The longer you own a Windows PC, the slower it boots up. This is because you will likely install numerous applications on your computer over time. Some of these applications will be boxed software purchased from Office Depot or Staples, but most will probably be applications you've bought online after downloading free trial versions for evaluation. The problem is that many programs you buy from stores or download from the Internet will install programs or services that start up automatically whenever Windows starts. So after a while, starting Windows also means starting lots of other stuff that runs in the background, out of sight. If your computer has lots of memory, you might not notice too much of a startup delay. And of course some applications are justified in automatic startup--antivirus programs and third-party firewalls being a good example. But a lot of applications start up programs or services when they really aren't needed, and those are the culprits you probably want to ferret out and eliminate.
Of course, if you bought your computer "fully loaded" from a computer store or online direct-sales company, you're likely going to experience slow startup from day one. That's because PC vendors tend to load up the computers they sell with tons of extras, including system management tools, CD-burning utilities, paint programs, photo-processing tools, and lots of other stuff you may never even use. It can be quite a revelation for ordinary users when they compare the startup time for a freshly installed XP machine with their own "fully loaded" machine. Wow--makes you want to go straight to Add or Remove Programs, start selecting things, and click Remove, Remove, Remove. Unfortunately, sometimes removing these things can leave behind programs or services that still start up whenever Windows boots. Where do they hide?
Finding Startup Programs
Programs and services that start whenever Windows boots do so in various ways. The simplest way is for the installation routine to create a shortcut to the program within the Startup folder for the current user (or for each user on the machine). To open your own Startup folder, click Start, then Run, and type the following:
%userprofile%\Start Menu\Programs\Startup
The Startup folder common to all users on the machine can be found by opening this path:
%allusersprofile%\Start Menu\Programs\Startup
When I try these two paths on my main Windows XP machine, my Startup folder is empty, but the common Startup folder has a shortcut to a power-monitoring utility from the vendor of the Uninterruptible Power Supply (UPS) attached to my machine. Note that program shortcuts in the common Startup folder automatically run when any user logs on to your computer, so if I delete this shortcut, my UPS probably won't work as designed. Better leave it alone.
Registry keys are another common way to launch programs or services at startup. Here are some registry keys you can examine to see what programs are starting automatically, followed by their description:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Values for this key are programs that start every time any user starts your computer. I just checked this key and found 12(!) different programs listed. Finding out what these programs are can sometimes be tricky. A value named DVDLauncher is likely just what it says it is, but what about a value named igfxpers? A good way to find out is to search for such values in ProcessLibrary.com, which tells me that igfxpers.exe is "a process installed alongside NVidia graphics cards [that] provides additional configuration options for these devices. This program is a non-essential process, but should not be terminated unless suspected to be causing problems." Aha! If I delete this registry value, my video card might not work, so better leave it alone, too.
Another registry key to examine is:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This is similar to the previous one, but the difference (HKCU instead of HKLM) means that programs listed here as values will only be launched for the current user (me), not for all users. I find only two programs listed here, Windows Messenger (which I want to start up whenever Windows starts) and ctfmon.exe, which ProcessLibrary.com tells me has to do with the Microsoft Office Language Bar. I don't use that feature of Office so I'm tempted to delete this registry value, but a better approach would be to rerun Setup for Microsoft Office and remove this feature from my machine. Searching the Microsoft Knowledge Base tells me more.
Similar to the previous key is this one:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
This key isn't present on my machine, so there's nothing to worry about here. Just above it is this key:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Examine the value named Load here, because any programs listed in this value will run when any user logs on to your machine.
There's more--here are four places where programs that only need to run once can be found:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
KLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
H HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
My machine has the first two keys but not the others, and the keys have no values except Default. This makes sense however, because after a program listed here runs, the registry value associated with launching it is deleted. You can find more info about these keys here,here, and here.
Here is one more key to examine:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Within this key are a number of values. The two of interest to us, called Shell and Userinit, specify the default Windows shell and the user shell, respectively. Malicious spyware can replace these values with different ones; in one situation I've heard of, you try to logon to your machine but are immediately kicked out and presented with the logon box again. Nirmal Sharma, a Microsoft Most Valuable Professional (MVP) has written a Community Solutions KB article concerning this issue and how you can fix it by remotely connecting to the affected machine's registry. A Community Solutions article is a KB article contributed by a member of the MVP community rather than Microsoft's own PSS team. These solutions aren't supported by Microsoft, but they're often terrifically helpful. To find more Community Solutions articles, try googling (oops, try using Google to search for) the string "Community Solutions Content Disclaimer" while restricting your search to the support.microsoft.com domain.
If your computer belongs to a domain, then your network administrator has the power to add startup programs to your machine. These policies are found here:
- Computer Configuration\Administrative Templates\System\Logon
- User Configuration\Administrative Templates\System\Logon
Three relevant policies can be found in each of these two locations:
- Run These Programs At User Logon. Programs listed here obviously run every time Windows starts, in addition to any startup programs already listed in your own machine's registry.
- Do Not Process The Run Once List. If your administrator enables this policy, then any programs found in your RunOnce registry keys won't run when Windows starts on your machine. Enabling this policy is generally a good idea, as it helps prevent malware from launching on your machine.
- Do Not Process The Legacy Run List. If your administrator enables this policy, then any programs found in your Run registry keys won't run when Windows starts. Enabling this policy is also a good idea, as it helps prevent malware from running on your machine.
Home users can also configure these policies manually on their machines, provided they are logged on with an account that has administrator credentials. Here's how: click Start, then Run, and type gpedit.msc. This opens the Group Policy Editor and lets you edit your Local Computer Policy. Navigate to the appropriate place as specified above, and configure each policy as desired. Be careful, though: if your machine came "fully loaded," disabling the Run list may prevent some of your hardware or software from running properly. Use these policies on a home computer at your own risk; the main reason they're there is for network admins to maintain greater control over Windows workstations on their network, not for home users to start fiddling around with them.
When you configure a policy like Run These Programs At User Logon, the list of programs you specify gets written to special sections of your registry, namely:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
KCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
H
A malicious program could also write something to these registry keys, even if Group Policy is not being used on your network.
Still another registry key to which setup programs sometimes write is:
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Values here indicate DLLs that are loaded during startup to add special capabilities to the Windows shell. If you find anything here other than CDBurn, PostBootReminder, SysTray, and WebCheck, you may have malware on your machine.
Another way startup programs can run on a computer joined to a domain is if a startup or logon script runs when your computer starts or when you log on to your machine. Ask your network administrator about this if you're curious; it's not something that home users need to worry about. Then there's your Scheduled Tasks folder--it's possible to create per-user tasks that schedule a program to run every time your computer boots, but you'll only find these kinds of tasks in the Scheduled Tasks folder in your administrator account. Ordinary users can also schedule tasks to run every time they log on to the computer, and these tasks generally run hidden in the background.
Dealing With Startup Programs
In addition to finding startup programs manually using the steps I've listed above, you can also use tools like your System Configuration Utility (click Start, then Run, type Msconfig.exe, click OK, and select the Startup tab) or a third-party tool like Autoruns from Sysinternals. Once you've found all this junk though, how do you get rid of it?
Removing items from your Startup folder (or the common Startup folder) is generally safe, but deleting values from your Registry should be done only as a last resort. In fact, sometimes deleting a registry value won't even work--as soon as you run the application associated with the startup program, the deleted registry value may get automatically re-created!
The best way to proceed is to first try to see if the application itself lets you remove the feature or component that's starting up every time Windows boots. You might need to rerun your application's Setup program to do this. If this fails, then (and only then) should you consider deleting a registry value (but always back up your registry before making any changes to it).
And next time you buy a computer, don't ask for one that's "fully loaded," but instead consider buying a "bare metal" machine (one with no operating system) from your local "white box" vendor (or a used computer store like Geeks.com). Then buy a shrink-wrapped copy of Microsoft Windows (whatever the latest version is) and install it yourself. Your machine will fly; startup will be much faster than you're used to. Then, install only those applications you need; avoid downloading and installing every tool under the sun from shareware sites on the Internet. If you must do this, have a separate "junk" machine just for this purpose so your main machine doesn't get cluttered.
No comments:
Post a Comment