Help get this topic noticed by sharing it on Twitter, Facebook, or email.
sarahkim (Official Rep) July 10, 2014 20:59

How to Manage Windows 7 Startup Programs

Learn to control automatic launching of applications with this handy excerpt from David A. Karp's Windows 7 Annoyances.

The Startup folder in the Start menu is where most people go if they want Windows to start an application automatically when it boots. Just drag a shortcut to the program into the folder, and Windows will do the rest. Or, delete an existing shortcut to stop a program from loading at boot time.

Trouble is, there are many ways apart from the Startup folder to configure startup programs, and if you’re trying to solve a problem or just reduce boot times, you need to look at them all. To see them all in one place, open the System Configuration tool (msconfig.exe) and choose the Startup tab. Uncheck any programs you’d rather not have running, and click Apply. Also available is the free Autoruns tool (http://technet.micro...s/bb963902.aspx), which, among other things, has a command-line tool you can use to make changes when Windows won’t start.

Here are all the places Windows looks for startup items:

Startup folders

There are actually two of these on your hard disk, but shortcuts in both places show up in the Startup menu (under All Programs in your Start menu). If you have a lot of cleanup to do, you’ll find it’s easier to open Windows Explorer than to repeatedly open the Start menu. First, your personal Startup folder is located here:

C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

and programs listed therein will load automatically when you first log in to your user account. Next, the “All Users” Startup folder here:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
lists the programs to load automatically when anyone logs into your PC.

Registry

There are several places in the registry in which startup programs are specified. Installers add their programs to these keys for several reasons: to prevent tinkering, for more flexibility, or—in the case of viruses, Trojan horses, and spyware—to hide from plain view.

These keys contain startup programs for the current user (er, you):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

These keys contain startup programs for all users:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

And if you’re using 64-bit Windows, there also may be entries here:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

The naming of the keys should be self-explanatory. Programs referenced in either of the Run keys listed previously are run every time Windows starts, and are where you’ll find most of your startup programs. An entry referenced in one of the RunOnce keys is run only once and then removed from the key.

Other, less common places for startup programs to hide in your registry include:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\BootExecute

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Services

The Services window (services.msc) lists dozens of programs especially designed to run in the background. The advantage that services have over the other startup methods here is that they remain active even when no user is currently logged in. That way, for example, your web server can continue to serve web pages when the Welcome/Login screen is displayed.

By default, some services are configured to start automatically with Windows and others are not, and this distinction is made in the Startup Type column. Double-click any service and change the Startup type option to Automatic to have it start with Windows, or Disabled if you never want it to start automatically. You can even group all the automatic services together by clicking the Startup Type column to sort the list.

Note: Changing the Startup type for a service won’t load (start) or unload (stop) the service. Use the Start and Stop buttons on the toolbar of the Services window, or double-click a service and click Start or Stop. Unfortunately, there’s no way to delete a service from the Services window; for that, see the sidebar Delete a Service.

Scheduled Tasks

A program doesn’t have to be launched at boot time to be run automatically. The Scheduled Tasks tool can launch programs at any time. Check out the aforementioned Autoruns tool to see a concise list of all the programs Scheduled Tasks may launch.

Drivers

An oft-neglected category of programs run when Windows starts, device drivers can become infected with viruses just like any other executable. While it’s true that the 64-bit edition of Windows 7 won’t allow unsigned drivers, and altered code breaks digital signatures, it’s also true that an intact driver can launch a separate unsigned, infected program at any time.

Drivers that load with Windows can be found in Device Manager, as well as the Drivers tab of aforementioned Autoruns tool.

So, you’ve decided to scour your system for superfluous or dangerous startup programs, and you’ve encountered one you don’t recognize. Before you pull the plug on a particular entry, follow a few simple steps to find out what it’s for.

First, determine the executable file involved. For Startup folder items, right-click the shortcut icon and select Properties to uncover the program filename. On the Shortcut tab, click Open File Location to reveal the location of the file.

If it’s a Registry entry, the filename (and usually the full path) is shown in the Data column in the Run/RunOnce key. If there’s no folder path included, type the filename into Explorer’s Search box to find the containing folder, and be sure to look beyond the index.

Or if it’s a service, double-click the service and look at the Path to executable line under the General tab. Once you have the program filename, open Windows Explorer and navigate to the file’s location.

Note: Trying to track down a running program, but don’t know where it’s loaded? Open Windows Task Manager, choose the Processes tab, and click the Show processes from all running users button at the bottom. To show file and path names for running processes, open the View menu, click Select Columns, and turn on the Image Path Name option. Note that if the filename is svchost.exe, the entry represents a service.

Right-click the program executable, select Properties, and choose the Details tab to see the manufacturer name, product name, version number, etc. If there’s no Details tab, it means the file has no version information; although this situation is more common with viruses and malware than legitimate applications, it doesn’t necessarily point to malware.

If you’re still not sure what the program is for, yet antimalware and antivirus scans have declared it clean, fire up a web browser and search Google for the filename. In nearly all cases, you’ll find several references to the file’s purpose, and in the case of malware, how to remove it. Of course, many types of malware—particularly rootkits—mask their identities by adopting randomly generated filenames, so don’t expect helpful results for AJJDG91.EXE.

To disable a Startup folder shortcut without deleting it for good, just move it to a different folder. To disable a registry entry, create a Registry patch to back up the key, and then simply delete the offending entry. Or, use the aforementioned System Configuration tool (msconfig.exe), which backs up deactivated startup programs for easy reactivation later.

Reboot Windows to test your changes.

Delete a Service

Since a service can be turned off, Microsoft hasn’t felt the need to let users delete services outright from the Services window. But services can cause all sorts of problems, whether they’re unwanted add-ons to otherwise useful software, left behind by buggy uninstallers, or inserted surreptitiously by malware. So here’s how to remove a service once and for all.

Open the Services window (services.msc) and double-click the service you want to remove. Highlight the text next to Service name (the first entry under the General tab) and press Ctrl-C to copy the name to the clipboard.

Next, open a Command Prompt window in Administrator mode and type the following at the prompt:

sc delete "Rogue Service"

where Rogue Service (in quotes) is the name of the service you just copied. Press Enter, and if the removal was successful, you should see this message:

[SC] DeleteService SUCCESS

Return to the Services window and press F5 to refresh the list, and confirm the service is now gone.
1 person likes
this idea
+1
This topic is not open for comments or replies.