How to Add Programs to Startup in Windows 10

Launch your favorite apps every time you boot up

What to Know

• Open the Run dialog box, enter shell:startup, then right-click inside the Startup folder and select New >Shortcut to add a program.
• If you can’t find the app, enter shell:appsfolder in the Run dialog box, then drag apps from that folder into the Startup folder.
• Some apps offer a ‘run at startup’ option, which is an easier way to add a program to startup in Windows 10.

This article explains how to add a program to startup in Windows 10. Applications that are designated as startup programs are launched as Windows 10 boots.

How to Add Programs to Startup in Windows 10

You can enable or disable apps from running on startup in the App Startup Control Panel and the taskbar, but the only place you can add new startup programs is through the startup folder.

Some modern apps have a ‘run at startup’ capability built into their options. If your app has that option, then turning it on is a lot easier than the following method, which is designed to work with all programs.

Press the Windows key + R to open the run dialog box.

Type shell:startup in the run dialog box and press Enter on your keyboard.

Right click in the startup folder and click New.

Click Shortcut.

Type the location of the program if you know it, or click Browse to locate the program on your computer.

If you can’t find your app, try opening the run dialog box back up and typing shell:appsfolder. You can drag any app from that folder into the startup folder to instantly create a shortcut.

Click Next.

Type a name for the shortcut, and click Finish.

Create additional links for any other programs you want to run automatically when Windows starts.

Restart your computer, and the new programs will launch automatically.

What Is the Windows Startup Folder?

The Windows startup folder is a folder that Windows looks in for programs to run every time it starts. This was the only way to manage startup programs in older versions of Windows. Adding a program shortcut causes that program to launch when Windows starts, and removing a program shortcut stops it from launching when Windows starts.

While Windows 10 has moved to the newer app startup control panel as the primary way to manage which apps, the startup folder remains the best way for users to add their own startup programs.

Drawbacks to Adding Programs to the Startup Folder in Windows 10

The benefits of adding programs you use every day to the Windows 10 startup folder are obvious. Instead of waiting for Windows to start up and then manually clicking on everything you launch every day, all you have to do is turn your computer on and wait for everything to load.

The issue is that it takes time for programs to load along with Windows, and every program you load takes up resources like memory and processor power. Load too many unnecessary programs, and you’ll find that Windows 10 starts slow and may even remain sluggish after loading everything.

If you change your mind about programs you’ve added to the startup folder, you can simply delete the shortcuts to prevent those programs from launching whenever you turn on your computer. You can also change startup programs in Windows 10 using the task manager or the startup app control panel.

What to Do If You Have Too Many Windows 10 Startup Programs

If you have some essential programs that you use for work every day, or you mainly use your computer to play a specific game, try adding the programs that are important to you and then removing programs you don’t ever use.

Your computer probably came with bloatware you never actually use, and applications are often set to run when Windows starts up even if you don’t want them to. Disable those startup programs, add the ones you want, and you’ll enjoy both convenience and faster startup times.

This website is no longer maintained
All malware intelligence has been integrated into Malwarebytes products
The site will be closing down and will no longer be available from September 22nd, 2021

INTRODUCTION

START-UP APPLICATIONS
DO YOU REALLY NEED ALL OF THEM?

Last database update :- 31st March, 2020
53816 listed

Concerned about why your Windows 10/8/7/Vista/XP PC takes so long to boot when you switch it on? One of the main reasons is due to the number of programs that run at system startup — and this is the place for you to identify and disable them. Such programs typically (but not always) include an icon in the System Tray in the bottom right-hand corner of the screen — next to the clock. The intention of these pages is to provide a central resource for PC users and Tech Support staff alike and the following information is provided:

• Background to the problem
• Techniques that can be used to identify and disable start-up programs from running
• A comprehensive list of programs that are loaded at start-up
• A request for additional programs or updated information

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

If you are a regular visitor, click here to go straight to the PROGRAMS

E-mails received with an attachment from a pacs-portal.co.uk address are not from this site — unless advised otherwise. Such emails are most likely due to somebody else’s PC being infected with a VIRUS which spoofs valid E-mail addresses.

WHAT IS THE PROBLEM?

Virtually all applications you install using the default installation these days decide that they should start-up when Windows starts. If you allow these to take control, you can end up with a situation where (unless you have sufficient memory installed) every other program slows down to be unusable.

The reason for this is that all of these programs use a portion of the system memory and resources which leaves a smaller percentage for other programs once they’re opened. On an older system, for example, prior to tweaking we had 33 programs running at start-up with the system resources at 59% and Windows took an age before it was ready for use. Post tweaking we had a mere 10, with system resources back to 92% and Windows was up and running within a minute.

For example, if you regularly take part in online gaming or do a lot of graphics or video editing then resources and memory are normally at a premium. Examples of programs that use up part of system memory and aren’t really required (for most users) are:

• Updaters for products which aren’t changed that often and can be run manually
• Mobile phone management/synchronization utilities — only required if you plug in your phone most days but they’re normally available via the Start menu
• Photo management «media watchers» — these wait in the background for you to insert a memory stick (or camera) with images on and then offer to add them to your album software (such as Adobe Photo Downloader)
• Ink level (or similar) monitors for printers — you can normally tell if the ink level is low and it doesn’t run out often

HOW CAN I IDENTIFY THESE PROGRAMS?

Before we can prevent these programs from running at start-up and therefore using up system resources we have to identify them. There are a number of methods that can be used and we will accept new entries to the database from any of these. Specific details are provided for some of them below and the operating systems they apply to. All of these can also be used to disable programs from starting and are included in the appropriate section below.

Note — if your User Account is «Standard» (Windows 10/8), «Standard User» (Windows 7), «Standard Account» (Vista) or «Limited account» (XP) you may only have limited access to some of these utilities and will need administrator privileges.

• For Windows 10/8.1: Logo key/button and type «User Accounts«
• For Windows 8: Logo key/button and type «Control Panel» and select «User Accounts and Family Safety» → User Accounts
• For Windows 7/Vista/XP: click Start → Control Panel → User Accounts and Family Safety → User Accounts

Click on any of the thumbnails shown below and they will open full-size in another window.

Autoruns — Windows 10/8/7/Vista/XP

With the introduction of Windows 7, Microsoft recommended using Autoruns for controlling which programs run when your computer starts and we still recommend using it for Windows 10/8. Autoruns is a free utility developed by SysInternals and has now been taken under the Microsoft TechNet umbrella.

To use it to identify start-up programs do the following:

1. Autoruns requires no installation, so go to the directory where it’s located
   • For Windows 10/8.1: Logo key/button and type «This PC«
   • For Windows 8: Logo key/button and type «Computer«
   • For Windows 7/Vista/XP: Start → My Computer
2. Double-click on Autoruns.exe to run it
3. Select the Logon tab
4. If you highlight an entry further details are shown at bottom of the window:

Autoruns

The fields we’re interested (which you can copy and paste) in are:

• Autorun Entry
• Description
• Image Path (i.e., location)
• Startup Type (i.e., the highlighted entry that contains the start-up such as «HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run»)

With older versions of Autoruns you could also export the output as a text file — but unfortunately this option is no longer available.

If you right-click on an entry and select Jump to. from the options it will open the location of the Startup Type. For example, if the registry editor is opened you will see a list of items and the 2 columns we’re interested in are Name and Data.

Registry Editor

Task Manager — Windows 10/8

With Windows 10/8, Microsoft moved the management of startup programs from the «System Configuration Utility» (aka MSConfig) to Task Manager. To use it to identify start-up programs do the following:

1. Hit CTRL+SHIFT+ESC
2. If the Startup tab isn’t visible, click on More details and select it
3. Select the Startup tab and a window similar to the one on the left below will be shown. Right-click on any of the column headings and add Startup type and Command Line so you get a window similar to the one on the right:

Fig.1	Fig.2

Note that you can expand the width of each column by holding down the left mouse button with the cursor on the vertical line between the column headings and then dragging the mouse either left or right before releasing. You can also double-click on the vertical line between two column headings to maximize the column width.

The columns we’re interested in are:

• Name
• Startup type
• Command line

Unfortunately, although the Startup type states whether an entry loads via a startup folder or the registry it doesn’t indicate the exact loading point — which is why we recommend Autoruns.

Note: You may also see some entries with a small arrow before the Name and a number in (). This indicates that the entry loads other daughter processes which would not appear in Autoruns under the «Logon» tab. A typical example found on Intel based systems would be Delayed Launcher for which the command line shows that it uses the file IAStorIconLauch.exe to load the file IAStorIcon.exe. Left click on the arrow by the name and you’ll see 2 sub-entries, the first one being a repeat of the Delayed Launcher one and the second being the actual IAStorIcon.exe file which was loaded and is now running.

MSConfig — Windows 7/Vista/XP

You can also use the «System Configuration Utility» (referred to as MSConfig from now on) to identify startup programs. MSConfig is available for Windows 7/Vista/XP.

To use it to identify start-up programs do the following:

1. Click Start → Run
2. In the Open box type msconfig and then click on OK or press Enter
3. Select the Startup tab and a window will be shown similar to one of those below:

Windows 7	Vista	XP

Note that with all of these you can expand the width of each column by holding down the left mouse button with the cursor on the vertical line between the column headings and then dragging the mouse either left or right before releasing. You can also double-click on the vertical line between two column headings to maximize the column width.

The columns we’re interested in are:

• Startup Item
• Command
• Location

Windows Defender — Windows Vista/XP

Until the introduction of Windows 7, Microsoft recommended using Windows Defender (or the registry) on systems running Vista or XP for controlling which programs run when your computer starts. This utility is included by default with Vista and can be downloaded for XP from here.

To use it to identify start-up programs do the following:

1. Click Start → All Programs → Windows Defender
2. Click Tools → Software Explorer
3. Select Startup Programs under Category and a window will be shown similar to one of those below
4. Click on each entry under the Name column to reveal the details for that entry

Vista	XP

The fields we’re interested (which you can copy and paste) in are:

• Display Name (this is also shown in the Name column on the left of the window)
• Startup Value
• Startup Type
• Location

WinPatrol — Windows 10/8/7/Vista/XP

Previously on this page we’ve suggested using the excellent HijackThis (originally by Merijn Bellekom) but now available on SourceForge. There is still a tutorial available and we’re interested in the O4 and F0-F3 sections. A number of sites run dedicated forums for HijackThis™ users who are interested in the other entries.

However, HijackThis doesn’t support current 64-bit operating systems like Windows 10/8/7 — as some of the registry «Run» keys aren’t shown. For this reason we now suggest using WinPatrol by BillP Studios which includes these.

WinPatrol — Startups	WinPatrol — Options

1. Once installed, run WinPatrol (if it isn’t already set by default to run in the background) and select the Options tab
2. From the available options, select Hijack Log and the file HijackPatrol.log will be created and opened (which you can save to another location — the default is C:\)
3. Copy the «04» entries and if there are any that are not already in the database then send them to us
4. You can also select WinPatrol Log and the file WinPatrolLog.html will be created and opened (which again you can save to another location — the default is C:\)
5. Copy the information from the Startup Programs section and send it to us

Finally, you can also use one of the many other startup managers available.

NOTES

Naming conventions: The same start-up program can be listed differently depending upon which method you use from those above and which operating system you have. Take the example for the file «fpassist.exe» from the screenshots above:

File Properties

• From Autoruns or Windows 10/8 Task Manager, right-click on an entry and select Properties
• For Windows 7/Vista/XP open the target file location, right-click on the target file and select Properties
• In both cases this will open a window similar to the one above. Select the Details tab and use it in conjuction with the table below:

Method	Name	Source
Autoruns (Autorun entry)	FreePDF Assistant	Registry key «Name»
WinPatrol	FreePDF Assistant	Registry key «Name»
Windows 10/8 Task Manager	FreePDF Assistent für FreePDF3	File properties «Description»
MSConfig (Windows 7/Vista)	FreePDF_Assistant	File properties «Product Name»
MSConfig (XP)	fpassist	First part of filename
Registry Editor	FreePDF Assistant	Registry key «Name»
Windows Defender	FreePDF_Assistant	«Display Name»

From the example above, it may look like Vista’s MSConfig and Windows Defender use the same information but they don’t. Have a look at the entry for sidebar.exe if you have it running on your Vista PC. For MSConfig it’s shown as Microsoft Windows Operating System whereas for Windows Defender it’s Microsoft Windows Sidebar. Therefore, a single program could have as many as 4 different entries in the database.

As XP uses the first part of the filename and some of these are fairly common this will only be included if it’s unique. Take the filename update.exe for example. In the database there are a number of entries, a few of which are in the U or Y category. In this case the same description would have to cover all possibilities — which is not really feasible.

Tasks: The database is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) «Processes» tab. This displays some startup programs AND other background tasks and «Services». These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an «X» recommendation, please check whether it’s in the registry or common startup locations first. An example would be «svchost.exe» — which doesn’t appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don’t do anything.

Services: «Services» from the Windows 10/8/7/Vista/XP operating systems aren’t included here. We fully understand that some programs «Services» as an alternative to load their component parts at startup but we don’t currently have the time available to include these as well. We recommend you try the following sites for information on services for the relevant operating system:

Malware: Entries in the program list attributed to malware are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that malware often uses — such as «svchost» for example.

HOW CAN I DISABLE THEM FROM RUNNING AT START-UP?

After identifying an entry and checking with the database, decide whether you want to prevent it from running at start-up or not. For example, if the entry is related to your anti-virus protection software, part of an application that won’t run correctly without it or part of a program that you use all the time then you want to leave it enabled. Otherwise, you can probably leave them disabled and use the shortcut in the start menu or on the desktop and if necessary, create your own.

If, after checking the database, an entry appears to be virus, spyware or otherwise malware related, check it with your security software first as it may be able to remove it. If you are suspicious and your security software doesn’t pick up anything, look at the filename and the entry in the registry in particular. Filenames can be the same as real system files (but in a different location), very similar or random. Entries under the Name column in the registry will often appear to be valid and be particularly suspicious if a system file appears there under the Data column. Finally, if your still suspicious try an on-line or on-demand scanner such as those from VirusTotal, Bitdefender or Trend Micro.

A number of methods can be prevent programs from running at startup. What these are how you use them is described here. Our recommendations are that you try each of the methods listed below in that order. Each method has an indication of which Windows operating system it is applicable to.

1) Using a program’s own configuration options — Windows 10/8/7/Vista/XP

The best method is to check if a program gives you an option to disable the function you’re interested in — via a right-click on a System Tray icon or maybe an «options» menu within the program. If this isn’t available then you have to try something else.

For example, the popular Skype internet telephony/chat program can be disabled via Tools → Options → General Settings → deselect «Start Skype when I start Windows».

2) Windows StartUp folder — Windows 10/8/7/Vista/XP

If you click on Start → All Programs → StartUp (Windows 7/Vista/XP) you may find programs loading from here via shortcuts (whilst there’s no direct equivalent for Windows 10/8 the information below is still relevant as the locations still exist). If this is the case, you have two options:-

• Delete the shortcut from the StartUp directory (based on your OS):
  • Windows 10/8/7/Vista
    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Note — this directory is hidden by default)
    • C:\Users\ \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  • XP
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    • C:\Documents and Settings\ \Start Menu\Programs\Startup
• Create a temporary directory for your OS called «Disabled StartUp Programs» and move the shortcuts there. If a program doesn’t work as expected you can always move the relevant shortcut back again
  • Windows 10/8/7/Vista — C:\ProgramData\Microsoft\Windows\Start Menu\Programs
  • XP — C:\Documents and Settings\All Users\Start Menu\Programs

3) Autoruns — Windows 10/8/7/Vista/XP

As stated above, we currently recommend using Autoruns for controlling which programs run when your computer starts. Autoruns will make the changes to the registry you need and provide a recovery mechanism.

To use it to prevent start-up programs from running do the following:

1. Go to the directory where it’s located
   • For Windows 10/8.1: Logo key/button and type «This PC«
   • For Windows 8: Logo key/button and type «Computer«
   • For Windows 7/Vista/XP: Start → My Computer
2. Double-click on Autoruns.exe to run it
3. Select the Logon tab
4. Locate the start-up entry you want to disable and click on the box beside it to «un-tick» it and disable it
5. If there is an option within a program to disable parts of it running at start-up (see here) and you don’t use that method to disable them, you may find they are re-added as new entries in Autoruns the next time the program runs

Some entries may be re-instated even if disabled by Autoruns — either on the next reboot or the next time they’re run. In this case it’s best to re-enable them and leave them as is.

4) Task Manager — Windows 10/8

To use it to manage start-up programs do the following:

1. Hit CTRL+SHIFT+ESC
2. If the Startup tab isn’t visible, click on More details and select it
3. Select the Startup tab
4. Select the entry you want to and then Disable

• Some entries may be re-instated even if disabled by Task Manager — either on the next reboot or the next time they’re run. In this case it’s best to re-enable them and leave them as is
• If you disable an entry in Task Manager and then run Autoruns the entry will still be shown as enabled — but it doesn’t actually run

5) System Configuration Utility (MSConfig) — Windows 7/Vista/XP

Note that Microsoft don’t advocate the use of MSConfig for controlling which programs run when your computer starts:

• For Windows 7:- «System Configuration is intended to find and isolate problems, but it’s not meant as a startup management program»
• For Vista:- «The System Configuration utility finds and isolates issues. However, it is not a startup management program.»
• For XP:- «The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts.»

To use it to manage start-up programs do the following:

1. Click Start → Run
2. In the Open box type msconfig and then click on OK or press Enter
3. Select the Startup tab
4. Locate the start-up entry you want to disable and click on the «tick» in the box beside it to disable it
5. Click OK and Fig.3 below will appear. If you choose not to restart the changes will occur the next time you re-boot
6. When you have deselected an item in MSConfig, you will be starting in «Selective startup» mode. This can be seen under the «General» tab and is perfectly normal if you’ve disabled an entry. Warning: If you subsequently decide to choose «Normal startup«, all disabled items will be re-enabled (Fig.4 below)

Fig.3	Fig.4

Notes:

• Some disabled items may disappear from MSConfig when you re-start Windows
• If there is an option within a program to disable parts of it running at start-up (see here) and you don’t use that method to disable them, you may find they are re-added as new entries in MSConfig the next time the program runs
• Some entries may be re-instated even if disabled by MSConfig — either on the next reboot or the next time they’re run. In this case it’s best to re-enable them and leave them as is

6) Windows Defender — Windows Vista/XP

Microsoft used to recommend using Windows Defender (or the registry) on systems running Vista or XP for controlling which programs run when your computer starts and it still can be used on those systems.

To use it to prevent start-up programs from running do the following:

1. Click Start → All Programs → Windows Defender
2. Click Tools → Software Explorer
3. Click on the application name in the Name column that you want to disable and then click Disable
4. Note that you also have to click on Show for all users (if present) before being able to select Disable
5. If there is an option within a program to disable parts of it running at start-up (see here) and you don’t use that method to disable them, you may find they are re-added as new entries in Windows Defender the next time the program runs
6. Some entries may be re-instated even if disabled by Windows Defender — either on the next reboot or the next time they’re run. In this case it’s best to re-enable them and leave them as is

7) Use a 3rd party utility to control start-up programs — Windows 10/8/7/Vista/XP

There are a number of commercial, shareware and freeware programs widely available to manage start-up program — some of them packaged with other optimization utilities. Each can identify what programs are running at startup and allow you to control them to differing degrees.

8) Registry Editor — Windows 10/8/7/Vista/XP

You can both disable and permanently stop programs from running during start-up by editing the relevant entries from the System Registry using the Registry Editor. This option isn’t for the faint hearted and should only be used by those who are comfortable with editing the System Registry and understand what implications any changes may have. If you delete something from the System Registry accidentally, it may be corrupted to the extent that Windows may not re-start at all so beware.

For information about the Windows registry and editing it’s contents try the guide here

To use it to manage start-up programs do the following:

• For Windows 10/8: Logo key/button and type «regedit.exe«
• For Windows 7/Vista/XP: Start → Run. In the Open box type regedit and then click on OK or press Enter

The most common keys you’re interested in are as follows:-

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices (mainly used on older OS’s and by malware)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce (mainly used on older OS’s and by malware)
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce (mainly used on older OS’s and by malware)

For Windows 64-bit users you may also find entries listed under the following keys:-

Occasionally the following keys will also be used — primarily by malware:-

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run

You will also see entries under:-

HKEY_USERS\S-1-5-21-[user specific]\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\S-1-5-21-[user specific]\Software\Microsoft\Windows\CurrentVersion\RunOnce

where [user specific] is a series of alphanumeric numbers unique to each user. These entries here are normally the same as those for the equivalent HKCU keys but malware can also use them.

HKLM refers to HKEY_LOCAL_MACHINE
HKCU refers to HKEY_CURRENT_USER

If you want to read more about these registry keys and how they play a part in system start-up, we can suggest the following articles:

For Windows 7/Vista/XP disabled entries are kept as follows:

• For items that were in the Start → Programs → Startup folder: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
• For items loaded from the Registry: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
• In both cases you’ll find a subkey for each disabled item.

For Windows 10/8 we don’t currently know the equivalent.

9) Other common loading points

Prior to the Windows NT based operating systems (Windows 10/8/7/Vista/XP), the WIN.INI and SYSTEM.INI files located in C:\Windows could be used to load programs but now these have equivalent entry points in the registry — four of which are often used by malware.

If you look at the Autoruns screenshot above you will see that there are two valid entries that are always present:

• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = C:\Windows\system32\userinit.exe
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell = explorer.exe

In addition the following are entry points are legitimate, but typically only used by malware:

• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman
• HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows, load
• HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows, run

Examples of malware that uses these entry points are::

• Trojan.DownLoader10.59211 — modifies the legitimate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit value data to append the file «nvsvcv.exe» which is located in %Temp%
• Trojan.StartPage.44997 — modifies the legitimate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell value data to append the file «eksplorasi.exe» which is located in %Windir%
• RDN/Ransom!ec — modifies the legitimate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell value data to append the file «htcudrivers.exe» which is located in %AppData% — and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell entry pointing to the same file
• Win32/Bflient.K — adds HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman which loads the file «sjlp.exe» which is located in %AppData%
• RDN/Generic.bfr!fi — modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows, load value data to run the file «mwbatt.exe» which is located in %AppData%\powerm — and also adds an illegal HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load entry pointing to the same file
• BackDoor-CQ.svr — modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows, run value data to run the file «winprot.exe» which is located in %Windir%\system

Note:

If you use HijackThis the F0-F3 sections include entries related to the WIN.INI and SYSTEM.INI files and equivalent registry entries — see here for more information. An example malware entry could be:

F2 — REG:system.ini: Shell=Explorer.exe init32m.exe

This relates to the Troj/Dlsw-B trojan, which has the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell = Explorer.exe init32m.exe

THE PROGRAMS

If you’re a regular visitor and just need to know what program entries have changed in the full list consult the Monthly Updates.

Please refer to the on-line databases and try to decide for yourself before asking which of your programs should be disabled. If you are still having problems deciding then by all means ask about those specific entries.

If you have some kind of internet filtering software installed some of these pages may not display due to the unfortunate use of certain names by some of the entries. This cannot be helped if the information provided is to be accurate.

• Database — searchable database of startup programs with recommendations and descriptions
• Detailed entries — some (and in time it is hoped all) of the entries in the database have individual pages giving extra detail such as how they are listed in MSConfig and HijackThis (HJT) log examples
• Conciselist — simple list without search facility for search engine cache purposes

Entries in the tables highlighted with a ? and those in red indicate that they are unfinished. This may be due to:

• Missing information
• Functionality unknown
• Functionality known but whether it’s needed at start-up is unknown

For the foreseeable future we’ll be verifying many of the Y, U, N & ? entries via virtual machines. If you can help fill in the missing information then please E-mail us (startups_at_pacs-portal.co.uk). In particular, if you can verify or identify those entries that are hardware specific — such as laptops, motherboards and graphics cards — we’re particularly interested as we obviously don’t have access to these.

There are an ever-increasing number of rogue security products (including anti-virus, anti-spyware and privacy tools) appearing now such as the WinAntiVirus and WinAntiSpyware series — which use scare tactics or false warnings to trick the user into installing and paying for these poor quality products. Many of the removal guides for these rogues in the database use MalwareBytes, which incorporates the functionality from their now discontinued RogueRemover products:

NEW & UPDATED ENTRIES

PLEASE READ THIS before submitting new programs to be added to the list. Submissions can be made via E-mail (startups_at_pacs-portal.co.uk).

The following information would be useful:

• Autorun Entry (Autoruns), Name (Windows 10/8 Task Manager or Registry), Startup Item (MSConfig), Display Name (Windows Defender) or Title (WinPatrol) rather than «Command» or » .exe»
• File name: This is the actual file loaded at start-up by the entry above. If possible include the location of the file as well
• Description: If you know what the program does then please include a simple description, referring to a host web-site if known. You can also use Start → Search (or Find) to locate the executable on your PC and
  • Note the folder it’s in
  • See if there’s a «readme» file or similar
  • Right-click on the executable and check the «properties» for its name and who wrote it
• Is it needed: There are 4 options available
  • If the program must run at start up for correct operation the answer is Yes
  • If it’s optional and could be useful the answer is User’s Choice
  • If it’s not needed at all or can be accessed via Start → Programs or a Desktop Shortcut the answer is No
  • If it’s known to be a wasteful «resource hog», spyware or a virus the answer is Ditch It

OFF-SITE LINKS

Please be aware that any of the links below will open a new browser window.

Collaboration:

The following site hosts their own startup programs database, contributes to the database hosted here and adds their own entries:

Other Startup Links:

The following sites proved very useful when creating this site:

Useful adware/spyware links:

Counterexploitation — «Actively protect your rights. Do not let the Man keep you down. Do what is good and right, not what some authority figure tells you is good and right. Challenge the belief systems of yourself and your society. Stay informed and keep others informed. Use logic and reason for positive social change. And above all, don’t take crap from anybody!» Good site for learning more about spyware, other silent install apps and «craputers». Slightly controversial in places but useful resource.

Darnit — Sandra Hardmeier is one Microsoft’s Most Valued Professionals (MVP) and this page on her site is dedicated to spyware/adware/malware, hijackers and other annoyances

Spyware Warrior — «Here you’ll find a wealth of resources to help you fight spyware and adware» — including their list of rogue/suspect anti-spyware programs. Not updated since 2006 but still relevant

SpywareGuide — «is the leading public reference site for spyware and greynet research, details about spyware, adware and greynet applications and their behaviours, all compiled in an extensive updated database»

TESTIMONIALS

RECOMMENDED BY:

Here are just a small sample of the comments received over the years from visitors who have found the site and list useful:

«Just wanted to let you know that I’ve come across your startup applications page and think you’ve done a fantastic job in putting such a comprehensive list together.» — Matt

«THANK YOU SOOOO MUCH for providing this website and it’s incredibly useful information. I have long wanted to clean up my start up but didn’t know what all that «jibberish» stood for. I was afraid to do anything and tolerated my so very slow start up.» — Chris E

«I think the startup list you made is a great resource, it’s not the first time I found it useful while trying to eliminate a suspicious task. Great job!» — Zoltan

«Thanks for providing such a great resource—I use your startup list all the time, and it has saved my computer from countless unnecessary memory-hogs. Keep up the good work.» — Steve K

«Great site! Microsoft referred me to you!! Have a pint on me.» — Thomas P

Copyright © Pacman’s Portal, 2001 — 2020
Powered by Malwarebytes
All rights reserved