: A generic process that is “Service Host” for other processes. Yes, this is actually a service, but I am placing it here because I have no where else to put it. You may have 3 or 4 copies running in task manager
(system, network, user, and ?) If you use my tweaking tips HERE, you can rid yourself of a couple of them.

SWTrayV4.EXE: This is installed with the Microsoft SideWinder Version 4 Software. It takes between 4 MB and 5 MB of RAM.

System IDLE Process: This is a generic process that is used when no other program or process is requiring CPU resources. It is not a bad thing if it is using 99% of your CPU! This process is a 16 k loop that the CPU processes while it is not doing “anything” else. If you computer is called upon to do any other task than nothing, the idle process allows that to happen and the % used will decrease accordingly. You can not disable the idle process. If it is using 97% CPU, which only means that the other 3% is used by real programs. If your idle process is constantly at a low rate (for example, 3%) something else, an application or process is using the CPU.

taskmgr.exe: If you are looking at the processes running, this is the application that you are using to do it. “Windows Task Manager” is the full name. It uses about 3.2 MB of RAM, so take that into account when you are
tweaking your system.

TaskSwitch.exe: This is installed with PowerToys for XP. It uses 1.4 MB to 2 MB to display those cute icons when you hit Alt+tab. I can do without.

vptray.exe: This is the cute Norton AV Tray application that displays in your system tray. It uses about 2.9 MB just sitting there. You may recover SOME memory by making the icon go away, but it is STILL running in the background.

winlogon.exe: This takes care of login and logoff tasks. Really, you cannot get rid of this process. It is required as long as you are “logged in.” I have seen this process fluctuate between 1.2 MB to 8.5 MB on a system
that has been up for only an hour and 1.7 MB and 17 MB on a system that has been up for 40+ days.

wowexec.exe: This is as process that is fired off to help “translate” interrupts, etc for 16 bit applications. If you see this process running, you are doing just that, running old applications or a DOS/command line/console
window applications. Try and seek out “updated” software. :)