Connect with us

Hi, what are you looking for?

Computer Tutorials

Windows Startup Locations

Most Windows startup locations are in the registry, but there are others as well. Some easy to find, others not.

Windows certainly has a lot of places that it looks to load things on startup. Most Windows startup locations are in the registry, but there are others as well. Some easy to find, others not.

The first, fastest, and easiest would be under Start->Programs->StartUp. Anything in that folder will be loaded when Windows boots. Many legitimate programs use this location because it’s easy to edit if you decide you don’t want it to load.

Autoexec.bat & Config.sys. While archaic and outdated, Windows 95, 98, and ME all will load things from these ancient DOS relics. Generally speaking, you don’t need them. At all. Just rename the files to Autoexec.bkp and config.bkp. That way you’ll have them if you need them. Which you probably won’t.

WindowsWin.ini look in here for a run= or load= line. Anything on that line will be executed.

The Registry… This is where it gets fun. Windows stores virtually all it’s settings in here, and so it makes sense that it would have a startup location in there as well. Well it does. Tons of them. Here is a list of keys to check:

General Startup

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceEx
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceSetup

Advertisement. Scroll to continue reading.
AIAD

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce

In the following key, older Windows will have the actual username within it, whereas XP and the like will have a goofey looking #. Just look in all of the directories in here to make sure that when another profile is loaded it doesn’t start anything you don’t want it to.

HKEY_USERS*User*SoftwareMicrosoftWindowsCurrentVersionRun

Explorer run – These are usually used to load programs as part of a policy

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun

UserInit – This tells Windows what to run when a user logs on

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonUserinit

Advertisement. Scroll to continue reading.
AIAD

AppInit_DLLs – I believe this is only in NT, 2000, and XP, but this one you may want to keep an eye on.

The “Only the best” browser hijacker uses this one.

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows

Load – Not used too much, but Windows will load from it nonetheless

HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindowsload

A couple more

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoaddows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler

Advertisement. Scroll to continue reading.
AIAD

And, finally, here are some other files Windows will look at:

windowswininit.ini
windowssystem.ini – [boot] – “shell”
windowssystem.ini – [boot] – “scrnsave.exe”
windowsdosstart.bat – Only in Win95 or 98 when you restart to MS-DOS mode
windowswinstart.bat
windowssystemautoexec.nt
windowssystemconfig.nt

90% of these locations are not used. However, the knowledge has come in handy more than once. Keep it under your hat. Still, though, msconfig is your friend.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

You May Also Like