You are on page 1of 13

START-UP APPLICATIONS DO YOU REALLY NEED ALL OF THEM?

INTRODUCTION
Last database update :- 29th February, 2012 25326 items listed Concerned about why your Windows 7/Vista/XP PC takes so long to boot when you switch it on? One of the main reasons is due to the number of programs that run at system startup - and this is the place for you to identify and disable them. Such programs typically (but not always) include an icon in the System Tray in the bottom right-hand corner of the screen next to the clock. The intention of these pages is to provide a central resource for PC users and Tech Support staff alike and the following information is provided:

Background to the problem Techniques that can be used to identify and disable start-up programs from running A comprehensive list of programs that are loaded at start-up A request for additional programs or updated information

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure. If you are a regular visitor, click here to go straight to the PROGRAMS NOTE: E-mails received with an attachment from a pacs-portal.co.uk address are not from this site unless advised otherwise. Such emails are most likely due to somebody else's PC being infected with a VIRUS which spoofs valid E-mail addresses.

WHAT IS THE PROBLEM?


Virtually all applications you install using the default installation these days decide that they should start-up when Windows starts. If you allow these to take control, you can end up with a situation where (unless you have sufficient memory installed) every other program slows down to be unusable. The reason for this is that all of these programs use a portion of the system memory and resources which leaves a smaller percentage for other programs once they're opened. On an older system, for example, prior to tweaking we had 33 programs running at start-up with the system resources at 59% and Windows took an age before it was ready for use. Post tweaking we had a mere 10, with system resources back to 92% and Windows was up and running within a minute.

For example, if you regularly take part in online gaming or do a lot of graphics or video editing then resources and memory are normally at a premium. Examples of programs that use up part of system memory and aren't really required (for most users) are:

Updaters for products such as Sun's Java package (SunJavaUpdateSched) and Adobe software (AdobeUpdater or AdobeUpdateManager) which aren't changed that often and can be run manually Mobile phone management/synchronization utilities - only required if you plug in your phone most days but they're normally available via the Start menu Photo management "media watchers" - these wait in the background for you to insert a memory stick (or camera) with images on and then offer to add them to your album software (such as Adobe Photo Downloader) Ink level (or similar) monitors for printers - you can normally tell if the ink level is low and it doesn't run out often

HOW CAN I IDENTIFY THESE PROGRAMS?


Before we can prevent these programs from running at start-up and therefore using up system resources we have to identify them. There are a number of methods that can be used and we will accept new entries to the database from any of these. Specific details are provided for some of them below and the operating systems they apply to. All of these can also be used to disable programs from starting and are included in the appropriate section below. Note - if your User Account (click Start Control Panel User Accounts) is a "Standard User" (Windows 7), "Standard Account" (Vista) or "Limited account" (XP) you may only have limited access to some of these utilities and will need administrator privileges.

AutoRuns - Windows 7/Vista/XP/2K/NT/Me/9x


With the introduction of Windows 7, Microsoft now recommends using AutoRuns for controlling which programs run when your computer starts. This utility can be downloaded from here. AutoRuns is a free utility developed by SysInternals and has now been taken under the Microsoft TechNet umbrella. To use it to identify start-up programs do the following: 1. AutoRuns requires no installation so click Start My Computer and move to the directory where it is located 2. Double-click on Autoruns.exe to run it 3. Select the Logon tab 4. If you highlight an entry further details are shown at bottom of the window: The fields We're interested (which you can copy and paste) in are:

Autorun Entry Image Path (i.e., location) Startup Type (i.e., the highlighted entry that contains the start-up such as "HKLM\Software\Microsoft\Windows\CurrentVersion\Run")

You can also export the output from AutoRuns as a text file - which we would also accept. Select File Export As..., note the location and save it as "AutoRuns.txt".

If you right-click on an entry and select Jump to... from the options it will open the location of the Startup Type. For example, if the registry editor is opened you will see a list of items and the 2 columns We're interested in are Name and Data.

MSConfig - Windows 7/Vista/XP/2K/Me/9x


You can also use the "System Configuration Utility" (referred to as MSConfig from now on) to identify startup programs. MSConfig is available for all Windows 7/Vista/XP/2K/Me/9x users (9x/2K users can use the respective versions from here). To use it to identify start-up programs do the following: 1. Click Start Run 2. In the Open box type msconfig and then click on OK or press Enter 3. Select the Startup tab and a window will be shown similar to one of those below (click on the thumbnail and it will open full-size in another window) Note that with all of these you can expand the width of each column by holding down the left mouse button with the cursor on the vertical line between the column headings (where applicable) and then dragging the mouse either left or right before releasing. With the Windows 7, Vista and XP versions (for which the window cannot be re-sized) you can also double-click on the vertical line between two column headings to maximize the column width. The columns We're interested in are:

Startup Item (Windows 7/Vista/XP) or Name (ME) Command Location

For Win98 the columns aren't named but the one on the left is the equivalent of "Name" and the one on the right is the equivalent of "Command".

Windows Defender - Windows Vista/XP


Until the introduction of Windows 7, Microsoft recommended using Windows Defender (or the registry) on systems running Vista or XP for controlling which programs run when your computer starts. This utility is included by default with Vista and can be downloaded for XP from here. To use it to identify start-up programs do the following: 1. Click Start All Programs Windows Defender 2. Click Tools Software Explorer 3. Select Startup Programs under Category and a window will be shown similar to one of those below (click on the thumbnail and it will open full-size in another window) 4. Click on each entry under the Name column to reveal the details for that entry

The fields We're interested (which you can copy and paste) in are:

Display Name (this is also shown in the Name column on the left of the window) Startup Value Startup Type Location

HijackThis - Windows 7/Vista/XP/2K/Me/98


You can also use the excellent HijackThis (originally by Merijn Bellekom) but now owned by Trend Micro. Read the tutorial and We're interested in the O4 and F0-F3 sections. A number of sites run dedicated forums for HijackThis users who are interested in the other entries. To use it to identify start-up programs do the following: Click Start All Programs HijackThis ? HijackThis From the available options, select "Do a system scan and save a logfile" The results of the scan will be opened as a text file called "hijackthis.log" Copy the "04" entries and if there are any that are not already in the database then send them to us 5. Copy the "F0-F3" entries and if there are any that are not already in the database then send them to us (see the sections on SYSTEM.INI and WIN.INI below for more information) Finally, you can also use a startup manager. 1. 2. 3. 4.

NOTES
Naming conventions: The same start-up program can be listed differently depending upon which method you use from those above and which operating system you have. Take the Method AutoRuns (Autorun entry) HijackThis Source Adobe Reader Speed Launcher Registry key "Name" Adobe Reader Speed Launcher Registry key "Name" MSConfig (Windows 7/Vista) Adobe Acrobat File properties "Product Name" MSConfig (XP) First part of filename Reader_sl Registry Editor Adobe Reader Speed Launcher Registry key "Name" Windows Defender "Display Name" Adobe Acrobat example for the file "Reader_sl.exe" from the screenshots above: From the example above, it may look like Vista's MSConfig and Windows Defender use the same information but they don't. Have a look at the entry for sidebar.exe if you have it running on your Vista PC. For MSConfig it's shown as Microsoft Windows Operating System whereas for Windows Defender it's Microsoft Windows Sidebar. Therefore, a single program could have as many as 4 different entries in the database. Name

As XP uses the first part of the filename and some of these are fairly common this will only be included if it's unique. Take the filename update.exe for example. In the database there are a number of entries, a few of which are in the U or Y category. In this case the same description would have to cover all possibilities - which is not really feasible. Tasks: The database is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL). These display some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything. Services: "Services" from the Windows 7/Vista/XP/2K/NT operating systems aren't included here. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but we don't currently have the time available to include these as well. We recommend you try the following sites for information on services for the relevant operating system:

Windows 7: BlackViper Windows Vista: BlackViper & ITsVista Windows XP: BlackViper, TechSpot & The Elder Geek Windows 2000: BlackViper & TechSpot

Viruses: Entries in the program list attributed to viruses are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost" for example.

HOW CAN I DISABLE THEM FROM RUNNING AT START-UP?


After identifying an entry and checking with the database, decide whether you want to prevent it from running at start-up or not. For example, if it's related to your anti-virus protection software, the application won't run correctly without it or a program you use all the time then you want to leave it enabled. Otherwise, you can probably leave them disabled and use the shortcut in the start menu or on the desktop and if necessary, create your own. If, after checking the database, an entry appears to be virus, spyware or otherwise malware related, check it with your security software first as it may be able to remove it. If you are suspicious and your security software doesn't pick up anything, look at the filename and the entry in the registry in particular. Filenames can be the same as real system files (but in a different location), very similar or random. Entries under the Name column in the registry will often appear to be valid and be particularly suspicious if a system file appears there under the Data column. Finally, if your still suspicious try an on-line file scanner such as those from Virus Total, Kaspersky or Trend Micro.

A number of methods can be prevent programs from running at startup. What these are how you use them is described here. Our recommendations are that you try each of the methods listed below in that order. Each method has an indication of which Windows operating system it is applicable to.

1) Using a program's own configuration options - Windows 7/Vista/XP/2K/NT/Me/9x


The best option is to check if a program gives you an option to disable the function you're interested in - via a right-click on a System Tray icon or maybe an "options" menu within the program. If this isn't available then you have to try something else. For example, the popular Skype internet telephony/chat program can be disabled via Tools Options General Settings deselect "Start Skype when I start Windows".

2) Windows StartUp folder - Windows 7/Vista/XP/2K/NT/Me/9x


If you click on Start All Programs StartUp (Windows 7/Vista/XP) or Start Programs StartUp (Win9x/Me/NT/2K) you may find programs loading from here via shortcuts. If this is the case, you have two options :

Delete the shortcut from the StartUp directory (based on your OS): o Windows 7/Vista C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Note - this directory is hidden by default) C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup o XP/2K C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\<username>\Start Menu\Programs\Startup o NT C:\Winnt\Profiles\All Users\Start Menu\Programs\Startup C:\Winnt\Profiles\<username>\Start Menu\Programs\Startup o Win9x/Me C:\Windows\Start Menu\Programs\Startup (single-user machine) C:\Windows\Profiles\<user>\Start Menu\Programs\Startup (multi-user machine) Create a temporary directory for your OS called "Disabled StartUp Programs" and move the shortcuts there. If a program doesn't work as expected you can always move the relevant shortcut back again o Windows 7/Vista - C:\ProgramData\Microsoft\Windows\Start Menu\Programs o XP/2K - C:\Documents and Settings\All Users\Start Menu\Programs o NT - C:\Winnt\Profiles\All Users\Start Menu\Programs o Win9x/Me - C:\Windows\Start Menu\Programs

3) AutoRuns - Windows 7/Vista/XP/2K/NT/Me/9x


As stated above, Microsoft currently recommend using AutoRuns for controlling which programs run when your computer starts. AutoRuns will make the changes to the registry you need and provide a recovery mechanism.

To use it to prevent start-up programs from running do the following: 1. 2. 3. 4. Click Start My Computer and move to the directory where it is located Double-click on Autoruns.exe to run it Select the Logon tab Locate the start-up entry you want to disable and click on the box beside it to "tick" it and disable it 5. If there is an option within a program to disable parts of it running at start-up (see here) and you don't use that method to disable them, you may find they are re-added as new entries in AutoRuns the next time the program runs

4) System Configuration Utility (MSConfig) - Windows 7/Vista/XP/2K/Me/9x


Note that Microsoft don't advocate the use of MSConfig for controlling which programs run when your computer starts:

For Windows 7:- "System Configuration is intended to find and isolate problems, but it's not meant as a startup management program" For Vista:- "The System Configuration utility finds and isolates issues. However, it is not a startup management program." For XP:- "The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts."

To use it to identify start-up programs do the following: 1. 2. 3. 4. Click Start Run In the Open box type msconfig and then click on OK or press Enter Select the Startup tab Locate the start-up entry you want to disable and click on the "tick" in the box beside it to disable it 5. Click OK and Fig.1 below will appear. If you choose not to restart the changes will occur the next time you re-boot 6. When you do re-boot you will see Fig.2 below. If you don't select the highlighted box this will appear on every re-boot and add an MSConfig entry to the list of start-up programs. 7. When you have deselected an item in MSConfig, you will be starting in "Selective startup" mode. This can be seen under the "General" tab and is perfectly normal if you've disabled an entry. Warning: If you subsequently decide to choose "Normal startup", all disabled items will be re-enabled (Fig.3 below)

Notes:
Some disabled items may disappear from MSConfig when you re-start Windows In some cases, disabled items may be added to a new category under or Start All Programs (XP) or Start Programs (Win9x/Me/NT/2K) called "Disabled Startup Items". If the entry has disappeared from MSConfig and is available here they can be copied back into the appropriate Startup directory For ME users - If you have disabled items in MSConfig and at a later date uninstall the program they are associated with, you can click on the "Cleanup" button to verify and remove all invalid entries from the startup sections of the registry If there is an option within a program to disable parts of it running at start-up (see here) and you don't use that method to disable them, you may find they are re-added as new entries in MSConfig the next time the program runs

5) Windows Defender - Windows Vista/XP


Microsoft used to recommend using Windows Defender (or the registry) on systems running Vista or XP for controlling which programs run when your computer starts and it still can be used on those systems. To use it to prevent start-up programs from running do the following: 1. Click Start All Programs Windows Defender 2. Click Tools Software Explorer 3. Click on the application name in the Name column that you want to disable and then click Disable 4. Note that you also have to click on Show for all users (if present) before being able to select Disable 5. If there is an option within a program to disable parts of it running at start-up (see here) and you don't use that method to disable them, you may find they are re-added as new entries in Windows Defender the next time the program runs

6) Use a 3rd party utility to control start-up programs - Windows 7/Vista/XP/2K/NT/Me/9x


There are a number of commercial, shareware and freeware programs widely available to manage start-up program - some of them packaged with other optimization utilities. Each can identify what programs are running at startup and allow you to control them to differing degrees.

7) Registry Editor - Windows 7/Vista/XP/2K/NT/Me/9x


You can both disable and permanently stop programs from running during start-up by editing the relevant entries from the System Registry using the Registry Editor. This option isn't for the faint hearted and should only be used by those who are comfortable with editing the System Registry and understand what implications any changes may have. If you delete something from the System Registry accidentally, it may be corrupted to the extent that Windows may not re-start at all so beware. For information about the Windows registry and editing it's contents try the Windows Guide Network registry pages. To use it to manage start-up programs do the following: 1. Click Start Run 2. In the Open box type regedit and then click on OK or press Enter The most common keys you're interested in are as follows:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Occasionally the following keys will also be used - primarily by malware:HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon In all cases:HKLM refers to HKEY_LOCAL_MACHINE HKCU refers to HKEY_CURRENT_USER If you want to read more about these registry keys and how they play a part in system startup, we can suggest the following articles:

INFO: Run, RunOnce, RunServices, RunServicesOnce and Startup A definition of the Run keys in the Windows XP registry Definition of the RunOnce Keys in the Registry

For Win98/Me, disabled items were placed in the registry keys named above with a "-" after it, i.e.:HKLM\Software\Microsoft\Windows\CurrentVersion\RunFor Windows 7/Vista/XP this is changed :For items that were in the Start Programs Startup folder: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder You'll find a subkey for each disabled item. For items loaded from the Registry: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg Again, you'll find a subkey for each disabled item.

8) WIN.INI
For Windows 9x/Me the WIN.INI file is located in C:\Windows and can be seen if you have enabled "Show hidden files and folders" via My Computer Tools Folder Options then the "View" tab. This file is executed at Windows startup. For Windows NT/2K/XP and Vista their are equivalent places in the registry.

Some valid programs and a lot of viruses load at startup via this method under the [windows] section via "run=" or "load=" as follows: [windows] run=hpfsched run=%Windows%\CapsideRed.pif load=asistat.exe Load = "C:\Windows\System32.exe"

In the first example, "hpfsched" is a valid entry to remind you to clean the cartridges in your HP DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini file if you do not want that feature In the second example, "CapsideRed.pif" has been added by the CASPID virus and is obviously not desired (where %Windows% is C:\Windows or C:\Winnt) In the third example, "asistat.exe" is a valid entry that is the status monitor for an NEC SuperScript printer. It can be removed from the load line in win.ini if you do not want that feature In the final example, "System32.exe" has been added by the MARI virus and is obviously not desired

Note: From WinMe onwards MSConfig includes the "run=" and "load=" entries so this section is only included for completeness. Only valid "run=" entries are included in the programs list to save against repetition from the many viruses that use this method unless a virus has a unique entry.

9) SYSTEM.INI
For Windows 9x/Me the SYSTEM.INI file is located in C:\Windows and can be seen if you have enabled "Show hidden files and folders" via My Computer Tools Folder Options then the "View" tab. This file is executed at Windows startup. For Windows NT/2K/XP and Vista their are equivalent places in the registry. The only valid entry under the "shell=" line here is: [boot] shell=Explorer.exe However, some virusses use this line to execute themselves at startup. For example: [boot] shell=Explorer.exe %Windows%\Capside.exe This has been added by the CASPID virus and is obviously not desired (where %Windows% is C:\Windows or C:\Winnt. Note:
If you use HijackThis the F0-F3 sections include entries related to the WIN.INI and SYSTEM.INI files and equivalent registry entries - see here for more information. An example malware entry could be: F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

This relates to the DLSW-B trojan, which has the following registry entry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell Explorer.exe init32m.exe

THE PROGRAMS
If you're a regular visitor and just need to know what program entries have changed in the full list consult the Monthly Updates. Please refer to the on-line databases and try to decide for yourself before asking which of your programs should be disabled. If you are still having problems deciding then by all means ask about those specific entries. If you have some kind of internet filtering software installed some of these pages may not display due to the unfortunate use of certain names by some of the entries. This cannot be helped if the information provided is to be accurate.

Database - searchable database of startup programs with recommendations and descriptions Detailed entries - some (and in time it is hoped all) of the entries in the database have individual pages giving extra detail such as how they are listed in MSConfig and HijackThis (HJT) log examples Concise list - simple list without search facility for search engine cache purposes

Entries in the tables highlighted with a ? and those in red indicate that they are unfinished. This may be due to:

Missing information Functionality unknown Functionality known but whether it's needed at start-up is unknown

For the foreseeable future we'll be verifying many of the Y, U, N & ? entries via virtual machines. If you can help fill in the missing information then please E-mail us (startups_at_pacs-portal.co.uk). In particular, if you can verify or identify those entries that are hardware specific - such as laptops, motherboards and graphics cards - We're particularly interested as we obviously don't have access to these. There are an ever-increasing number of rogue security products (including anti-virus, antispyware and privacy tools) appearing now such as the WinAntiVirus and WinAntiSpyware series - which use scare tactics or false warnings to trick the user into installing and paying for these poor quality products. Many of the removal guides for these rogues in the database use MalwareBytes Anti-Malware, which incorporates the functionality from their now discontinued RogueRemover products:

NEW & UPDATED ENTRIES


PLEASE READ THIS before submitting new programs to be added to the list. Submissions can be made via E-mail (startups_at_pacs-portal.co.uk). The following information would be useful:

Display Name (Windows Defender), Name/Startup Item (MSConfig), Autorun Entry (AutoRuns) or Name (Registry) rather than "Command" or "<filename>.exe". For blank entries see here File name: This is the actual file loaded by at start-up by the entry above. If possible include the location of the file as well. For blank entries see here Description: If you know what the program does then please include a simple description, referring to a host web-site if known. You can also use Start Search (or Find) to locate the executable on your PC and o Note the folder it's in o See if there's a "readme" file or similar o Right-click on the executable and check the "properties" for its name and who wrote it Is it needed: There are 4 options available o If the program must run at start up for correct operation the answer is Yes o If it's optional and could be useful the answer is User's Choice o If it's not needed at all or can be accessed via Start Programs or a Desktop Shortcut the answer is No o If it's known to be a wasteful "resource hog", spyware or a virus the answer is Ditch It

OFF-SITE LINKS
Please be aware that any of the links below will open a new browser window.

Collaboration:
The following site hosts their own startup programs database, contributes to the database hosted here and adds their own entries:

BleepingComputer - thanks to Lawrence Abrams

Other Startup Links:


The following sites proved very useful when creating this site:

How to disable programs that run when you start Windows XP Home Edition or Windows Vista (by Microsoft) - explains the use of Windows Defender and the Registry Editor for this purpose. How to troubleshoot configuration errors by using the System Configuration utility in Windows XP (by Microsoft) - explains the purpose behind MSConfig. How to use the System Configuration utility to troubleshoot configuration errors in Windows Vista (by Microsoft) - explains the purpose behind MSConfig.

Useful adware/spyware links: Counterexploitation - "Actively protect your rights. Do not let the Man keep you down. Do what is good and right, not what some authority figure tells you is good and right. Challenge the belief systems of yourself and your society. Stay informed and keep others informed. Use logic and reason for positive social change. And above all, don't take crap from anybody!" Good site for learning more about spyware, other silent install apps and "craputers". Slightly controversial in places but useful resource. 2-Spyware,com - "The 2-Spyware.com project is all about spyware and malware removal. It is one of the largest sources of security information on the Internet that provides clear and professionally written parasite removal instructions, anti-spyware software reviews and relevant articles - everything you should know about spyware and malware." - including their list of rogue/suspect security programs Darnit - Sandra Hardmeier is one Microsoft's Most Valued Professionals (MVP) and this page on her site is dedicated to spyware/adware/malware, hijackers and other annoyances Spyware Warrior - "Here you'll find a wealth of resources to help you fight spyware and adware" - including their list of rogue/suspect anti-spyware programs. Not updated since 2006 but still relevant SpywareGuide - "is the leading public reference site for spyware and greynet research, details about spyware, adware and greynet applications and their behaviours, all compiled in an extensive updated database" Spyware & Adware - "People think that there is actually no difference between spyware and adware"