Registry Initiated Startup Programs

It is important that you are aware of which programs that run on startup, and which are initiated by the Run keys in the registry. These may be found in the following locations (note that I have removed the identification from the 2nd image):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run


HKEY_USERS\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\Software\Microsoft\Windows\CurrentVersion\Run


Keep an eye on these locations regularly, and if additions are made there without your knowledge then alarm bells should start ringing. WinPatrol is a very useful program to have (written by one of our members, BillPStudios), as it helps greatly in monitoring this sort of activity.

The removal of entries can be straightforward, or can be tricky. First of all, make a note of the file location shown under the Data headings as you will need this information in order to remove the file(s) from your system. Now, right-click on the appropriate name under the Name column and select Delete to remove the entry. Refresh the screen. If the entry does not reappear, then you can delete the file from its location. If, however, it does reappear (and this is where WinPatrol comes in useful), then you will need to use a different tactic in order to remove it, namely by booting up into Safe Mode. In this mode, the Run keys in the registry are not processed, and you should be able to proceed as described above in order to remove the unwanted entries and files.

Another location where this sort of entry may be found is the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


To remove entries here you can follow the above instructions, but you will need to do so from an account with administrative privileges.

This is very good Guy. Another vote for WinPatrol. I got the pro version for 99 cents (was a tip from Corrine).