Windows certainly has a lot of places that it looks to load things on startup. Most Windows startup locations are in the registry, but there are others as well. Some easy to find, others not.
The first, fastest, and easiest would be under Start->Programs->StartUp. Anything in that folder will be loaded when Windows boots. Many legitimate programs use this location because it’s easy to edit if you decide you don’t want it to load.
Autoexec.bat & Config.sys. While archaic and outdated, Windows 95, 98, and ME all will load things from these ancient DOS relics. Generally speaking, you don’t need them. At all. Just rename the files to Autoexec.bkp and config.bkp. That way you’ll have them if you need them. Which you probably won’t.
WindowsWin.ini look in here for a run= or load= line. Anything on that line will be executed.
The Registry… This is where it gets fun. Windows stores virtually all it’s settings in here, and so it makes sense that it would have a startup location in there as well. Well it does. Tons of them. Here is a list of keys to check:
General Startup
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceEx
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceSetup
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
In the following key, older Windows will have the actual username within it, whereas XP and the like will have a goofey looking #. Just look in all of the directories in here to make sure that when another profile is loaded it doesn’t start anything you don’t want it to.
HKEY_USERS*User*SoftwareMicrosoftWindowsCurrentVersionRun
Explorer run – These are usually used to load programs as part of a policy
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
UserInit – This tells Windows what to run when a user logs on
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonUserinit
AppInit_DLLs – I believe this is only in NT, 2000, and XP, but this one you may want to keep an eye on.
The “Only the best” browser hijacker uses this one.
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows
Load – Not used too much, but Windows will load from it nonetheless
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindowsload
A couple more
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoaddows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler
And, finally, here are some other files Windows will look at:
windowswininit.ini
windowssystem.ini – [boot] – “shell”
windowssystem.ini – [boot] – “scrnsave.exe”
windowsdosstart.bat – Only in Win95 or 98 when you restart to MS-DOS mode
windowswinstart.bat
windowssystemautoexec.nt
windowssystemconfig.nt
90% of these locations are not used. However, the knowledge has come in handy more than once. Keep it under your hat. Still, though, msconfig is your friend.
You must be logged in to post a comment Login