M.Srinivas Gupta

Windows XP Programs Startup Locations

HKCU refers to HKEY_CURRENT_USER
HKLM refers to HKEY_LOCAL_MACHINE

1.Run:-This key contains all sorts of programs that are set to run at startup. Some of these programs, such as your antivirus software, are desirable. Others, however, you may want to remove. You will just have to go through the list and see what belongs and what doesn’t.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

2. RunServices - This key is designed to start services as well. These entries can also continue running even after you log on, but must be completed before the registry can start loading its programs.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

3.RunOnce : primarily used by Setup programs. The HKLM subkey version of RunOnce runs programs immediately after logon and before other registry Run entries. The HKCU subkey version of RunOnce runs programs after Run subkeys and after the Startup folder.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

4.RunServicesOnce - This key is designed to start services when a computer boots up. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\...\RunOnce registry can start loading its programs.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

5.Completely Removing Services:You can manage Windows XP service, if you were to find an unwanted service, you can disable it through the Services console (startmenu\Run and type "services.msc"), but you can’t remove the unwanted service without modifying the registry. If you are interested in modifying services from within the registry, you can find them

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Saturday, November 3, 2007 | posted in Windows XP Startup Locations | 1 comments [ More ]

6.Userinit: there is an entry for userinit.exe but subkey can accept multiple comma- separated values. Can't find where your program starting, Look here.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit =C:\windows\system32\userinit.exe,c:\windows\any program.exe,c:\program files\any program.exe.
Explorer\Run subkey :

7.Explorer Run:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

8.Browser Helper Objects: The now imfamous Browser Helper Objects (BHO). This application launch location was intended to provide for third party helper applications extensions for the Windows Explorer shell. Sadly, like all Virus entry points, the virus programmer has abused a feature of Microsoft Windows software that was ripe to provide for more competitive Windows products.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

9.AppInit_DLLs: Are attatched to any launched application.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Window

10.SharedTaskScheduler - If any key exists in Task Scheduler programs automatically starts specific time,date you can delete directly in the registry

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

11:Common Startup locations( Folder Level ): You can directly delete programs in this location
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\{Username}\Start Menu\Programs\Startup

Editing windows registry is risk of without prior Incorrect Registry editing caused to completely hang up your operating system.

If you don't want to take risk, just just a program to quickly scan these keys and produce a list for you, you can use following programs . While you are at thease sites, you should browse some of the other excellent utilities.

1. Sysinternals Autoruns ( My favourite Programme and Recommended )
2. Source Forge Startaup Manager