Friday, August 12

Info - dwm.exe



  • Desktop Window Manager (dwm.exe) is the compositing window manager that gives you all those pretty effects in Windows 7 : Transparent windows, live taskbar thumbnails (that you can resize now), responsible to display glossy and transparent graphics effects as 3D elements, live window thumbnail preview, aero glass preview and controls themes and icons.
  • Although in Windows 7 or Vista, 3D and transparency effects make the look nice and also differentiate this Windows OS than the previous versions of Windows OS's but the drawback of this feature is that it requires more memory space and high cpu utilization.
  • The genuine dwm.exe resides in C:\Windows\System32. (the drive may vary on your system). 
    The dwm.exe is a core Windows system file and its deletion is not recommended.


DIGG DEEP dwm.exe

  • What happens in Vista/7 is that applications write the picture of their window to a specific place in memory, and then Windows creates one “composite” view of all the windows on the screen before sending it to your monitor. 
  • Because Vista/7 is keeping track of the contents of each window, it can add effects when layering the windows such as the transparency we’re all used to, as well as the live preview thumbnails.
  • The benefit to using this approach is that Windows Vista can utilize the hardware acceleration features in your video card to create very smooth animations for minimizing and restoring, and even for the transparent effects.


CHECK MEMORY USAGE OF dwm.exe

  • Open TASK MANAGER & in "Processes tab" look for "dwm.exe". In the Red Mark check out how much memory is DWM taking.
  • The size of the DWM process is controlled by the number of windows that you have open, since each window requires a buffer in memory to store the contents of the window. 
  • If you have a large number of very large windows open, DWM will use more memory.

HOW TO TURN DOWN dwm.exe
  • It's Recommended not to turn down this process.
      •  
  • Open RUN & Type "services.msc". Look for "Desktop Windows Manager Session Manager".
  • In Left Panel, See "Stop Service". Click it & Stop.
  • To Stop this service Permanently, Double click on DWM, In "General", Search for "Startup Type". Click it & disable it Permanently.
If you want to use the command line instead, you can open an administrator mode command prompt and use one of these commands :
Stop Servicenet stop uxsms
Start Servicenet start uxsms
Disable Servicesc config uxsms start= disabled
Enable Servicesc config uxsms start= auto




Thursday, August 11

Info - wininit.exe




  • Wininit.exe is a core process that is present in each Windows session. Wininit.exe's job is to start some of the main Windows background services (programs) like Service Central Manager (SCM), the Local Security Authority Subsystem (LSASS) and the Local Session Manager (LSM.EXE).
  • Wininit.exe is a critical Windows background program that should never be stopped through the Task Manager system.
  • Wininit.exe is located within the System32 folder of the main Windows folder found on drive C\:. Wininit.exe has no visible user window, runs completely in the background of Windows and is able to log computer inputs as well as manipulate other programs.
  • "Wininit.exe Cannot Be Run from Within Windows." You will receive this message when your system is infected with a virus. Viruses Win32.Weird and Bymer are known Wininit.exe - related viruses.


THE wininit.ini FILE IN RELATION TO wininit.exe
  • The wininit.ini file is the information file processed by wininit.exe. This file contains destination paths and filenames for system .dll files and other files that controls Windows. 
  • If you have problems loading drivers and other Windows core processes, you may have to do a "System Restore" that will return your computer to a previous state with an older copy of Wininit.ini to be processed by Wininit.exe.
  • You can't able to see "wininit.exe" in TASK MANAGER directly. Click on "Show processes from all users" to see wininit.exe file running.

************************************************************************************************************************************************************************************************



Info - winlogon.exe




  • The winlogon.exe process works to manage the user’s login and logout activity on system. The window which appears and asks for username and password to perform login and the window which prompts with the options to logout, restart, or shutdown are because of winlogon.exe process.
  • winlogon.exe is the Windows NT login manager.
  • winlogon.exe location is “%SystemRoot%\System32\” or in simple words “C:\Windows\System32\”.
  • If you found more than one winlogon.exe is running in the task manager then one of winlogon.exe is virus. You must check the process location and if its different from the above specified one than you should kill the process and remove that file from its location as well.
  • You cannot delete C:\Program Files\Movie Maker\*.* or C:\Program Files\NetMeeting\*.* due to winlogon.exe. if some of these files be deleted, winlogon detects the deleting and restore that files.

  • YOU CAN'T ABLE TO END THIS PROCESS FROM TASK MANAGER & ITS PRIORITY LEVEL IS ALSO SET TO VERY HIGH.


************************************************************************************************************************************************************************************************




Info - explorer.exe


  • This is a Windows shell file. It starts up the GUI (Graphic User Interface) i.e. the taskbar, start menu, and your desktop.
  • This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on other applications.
  • However, if the path is C:\Explorer.exe, it's a virus.
  • There are two Shell in Windows one is CMD.exe and one is EXPLORER.exe
  • Windows uses HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and under this key a string defined Shell includes this file. If you remove this file name and put CMD.exe and when u restart your computer next time Winlogon will open only Command Prompt and you will not see Start Menu.
    • Sometimes People  turned this off when playing computer games - increases performace by 150%.
    • If you end this process via Task Manager you lose the file system in Windows (Windows Explorer, Task Bar, etc) and then you have to restart to get the functions back.
    • Open Firefox before ending the explorer.exe process. Now end the process. All icons on the desktop disappear, and you lose all function to browse your hard drive etc as explained before. Now instead of restarting, download a file to your desktop via Firefox, right click in the Downloads tool box (Ctrl + J if its not already open) and select Open Containing Folder.

    explorer.exe IN TASK MANAGER & WHAT HAPPENS WHEN IT WAS END PROCESSED
    • Open TASK MANAGER. In RUN Type "TASKMGR" & Search for "explorer.exe".
    • Above pic, you can see File & Folders on my Desktop, Windows 7 Taskbar menu & Offcourse "explorer.exe" running in TASK MANAGER.

    • When i end processed explorer.exe. You can see Above, Suddenly all files & Taskbar Disappers from Desktop. Neglect Sidebar Gadgets, Because they are not Handled By Windows.


    ******************************************************************************************************************************************************



    Wednesday, August 10

    Info - conhost.exe


    • The conhost.exe is a Console Window Host.
    • The conhost.exe process fixes a fundamental problem in the way previous versions of Windows handled console windows, which broke drag & drop in Vista.

    MORE TECHNICALLY DESCRIPTION
    • Conhost.exe is a process under Windows Vista and Windows  7 that handles the functioning of the cmd command with respect to the security protocols. Now with the advent of Windows Vista introduced in the market there were many significant changes made to the core Microsoft engine. 
    • Conhost.exe is one of such changes and it led to many alternate performances such as inappropriate drag and drop function to the Command prompt.
    • While it was first introduced under Vista so as to manage the security aspect of the console window, it led to some bugs and errors in the long run. But with every loophole being surfaced, Microsoft quickly decided to run this process under csrss.exe under Windows Seven. 
    • Now if you watch with process explorer you will find this process running under Csrss.exe whereas under Vista it was an independent process.


    conhost.exe IN TASK MANAGER
    • Open TASK MANAGER. Type in RUN "TASKMGR". Goto "Processes Tab" & Search for "csrss.exe".

    • Click on "Show Processes from all Users". This is Because, conhost.exe runs Under csrss.exe.

    • Now in the Next Screen You can find "conhost.exe".
    • conhost.exe is usually located in the %SYSTEM% folder and its usual size is 270,848 bytes.



    Conhost.exe MULTIPLE INSTANCES
    • If there are multiple instances of this process running under task manager, Do not panic as this is totally natural. This generally happens when the console host is unable to handle a particular request and it just tries again and again generating multiple instances. 
    • To overcome it just open the task manager, right click the conhost.exe process and select end process tree.


    SOME MORE IMPORTANT INFO conhost.exe
    • Essentially, there’s a problem with the way the console process works on previous versions of Windows—they are all hosted under the csrss.exe (Client Server Runtime Process) service. This process runs as a system-privileged account.
    • If you take a look at the command prompt on Windows XP, you’ll probably notice that the window doesn’t use the active theme at all. This is because the CSRSS process doesn’t have the ability to be themed.

    • If you take a look at the console in Windows Vista, it looks like it uses the same theme as everything else, but you’ll notice that the scrollbars are still using the old style (look closely). This is because the DWM (Desktop Window Manager) process handles drawing the title bars, but underneath it still works the same way, and the scrollbars are part of the window itself.
    • You might also notice that Windows Vista broke the ability to drag and drop files from Explorer straight into the command prompt. It just flat out doesn’t work, because of security issues between the CSRSS process running with a higher level of privileges.

    • Under Windows 7 the conhost.exe process is running underneath the csrss.exe process.
    • The conhost.exe process sitting in the middle between CSRSS and cmd.exe allows Windows 7 to fix both of the problems in previous versions of Windows not only do the scrollbars draw correctly, but you can actually drag and drop a file from Explorer straight into the command prompt.


    ************************************************************************************************************************************************************************************************


    Info - svchost.exe

    HORRIBLE  MICROSOFT  DEFINITON
     “svchost.exe is a generic host process name for services that run from dynamic-link libraries”


    WHY svchost.exe IS FORMED ?
    • Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for re-usability. 
    • But the problem is that you can’t launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.
    • Svchost.exe is a generic process name for Windows services that run from Microsoft DLLs (dynamically linked libraries). Each of those instances of svchost.exe in the process lists actually represents a group of services that each process is managing.

    WHY SO MANY svchost.exe's RUNNING ?
    • If you’ve ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows… so they are separated out.
    • Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. 

    • Another svchost.exe instance might run all the services related to the user interface, and so on. 
    • This grouping of services allows for better control and easier debugging.



    WHERE svchost.exe IS LOCATED ?
    • The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. 
    • Svchost.exe groups are identified in the following registry key : 
    HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost

    Each value under this key represents a separate Svchost group and appears as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group.




    SOME MORE INFO...
    • A problem tends to arise when one .dll can’t complete its task, which in turn bogs down the rest of the svchost programs. Unfortunately, the svchost.exe is used as a favourite access point for viruses and other malicious programs.
    • Additionally, if you are noticing very heavy CPU usage on a single svchost.exe instance you can restart the services running under that instance. 
      The biggest problem is identifying what services are being run on a particular svchost.exe instance.



    EXAMINE svchost.exe's IN TASK MANAGER & SERVICES RUNNING UNDER PARTICULAR svchost.exe INSTANCE

    • Press "Ctrl+alt+del" or Open RUN & Type "TASKMGR", to Open TASK MANAGER.
    • Click "Show processes from all users". Here you can see lots of "svchost.exe" Processes running.

    • Now to see What Services are running under any Instance of svchost.exe. Right Click on any "svchost.exe", Click "Go to Service(s)".

     

    • You can see this selected svchost.exe, is holding 3 services, Those are Highlighted.



    CHECKING FROM COMMAND LINE
    • If you want to see what services are being hosted by a particular svchost.exe instance, you can use the tasklist command from the command prompt in order to see the list of services.
    • TYPE : tasklist /SVC
    • The problem with using the command line method is that you don’t necessarily know what these cryptic names refer to.

    ********************************************************************************************************************************************************************************************************************************


    Sunday, August 7

    BackUp Your Browser - FavBackup


    • FavBackup is a simple solution for you to Backup & Restore web Browser Settings and other data on Windows 7/Vista/XP systems. No installation required.
    • FavBackup is still portable so all that you will need to do is place the exe file into an appropriate folder, create a shortcut, and you are ready to go.


    • The “Backup, Restore, Full Backup, & Full Restore Menus” are all identical as shown in the screenshot above, so the only ones shown here are those that are different. “The Convert Opera Profile Menu”…

    CREATING THE BACKUP
    • To get started select the “Backup Ribbon Menu” and choose the browser that you would like to backup.

    • Browse for the location where you would like to have the backup file placed. Since we were backing up a portable browser, we needed to browse for the appropriate “Profile Folder”. Once you have your profile located, click “Finish”.


    RESTORING THE BACKUP

    • To start the restoration process select the “Restore Ribbon Menu” and choose the appropriate browser. You will then need to browse to where you have the backup file located… FavBackup will automatically detect the file and display it as shown… Since we were restoring to a regularly installed browser no further “profile browsing” was required. Click “Next”.


    • Once the restore process has been completed all that is left to do is click “Finish”.

    SOME BASIC TRICKS & SHORTCUTS WHILE WORKING WITH FAVBACKUP
    • You can always use keyboard shortcuts to access your favorite software functions even faster.

    • Backup

    Ctrl + I – Internet Explorer
    Ctrl + F – Firefox
    Ctrl + C – Chrome
    Ctrl + O – Opera
    Ctrl + S – Safari
    Ctrl + L – Flock
    • Restore
    Alt + I – Internet Explorer
    Alt + F – Firefox
    Alt + C – Chrome
    Alt + O – Opera
    Alt + S – Safari
    Alt + L – Flock

    • Full Backup
    Shift + Ctrl + I – Internet Explorer
    Shift + Ctrl + F – Firefox
    Shift + Ctrl + C – Chrome
    Shift + Ctrl + O – Opera
    Shift + Ctrl + S – Safari
    Shift + Ctrl + L – Flock

    • Full Restore
    Shift + Alt + I – Internet Explorer
    Shift + Alt + F – Firefox
    Shift + Alt + C – Chrome
    Shift + Alt + O – Opera
    Shift + Alt + S – Safari
    Shift + Alt + L – Flock

    • Other
    Ctrl + U – Check for updates.
    • Microsoft Office Ribbon interface offers a way to access commands using Key Tips. Just press the Alt key to see the Key Tip bubbles pop up for each tab. For instance: pressing button B would open “Backup” tab.


    *************************************************************
    DOWNLOAD LINK FOR FAVBACKUP
    *************************************************************