How To Use The Startup Database.

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database

3 Pages

1 2 3 >

How To Use The Startup Database.

Options

Grinler View Member Profile	Oct 18 2005, 08:49 AM Post #1
Bleep Bleep! Group: Admin Posts: 27,990 Joined: 24-January 04 From: USA Member No.: 3	This mini-tutorial is designed to give you a small introduction in Windows startup programs and how to use the Windows Startup Program Database to determine if these programs should be allowed to startup on your computer. Introduction For a program to work it must be started. Programs are started in three ways. The first way is if you actually start it yourself by launching it. The second way is for another programs to start another program. Finally the third way, is for a program to be configured to automatically start when the operating system boots up. The type of programs that start via the third way are what we call Windows Startup Programs and are the types of programs that the Startup Databases focuses on. The reason why we want to be concerned with automatic startup programs is because they consume resources on your computer for programs. In order to optimize your machine to peak performance, we want only those programs that are necessary to run, to be allowed to run, and disable the rest. Unfortunately there are many different ways for a program to launch automatically when Windows starts. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals. When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup. At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section. How the Startup Database is layed out The Windows Startup Database is simple a listing of various startup programs with associated information about them. With each entry we provide what we know about the program such as it's startup name as it appears in the registry and various autorun listing programs, its location, the filename, how it is started, the files description, and whether or not it should be allowed to run. For each program there is a status key that describes how we recommend the program should be allowed to operate. This status key is broken down as follows: ? - Unsure as to whether it needs to run or not, but not malware. N - Not necessary to run as it can be started as needed. U - Its up to the user. Its not necessary to run for the computer to work, but may be important enough to have running for some users. Y - Yes, this program is necessary to run in order for the computer or a program to operate correctly. X - This is considered malware or undesirable to have on the machine as it can cause problems. Now that you have an understanding of how the Startup Database is laid out, lets move on to how to query the startup programs on your computer to the database. Understanding the output of Autoruns and applying it to the Startup Database When you runs Autoruns it will list all the known automatic startup locations and the programs that are loading via them. Below is an image where we have numbered 3 startup entries that I have on my machine and which are being loaded via the following registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run I will show you how to interpret that information and the search for it in the database to determine if these programs are valid and should be allowed to run. As you can see from the image, we have numbered 3 different programs that are automatically starting up. Lets start breaking down the various entries and how they can be searched for in the database. The first entry labeled number 1 would be broken down as: Name: AVG7_CC Filename: avgcc.exe Location: c:\program files\grisoft\avg free\avgcc.exe Now by going to the Startup Database and entering a search for AVG7_CC or avgcc.exe in the startup database, I see that it returns the following entry: http://www.bleepingcomputer.com/startups/AVGCC.exe-459.html This entry tells me that this file is the AVG 7.0 Control Center and since it has a status of Y it should be allowed to run. I know I have AVG installed so I will therefore leave this program alone. The second entry labeled number 2 would be broken down as: Name: AVG7_EMC Filename: avgemc.exe Location: c:\program files\grisoft\avg free\avgemc.exe When I search for this file in the database, it has this entry as a result: http://www.bleepingcomputer.com/startups/AVG7_EMC-460.html This entry tells me that this file is the AVG Anti-Virus 7.0 Email Cleaner and that it scans incoming and outgoing email for viruses. It also gives it a status of Y, which means it is necessary to run. Since I agree, as noone wants viruses in their email, I leave this entry alone. The third entry labeled number 3 would be broken down as: Name: nwiz Filename: nwiz.exe Location: c:\windows\system32\nwiz.exe This time when I search for the filename, I run into a problem. This particular file has two entries. One saying thats it's part of a Nvidia display driver and the other saying it is a worm. It would be easy to panic here, but lets take a closer look at the resulting entries: http://www.bleepingcomputer.com/startups/nwiz.exe-3752.html http://www.bleepingcomputer.com/startups/nwiz.exe-3838.html Yes, both entries have the same filename, but their names are different. The worm has a name of Norton Wizzard and Nvidia one has a name of nwiz. Since I know that autoruns reported this entrie's name as nwiz, I know that it is not the worm, but rather the legitimate file. The entry does, though, say that this program is not necessary to start so I therefore want to disable it. Instructions on how to disable the entry are in the next section. How to disable a startup entry If you run into a startup entry like Nwiz above that is recommended to be disabled, or you find a piece of malware and want to remove its startup entry you simply need to uncheck the checkbox in autoruns next to that entries name. For example with the Nwiz example above, since the database stated it is not necessary to run, I would simply remove the check next to that entry and close the program. The next time I reboot that program will no longer startup automatically. Conclusion Now that you know how to use the Windows Startup Program Database, go download autoruns and get started optimizing your computer. For more information and answers to commonly asked questions on this site visit the New User Orientation Center. This post has been edited by D-Trojanator: Jun 22 2007, 12:20 PM -------------------- Lawrence

Mr Fixit View Member Profile	Jan 29 2006, 09:05 PM Post #2
Member Group: Members Posts: 30 Joined: 30-October 05 Member No.: 39,088	someone owes me about 3 hours of my life, all I tried to do was answer Bobby's questions to a practice log and I seen this great program when looking for something in the database and the problem I am having is this, I downloaded it and then I ran it and when I run it my Windows Word program opens and it asks me what format do I want to use and I tried all 3 but they all look nothing like the nice looking orogram in the pictures?? It just looks like c++ code or something in my "Word" window?? Am I doing something wrong here? I downloaded it and just opened it with the "run" command? Thanx!

Grinler View Member Profile	Jan 29 2006, 10:51 PM Post #3
Bleep Bleep! Group: Admin Posts: 27,990 Joined: 24-January 04 From: USA Member No.: 3	Thats strange...you are running autoruns.exe? -------------------- Lawrence

used_and_under_o... used_and_under_oath24 View Member Profile	Mar 28 2006, 09:41 PM Post #4
Member Group: Members Posts: 28 Joined: 6-January 06 Member No.: 49,118	How do I see what programs run on Windows Startup?

Grinler View Member Profile	Mar 28 2006, 09:46 PM Post #5
Bleep Bleep! Group: Admin Posts: 27,990 Joined: 24-January 04 From: USA Member No.: 3	Did you read the first post in this topic? -------------------- Lawrence

TS6 View Member Profile	Mar 29 2006, 07:43 AM Post #6
New Member Group: Members Posts: 5 Joined: 19-March 06 Member No.: 59,888	Hi. Is it usual for the database not to find a file name? I searched for vcsmpdrv and vcsmpdrv.sys - and there were no entries.

TS6 View Member Profile	Mar 29 2006, 07:49 AM Post #7
New Member Group: Members Posts: 5 Joined: 19-March 06 Member No.: 59,888	ahhgg, I think I should have asked that last question in a new topic - oops

Grinler View Member Profile	Mar 29 2006, 07:56 AM Post #8
Bleep Bleep! Group: Admin Posts: 27,990 Joined: 24-January 04 From: USA Member No.: 3	IThe database does not contain every program. You need to google for the filename if its not found in the database. -------------------- Lawrence

Bernie70 View Member Profile	Jul 3 2006, 11:07 AM Post #9
Member Group: Members Posts: 85 Joined: 1-July 06 Member No.: 74,187	Thank you for this resource. I've successfully downloaded autoruns.exe and now need to go through the list. It is quite an enormous list but I look forward to learning about my start up programs.

PeteBlair View Member Profile	Jul 17 2006, 03:24 PM Post #10
New Member Group: Members Posts: 1 Joined: 17-July 06 Member No.: 76,678	I clicked on the autoruns link and tried download and install the program. The link took me to: http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml Instead of an exe file I got a page with: The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. Has autoruns been withdrawn? Moved? Did I do something wrong? Thanks for any help someone can give me. I need all I can get!

tg1911 View Member Profile	Jul 17 2006, 09:56 PM Post #11
Can't decide what to use, so I won't use anything. Group: Global Moderator Posts: 12,939 Joined: 6-May 04 From: SW Louisiana Member No.: 363	Worked for me. Here's a direct link to the download, PeteBlair: http://www.sysinternals.com/Files/Autoruns.zip -------------------- I love being married. It's so great to find that one special person you want to annoy, for the rest of your life.

LadyWillow View Member Profile	Aug 6 2006, 02:53 AM Post #12
New Member Group: Members Posts: 11 Joined: 6-August 06 Member No.: 79,563	Hello I have tried both the above links for autorun and gotten the cannot display page. Is there another way to get this program?

Starbuck View Member Profile	Aug 6 2006, 03:37 PM Post #13
Malware Hunting Jedi Group: HJT Team Posts: 2,137 Joined: 10-April 05 From: South Wales, Great Britain Member No.: 16,608	I've just found this line... &Links File not found: C:\WINDOWS\system32\ieframe.dll is it safe to just uncheck it? -------------------- W2k/WinXp/Vista. Celeron® 2.66Ghz, 1.5Gb Ram, 80 + 160 Gb HD's. GeForce Fx5500 256mb G Card, 2x17"monitors.

dandana View Member Profile	Aug 27 2006, 05:47 PM Post #14
New Member Group: Members Posts: 1 Joined: 27-August 06 Member No.: 82,582	Hi there! About: Windows Program Automatic Startup Locations I have some years of experience in XP but, I found something very nice that I can not handle. The story: I did install Family KeyLogger, for trial. So, at every startup a have a nice little window warning me that my pc is monitored. Fine. I did an uninstall, the warning window still there at startup. I did a new install and a new uninstall. Guess? Yes, I still have the little window. I jumped in registry and in .ini files: nothing. I tried procexp.exe from sysinternals (very nice!) and I found out that the window it is a separate thread of explorer and explorer it is using a temp file (exe file afterall with tmp extension) to create the thread with a procedure from kernel32. Now I am looking for help, first time in 8 years So I invite you to this challenge. KMint21 Software is the company i believe. And me NOD32 it is telling me that Family Kelloger is some kind of virus when i do the download (i do not think so). If this is not the wright place for this post i am sorry. If my english look pour it is so and I apologize. Tks!

Longhorn_and_com... Longhorn_and_company View Member Profile	Aug 30 2006, 03:18 PM Post #15
Member Group: Members Posts: 36 Joined: 29-August 06 From: Texas Member No.: 82,891	Hi. Where is the "status code" you speak of for the first item on my list I am looking up... rdpclip I cannot find where this status code is. Thanks. -------------------- Don't use a big word where a diminutive one will suffice.

« Next Oldest · Windows Startup Programs Database · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 16th May 2008 - 02:09 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database