|
|
Chris
regular
Reg'd: Thu
Posts: 682
Loc: Kent and the Pas-de-Calais
|
|
How can one find out what is being loaded and is running at startup? When I switch on my computer it starts to boot and various icons are put in the notification area and then the booting stops. All that happens then is that the hard disc light flashes at intervals of about one second for about a minute, or sometimes two minutes, and then the computer finishes booting. During the minute while the HD light is flashing the computer does not respond either to the mouse or the CTRL+ALT+DEL.
I have looked at the startup tab in MSCONFIG and nothing has changed there so is there another way of finding out what runs at startup. I think that some startup commands are in the registry but I don't know how to find them. Can anyone help, please?
|
|
BurrWalnut
Chippendaler
Reg'd: Tue
Posts: 3729
Loc: England
|
|
Chris
The items showing in msconfig Startup Tab are those found in a number of registry keys. Remember that services start up as well.
This is the actual startup sequence, starting immediately after boot.ini has been read and ending with the program shortcut entries in Start > All Programs > Startup.
1.HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
2.Services are started
3.User may enter a password to logon to the system
4.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
5.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Programs in registry keys for ALL USERS start next:
6.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
7.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
8.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Programs in registry keys for CURRENT USER start next:
9.HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
10.HKCU\Software\Microsoft\Windows\CurrentVersion\Run
11.HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
12.Programs in STARTUP FOLDER(S) are started last of all
In the x64 (64-bit) versions, there is a branch (Wow6432Node) where the entries for x86 (32-bit) software are stored.
Number 4 above points to the program C:\WINDOWS\system32\userinit.exe and the entry ends in a comma. This allows other programs to start from this key by appending them and separating them with a comma. A popular hiding place for malware!
Number 5 should contain one entry explorer.exe.
Important programs like antivirus and firewall start as Services. The icons that appear in the Notification Area (bottom right of screen) are just their user interfaces, i.e. user options/preferences.
--------------------
The Chippendale Society
|
Chris
regular
Reg'd: Thu
Posts: 682
Loc: Kent and the Pas-de-Calais
|
|
Thanks BurrWalnut, I have had a look at the registry keys and all that is there are the things that appear in the notification area. I recently installed A-squared anti malware and I think it must be this program checking the system although there don't seem to be any options in the program to make it do this or to make it not do it.
Thanks again
Chris
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
