Windows processes. How to find and remove a virus process? Why are there many processes in the task manager? Replacing the motherboard
Many users are scared to death by rebooting their computer.
This process should be easy and user-independent, but sometimes it can take a minute or two or seem like an eternity.
This is a rather controversial topic, since much of what is known about booting a computer is a myth.
But still, the operating system should not boot longer than 90 seconds. If the user is forced to endure more, it is worth starting to take action.
Computer diagnostics
Very often the user becomes nervous for no reason.
Diagnosis takes a lot of time. Although the reason may lie in the most common things.
Tip: If you use your PC frequently, you can leave it on or set it to hibernate when you press the power button. In this case, there is no point in turning it off every time. Then the user gets rid of the need to deal with slow loading.
It's all about organizational skills and discipline. Take this example: very few software installations require regular reboots.
Some changes require a forced reboot while others simply “prompt” you to reboot now or later.
And let's be honest, sometimes users want to save time, which means they choose to reboot later... and sometimes that “later” happens much later.
And then several updates, patches and ignored reboot requests just pile on top of each other.
The system gets confused in the update order, and delays occur that are not visible to the eye of the average user.
After such a long-awaited reboot, the device takes some time to process all these changes. This is normal, but can still be annoying for most users.
Many do not even wait for this necessary download, and reboot the unfortunate device again. Then all updates are reset. This cannot be done.
Disable autostart programs
Programs that are loaded at startup remain active in memory.
Hence, they are one of the main reasons why Windows boots slowly. Disabling programs that the user is not using may work.
To manage startup programs, you can install a very interesting tool, Mike Lin’s Startup Control Panel.
With its help, the user can easily remove unused programs from the list of resident programs and startup programs.
Scandisk and Defrag program
Using Microsoft Scandisk and disk defragmentation, you can make sure that your hard drive is working without errors.
These programs are also necessary to ensure that data is stored in the most efficient way.
Even experienced users run both of these programs at least once every few months.
Yes, they take some time to use. But it’s better to spend it once than to painfully wait for the download every time.
Not enough free space on your hard drive
For a personal computer to perform optimally, it must have at least 250 MB of free hard disk space on which the operating system is installed.
If the amount of free space is less, overall performance and boot times may be significantly reduced.
The operating system itself takes up a lot of space, but in addition, additional space is used to temporarily store files needed during operation.
Determining free space on your hard drive.
In order to determine the availability of free space on your hard drive, you need to open “My Computer”.
In the window that opens there will be a column “Devices and disks”, then you need to right-click on Disk C. And select the “Properties” option from the drop-down menu.
The new screen will show the total volume, free volume and used space. It is necessary to check the data on Drive C, since the operating system is most often installed on it.
If there is not enough free space, you need to delete temporary files, clean the system of unused programs and recheck the free space.
Update Drivers and Windows
Custom, incorrectly installed, or outdated drivers can lead to a number of different conflicts.
It is necessary to regularly update operating system drivers, the Windows operating system itself, and also update the software used on the device.
This is the only way to ensure that software problems will not arise.
All of the problems listed above are not yet related to hardware faults. This is a completely different layer of problems.
Updating the operating system to a new version
Still running Windows 7? Upgrading to Windows 8 or 10 will seriously speed up boot times.
Not every operating system update will necessarily be faster, but the jump from 7 to 8 was huge.
How to update the Windows operating system.
In order to obtain the necessary operating system updates, you need to go to the Control Panel.
If the necessary updates are found, the system will offer to automatically install the latest updates.
The user can only wait for the installed updates and reboot the device.
Cleaning the registry
If the user has already followed all the previous recommendations from this list, but the long-awaited result has not yet arrived, you can clean the system registry. To do this, you can install any program from the Internet.
The process of cleaning the registry itself rarely depends on the user. Most programs work automatically.
Reinstalling Windows
Although this may require time and a free removable drive to save important files, it is one of the drastic solutions.
Additionally, the process itself can be a bit labor intensive, requiring you to completely erase all data and reinstall Windows.
This process will result in the user's computer operating the same way it did when it was new.
Equipment modernization
Improving the hardware
This is a hardware method to solve the problem. There are more financial costs here than time and moral ones.
Of course, this is one of the most effective ways to increase performance and reduce loading times.
You just need to call any company that deals with modernization or upgrades and order the appropriate service from them.
You can also upgrade your computer yourself by replacing outdated components with new ones.
Adding RAM
Installing additional memory (RAM) for your computer helps increase the overall speed of the computer, and in some cases can reduce boot times by several times.
If your unit runs on less than two gigabytes of RAM, you should think about upgrading or expanding it.
Adding an SSD
A solid state drive is the most effective way to improve overall system performance.
On desktop and laptop computers, you can move Windows from a regular hard drive to an SSD. This will significantly reduce loading times.
Solid state drives are faster, more reliable, more resilient, and more stable. At the moment, this is the best choice among hard drives.
Resetting BIOS Settings
When you first set up your computer in BIOS Setup, the administrator may have disabled some settings.
In order to check what is disabled there, you need to press the del key for a long time when starting the computer.
This is the most common key that motherboard manufacturers assign to enter BIOS Setup.
If it doesn’t work, you should look on the Internet to find out how to enter BIOS Setup by selecting a specific motherboard model.
Once in the BIOS, you can enable the “fast boot option” mode and move the hard drive to the first place in the boot priority list. You also need to turn off "Logo" when loading.
Thus, the computer will not waste time displaying a beautiful picture, but will spend all its energy launching the operating system.
Disable unused hardware
When any computer starts up for the first time, it loads a lot of drivers, even though some of them are not used.
You need to go to Device Manager from the Start menu search bar.
There you need to find everything that is not used on the computer, for example, Bluetooth and third-party controllers, modems, virtual Wi-Fi adapters and other hardware that is not in the system. Right-click on the entry you want to disable and click “disable.”
Don't forget to double-check that all other peripheral devices are still working. If the computer is part of a wireless network, virtual Wi-Fi adapters should remain enabled.
Antivirus software
This is considered to be an obvious fact, but it is still worth noting separately.
To keep your computer running fast, you need to install a good antivirus program, keep it up to date, and run regular scans.
This is more of a preventative measure than a real solution to the problem of long loading times. But very often it is viruses that cause the computer to take a long time to boot.
Plus, any antivirus program will ensure that your files remain intact.
Unused fonts
Since time immemorial, loading additional fonts at startup has slowed down system boot times.
This is less of a problem now than it used to be, but can still be frustrating.
Windows 7 loads more than 200 fonts at startup; even more if you have Microsoft Office installed.
Chances are you use very few of these fonts, so you may want to hide them to speed up the process.
In Windows 7, you need to open the Fonts folder from the Start menu search bar and check for all the fonts that you don't need. Next, click the “hide” button on the toolbar.
This way, if you want them, you can get them back, but Windows doesn't load them at startup.
Please note that by simply removing a few fonts you will not see a noticeable difference.
For the results to be noticeable, you need to get rid of several hundred unused fonts.
There is more of a patience factor here; when you can mark more than a hundred fonts, everything will not seem so funny. And you will understand why they slow down the loading of your operating system so much.
Replacing the motherboard
Changing the motherboard
This is one of the very drastic decisions, since it most often entails replacing the processor and RAM. But this will seriously reduce the computer boot time.
Sometimes the motherboard still works, but the hubs on it are already swollen. Which significantly reduces the speed of its operation. And only a specialized specialist can determine whether it can be repaired.
Again, these are not the only things you can do to reduce your computer's boot time, but they are some of the most well-known, reliable methods.
It is important to understand that by speeding up your computer's boot time, you want to achieve benefit, not harm.
Many users are interested in what processes can be disabled in Windows 7 task manager? It is impossible to answer unequivocally, since completely different processes can be running on different computers.
First, then go to the "processes" section. Their number will be displayed at the bottom of the window; check the option to display all user processes to see the full list.
In my case there are 134 of them, since I use a lot of software and services. At the same time, the PC works stably. Still depends on the system configuration. In your case, their number may be several times less.
All processes can be divided into:
- System - used to maintain the functionality of the OS and the stability of individual elements of Windows 7.
- User - launched under the user name (administrator).
In the “user” column you can determine which group the process belongs to. Not recommended end system processes in Windows 7 task manager, since this in most cases will lead to a crash and restart of the system.
Note: the system itself will not allow you to complete the most important processes or they will appear again.
Most user processes can and should be terminated. Mostly these are installed programs and their services, but there are exceptions. For example, when you exit explorer.exe, your taskbar and desktop shortcuts will disappear.
If you are not sure about completion, right-click on the process and select “file storage location” from the menu. If the file is located in the Windows directory, it is not recommended to touch it, with the exception of malicious programs. In all other cases you can complete the process.
List of processes that do not need to be terminated:
| Title (.exe) | description |
| explorer | Supports proper operation of the desktop and taskbar. |
| Taskhost | Host file |
| Conhost | Host Console Window |
| svchost | There are several of them running and they cannot be completed |
| taskmgr | When finished, the task manager will close. |
| msdtc | Distributed Transaction Coordinator |
| sppsvc | Microsoft Software Security Platform |
| smss | Windows Session Manager |
| csrss | Executes client-server |
| wininit | |
| winlogon | Login program |
| services | Windows Services Application |
| spoolsv | Print Spooler |
| lsass | Responsible for authorization of local users |
| lsm | Local Session Service |
| SearchIndexer | Search indexer |
| Title (.exe) | description |
| reader_sl | Speeds up launch of Adobe Reader |
| jqs | Java Quick Starter speeds up opening software that works with Java |
| Osa | Office Source Engine works with office |
| office | works with OpenOffice |
| AdobeARM | checks for updates to Adobe software |
| Juiced | checks for updates for Java |
| NeroCheck | Looks for drivers that may cause conflicts |
| Hkcmd | accompanies Intel hardware |
| atiptaxx or ati2evxx | Provides quick access to ATI graphics card settings |
| RAVCpl64 | Realtek Audio Manager - audio manager, everything will work without it |
| Nwiz | Related to NVIDIA NView feature |
| CCC | Catalyst Control Center belongs to ATI, designed for gamers |
| winampa | Winamp player process |
| OSPPSVC | Office software protection platform 2010 |
| Sidebar | You will find it if |
| wmpnetwk | Organizes search for Windows Media Player |
In Task Manager, left-click on the process and click " end the process" Then click on the button with the same name when the warning appears.
With these actions you will end the processes within the current Windows 7 session. When you reboot or next start, some killed processes will be launched again, so to permanently shutdown, do the following:
- or remove it from startup.
- Stop (recommended) or (for experienced).
Now you know what processes can be terminated in Windows 7 task manager. After all, each of them eats up a certain amount of resources, loading the system. With the right approach, you can clean out unused or harmful elements, increasing PC performance.
16.04.2014 Frank 7 comments
If we talk about standard controls, then the task manager is an almost irreplaceable application in Windows 7 or Windows 8.
There is a more functional alternative to it. This is a free utility called System Explorer. Her possibilities are much wider.
If you suddenly notice that there are too many unnecessary processes in your task manager, then be sure to download and install.
Why? Extra ones can create viruses, but how will you know whether it is a system one or an unnecessary one - created by a virus (viruses are very often disguised as system applications).
So in “System Explorer”, you have the opportunity to immediately determine what kind of process it is - with just one click.
What creates extra processes in the task manager
Unnecessary processes take up RAM from a computer or laptop, which immediately affects performance (sometimes leading to freezing), this is especially noticeable when playing games.
A large number of unnecessary processes are created by incorrectly configured “startup” - it is the main culprit.
To put it in order, click and below (in the search bar) insert the word - msconfig.
The msconfig.exe application will appear at the very top. Launch it, go to the “startup” tab and uncheck the boxes next to programs that you do not constantly need - this way you will get rid of unnecessary processes.
Of course, we will never get rid of them all; many are constantly needed. For example, launching the Chrome browser immediately creates seven - chrome.exe.
How to get rid of all unnecessary processes in the task manager in one fell swoop
If you are a game lover, then in order not to fumble around in the task manager, download and install the free program.
Having the program, you just need to make one click and in a few seconds all unnecessary processes will be disabled.
That's all. There is a lot more that can be written, but I think the main why and how regarding applications in the device manager has been covered. Good luck.
7 thoughts on “Why there are many processes in the task manager”
Thank you very much, this is a good start. Some things have to be done from scratch.
Answer
Answer
OK, thank you
Answer
In the task manager, I check the box “display processes of all users” and I have twice as many processes, although there is only one user on this computer.
Many, after reading the title, will smile: what’s so complicated about it? However, think about it: what happens to the PC after you press the Power button? This question is rarely asked by both beginners and experienced users. The author also had to ask computer specialists, but there were few comprehensive answers. However, when your computer crashes or fails, knowing the basics of the boot process can often help you detect or quickly isolate the problem.To make the presentation more specific, we will consider the process of booting a computer equipped with a motherboard on which BIOS AWARD and an Intel-compatible microprocessor are installed, and Windows 98 as the OS.
After pressing the Power button, the power supply performs a self-test. If all voltages correspond to the nominal ones, after 0.1...0.5 s the power supply sends the PowerGood signal to the motherboard, and a special trigger that generates the RESET signal, having received it, removes the reset signal from the corresponding input of the microprocessor. It should be remembered that the RESET signal sets the segment registers and the instruction pointer to the following states (bits not used in real mode are not indicated): CS = FFFFh; IP = 0; DS = SS = ES = 0 and resets all control register bits and also clears the arithmetic logic unit registers. During the RESET signal, all tristable buffer circuits go into a high-impedance state. From the moment this signal is removed, the microprocessor begins to operate in real mode and, within approximately 7 synchronization cycles, begins executing the instruction read from the ROM BIOS at address FFFF:0000. The size of the BIOS ROM area from this address to the end is 16 bytes, and a command to switch to the actual executable BIOS code is written in it at the specified address. At this point, the processor cannot execute any other sequence of commands, since it simply does not exist anywhere in any memory area except the BIOS. By sequentially executing the commands of this code, the processor implements the POST (Power-On Self Test) function. At this stage, the processor, memory and system input/output are tested, and the software-controlled hardware of the motherboard is configured. Some of the configuration is carried out unambiguously, the other part can be determined by the position of jumpers (jumpers or switches) on the motherboard, but a number of parameters can (and sometimes are necessary) be set by the user. For these purposes, the Setup utility built into the BIOS code is used. Configuration parameters set using this utility are stored in non-volatile memory powered by a miniature battery located on the motherboard. Some of them are always stored in traditional CMOS Memory, combined with an RTC (Real Time Clock) clock and calendar. The other part (depending on the manufacturer) can also be placed in non-volatile (for example, flash) memory (NVRAM). In addition to this portion of statically determined parameters, there is an area of non-volatile ESCD memory to support dynamic configuration of the Plug and Play system, which can be automatically updated every time the computer is rebooted.
The BIOS Setup utility has an interface in the form of menus or separate windows, sometimes even with mouse support. To enter Setup during POST, you are prompted to press the DEL key. In other types of BIOS (unlike the one indicated above), the key combination Ctrl+Alt+Esc, Ctrl+Esc, the Esc key can be used for this, there are other options (for example, press the F12 key in those seconds when in the upper right corner of the screen a rectangle is visible). Recently, BIOS versions have appeared in which Setup is entered by pressing the F2 key, but more often the F1 or F2 keys are used to call the Setup menu if POST detects a hardware error that can be resolved by changing the initial settings. For some BIOSes, holding down the INS key during POST allows you to set the settings to default, overriding all "boosters". This can be convenient for restoring the computer's functionality after attempts to overclock it unsuccessfully. The selected settings are saved when you exit Setup (at the user's discretion) and take effect from the next time POST is executed.
When each subroutine is executed, POST writes its signature (code) to the diagnostic register. This register must be physically located on a special diagnostic board (signature analyzer, or so-called POST card), installed in the system bus slot when analyzing a fault. Such POST cards come in two versions: for ISA and PCI buses. This board must be equipped with a two-digit seven-segment indicator that displays the contents of the diagnostic register. It is also possible to have a binary address indicator. In the I/O space, the register occupies one address, depending on the PC architecture (BIOS version). For example, for ISA, EISA - 80h; ISA Compaq - 84h; ISA-PS/2 - 90h; for some EISA models - 300h; MCA-PS/2 - 680h. Having such a signature analyzer available, based on the displayed codes, you can determine at what stage the POST stopped. Knowing the specific signature table for each BIOS version, it is easy to determine the malfunction of the motherboard.
Let us list, in order of execution, the main POST tests for BIOS AWARD V4.51 and their signatures displayed by the POST card on the diagnostic register indicator. It should be noted that not all of the codes listed below are visible on the indicator during normal computer startup: some are displayed only if POST stops. This happens because many POST routines execute so quickly that the human eye is unable to follow the indicated state of the diagnostic register, and some codes appear only when a malfunction is detected. For the specified BIOS version, the first executable signature in the POST sequence is C0:
C0 - the registers of the Host Bridge chip are programmed to set the following modes:
Internal and External Cache, as well as operations with cache memory are prohibited;
before the ban, the Internal Cache is cleared;
Shadow RAM is disabled, causing cycles to access the System BIOS location addresses directly to the ROM. This procedure must be specific to the specific chipset;
C1 - using successive write/read cycles, the memory type, total volume and row placement are determined. And in accordance with the information received, the DRAM controller is configured. At this point, the processor must be switched to Protected Mode.
C3 - the first 256 KB of memory are checked, which will later be used as a transit buffer, and the System BIOS is also unpacked and copied into DRAM.
C6 - the presence, type and parameters of External Cache are determined using a special algorithm.
CF - the processor type is determined, and the result is placed in CMOS. If for some reason the determination of the processor type fails, such an error becomes fatal, and the system, and therefore the POST execution, stops.
05 - the keyboard controller is being checked and initialized, but at the moment receiving codes of pressed keys is not yet possible.
07 - the functioning of the CMOS and the supply voltage of its battery are checked. If a power failure is detected, the POST does not stop, but the BIOS remembers this fact. A CMOS check/read error is considered fatal and POST stops at code O7.
BE - the Host Bridge and PIIX configuration registers are programmed with values taken from the BIOS.
0A - a table of interrupt vectors is generated, and the initial setup of the power management subsystem is performed.
0B - checksum of the block of CMOS cells is checked, and also, if the BIOS supports PnP, scans ISA PnP devices and initializes their parameters. For PCI devices, the main (standard) fields are set in the configuration register block.
0C - the BIOS variable block is initialized.
0D/0E - the presence of a video adapter is determined by checking for the presence of the 55AA signature at the Video BIOS start address (C0000:0000h). If Video BIOS is detected and its checksum is correct, the video adapter initialization procedure is enabled. From this moment on, the image appears on the monitor screen, the video adapter's splash screen is displayed, and the keyboard is initialized. Next, during POST, the DMA controller and interrupt controller are tested.
30/31 - the volume of Base Memory and External Memory is determined, and from this moment the RAM test displayed on the screen begins.
3D - PS/2 mouse is initialized.
41 - the floppy disk subsystem is being initialized.
42 - the hard drive controller is being soft reset. If AUTO mode is specified in Setup, IDE devices are detected, otherwise device parameters are taken from CMOS. Interrupts IRQ14 and IRQ15 are unmasked according to the system configuration.
45 - the FPU coprocessor is initialized.
4E - USB keyboard is configured. At this stage, it becomes possible to enter CMOS Setup by pressing the DEL key.
4F - you are prompted to enter a password, if provided for by the CMOS Setup settings.
52 - additional BIOS ROMs are searched and initialized, and each of the PCI interrupt request lines is mapped.
60 - if this mode is enabled in Setup, BOOT Sector anti-virus protection is installed.
62 - automatic transition to winter or summer time is carried out, the NumLock state and auto-repeat mode are configured for the keyboard.
63 - ESCD blocks are adjusted (only for PNP BIOS) and RAM is cleared.
B0 - this state is written to the signature analyzer register only in case of errors, for example, during the Extended Memory test. If there are no failures when running in Protected Mode, then POST does not include this branch. If there are page faults and other exceptions, control will be transferred to this procedure, it will output the code B0 to port 80(84)h and stop.
FF - the last stage at which the results of testing are summed up - successful initialization of the computer hardware is accompanied by a single sound signal, after which control is transferred to the BOOT sector loader.
The boot disk search order on x86 computers (FDD, IDE and SCSI hard drives, CD-ROM devices) is determined by the BIOS. Modern BIOSes allow you to reconfigure this order, called the boot sequence. If drive A: is included first in the boot sequence and contains a floppy disk, the BIOS will try to use this floppy disk as a boot disk. If there is no floppy disk in the drive, the BIOS checks the first hard drive, which has already been initialized by this time, and executes the INT19h command. The INT19h interrupt processing procedure to load the BOOT sector must read the sector with coordinates Cylinder:0 Head:0 Sector:1 and place it at address 0000:7С00h, after which it checks whether the disk is bootable. The MBR (Master Boot Record) sector on the hard disk is located at the same physical address as the BOOT sector on the floppy disk (cylinder 0, side 0, sector 1).
If the boot sector is not detected during the scan, i.e. The last two bytes of this sector (its signature) are not equal to 55AAh, the INT18h interrupt is called. In this case, a warning message appears on the screen, depending on the computer BIOS manufacturer.
The MBR sector is written to the hard disk by the FDISK program, so if the HDD was formatted at a low level, all its sectors contain zeros and, naturally, the first sector cannot contain the necessary signature. It follows that error messages will be issued if the disk was not partitioned (logical drives). The master boot record is usually independent of the operating system (on Intel platforms it is used to start any of the operating systems). The code contained in the master boot record scans the partition table for the active system partition. If no active partition is found in the partition table, or if at least one partition contains an incorrect label, or if multiple partitions are marked as active, an appropriate error message is displayed.
The master boot record code determines the location of the boot (active) partition by reading the partition table located at the end of the MBR. If an active partition is found, its boot sector is read and determined whether it is truly bootable. The read attempt can be made up to five times, otherwise an error message is issued and the system stops. If a boot sector is found, Master Boot Record passes control to the boot sector code on the active (boot) partition, which contains the boot program and disk parameter table. The partition's boot sector scans the BIOS parameter block for the location of the root directory, and then copies the system file IO.SYS (which is essentially part of DOS and includes the functions of the MSDOS.SYS file from the previous version of DOS) into memory and transfers him control. IO.SYS loads some device drivers and performs a number of boot-related operations. IO.SYS first reads the MSDOS.SYS file. It must be remembered that this file is not similar to files of the same name from previous versions of DOS. In Windows 98, MSDOS.SYS is a text file containing startup procedure options. The LOGO.SYS (startup screen) file is then loaded and displayed.
At the next stage, IO.SYS reads information from the system registry and also executes the CONFIG.SYS and AUTOEXEC.BAT files (if they exist in the root directory). At the same time, device drivers operating in the real processor operating mode are loaded, and some system settings are performed. The following is a partial list of possible drivers and programs loaded at this stage.
DBLSPACE.BIN or DRVSPACE.BIN. Disk compression driver.
HIMEM.SYS. Upper memory administrator in real processor mode.
IFSHLP.SYS. Provides assistance when loading VFAT and other file systems that support Windows 98.
SETVER.EXE. A utility that replaces the operating system version number. There are programs that target earlier versions of operating systems and refuse to function under Windows 98. Thanks to SETVER.EXE, such a program returns exactly the DOS version number that suits it.
DOS=HIGH. Loads DOS into the HMA memory area. If in the CONFIG. SYS contains instructions to load the EMM386.EXE mapped memory manager and adds the UMB parameter to this line to allow EMM386.EXE to use the top memory.
You need to remember that IO.SYS does not automatically load the EMM386.EXE administrator. Therefore, if you plan to use it, you must insert the line DEVICE=EMM386.EXE into the CONFIG.SYS file.
FILES=30. This line specifies the number of file descriptors to create. Windows 98 does not use this option; it is included for compatibility with previous versions of programs.
LASTDRIVE=Z. This is where the last letter for logical drives is determined. This option is also included for backward compatibility and is not used by Windows 98.
BUFFER=30. Specifies the number of file buffers to create. File buffers are used by applications when calling I/O routines from the IO.SYS file.
STACKS=9.256. This entry determines the number of stack frames and the size of each frame.
FCBS=4. This command specifies the number of file control blocks. The last two options are for backwards compatibility only.
The last step is to download and run the WIN.COM file. It accesses the VMM32.VXD file. If the computer has enough RAM installed, then this file is loaded into memory, otherwise this file is accessed on the hard drive, which naturally increases the loading time. The real mode driver loader compares copies of virtual device drivers (VxD) in the Windows/System/VMM32 folder and the VMM32.VXD file. If a virtual device driver exists in both a folder and a file, a copy of the virtual driver is "marked" in the VMM32.VXD file as unbootable. Virtual device drivers not loaded using the VMM32.VXD file are loaded from the SYSTEM.INI file section of the Windows folder. During this process, the real-mode virtual device driver loader continually checks that all required virtual device drivers are loaded correctly, and if it encounters an error loading the required driver, it tries again. Once loaded, the real mode virtual device drivers are initialized, then the VMM32.VXD file switches the processor to protected mode and the process of initializing the virtual device drivers according to their InitDevice parameter begins. The OS boot procedure ends with loading the KRNL32.DLL, GDI.EXE, USER.EXE and EXPLORER.EXE files. If the computer is connected to the network, the network environment loads. The user is prompted to enter a name and password to log into the network. Then the configuration with default settings is loaded from the system registry. At the last phase of loading the operating system, the contents of the Startup folder are processed and the programs specified in it are launched. After this, the OS is ready to work.
There are several standard ways to modify the startup procedure described above:
When executing POST, at the stage of checking memory and initializing boot devices, press the DEL keyboard button to enter the Setup program;
Insert a boot disk (for example, a Windows 98 rescue disk) before finishing the hardware test;
Make corrections to the CONFIG.SYS file;
Edit the AUTOEXEC.BAT file.
In addition to these, Windows 98 provides a number of less obvious methods for performing the same task:
After completing the hardware test, use the F8 key to call the Startup menu;
Edit the system startup instructions in the MSDOS.SYS file;
Use one of the listed methods to “stop” in DOS mode, and then start Windows from the command line with a set of necessary keys;
Change the contents of the Startup folder. Based on site materials
You can view a list of all programs running on your computer using Windows Task Manager. To do this, press the key combination on your keyboard. You will see a list of processes, and the question will immediately arise: why is each specific process in this list needed? Let's figure out what it is processes and how they can be managed.
Processes– this is everything that happens at a given moment in time in the system. IN Task Manager The “Processes” tab displays all currently running programs. Processes can be “spawned” either by the user or the system. System processes start when Windows boots; user processes are programs launched by the computer user himself or launched on his behalf. All system processes run as LOCAL SERVICE, NETWORK SERVICE or SYSTEM(this information is available in the Task Manager in the “Username” column).
The task manager only allows you to view a list of processes and terminate their work. To do this, select the process name in the list and click the “End Process” button. 
This means the program that owns the process is terminated. However, it is not possible to view information about a particular process in the Task Manager.
To manage Windows processes, I would recommend using a more powerful utility called . This is an excellent free program that also does not require installation. Download it, then run the file from the folder and select the “Processes” tab at the top. 
shows all processes in real time, providing comprehensive information on each of them. By right-clicking on the process of interest to us and selecting “File Properties”, we can find out the software module manufacturer, version, attributes and other information. The process context menu also allows you to go to the program folder, end the process, or find information about it on the Internet.
How to get rid of viruses on your computer using Starter?
Very often, viruses and other malicious programs are disguised as various processes. Therefore, if you notice that something is wrong with your computer, run an antivirus scan. If this does not help or your antivirus refuses to start at all, open Task Manager and view all running processes.
Pay special attention to a process if it is running as a user and is consuming too many resources (the “CPU” and “Memory” columns). If you find an obviously suspicious process in the list, end it and see how your system works after that. If you are in doubt or don’t know which program the running process belongs to, it’s better to go to Google or Yandex, enter the name of the process in the search bar and find information about it.
The Task Manager built into Windows, of course, allows you to disable processes, but, unfortunately, it provides very little information about them, and therefore it is quite difficult to understand whether a process is viral. The Starter program is much more useful in this regard.
So, to find and remove a virus process from your computer, do the following::
1. Launch the program and go to the “Processes” tab.
2. We find a process that makes us suspicious. Right-click on it and select “File Properties”. For example, I chose the file svchost.exe. In the window that opens look at the manufacturing company of this application: 
The fact is that practically any process is signed by its developer. But virus applications are usually not signed.
In my case the file svchost.exe signed by the company Microsoft Corporation and therefore we can trust him.
3. If the selected process turns out to be not signed by anyone or signed by some strange company, then again right-click on the name of this process and select “Search on the Internet” - “Google” (the Internet on the computer must be connected).
4. If the sites suggested by Google confirm that this process is a virus, then you need to go to the folder of this process (to do this, in Starter, in the context menu, select the item “Explorer to process folder”). Then, after completing the process, delete the file here this process.
If you still doubt whether it is a virus or not (perhaps you were unable to look up information about it on Google due to the lack of Internet), then you can simply change the extension of this file (for example, from .exe to .txt) and move it to another folder .
That's all. Today we learned what Windows processes are and what utilities can be used to manage them. In addition, we now know how to get rid of viruses masquerading as various processes.