Home Computer Services : Tutorials

Tutorials

Windows Automatic Startup

Registry Locations/Keys

Prefixing registry key value with an asterisk (*) denotes Safe Mode execution

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices\

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs\

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell
. . . normal value : "c:\windows\explorer.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit
. . . normal value : "c:\windows\system32\userinit.exe"

HKCU\Control Panel\Desktop\SCRNSAVE.EXE

HKLM\jsfile\shell\open\command\
HKLM\jsefile\shell\open\command\
HKLM\vbsfile\shell\open\command\
HKLM\vbefile\shell\open\command\
HKLM\wshfile\shell\open\command\
HKLM\wsffile\shell\open\command\
HKLM\exefile\shell\open\command\
HKLM\comfile\shell\open\command\
HKLM\batfile\shell\open\command\
HKLM\scrfile\shell\open\command\
HKLM\piffile\shell\open\command\

HKLM\System\CurrentControlSet\Services\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog\Catalog_Entries\
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

Files and Folders

C:\Windows\Tasks\
C:\Windows\System32\Tasks\
C:\Windows\Start Menu\Programs\Startup\
C:\Documents & Settings\All Users\Programs\Startup\
C:\Documents & Settings\UserName\Programs\Startup\

C:\Windows\System\autoexec.nt
C:\Windows\System\config.nt
C:\Windows\wininit.ini
C:\Windows\winstart.bat
C:\Windows\dosstart.bat
C:\autoexec.bat
C:\config.sys

C:\Windows\win.ini [windows] “load” & “run”
C:\Windows\system.ini [boot] “shell” & “scrnsave.exe”