Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	Live Messanger	wllmsngr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
?	live rdr	loadloud.exe	"??"
X	Live update monitor	srvany32.exe	"Added by the AGOBOT.AFM WORM!"
X	Live Windows Messenger Version	msnmessage7.7.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Live Windows Messenger Version	msnmsngrlive.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Live-Help	lmns.exe	"Added by the RBOT-GHE WORM!"
X	Live-Messenger.exe	Live-Messenger.exe	"Detected by Symantec as the SILLYP2P WORM! See here"
N	LiveMonitor	LMonitor.exe	MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
N	LiveNote	Livenote.exe	Asus graphics card driver live update feature
X	LiveSexCams	LiveSexCams.exe	Premium rate adult content dialler
U	LiveUpdate	LiveUpdate.exe	"Web-update utility as used by various types of software - see here"
X	LiveUpdate	[Windows username]05.exe	"Added by the LINEAGE TROJAN!"
X	LiveUpdate	smss.exe	"Added by the VB.BAU TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""isas"" subfolder of the Winnt or Windows folder"
N	LiveUpdate	Copyer.exe	"Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example"
X	LiveUpdate32	services.exe	"Added by the VB.BAU TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""isas"" subfolder of the Winnt or Windows folder"
X	Livre	Dibane.bat	"Added by the BANEDI VIRUS!"
X	Ljx	rundll32.exe	"Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the ""inf"" sub-folder"
X	lk3h1	[path to file]	"Added by the MOSUCK-G TROJAN!"
?	LLMODCL2	rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF	"??"
N	LM Status	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
X	LMA Manager	lmamanager.exe	"Added by the TILEBOT-AD WORM!"
U	LManager	QtZgAcer.EXE	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
U	LManager	QtZpAcer.exe	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
U	LManager	HotkeyApp.exe	Programmable keys on Acer Fujitsu and other laptops
U	LManager	QtaET2S.EXE	Acer Launch Manager - on Acer laptops provides configurability for the special keys on their range of multimedia keyboards
U	LManager	CPLBCL53.EXE	System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations
X	lMAPl	lMAPl.exe	"Added by the AGOBOT-RE WORM!"
U	LMgrOSD	OSDCtrl.exe	OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound brightness contrast horizontal and vertical positions phase pixel clock color and language
N	LMonitor	LMonitor.exe	MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
?	lmpdpsrv	lmpdpsrv.exe	"Related to a Lexmark printer/scanner. Printer sharing server? Is it required?"
X	lmrt	lmrt.exe	Unidentified adware
N	LMSTATUS	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
Y	LMSXXD	LMSXXD.exe	Driver for Xerox XD series printer/copiers
X	lmu	LMU.exe	"Detected by Kaspersky as the AGENT.BG TROJAN!"
X	lnternet Explorer	AMSNDMGR.EXE	"Added by the KWBOT.R WORM! Note that the ""l"" is a lower case ""L"" and not an upper case ""I"""
X	lnternet Update	lExplore.exe	"Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
X	lnwin.exe	lnwin.exe	"Added by the DLOADR-ATC TROJAN!"
X	load	mdm.exe	"Added by the BINGHE TROJAN! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is always located in %ProgramFiles%\Microsoft Shared. This one is located in %System%"
X	load	msgsr32.exe	"Added by the SDBOT-QR WORM!"
X	load	[path to worm]	"Added by the KELVIR.AI WORM!"
X	Load	MyGame.exe	"Added by the LAMEYEAR-A WORM!"
X	load	_Kerne1.exe	"Added by the LINEAGE-AN TROJAN!"
X	load	Internat.exe	"Added by the WOWCRAFT TROJAN!"
X	load	rundll32.exe	"Added by the WOWCRAFT TROJAN!"
X	load	svhost32.exe	"Added by the WOWCRAFT TROJAN!"
X	load	svchsot.exe	"Added by the GWGHOST-O TROJAN!"
X	load	explorer.exe	"Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	load	Kerne121.exe	"Added by the LINEAGE-ON TROJAN!"
X	load	Kerne1211.exe	"Added by the LINEAGE-DY TROJAN!"
X	load	rundl132.exe	"Added by the LOOKED-CK WORM!"
X	load	ctftpscr32.exe	"Added by the AGENT-FPN TROJAN!"
X	Load	win32.exe	"Added by the RUBBLE-A WORM!"
X	load	QQ.exe	"Added by the QUADRULE.A WORM! Note - this is not the Tencent QQ Asian instant messanger program which is located in %Windir%"
X	Load Service	SvHost.exe	"Added by the PESIN-D WORM!"
U	LOAD WB	LOADWB.EXE	"Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars buttons toolbars and much more". If you use it - keep it if not then uninstall it"
X	Load-Guard	Wscript.exe LGuarg.exe.vbs	"Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""LGuarg.exe.vbs"" file is located in the Winnt or Windows folder"
X	LOAD32	Lorena.exe	"Added by the MAPSON.C WORM!"
X	load32	load32.exe	"Added by the NIBU BAMBO TROJANS and DUMARU WORM!"
X	load32	l32x.exe	"Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!"
X	load32	1111a.exe	"Added by the DUMARU.AH WORM!"
X	load32	swchost.exe	"Added by the TURTA.A WORM!"
X	load32	netda.exe	"Added by the NIBU.E TROJAN!"
X	load32	winldra.exe	"Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger"
N	load=	adw30.exe	After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
U	load=	asistat.exe	Status monitor for an NEC SuperScript printer
?	load=	cfgsys32.exe	"??"
U	load=	esspk.exe	"Speakerphone capability through a soundcard for an ESS modem"
Y	load=	hotkey.exe	Solo 5300 display driver for Win2K on some Gateway laptops
N	load=	HPWHRC.EXE	Loads the Status Window software for the HP Laserjet printers
?	load=	WPSLOAD.EXE	"Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk"
N	load=	vi_grm.exe	Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
?	load=	WINOSCFG.EXE	"Could it be something to do with configuring Windows on a new PC from an OEM supplier?"
Y	load=	wpshrc.exe	Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)
Y	load=	Bfrecv.exe	Bitware modem driver
X	load=	msater.exe	"Added by the RETSAM TROJAN!"
X	load=	shambl3r.exe	"Added by the REMABL WORM!"
X	load=	Spoolsv.exe	"Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
?	Load=	wtfeat.exe	"Associated with the Wintab Digitizer"
Y	load=	AICLIENT.EXE	"Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system"
X	load=	hint.exe	"Added by the ATAK WORM!"
X	load=	win32exec.exe	"Added by the BITTER WORM!"
X	load=	a1g.exe	"Added by the ATAK.B WORM!"
X	load=	dapdll.exe	"Added by the ATAK.E WORM!"
X	load=	svhost32.exe	"Added by the LINEAGE-AB TROJAN!"
Y	load=	01comm32.exe	"Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions plus a terminal program a WWW-browser launch function Internet telephony and address management. Required if you use those"
X	load=	inetinfo.exe	"Added by the PROXY-GG TROJAN!"
X	load=	Kerne14.exe	"Added by the LINEAGE-BA TROJAN!"
X	Loadab1	explorer.exe	"Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
Y	LoadBlackD	blackd.exe	"This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)"
U	LoadBtnHnd	BtnHnd.exe	Fujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock input
X	LoadDBackUp	BcTool.exe	"Added by the GIBE WORM!"
X	loaddll	loaddll.exe	"Winvest spyware"
Y	LoadDvpApi9x	DVPAPI9X.exe	Command AntiVirus for Windows 95/98/Me
X	loader	loader.exe	Homepage hijacker redirecting to coolwwwsearch.com. Downloader for iedll.exe
X	loader	WMPLAYER.EXE	Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
X	loader32	sys***.exe [*** = random digit]	"Added by the DOMCOM TROJAN!"
X	loader32	Loader32.exe	Added by an unidentified TROJAN!
X	Loaders	HeIp.exe	"Added by the SDBOT-ADB WORM!"
X	loadfax	loadfax.exe	"Added by the WINFLUX-C TROJAN!"
X	LoadFonts	LoadFonts.vbs	Homepage hijacker that changes your homepage to an adult content site
X	LoadFonts	Tahoma.vbs	Homepage hijacker that changes your homepage to an adult content site
U	LoadFujitsuQuickTouch	QuickTouch.exe	Maps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions
X	LoadGolfCourses	LoadGolfCourses.exe	PlayMiniGolf.com foistware - stealth installed!
X	LoadHTML	rundll32.exe mshtmpre.dll MShtmpre	"Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mshtmpre.dll"" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	LoadingAgent	ZipLoader32.exe	"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
X	LoadingAgent	msload32.exe	"Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
X	LoadManager	msload.exe	"Added by the OPASERV.T WORM!"
X	loadMecq0	explorer.exe	"Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
X	loadMecq3	rundll32.exe	"Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Root folder (C:) (D:) etc"
X	loadMect1	explorer.exe	"Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
X	loadMefs	rundll32.exe	"Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Windowsinf or Winntinf folder"
X	loadMefs	smss32.exe	"Added by the FLOOD-EL TROJAN!"
N	LoadMSvcmm	msvcmm32.exe	"Auto-update for Movielink - internet movie rental System Tray access"
X	LoadOrderVerification	[random filename]	"Added by the TRON.A TROJAN!"
U	Loadout Manager	nost_LM.exe	"Manager for the Belkin Nostromo n50 SpeedPad game controller - see here"
X	LoadPFW	wmimgr.exe	"Added by the QEDS-B WORM!"
X	LoadPowerProfile	ASDAPI.EXE	"Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll"
U	LoadPowerProfile	Rundll32.exe powrprof.dll	"Power management specifics such as monitor shut-off system standby etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings"
X	LoadPowerProfile	Rundll.exe powerprof.dll	"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
X	LoadPowerProfile	rundl.exe	"Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll"
X	LoadPowerProfile	Rundll32.exe	"Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has ""powrprof.dll"" appended to the command/data line"
X	LoadPowerScheme	rundll32.exe powerprof.dll CheckPowerProfile	"Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
U	LoadQM	loadqm.exe	"Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the ""users choice"" recommendation. If you have problems leave it otherwise I recommend you disable it"
X	loads.exe	loads.exe	"MediaMotor adware"
X	loads.exe	medload.exe	"Medload adware"
X	loads.exe	suploads.exe	"Added by the AGENT-BZ TROJAN!"
X	LoadService	Rest In Peace	"Added by the KANGAROO-A WORM!"
X	LoadService	Maaf tempatmu bukan di sin	"Added by the KAGEN-A TROJAN!"
X	LoadService	Virus	"Added by the CAGER.A WORM!"
X	LoadSIPS	rundll32.exe SIPSPI32.dll SIPSPI32	"123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""SIPSPI32.dll"" file is found in the System folder"
?	LoadWatcher	Test.exe	"Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?"
X	LoadWatcher	watcher.exe	"Watcher spyware"
X	loadwin	winset.exe	"Added by the QQPASS-I TROJAN!"
X	loadwin	winsys.exe	"Added by the QQPASS-J TROJAN!"
X	LoadWindowsFile	Kernel32.exe	"Added by the DELF.B TROJAN!"
X	LoadWindowsFile	winreg.exe	"Added by the HUPIGON.A BACKDOOR!"
X	Local Area Network	OpenGL.exe	"Added by a variant of the RBOT WORM!"
X	Local Authority Service	lsass.exe	"Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Local Internet Connection	LIC.exe	"Added by the SDBOT-YA WORM!"
X	LOCAL INTERNET WEB DRIVERS FOR WIN32	phqghume.exe	"Added by a variant of the RBOT WORM!"
X	Local Page	http://find.naupoint.com	"Naupoint browser hijacker"
X	Local runole service	srvc32.exe	"Added by the SMALL-DP TROJAN!"
X	Local Security Authority Servce	lssas.exe	"Added by the POEBOT-T WORM!"
X	Local Security Authority Service	lssas.exe	"Added by the POEBOT-J WORM!"
X	Local Security Authority Service	Isass.exe	"Added by the LINKBOT.M WORM!"
X	Local Service	Intenat.exe	"Added by the NUCLEAR-J TROJAN!"
X	Local Service	services.exe	"Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""Cursors"" subfolder of the Windows or Winnt folder"
X	Local-Settings-of-[User Name]	[User Name].exe	"Added by the GAVGENT.A WORM!"
U	LocalProxy	proxy4free.exe	"""ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored unreliable or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News Web browsing IRC Socks etc.). Setup requires installation of Perl and some modules"""
X	LocalSystem	svchost.exe	"EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Locator Service	[filename]	"Added by the AGOBOT-KY TROJAN!"
U	Lock My PC	lockpc.exe	"Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen disables Windows hot keys and mouse"
X	logg	logo_1.exe	"Added by the PWFUZZ-A WORM!"
X	Logical Disk Detection	mrisvc.exe	"Detected by Kaspersky as the IRCBOT.AOW TROJAN! See here"
N	Logiciel de transfert d'images KODAK	pts.exe	Looks for Kodak camera connection and media insertion. Available via Start -> Programs
U	Login	winlog.exe	"Salfeld Child Control - parental control software"
X	login	[path to trojan]	"Added by the HOTWORD-A TROJAN!"
X	Login	Login.exe	"Added by the BANCBAN-AH TROJAN!"
X	Login	lala.exe	"Added by the BUGSPR-A TROJAN!"
X	Login Screen Saver	login.scr	"Added by the RBOT-AVN WORM!"
X	Login Service	[path to file]	"Added by the MIGMAF TROJAN!"
X	LoginPassport	Lgnpsp32.exe	"Added by the REDIST.C WORM!"
X	loginui32	loginui32.exe	"Added by the LONGNU.A TROJAN!"
X	Logitech	Logitech.exe	"Added by the RBOT.BJH WORM!"
U	Logitech BT Wizard	LBTWiz.exe	"Bluetooth connection manager for Logitech based bluetooth wireless products"
X	Logitech Camera	Soundcane.exe	"Added by the SDBOT.MUC WORM!"
X	Logitech Desktop	ApPache.exe	"Added by the RBOT-YP WORM!"
X	Logitech Desktop	IPCONN.EXE	"Added by the SDBOT-WE WORM!"
X	Logitech Desktop Controller	wrcam.exe	"Added by a variant of the RBOT WORM!"
N	Logitech Desktop Messenger	backweb-8876480.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products services and special offerings from Logitech
N	Logitech Desktop Messenger	ldmconf.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products services and special offerings from Logitech
N	Logitech Desktop Messenger	LogitechDesktopMessenger.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products services and special offerings from Logitech
U	Logitech Hardware Abstraction Layer	Khalmnpr.exe	Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting but is combined with the Windows setting to determine the final sensitivity. For this reason KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
U	Logitech Harmony Remote	HarmonyClient.exe	"Logitech Harmony advanced universal remote"
U	Logitech Harmony Remote Software 7	HARMON~1.EXE	"Logitech Harmony Advanced Universal Remote controller software"
U	Logitech SetPoint	KEM.exe	Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
U	Logitech SetPoint	KHALMNPR.EXE	Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting but is combined with the Windows setting to determine the final sensitivity. For this reason KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
U	Logitech SetPoint	Setpoint.exe	Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files
U	Logitech Utility	Logi_MwX.exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
N	Logitech Wakeup	lgwakeup.exe	Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.