This mini-tutorial is designed to give you a small introduction in Windows startup programs and how to use the Windows Startup Program Database to determine if these programs should be allowed to startup on your computer.


Introduction

For a program to work it must be started. Programs are started in three ways. The first way is if you actually start it yourself by launching it. The second way is for another programs to start another program. Finally the third way, is for a program to be configured to automatically start when the operating system boots up. The type of programs that start via the third way are what we call Windows Startup Programs and are the types of programs that the Startup Databases focuses on.

The reason why we want to be concerned with automatic startup programs is because they consume resources on your computer for programs. In order to optimize your machine to peak performance, we want only those programs that are necessary to run, to be allowed to run, and disable the rest. Unfortunately there are many different ways for a program to launch automatically when Windows starts. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.

At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

How the Startup Database is layed out

The Windows Startup Database is simple a listing of various startup programs with associated information about them. With each entry we provide what we know about the program such as it's startup name as it appears in the registry and various autorun listing programs, its location, the filename, how it is started, the files description, and whether or not it should be allowed to run.

For each program there is a status key that describes how we recommend the program should be allowed to operate. This status key is broken down as follows:

? - Unsure as to whether it needs to run or not, but not malware.

N - Not necessary to run as it can be started as needed.

U - Its up to the user. Its not necessary to run for the computer to work, but may be important enough to have running for some users.

Y - Yes, this program is necessary to run in order for the computer or a program to operate correctly.

X - This is considered malware or undesirable to have on the machine as it can cause problems.

Now that you have an understanding of how the Startup Database is laid out, lets move on to how to query the startup programs on your computer to the database.


Understanding the output of Autoruns and applying it to the Startup Database


When you runs Autoruns it will list all the known automatic startup locations and the programs that are loading via them. Below is an image where we have numbered 3 startup entries that I have on my machine and which are being loaded via the following registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I will show you how to interpret that information and the search for it in the database to determine if these programs are valid and should be allowed to run.





As you can see from the image, we have numbered 3 different programs that are automatically starting up. Lets start breaking down the various entries and how they can be searched for in the database.


The first entry labeled number 1 would be broken down as:

Name: AVG7_CC
Filename: avgcc.exe
Location: c:\program files\grisoft\avg free\avgcc.exe

Now by going to the Startup Database and entering a search for AVG7_CC or avgcc.exe in the startup database, I see that it returns the following entry:

http://www.bleepingcomputer.com/startups/AVGCC.exe-459.html

This entry tells me that this file is the AVG 7.0 Control Center and since it has a status of Y it should be allowed to run. I know I have AVG installed so I will therefore leave this program alone.

The second entry labeled number 2 would be broken down as:

Name: AVG7_EMC
Filename: avgemc.exe
Location: c:\program files\grisoft\avg free\avgemc.exe

When I search for this file in the database, it has this entry as a result:

http://www.bleepingcomputer.com/startups/AVG7_EMC-460.html

This entry tells me that this file is the AVG Anti-Virus 7.0 Email Cleaner and that it scans incoming and outgoing email for viruses. It also gives it a status of Y, which means it is necessary to run. Since I agree, as noone wants viruses in their email, I leave this entry alone.

The third entry labeled number 3 would be broken down as:

Name: nwiz
Filename: nwiz.exe
Location: c:\windows\system32\nwiz.exe

This time when I search for the filename, I run into a problem. This particular file has two entries. One saying thats it's part of a Nvidia display driver and the other saying it is a worm. It would be easy to panic here, but lets take a closer look at the resulting entries:

http://www.bleepingcomputer.com/startups/nwiz.exe-3752.html
http://www.bleepingcomputer.com/startups/nwiz.exe-3838.html

Yes, both entries have the same filename, but their names are different. The worm has a name of Norton Wizzard and Nvidia one has a name of nwiz. Since I know that autoruns reported this entrie's name as nwiz, I know that it is not the worm, but rather the legitimate file. The entry does, though, say that this program is not necessary to start so I therefore want to disable it.

Instructions on how to disable the entry are in the next section.


How to disable a startup entry

If you run into a startup entry like Nwiz above that is recommended to be disabled, or you find a piece of malware and want to remove its startup entry you simply need to uncheck the checkbox in autoruns next to that entries name.

For example with the Nwiz example above, since the database stated it is not necessary to run, I would simply remove the check next to that entry and close the program. The next time I reboot that program will no longer startup automatically.

Conclusion

Now that you know how to use the Windows Startup Program Database, go download autoruns and get started optimizing your computer.


For more information and answers to commonly asked questions on this site visit the New User Orientation Center.

someone owes me about 3 hours of my life, all I tried to do was answer Bobby's questions to a practice log and I seen this great program when looking for something in the database and the problem I am having is this, I downloaded it and then I ran it and when I run it my Windows Word program opens and it asks me what format do I want to use and I tried all 3 but they all look nothing like the nice looking orogram in the pictures?? It just looks like c++ code or something in my "Word" window??

Am I doing something wrong here? I downloaded it and just opened it with the "run" command?

Thanx!

Thats strange...you are running autoruns.exe?

How do I see what programs run on Windows Startup?

Did you read the first post in this topic?

Hi.

Is it usual for the database not to find a file name?
I searched for vcsmpdrv and vcsmpdrv.sys - and there were no entries.

ahhgg, I think I should have asked that last question in a new topic - oops

IThe database does not contain every program. You need to google for the filename if its not found in the database.

Thank you for this resource. I've successfully downloaded autoruns.exe and now need to go through the list. It is quite an enormous list but I look forward to learning about my start up programs.

I clicked on the autoruns link and tried download and install the program. The link took me to:

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

Instead of an exe file I got a page with:

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

Has autoruns been withdrawn? Moved? Did I do something wrong?

Thanks for any help someone can give me. I need all I can get!

Worked for me.
Here's a direct link to the download, PeteBlair:
http://www.sysinternals.com/Files/Autoruns.zip

Hello I have tried both the above links for autorun and gotten the cannot display page. Is there another way to get this program?

I've just found this line...
&Links File not found: C:\WINDOWS\system32\ieframe.dll
is it safe to just uncheck it?

Hi there!
About: Windows Program Automatic Startup Locations
I have some years of experience in XP but, I found something very nice that I can not handle. The story:
I did install Family KeyLogger, for trial. So, at every startup a have a nice little window warning me that my pc is monitored. Fine. I did an uninstall, the warning window still there at startup. I did a new install and a new uninstall. Guess? Yes, I still have the little window. I jumped in registry and in .ini files: nothing. I tried procexp.exe from sysinternals (very nice!) and I found out that the window it is a separate thread of explorer and explorer it is using a temp file (exe file afterall with tmp extension) to create the thread with a procedure from kernel32.
Now I am looking for help, first time in 8 years So I invite you to this challenge. KMint21 Software is the company i believe. And me NOD32 it is telling me that Family Kelloger is some kind of virus when i do the download (i do not think so).
If this is not the wright place for this post i am sorry.
If my english look pour it is so and I apologize.
Tks!

Hi.

Where is the "status code" you speak of for the first item on my list I am looking up...

rdpclip

I cannot find where this status code is.

Thanks.

I'm not finding some of my stuff.....do I need to report it to you so you can keep an eye on it? (ie: media center stuff for Dell it seems)

Also, anyone know about DLA ( dlactrlw.exe) (windows\system32\dla\dlactrlw.exe)

Okay, thanks...just not curious if you know of these or want them reported to up the databank.

You can find the second one here:

http://www.bleepingcomputer.com/startups/D....EXE-15335.html

As for the rdpclip...what is that? A service?

I'm definitely not computer savvy but I did find some
information on RDP Clip Monitor. It is part of the
Operating System (MS) and is used for copying and pasting
between Terminal Services Server and Client.
It also stated it needed to remain as a startup program.

Hope that helps.

Thanks Grinler.

Interesting program, will be useful in finding any problems.

My system is saying I have to have winzip to open autorun. Do I? or is there another way to open it?
Jeannie

Hello, Jeannie.
Welcome to Bleeping Computer.

Autoruns is downloaded in a compressed .zip file.
You need to extract the program, from the .zip file, which is what winzip will do.
After scanning the downloaded file with your Antivirus, right-click it, select Extract All..., and follow the directions.

I must be completely stupid. Is there something I can copy in Autoruns and paste into the search window in the database?

I'm drawing a blank on every single search I do.

I think I'm going to just chuck this whole thing into the landfill and buy a Mac. This is ridiculous.

Unfortunately not...if there are some startups that you are concerned about, create a new topic in this forum and ask us about them.

I hope this helps me with my computer at home. Thanks for the input.

Great program and just what I was looking for.
Trying to sort out my laptop that my son had for 6 months.
AVG found some of the stuff initially but have been sending them files through tech support and repairing installations so something isn't right still.

I can see this is gonna take a while to sort through but lucky me, I have the laptop beside my PC so that makes life so much easier.

Thanx for all the info Grinler.

Fingers crossed.

Maple

Good morning.

I followed the instructions precisely at web site: http://www.bleepingcomputer.com/forums/topic33012.html.

I down loaded and executed program autoruns.exe and it appeared to work perfectly except that the little RED NUMBERS to the left had side of the program do not appear as they do in the example on the above reference web page.

Help and guidance please ---- thank you ----- Fess

I added those numbers so that I could display how I analyze each of the shown entries.

Lawrence:

I hate to be a real idiot, even tho I'm an old geezer, but where to you see/find "The Status Keys" ????

I can't seem to see/find them on anything that I look up.

Thank You --- Fess

When you look at a category or do a search, there will be a status column. In this column for each entry you will see either a Y, X, N, U, or ?. Those are the status of the entry.

how come dont just run msconfig straight away?

I use WinPatrol (downloaded from PCWorld.com) to see and aadjust startup programs.
If you are using Windows Vista, it includes a program for seeing and adjusting startup programs.

hmmm......nice job grinler....reading thru the entries just made me laugh....hehe thanks for the advice and more power....
question though.....when i click on the link autorun....it lead me to the site but have to download silverlight by MS corp...is that ok ?

You should not have to install Silverlight. Just click on the Autoruns link from the first page and you will see a download link for Autoruns on the upper right of the page.

i tried to down load the Autoruns program but my Winzip is out of date. do i need to purchase it in order to use the autoruns program?

also, my computer seems to "run" even though it is not connected to the internet. are the startup programs the cause of that? i have a cable connection. i usually leave the computer on during the day but not always connected to the internet.

thanks.

Should be able to right click on the zip file and select extract files.

As for your second question I am unsure what you mean. Please post that question in its own topic.