Windows XP Pro Task List

As a home computer owner I am probably not alone in being beset occasionally with worries about my PC being crippled with virus infection. To ward off this peril, I have instigated some precautionary measures of my own which may be familiar to many but are nevertheless worth re-stating. They include:

(a) investing in some good anti-virus software; in my case this happens to be the McAffee product which has an annual subscription of about £25 to £30. However, free anti-virus software is also available from the Internet.
(b) avoiding unsafe web sites, - again here I rely on my McAffee anti-virus product to advise me as to which sites may be considered safe and which may not.
(c) regular anti-virus scans of the hard disk ("C:\" drive) using, as may be expected, the McAffee facility.

In addition to the above precautions, I have adopted the practice of carrying out regular checks on the processes that are running in the computer at any one time. The Windows facility that I use for these checks is the Task Manager. The Task Manager can be launched from the Windows Task Bar (here the Task Bar refers to the horizontal blue bar that is usually located at the bottom of the Windows screen display (or the Windows Desktop as it is known)). The required steps are as follows:

(a) Point the mouse at the Task bar -> Right Click
(b) In the pop-up window displayed, select "Task Manager" -> Right click
(c) The above actions will display the Task manager window
(d) In the Task Manager window, select the "Processes" tab
(e) The Task Manager window will now display all the processes running in the computer.


The process list displayed (shown here on the right) will usually contain a mix of processes in which some will be those that are common to all PCs running under Windows XP, while others will depend upon the particular set of user applications installed on the PC. In the process list described below, for example, the svchost.exe and winlogon.exe are standard Windows programs, whereas the ApacheMonitor.exe is a program that is specific to the Apache web server that happens to have been installed on my PC. Regular checks on the process list does not, of course, guarantee the ready detection of malicious programs or spyware running within the PC. Spyware and other malicious forms of software are well capable of disguising themselves as legitimate Windows programs. They may run, for example, under assumed program IDs that appear superficially to be those of Windows processes. Nevertheless, frequent checking of the process list leads to a good awareness of the normal process configuration of a PC, which in turn assists in detecting the presence of abnormal process activity.

The table below shows the Process List displayed on my PC (running under Windows XP Professional, SP3). Although this is specific to my PC, some of the processes, as explained above, may also be found in other PCs running under XP, and as such this list may be found informative.

Windows XP Pro Related Processes


Application Layer Gateway service found only on Windows XP/2003. ALG is used by Windows XP/2003 Firewall.


Windows XP CSRSS is the Client Server Runtime SubSystem. User applications require CSRSS to communicate with the operating systemís Kernel


Windows XP CSRSS is the Client Server Runtime SubSystem. User applications require CSRSS to communicate with the operating systemís Kernel


CTFMon comes with Microsoft Office XP and Windows XP Ė it activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar.


explorer.exe file is the process for Windows Explorer


The iexplore.exe is the executable file for Microsoft Internet Explorer


inetinfo.exe is a Microsoft system process. It is used primarily for debugging Microsoft Windows Server Internet Information Services


issch.exe is an update service relating to the InstallShield utility which keeps software up to date


lsass.exe is the Local Security Authentication Server. used for verification of user logons to the PC. It generates the process responsible for authenticating users for the Winlogon service.


MDM.exe, Machine Debug Manager, is installed with the Microsoft Script Editor to provide support for program debugging. The Microsoft Script Editor is included with Microsoft Office 2000, and can also be obtained from the Microsoft Web site. MDM is loaded when the computer starts and runs as a service.


mouse32a.exe is a process that belongs to the 'browsing mouse' facility and adds additional functions to the mouse.


This process belongs to the Windows Installer Component and is used to install new programs that use Windows Installer package files (MSI).


msmsgs.exe is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers.


This process belongs to Microsoft Works and provides an easy access icon to this suite's spreadsheet and word processing functions.


services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services.


This process is a part of the Microsoft Windows Operating System. It is called the Session Manager Subsystem and is responsible for handling sessions on your system.


The SndVol32.exe program controls the volume settings. It is the native audio volume and mixer control included in Windows.


The spoolsv.exe file is the Windows Print Spooler Service.It is the main component of the printing interfaces.


Svchost.exe is a Windows process. It checks the services part of the registry to construct a list of services that must be loaded. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services.


A Windows XP process. It is a collective name for all operating system kernel threads. Part of the Windows Operating System.

System Idle Process

Windows XP process. It runs on each CPU in the PC and its sole purpose is to total up the amount of time when the processor is not doing anything. In the Task List this process usually accounts for the majority of processor time.


This is the Windows XP Task Manager itself, -the very program used for the display of the Task List.


winlogon.exe is a process that belongs to the Windows login manager. It handles the login and logout procedures.


wkgdcach.exe is a Microsoft Works Font Cache, - part of Microsoft Works.


This process belongs to the Microsoft Works Word Processor.


The wmiprvse.exe process is a component of the Microsoft Windows operating system. It provides management information and control for the computer's operating environment. WMI refers to the Windows Management Instrumentation.


wuauclt.exe is the AutoUpdate Client of Windows Update and is used to check for available updates for MS Windows platforms.


wuaudt.exe is a part of the Microsoft Windows operating system. It deals with automatic updates for Windows.

Intel Chip-set Related Processes


hkcmd.exe is installed alongside Intel multimedia devices and allows configuration and diagnostic options for these devices. Used by Intel chipset graphics drivers.


igfxpers.exe is a process installed alongside NVidia graphics cards and provides additional configuration options for these devices. It is a part of the Intel Common User Interface Module.


igfxsrvc.exe is a process associated with Intel(R) Common User Interface from Intel Corporation. It is installed with graphic card drivers with Intel chipsets.


igfxsrvc.exe is a process associated with Intel(R) Common User Interface from Intel Corporation. It is installed with graphic card drivers with Intel chipsets.

Dell Computers Related Processes


The dlg.exe file comes along with Dell products and is included with all Connexant V.92 and other Broadcom modems. The process dlg.exe is mainly associated with the application called Digital Line Detect, which belongs to BVRP Software.


dsagnt.exe is a process belonging to Dell Support which offers additional support and update features for a Dell computer or laptop.


NetWaiting.exe is installed on Dell laptops with Windows XP Pro. It provides a facility to allow a user to suspend their internet (net) connection on the modem line while the line is used for a voice communication. At the end of the voice call, the net connections can be restored.


nicconfigsvc.exe is a process associated with the power management settings for network adapters on Dell systems.


This process belongs to Dell computers. It allows the user to access power management diagnostics and settings.


stsystra.exe is a process from Sigmatel. It is an audio device driver and part of the audio software that comes with Dell PCs.


wltray.exe is a process installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices.

McAfee Anti-virus Software Related Processes


This process belongs to McAfee Internet Security suite. It ensures that the virus information used by the host computer for anti-virus protection is up to date.


This process belongs to McAfee VirusScan which is designed to protect computers against Internet-bound threats such as spyware and trojans.


mcmscsvc.exe is a User Management Application from McAfee. It is a part of the McAfee Security Centre.


This process is associated with the McAfee Integrated Security Platform.


mcproxy.exe is a process associated with McAfee Proxy from McAfee.


This process is a core support module for the McAfee Site Advisor, which is McAfee's browser-integrated website safety rating service.


mcshield.exe" is the McAfee On-Access Antivirus Scanner.


This process is associated with the McAfee VirusScan API.


mpfsrv.exe is a process associated with McAfee Personal Firewall.

Various User Applications Related Processes


Part of AOL connectivity software. First found in version AOL 9.0 SE. Required for AOL connection to the Internet. AOL software is often pre-installed on some computers, - for example, those purchased from Dell.


Part of AOL software. The file is usually located at c:\program files\common files\AOL\.

AOLSP Scheduler.exe

aolsp scheduler.exe is a process belonging to the AOLSP Scheduler. It is a part of the anti-spyware protection software provided by AOL .


The aoltray.exe process provides a system tray icon that can be used to quickly connect to AOL internet service.


This process belongs to the Apache HTTP Server and provides a monitoring interface tool.


This process is a part of the Broadcom Corporation Wireless Network software.


Related to Sonic CD/DVD burning applications. Normally located in C:\WINDOWS\System32\DLA\DLACTRLW.EXE.


httpd.exe is a process associated with Apache HTTP Server from Apache Software Foundation.


jusched.exe is a part of the Java suite of programs and checks for Java updates (via the Internet).


This process belongs to the Corel Photo Album.


mysqld-nt.exe belongs to MySQL Daemon. It is a service that handles the access to MySQL databases.


The pbdatasecure.exe process belongs to Packard Bell Data Secure Utility.


qttask.exe is an Apple program. It installs a tray bar icon which links to the Apple QuickTime video streaming tool.


realplay.exe is the main process for Real Player which allows the playing of various video files such as MPEG and AVI.


syntpenh.exe is a process installed alongside the Synaptics touchpad for laptop computer touchpads.


the wltrysvc.exe process belongs to the Broadcom Corporation Wireless Network Tray Applet, which interacts with the computer's broadband hardware.

Return to Main Page

Document created by Neil Keskar ( 2/9/09