Manage Windows Startup: Difference between revisions

From Sierra WikiNew
Jump to navigationJump to search
No edit summary
Line 94: Line 94:


<div align="center" class="Copy">Copyright © 2006 Ramesh Srinivasan. All rights reserved.<br />
<div align="center" class="Copy">Copyright © 2006 Ramesh Srinivasan. All rights reserved.<br />
Windows XP Troubleshooting''&nbsp;-&nbsp;''http://windowsxp.mvps.org</div
Windows XP Troubleshooting''&nbsp;-&nbsp;''http://windowsxp.mvps.org</div>


==<br /> References ==
==<br /> References ==

Revision as of 21:04, 21 October 2024

Manage Windows Startup


This was originally written for Windows XP. It is now dated and not applicable for later versions of Windows.



Introduction

It's a good practice to frequently inspect the startup locations, for better security. This is the first step to detect a trojan or a virus. As you know, the System Configuration Utility ( MSConfig.exe ) will not list applications loaded in all possible startup locations. Most other entry points are hidden and unknown to the end-user. This article will provide a clear picture about the start locations of applications and drivers. Some of the following locations are not applicable to Windows 95/98/ME systems.


Startup locations

HKCU refers to HKEY_CURRENT_USER
HKLM refers to HKEY_LOCAL_MACHINE

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows 

(In right-pane, Value named "Run" & "Load")

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\{Username}\Start Menu\Programs\Startup
Note  Items marked in blue are those which MSCONFIG can manage.


Advanced stuff - additional Windows Startup launch-points

Silentrunners.org covers many more startup launch-points. It is possible that some malware is present in any of the locations described. Additionally, it's worth verifying the contents of ShellExecuteHooks key here:

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ShellExecuteHooks

Inspecting all the keys manually may be tiring. Your best bet is to use a third-party software to inspect the startup. There are many utilities which can track/log the startup entries. The following utility is very impressive.

ARuns

Autoruns - A utility that covers most of the start locations.  The latest version allows you edit the startup for other user profiles (Windows 2000/XP) as well. ">Autoruns Homepage ]

Caution: Don't delete or disable the entry named Userinit, as you will be unable to logon to Windows XP.


Related Microsoft Knowledgebase articles


Kernel Mode components

More information]

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems] contains a list of available subsystems.

[HKLM\SYSTEM\CurrentControlSet\Services\servicename]. The Service Control Manager initializes services that the Start entry designates as Auto-load.

If a driver/service prevents you from starting Windows, load Recovery Console and use the listsvc command. This lists all the Services/drivers. To disable a service/driver, type disable <service/driver name> in the Recovery Console.


View and manage Windows XP Services and Drivers

serviwin

ServiWin - A utility that displays the list of installed drivers and services on your system. For some of them, additional useful information is displayed: file description, version, product name, company that created the driver file, and more. In addition, ServiWin allows you to easily stop, start, restart, pause, and continue service or driver, change the startup type of service or driver (automatic, manual, disabled, boot or system), save the list of services and drivers to file, or view HTML report of installed services/drivers in your default browser.

  • To view Services list, click the View menu and choose Services [F8 key]
  • To view Drivers list, click the View menu and choose Drivers [F7 key]
  • To find out the list of third-party drivers, sort the column named Company

You may also use DriverQuery command built-in with Windows XP, to view the list of all the device drivers installed in your system. You can transfer the list to a file for troubleshooting purposes. Type driverquery /? in Command Prompt for more information:


Usage / Examples

DRIVERQUERY /SI  [This lists the drivers signing status, whether Signed or Unsigned]
DRIVERQUERY /V   [ Generates a detailed report ]
DRIVERQUERY       [ Lists all device drivers ]

To redirect the output to a file, use:

DRIVERQUERY /SI  >C:\driverslist.txt

Published: June 27, 2004
Updated : June 25, 2005

ServiWin Homepage

Copyright © 2006 Ramesh Srinivasan. All rights reserved.
Windows XP Troubleshooting - http://windowsxp.mvps.org


References


See Also

 

Retrieved from "http://wiki.sierrahelp.com/index.php?title=Manage_Windows_Startup&oldid=49286"