Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X(default)"rundll32.exe [path to DLL file]Do98Work"
X98D0CE0C16B1"rundll32.exe D0CE0C16B1 D0CE0C16B1"
X;Rundll[filename]"Added by the PWSLEGMIR.E TROJAN!"
X@RUNDLL.EXE"Added by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XA70F6A1D-0195-42a2-934C-D8AC0F7C08EB"rundll32.exe E6F1873B.DLL D9EBC318C"
UAcronis Popup Blocker"RunDll32.exe [path] Blocker.dll Run"
XAddrPlus3[path] stup.exe [path] Adplus.dll Rundll32"TCent adware"
YAdslTaskBar"rundll32.exe stmctrl.dll TaskBar"
NAME_CSA"rundll32 amecsa.cpl RUN_DLL"
XArucer"rundll32 Arucer.dllArucer"
XArucer Dynamic Link Library"rundll32 Arucer.dllArucer"
UASKrundll32.exe [path] ASK.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
?AudCtrl"RunDll32 AudCtrl.dll RCMonitor"
XAUNPS2"RUNDLL32 AUNPS2.DLL _Run@16"
YAuthentic-ID Toolbar"rundll32.exe [path] ToolbarATL.dll LoadTrayIcon"
Xautochk"rundll32.exe autochk.dll_IWMPEvents@16"
Xautochk"rundll32.exe protect.dll_IWMPEvents@16"
Xautoupdate"rundll32 DATADX.DLLSHStart"
Xautoupdate"rundll32 SUPDATE.DLLSHStart"
?AxFilter"Rundll32 AXFILTER.DLL Rundll32"
Xbabeie"rundll32 cnbabe.dll dllstartup"
XBackground Intelligent Transfer Service[path] rundll32.exe"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
UBatInfEx"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
UBatLogEx"rundll32.exe [path] BatLogEx.DLLStartBattLog"
UBCMHal"rundll32.exe bcmhal9x.dll bcinit"
UBelNotify"rundll32.exe [path] NPBelv32.dll RunDll32_BelNotify"
XBIE"Rundll32.exe [path] BDSrHook.dll Rundll32"
UBLOG"rundll32.exe [path] BatLogEx.DLLStartBattLog"
?Bluetooth HCI Monitor"RunDll32 HCIMNTR.DLLRunCheckHCIMode"
UBluetoothAuthenticationAgent"rundll32.exe irprops.cpl
UBluetoothAuthenticationAgent"rundll32.exe bthprops.cpl
UBMMGAG"RunDll32 [path] pwrmonit.dllStartPwrMonitor"
UBMMMONWND"rundll32.exe [path] BatInfEx.dllBMMAutonomicMonitor"
XBookedSpace"RunDLL32.EXE bs2.dllDllRun"
XBridge"rundll32.exe [path] Bridge.dllLoad"
XBsx3"RunDLL32.EXE bs3.dllDllRun"
Xbxsx5"RunDLL32.EXE bsx5.dllDllRun"
Xbxxs5"RunDLL32.EXE bxxs5.dlldllrun"
Xcalc"rundll32.exe [path] ntuser.dll_IWMPEvents@0"
Xcalc"rundll32.exe calc.dll_IWMPEvents@0"
XCaptcha7rundll captcha.dll"Added by the TINY.WRE TROJAN!"
NCcdecode"rundll32.exe streamci StreamingDeviceSetup"
Xcesmain.dll"Rundll32.exe [path] cmail.dll Rundll32"
Xcfgmgr51"RunDLL32.EXE cfgmgr51.dllDllRun"
Xcfgmgr52"RunDLL32.EXE cfgmgr52.dllDllRun"
XChansonsMP3"rundll32.exe MSA64CHK.dllDllMostrar"
?clnwall"rundll.exe setupx.dll InstallHinfSection ..delwall.inf"
NCmaudio"Rundll32 cmicnfg.cpl CMICtrlWnd"
UCmPCIaudio"RunDll32 CMICNFG3.CPL CMICtrlWnd"
XCnsMin"Rundll32.exe [path] CNSMIN.DLL Rundll32"
UCognizanceTS"rundll32.exe [path] AsTsVcc.dll RegisterModule"
?Compaq Computer Security"Rundll32.exe SECURE32.CPL Service"
XContentDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XControl"rundll32.exe ctrlpan.dll Restore ControlPanel"
XControlPanel"rundll32 internat.dll LoadKeyboardProfile"
XControlPanel"popcorn64.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn72.exe rundll.dll LoadMouseProfile"
XControlPanel"popcorn320.exe rundll.dll LoadMouseProfile"
XCoolDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XCoolMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XCPU Watcher"rundll32.exe cpu.dllload"
NCrazyTalk Serve"rundll32.exe CrazyTalk.dll DIIServeMediaFile"
XCTDrive"rundll32.exe drvmod.dllstartup"
Xdabrun"rundll32.exe dabapi.dllRundll32"
NDeadAIM"rundll32.exe DeadAIM.ocm ExportedCheckODLs"
Xdelsubmit"rundll32.exe advpack.dll DelNodeRunDLL32 submit.exe"
XDescargaBromas"rundll32.exe MSA64CHK.dllDllMostrar"
XDesktop"rundll32.exe msconfd.dllRestore ControlPanel"
XDesktopUpdate"rundll32.exe MSA64CHK.dllDllMostrar"
XDialer"rundll32.exe MSA32CHK.dllReg"
XDisableKeybaord"Rundll32.exe KeyboardDisable"
XDisableMouse"Rundll32.exe MouseDisable"
YDLBTCATS"rundll32 [path] DLBTtime.dll _RunDLLEntry@16"
YDLBUCATS"rundll32 [path] DLBUtime.dll _RunDLLEntry@16"
YDLBXCATS"rundll32 [path] DLBXtime.dll _RunDLLEntry@16"
YDLCCCATS"rundll32 [path] DLCCtime.dll_RunDLLEntry@16"
YDLCDCATS"rundll32 [path] DLCDtime.dll _RunDLLEntry@16"
YDLCFCATS"rundll32 [path] DLCFtime.dll _RunDLLEntry@16"
YDLCGCATS"rundll32 [path] DLCGtime.dll _RunDLLEntry@16"
YDLCICATS"rundll32 [path] DLCItime.dll _RunDLLEntry@16"
YDLCJCATS"rundll32 [path] DLCJtime.dll _RunDLLEntry@16"
YDLCQCATS"rundll32 [path] DLCQtime.dll _RunDLLEntry@16"
YDLCXCATS"rundll32 [path] DLCXtime.dll _RunDLLEntry@16"
YDNE Binding Watchdog"rundll dnes.dll DnDneCheckBindings"
YDNE DUN Watchdog"rundll dnes.dll DnDneCheckDUN13"
XDownloadLegalMusic"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XDownloadsAndMP3"rundll32.exe MSA64CHK.dllDllMostrar"
Udrkly16j"rundll32.exe drkly16j.dll ServiceCheck"
Xdrvupdrundll32 ..drvupd.inf"Hijacker - drvupd.inf file installs a ""searchforge.com"" hijack"
XEntraOcio"rundll32.exe MSA64CHK.dllDllMostrar"
XExFilter"Rundll32.exe [path] cdnspie.dll ExecFilter"
XFastDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XForceShow"rundll32.exe QaBar.dllForceShowBar"
XFreeMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
Xfstsvc"rundll32.exe fstsvc.dllstart"
Uftutil2"rundll32.exe ftutil2.dll SetWriteCacheMode"
XGames toolbarrundll32.exe [path] tbGame.dll DllShowTB"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XGddlib"rundll32.exe gddlib.dllstart"
XGetitAll"rundll32.exe MSA64CHK.dllDllMostrar"
XGetMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XGetTheMusic"rundll32.exe MSA64CHK.dllDllMostrar"
Xgfxtray"rundll32 ctccw32.dllfindwnd"
Xgovurarope"Rundll32.exe retasevo.dlls"
XGreatDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
?GsiFinal"rundll32 gspndll.dllpostInstall final"
Xgvagfxjrundll32 ...gvagfxj.dll"Unidentified adware
Xhe3bbcff"rundll32.exe he3bbcff.dllEnableRunDLL32"
Xhe3e3fc4"rundll32.exe he3e3fc4.dllEnableRunDLL32"
Xhelper.dllrundll32.exe [path] helper.dll"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xicdd7ee6"rundll32.exe icdd7ee6.dllEnableRunDLL32"
Xicddefff"rundll32.exe icddefff.dllEnableRunDLL32"
UICSDCLT"rundll32.exe Icsdclt.dll ICSClient"
XIE Menu Extension toolbarrundll32.exe [path] tbextn.dll DllShowTB"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xiel2cde8"rundll32.exe iel2cde8.dllEnableRunDLL32"
Xielcaabe"rundll32.exe ielcaabe.dllEnableRunDLL32"
UIKLrundll32.exe [path] IKL.dll"IKL surveillance software. Uninstall this software unless you put it there yourself"
XImage"rundll32 [path] [trojan filename]Install"
XInfoData"rundll32.exe ********.dllrealset [* = random char]"
XInstant Access"rundll32.exe EGDHTML_1023.dll InstantAccess"
XInstant Access"rundll32.exe eg_auth_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMLIB_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe EGCOMSERVICE_****.dll InstantAccess [**** = digits]"
XInstant Access"rundll32.exe p2esocks_****.dll InstantAccess [**** = digits]"
XiSecurity applet"rundll32.exe iSecurity.cplSecurityMonitor"
Xjmudkve.dll"rundll32.exe jmudkve.dllmzrwkwf"
Ujx_Key"Rundll32 JXKey.dllRundll32Main"
YKB926239"rundll32.exe apphelp.dll ShimFlushCache"
Xkernctl32"rundll32 kctl32.dll initialize"
Xkeymgrldr"rundll32 setupapi InstallHinfSection... keymgr3.inf"
Xkw3eef76"rundll32.exe kw3eef76.dllEnableRunDLL32"
Nlhttseng"rundll32.exe ..lhttseng.inf RemoveCabinet"
Xli01f948"rundll32.exe li01f948.dllEnableRunDLL32"
Xlibtec"rundll32.exe libtec.dllstart"
ULicCtrl"rundll32.exe MMFS.DLL Service"
XLjxrundll32.exe"Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process
?LLMODCL2"rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF"
Xloadrundll32.exe"Added by the WOWCRAFT TROJAN!"
XLoadhgrundll32.exe"Added by the LINEAG-ABX TROJAN!"
XLoadHTML"rundll32.exe regsvr32.exeMShtmpre"
XloadMecq3rundll32.exe"Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process
XloadMefsrundll32.exe"Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process
ULoadPowerProfileRundll32.exe powrprof.dll"Power management specifics such as monitor shut-off
XLoadPowerProfileRundll.exe powerprof.dll"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
XLoadPowerProfileRundll32.exe"Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has ""powrprof.dll"" appended to the command/data line"
XLoadPowerSchemerundll32.exe powerprof.dll CheckPowerProfile"Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XLoadSIPS"rundll32.exe SIPSPI32.dll SIPSPI32"
XlogonUiInitRundll32.exe rgtndz.dll"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
XLosMejoresMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfGames"rundll32.exe MSA64CHK.dllDllMostrar"
XLotsOfJokes"rundll32.exe MSA64CHK.dllDllMostrar"
Xltssvc"rundll32.exe ltssvc.dllstart"
XLTT2rundll32.exe"Added by the LINEAGE-BI TROJAN!"
YLXBSCATS"rundll32 [path] LXBStime.dll _RunDLLEntry@16"
YLXBTCATS"rundll32 [path] LXBTtime.dll _RunDLLEntry@16"
YLXBUCATS"rundll32 [path] LXBUtime.dll _RunDLLEntry@16"
YLXBXCATS"rundll32 [path] LXBXtime.dll _RunDLLEntry@16"
YLXBYCATS"rundll32 [path] LXBYtime.dll _RunDLLEntry@16"
YLXCCCATS"rundll32 [path] LXCCtime.dll _RunDLLEntry@16"
ULXCDCATS"rundll32 [path] LXCDtime.dll _RunDLLEntry@16"
YLXCECATS"rundll32 [path] LXCEtime.dll _RunDLLEntry@16"
YLXCFCATS"rundll32 [path] LXCFtime.dll _RunDLLEntry@16"
YLXCGCATS"rundll32 [path] LXCGtime.dll _RunDLLEntry@16"
YLXCJCATS"rundll32 [path] LXCJtime.dll _RunDLLEntry@16"
YLXCQCATS"rundll32 [path] LXCQtime.dll _RunDLLEntry@16"
YLXCRCATS"rundll32 [path] LXCRtime.dll _RunDLLEntry@16"
YLXCTCATS"rundll32 [path] LXCTtime.dll _RunDLLEntry@16"
YLXCYCATS"rundll32 [path] LXCYtime.dll _RunDLLEntry@16"
YLXDBCATS"rundll32 [path] LXDBtime.dll _RunDLLEntry@16"
YLXDCCATS"rundll32 [path] LXDCtime.dll _RunDLLEntry@16"
YLXDDCATS"rundll32 [path] LXDDtime.dll _RunDLLEntry@16"
YLXDICATS"rundll32 [path] LXDItime.dll _RunDLLEntry@16"
ULXDJCATS"rundll32 [path] LXDJtime.dll _RunDLLEntry@16"
XMainDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
NMass storage check registry"rundll32.exe MSDServ.dll check registry"
UMBMon"Rundll32 CTMBHA.DLLMBMon"
XMicrosoftrundll.exe"Added by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft (R) Windows DLL Loaderrundll32.exe"Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process
XMicrosoft Install Shield Servicesrundll64"Added by the RBOT-FSH WORM!"
XMicrosoft Rundllwindos.exe"Added by the SDBOT-WF WORM!"
XMicrosoft Servicerundll.exe"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft Updaterundll32.dll"Added by the CIADOOR.GN BACKDOOR!"
XMicrosoft Update 32rundll32.exe"Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe
XMicrosoft Update Modulerundll24.exe"Added by the RBOT-PS WORM!"
XMicrosoft Windows Updaterundlls.exe"Added by the HABRACK WORM!"
NMicrosoft® Windows® Operating System"RunDLL32.exe ehuihlp.dllBootMediaCenter"
NMicrosoft® Windows® Operating System"rundll32.exe oobefldr.dllShowWelcomeCenter"
?MigrationVendorSetupCaller"rundll32.exe migrate.dll CallVendorSetupDlls"
XMircrosoft Windows Config DLLrundllc32b.exe"Added by the RBOT-ZY WORM!"
XMMSystem"rundll32.exe mmsystem.dll RunDll32"
XModule Call initialize"RUNDLL32.EXE reg.dll ondll_reg"
XMoreContent"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3Collection"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3download"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3files"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownload"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3freeDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3nice"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3Themes"rundll32.exe MSA64CHK.dllDllMostrar"
XMP3ToTheMax"rundll32.exe MSA64CHK.dllDllMostrar"
XMsAudio"MsVM_STI.EXE RunDll32 cmicnfg.cpl CMICtrlWnd"
Xmscheckrundll32.exe wincheck071008.dll mymain"Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
XMSConfigsRUNDLL64.dll.vbs"Added by the WEKODE-B WORM!"
XMSDriverundll32.exe drvkoc.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvmod.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMSDriverundll32.exe drvsoh.dll"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
XMsn"rundll32.exe ilss32.dllnetwork"
Xmsrundllmsrund1l32.exe"Added by the BINGHE TROJAN!"
XMSServer"Rundll32.exe [random].dll#1"
XMSTrayrundll.exe"Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMSxmlHpr"RUNDLL32.EXE [path] msxm192z.dllw"
XMyWebSearch Plugin"rundll32 [path] M3PLUGIN.DLLUPF"
XNAVUpd"rundll32.exe navupd.dll Startup"
XNew.net Startup"rundll32 [path] NEWDOT~1.DLL ClientStartup"
XNew.net Startup"rundll32 [path] NEWDOT~1.DLL NewDotNetStartup"
XNew.net Startup"rundll32 [path] NEWDOT~2.DLL ClientStartup"
XNew.net Startup"rundll32 [path] NEWDOT~2.DLL NewDotNetStartup"
XNewDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XNewMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XNiceDownloads"rundll32.exe MSA64CHK.dllDllMostrar"
XNiceMP3"rundll32.exe MSA64CHK.dllDllMostrar"
Xnotepad"rundll32.exe notepad.dll_IWMPEvents@0"
Xnotepad"rundll32.exe ntload.dll_IWMPEvents@0"
XNT securityrundll32.com"Added by the RBOT-AJC WORM!"
Nntlfreedom"rundll32 [path] RyDial.dll QuickStart"
XNumberOneMP3"rundll32.exe MSA64CHK.dllDllMostrar"
?NVCLOCK"rundll32 nvclock.dll fnNvclock"
?NvColorInit"rundll32.exe NvQtwk.dll NvColorInit"
UNvCpl"RUNDLL32.EXE NvCpl.dllNvStartup"
UNvCplDaemon"RUNDLL32.EXE NvQTwkNvCplDaemon"
UNvCplDaemon"RUNDLL32.EXE NvCpl.dllNvStartup"
UNVHotkeyrundll32.exe nvHotkey.dll"Enables the use of ""hot keys"" for changing setting on Nvidia graphics"
UNVIDIA Media Center Library"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
NNvidiaQuickTweak"rundll32.exe NvQtwk.dll NvTaskbarInit"
UNVIEW"rundll32.exe nview.dllnViewLoadHook"
NNvInitialize"rundll32.exe NvQtwk.dll NvXTInit"
Xnvirundllnvirundll.exe"Added by the SPYBOT.NPS WORM!"
UNVMCTRAY"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
UNvMediaCenter"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
NNVQuickTweak"rundll32.exe NvQtwk.dll NvTaskbarInit"
YNvRegisterMCTray"RUNDLL32.EXE NVMCTRAY.DLLNvMCRegisterApp NvCpl.dll"
YNvRegisterMCTrayNview"RUNDLL32.EXE NVMCTRAY.DLLNvMCRegisterApp nView.dll"
UNvSvc"RUNDLL32.EXE nvsvc.dllnvsvcStart"
Xnxgsvc"rundll32.exe nxgsvc.dllstart"
Xnxosys"rundll32.exe nxosys.dllstart"
NOfotoNow USB Detection"Rundll32.exe OFUSBS.DLL WatchForConnection OfotoNow"
Xoo4"RunDLL32.EXE oo4.dllDllRun"
UP17Helper"Rundll32 P17.dll P17Helper"
?P17Helper"Rundll32 SPIRun.dll RunDLLEntry"
?P17RunE"RunDll32 P17RunE.dllRunDLLEntry"
XPopularScreensaversWallpaper"rundll32 [path] F3SCRCTR.DLLLES"
XPostSetupCheckRundll32.exe atgban.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
XpostSetupCheckRundll32.exe gzmrt.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
XPostSetupCheckRundll32.exe cpmsky.dll"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
XPowerManagementRundlll.exe"Added by the SURDUX TROJAN!"
XProtected StorageRUNDLL32.EXE MSSIGN30.DLL ondll_reg"Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
?Ptipbmf"rundll32.exe ptipbmf.dll SetWriteCacheMode"
UPtiuPbmd"Rundll32.exe ptipbm.dll SetWriteBack"
XPTRGMYGK"rundll32.exe ptmg1v.dll DllRunMain"
Upwrmonit"RunDll32 [path] pwrmonit.dllStartPwrMonitor"
Xqkoszvd.dll"rundll32.exe qkoszvd.dlljwezubg"
XRrundll32.exe msprt.dll"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XRDLLRunDll16.exe"Added by the SDBOT.F TROJAN!"
Xreaddb40"rundll32.exe readdb40.dll EnableRunDLL32"
Xrecover.bmp.exeRundll.exe"Added by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRegistryCheck"rundll32.exe chkreg.dll CheckRegistry"
XRegistryConfigrundll.exe"Added by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRegrorundll132.exe"Added by the OKARAG TROJAN!"
XRegrxrundll32.exe"Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process
XRemote Procedure Call LocatorRUNDLL32.EXE reg678.dll ondll_reg"Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XRemote System Protection"rundll32.exe [random].dll HUI_proc"
NRFX_auto_upgraderundll32.exe npvpg005.dll"A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade"
XRhgrundll32.exe"Added by the LINEAG-BIT TROJAN! Note - this is not the legitimate rundll32.exe process
XRichMedia"rundll32.exe [path] hbcast.dll WaitWindows"
XRKrxrundll32.exe"Added by the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process
XRKrxrundll32.exe"Added by a variant of the LINEAG-ADA TROJAN! Note - this is not the legitimate rundll32.exe process
Xrmdrfje.dll"rundll32.exe rmdrfje.dll[random characters]"
XRr2rundll32.exe"Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process
Xrrorundll32.exe"Added by the LINEAG-AAE TROJAN! Note - this is not the legitimate rundll32.exe process
XRSS"rundll32 RSSToolbar.dll DllRunMain"
Xrunrundll32.exe rsrc.dll"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XRun05rundll_32.exe"Added by the BANCOS-DT TROJAN!"
XRunDLL"rundll32.exe [path] Bridge.dllLoad"
XRundllRundll~.exe"Added by the DELF-KT TROJAN!"
XRundllrundll32.exe [random filename].dll"Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%"
XRunDllRunDll.exe"Added by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRunDll[path to trojan]"Added by the DROPPER.EAT TROJAN!"
XRunDLL Kernel File Corerundll.exe"Added by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xrundll***die.exe [path] mdll.exe"Added by the SUMTAX TROJAN! where *** is 134
Xrundll***die.exe [path] secure.bat"Added by the SUMTAX TROJAN! where *** is 134
Xrundll***die.exe [path] secure.exe"Added by the SUMTAX TROJAN! where *** is 134
Xrundll***die.exe [path] ttg.exe"Added by the SUMTAX TROJAN! where *** is 134
XRundll16Rundll16.exe"Added by a number of VIRUSES
XRundll32Rundll32.exe"Added by a variant of the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process
URUNDLL32"RUNDLL32.EXE NvQTwkNvCplDaemon"
URunDLL32"RunDLL32.exe NvMCTray.dllNvTaskbarInit"
XRunDLL32winupdate.exe"Added by an unidentified TROJAN! - possibly a BMBOT variant"
XRundll32Windows.exe"Added by the QQPASS.E TROJAN!"
URundll32"Rundll32.exe ptipbm.dll SetWriteBack"
Xrundll32[path to worm]"Added by the AUTEX WORM!"
?rundll32"rundll32.exe ptipbmf.dll SetWriteCacheMode"
Xrundll32rundll32.exe"Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process
Xrundll32csrss.exe"Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
Urundll32"rundll32.exe irprops.cpl
XRUNDLL32rundl32.exe"Added by the DEMOTRY-A WORM!"
Xrundll32rundll32.exe"Added by the AGENT-EZ TROJAN! Note - this is not the legitimate rundll32.exe process
XRundll32RUNDDLL32.EXEAdded by the STARTPAGE.AXH TROJAN!
Xrundll32kernel32.exe"Added by the STAP-C WORM!"
Xrundll32kernel33.exe"Added by the STAP-D WORM!"
Xrundll32MSDTC.exe"Added by the STAP-E WORM!"
Xrundll32rookie.vbs"Added by the ROOKIE-A TROJAN!"
Xrundll32rundll64.exe"Added by the DELF.BKC TROJAN!"
Urundll32"rundll32.exe bthprops.cpl
Urundll32"rundll32.exe nview.dllnViewLoadHook"
Xrundll32svchs0t.exe"Added by the PWSTEAL-E TROJAN!"
NRundll32 cmicnfg"Rundll32 cmicnfg.cpl CMICtrlWnd"
YRunDll32 essprops"RunDll32 essprops.cpl TaskbarIconWnd"
URundll32 P17"Rundll32 P17.dll P17Helper"
XRundll32.exeProyecto1.exe"Added by the GRUEL WORM!"
XRundll32.exeRoot.exe"Added by the GRUEL WORM!"
XRundll32_7"rundll32.exe MSIEFR40.DLL DllRunServer"
XRundll32_8"rundll32.exe inetp60.dll DllRunServer"
XRundll32_8"rundll32.exe 1.dll DllRunServer"
XRunDLL34syscnfg.exe"Added by an unidentified VIRUS
Xrundll64[path to worm]"Added by the AUTEX WORM!"
XRundllSvrRundll.exe"Added by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRundllsystem32Rundllsystem32.exe"Added by the NETDEVIL.B TROJAN!"
?RUSBHOLoader"rundll32.exe RUSBHOLoader.dll AutoRegister"
Xrxrundll32.exe"Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process
Xrztrundll32.exe"Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process
USamsung MJC-900 Series Monitor"RUNDLL32.EXE SMMASHLL.DLLAutoUpdatePnPValue"
XsaSyncMgr"rundll32.exe sasync.dll SyncWait"
XSavsvc"rundll32.exe savsvc.dllstart"
USbUsb AudCtrl"RunDll32 sbusbdll.dll RCMonitor"
XScreenSaverPlus"rundll32.exe MSA64CHK.dllDllMostrar"
XSearchMP3"rundll32.exe MSA64CHK.dllDllMostrar"
?SetCacheMode"rundll32.exe ptipbmf.dll SetWriteCacheMode"
XShutDownWindows"Rundll32.exe UserExitWindows"
Xsi91e44b"rundll32.exe si91e44b.dll EnableRunDLL32"
YSiSPower"Rundll32.exe SiSPower.dllModeAgent"
XSOProc_RegSoAlertWxLiteNnAj"rundll32 shell32.dll ShellExec_RunDLL [path] soproc.exe"
?SoundFusionrundll32 cwcprops.cpl"Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?"
?SoundFusion"rundll32 hercplgs.cpl BootEntryPoint"
?SoundFusion"RunDll32 cwaprops.cpl C25CrystalControlWnd"
Xsp"rundll32 (Path to Trojan DLL) DllInstall"
Xspa_startRundll32.exe spads.dll"IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""spads.dll"" file is located in the Winnt or Windows folder"
Xspa_startRundll32.exe sprt_ads.dll"Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sprt_ads.dll"" file is located in %System%"
?SPIRun"Rundll32 SPIRun.dll RunDLLEntry"
Xsre"rundll32.exe sre.dll Register"
?srePostpone"rundll32.exe [path] srescan.dll DoSpecialAction"
?SRFirstRun"rundll32 srclient.dll CreateFirstRunRp"
XStartwd"rundll32.exe wd081025.dllHook"
Xstlbdist"rundll32exe stlbdist.DLL DllRunMain"
Xstlbupdt"rundll32.exe stlbupdt.DLLDllRunMain"
Xsupdate2.dll"rundll32.exe supdate2.dllRun"
XSurfBuddyrundll32 [path] sbuddy.dll"SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xsvchostrundll16.exe"Added by the STARTPA-PB TROJAN!"
USWLrundll32.exe [path] SWL.dll rdl"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Xsysrundll32.exe"Added by the LINEAG-G TROJAN! Note - this is not the legitimate rundll32.exe process
XSysPnP"rundll32 setupapi InstallHinfSection [varies] oemsyspnp.inf"
XSYSTEMRUNDLL16.exe"Added by the DELF-EW BACKDOOR!"
USystem Check"Rundll32.exe SysDll32.dll SystemCheck"
XSystemHelp"RUNDLL32.EXE SystemHper.dllInstall"
USystemKeyrundll32.exe [path] SystemKey.dll rdl"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSystemMessengerrundll32.exe [path] SystemMessenger.dll"Stealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSystems Restart"Rundll32.exe beem.dll DllRegisterServer"
XSystems Restart"Rundll32.exe snim.dll DllRegisterServer"
XSystems Restart"Rundll32.exe zolk.dll DllRegisterServer"
XSystems Restart"Rundll32.exe boln.dll DllRegisterServer"
USystemWebrundll32.exe [path] SystemWeb.dll rdl"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
XSysWyrundll32.exe"Added by the LINEAGE-JH TROJAN! Note - this is not the legitimate rundll32.exe process
XTakeMP3"rundll32.exe MSA64CHK.dllDllMostrar"
NTaskbar Display Controls"RunDLL deskcp16.dll QUICKRES_RUNDLLENTRY"
XTaskManRundll32.exe"Added by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process
NTesco.net"rundll32 [path] RyDial.dll QuickStart"
XTheBestMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XThemeMP3"rundll32.exe MSA64CHK.dllDllMostrar"
Xtransys"rundll32.exe transys.dllstart"
XTrayrundll32.exe"Added by the LINEAG-ADR TROJAN! Note - this is not the legitimate rundll32.exe process
UTweak UI"rundll32.exe tweakui.cpl tweakmeup"
UTweak UI"rundll32.exe tweakui.cpl tweaklogon"
XTweak UI"RunDLL32 tweakUI.DLL TWEAKUI /tweakmeup"
UTweak UI 1.33 deutsch"RUNDLL32.EXE TWEAKUI.CPL TweakMeUp"
UUCmore XP - The Search Accelerator"rundll32.exe UCMTSAIE.dll DllShowTB"
Xuhvjsul.dll"rundll32.exe uhvjsul.dllmrpmvyf"
?UPDATEHOOKRundll32.exe"??"
Xutasvc"rundll32.exe utasvc.dllstart"
XUtilitiesAndSoftware"rundll32.exe MSA64CHK.dllDllMostrar"
YV128IID"Rundll32.exe v128iitw.dll STB_InitTweak"
XVFW Encoder/Decoder SettingsRUNDLL32.exe MSSIGN30.DLL ondll_reg"Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
UVoodooBanshee"rundll32.exe 3DBBps.dll BansheeLoadSettings"
XW3KNetwork"rundll32.exe w3knet.dll dllinitrun"
XWebSpecialsrundll32 [path] webspec.dll"WebSpecials spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
NWIAWizardMenu"RUNDLL32.EXE sti_ci.dll WiaCreateWizardMenu"
?WildTangent CDA"RUNDLL32.exe cdaEngine0400.dll cdaEngineMain"
XWin32 Rundll LoaderRundll32.exe"Added by the SDBOT.A TROJAN! Note - this is not to be confused with the legitimate rundll32.exe file!"
XWin32 USB Driverrundll.exe"Added by the FORBOT-BN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWin32 USB2.0 Driverrundll16.exe"Added by the WOOTBOT.H WORM!"
Xwinabc"rundll32.exe [Temp][ORIGFILENAME].DLLInstallLaunchEv"
Xwincls"rundll32.exe wincls.dllstart"
XWinDLL (algs.exe)"rundll32.exe algs.exestart"
XWinDLL (asdfsa.exe)"rundll32.exe asdfsa.exestart"
XWinDLL (bee.dll)"rundll32.exe bee.dllstart"
XWinDLL (bix.exe)"rundll32.exe bix.exestart"
XWinDLL (csmss.exe)"rundll32.exe CSMSS.EXEstart"
XWinDLL (ctfmonm.exe)"rundll32.exe ctfmonm.exestart"
XWinDLL (dasda.com)"rundll32.exe dasda.comstart"
XWinDLL (diem.exe)"rundll32.exe diem.exestart"
XWinDLL (dlfksdld.exe)"rundll32.exe dlfksdld.exestart"
XWinDLL (jbi32.dll)"rundll32.exe jbi32.dllstart"
XWinDLL (lcass.exe)"rundll32.exe lcass.exestart"
XWinDLL (mysnlive.exe)"rundll32.exe mysnlive.exestart"
XWinDLL (qwex.dll)"rundll32.exe qwex.dllstart"
XWinDLL (redyLive.exe)"rundll32.exe redyLive.exestart"
XWinDLL (scvhost32.dll)"rundll32.exe scvhost32.dllstart"
XWinDLL (slmss.exe)"rundll32.exe slmss.exestart"
XWinDLL (slsass.exe)"rundll32.exe slsass.exestart"
XWinDLL (smaprnter.exe)"rundll32.exe smaprnter.exestart"
XWinDLL (smms.exe)"rundll32.exe smms.exestart"
XWinDll (sslms.exe)"rundll32.exe sslms.exestart"
XWinDLL (start0s.exe)"rundll32.exe start0s.exestart"
XWinDLL (steam.dll)"rundll32.exe steam.dllstart"
XWinDLL (svc.exe)"rundll32.exe svc.exestart"
XWinDLL (svchost.dll)"rundll32.exe svchost.dllstart"
XWinDLL (sysx32.dll)"rundll32.exe sysx32.dllstart"
XWinDLL (tepmlayer.exe)"rundll32.exe tepmlayer.exestart"
XWinDLL (tmp.exe)"rundll32.exe tmp.exestart"
XWinDLL (tock24.dll)"rundll32.exe tock24.dllstart"
XWinDLL (tqurity.exe)"rundll32.exe tqurity.exestart"
XWinDLL (v4mon.dll)"rundll32.exe v4mon.dllstart"
XWinDLL (vdm32.dll)"rundll32.exe vdm32.dllstart"
XWinDLL (vxd32.dll)"rundll32.exe vxd32.dllstart"
XWinDLL (wchshield.exe)"rundll32.exe wchshield.exestart"
XWinDLL (wimimi.exe)"rundll32.exe wimimi.exestart"
XWinDLL (windns32.dll)"rundll32.exe windns32.dllstart"
XWinDLL (wingatey32.exe)"rundll32.exe wingatey32.exestart"
XWinDLL (wintmp.exe)"rundll32.exe wintmp.exestart"
XWinDLL (Wseclayer.exe)"rundll32.exe Wseclayer.exestart"
XWinDLL (wsync32.dll)"rundll32.exe wsync32.dllstart"
XWinDLL (xvd32.dll)"rundll32.exe xvd32.dllstart"
XWindows ConfigRUNDLL.EXE"Added by the SPYBOT-DX WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows DLL LoaderRUNDLL16.EXE"Added by the DOMWIS TROJAN!"
XWindows DLL Loaderrundll32.exe"Added by the WHIPSER-B WORM! Note - this is not the legitimate rundll32.exe process"
XWindows Firevall Control Crundll.exe"Added by the GAERTOB.A TROJAN!"
XWindows Firewallrundll32.exe"Added by a variant of the IRCBOT BACKDOOR!"
NWindows Media Center"RunDLL32.exe ehuihlp.dllBootMediaCenter"
XWindows Rundll Centermsnsmgr.exe"Added by the AGENT-LLB TROJAN!"
XWindows Rundll Centermsmsgrs.exe"Added by the IRCBOT-AFA WORM!"
XWindows Running DLL Servicerundll128.exe"Added by the IRCBOT.XDH BACKDOOR!"
XWindows Running DLL Servicerundll64.exe"Added by the SLENFBOT.HV WORM!"
XWindows Runtime Proccess32RUNdll.exe"Added by the SDBOT.QW WORM!"
XWindows Security Assistantrundll32.vbe"CoolWebSearch Alfasearch parasite variant - also detected as the STARTPA-U TROJAN!"
XWindows Upaterundll.exe"Added by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows Update Svcrundll32.exe xpupdate.dll"ContraVirus rogue security software - not recommended
XWindows32rundll.exe"Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Win9x/Me system file of the same name as described here"
NWindowsWelcomeCenter"rundll32.exe oobefldr.dllShowWelcomeCenter"
UWinfast2KLoadDefault"rundll32.exe wf2kcpl.dllDllLoadDefaultSettings"
UWinFast_Gamma"Rundll32.exe wfcpl.dll DllLoadGammaRampSettings"
UWinFast_Taskbar"rundll32.exe wftask.dll WFDllLoadDefaultSettings"
NWinHacker"rundll32.exe wh95.dll HackMe"
Xwinupd"RUNDLL32.EXE [random value].dll _mainRD"
XwinupdtRUNDLL32.EXE [random.dll]"Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder"
UWinXPLoad"Rundll32 LoadDll LoadExe WinXPLoad.exe"
Xwm41a398"rundll32.exe wm41a398.dll EnableRunDLL32"
Xwmcbaaca"rundll32.exe wmcbaaca.dll EnableRunDLL32"
Xwrclib"rundll32.exe wrclib.dllstart"
Xwtzlank.dll"rundll32.exe wtzlank.dllqttwuwc"
Xwupipenimi"Rundll32.exe jinorije.dlls"
Xwupipenimi"Rundll32.exe luyenofe.dlls"
Xwupipenimi"Rundll32.exe poyimimu.dlls"
Xwupipenimi"Rundll32.exe siremase.dlls"
Xwupipenimi"Rundll32.exe tamuyiko.dlls"
Xxccinitrundll33.exe xccdf16_090131a.dll"Added by the BUZUS-AD TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090131a.dll"" file is located in %Windir%"
Xxccinitrundll33.exe xccdf16_090305a.dll"Added by the BUZUS-AF TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090305a.dll"" file is located in %Windir%"
?xkstartup"RunDll32 InstZ82.dll SetUsbPrinterPort"
Xyahoo!"rundll32.exe [random]don.dllSet"
XYourMP3"rundll32.exe MSA64CHK.dllDllMostrar"
XZenet"rundll32 CNBabe.dll DllStartup"
UZIBMACCrundll.exe ZIBMACC.INFZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
Xzsmsccrundll32.exe zsmscc071001.dll mymain"Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
Xzsmsccrundll32.exe mycc071208.dll mymain"Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
Xztrundll32.exe"Added by the LINEAG-ABA TROJAN! Note - this is not the legitimate rundll32.exe process
X[random number]"rundll32.exe shell32.dllControl_RunDLL [random number].cpl"
X_rxrundll32.exe"Added by the LINEAG-B TROJAN!! Note - this is not the legitimate rundll32.exe process
X{12EE7A5E-0674-42f9-A76B-000000004D00}"rundll32.exe stlb2.dll DllRunMain"
X{2CF0B992-5EEB-4143-99C0-5297EF71F444}"rundll32.exe stlbdist.dllDllRunMain"
X{2CF0B992-5EEB-4143-99C2-5297EF71F44B}"rundll32.exe stlbupdt.DLLDllRunMain"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Copyright 2003-2013 iamnotageek &/or Martin Krohn.