When I run msconfig, I have a few items in startup which I can't seem to find their location and sometimes which programs they belong to, how I can best do so please? Thanks.

Try this list here (http://castlecops.com/StartupList.html). If you still can't find one, post it and I'll see if I can find it elsewhere.

http://www.sysinternals.com/
Download PROCESS EXPLORER
This is a tool you want in your toolbox anyway
It shows a complete breakdown of every process, who owns it and what files are associated with it.

This is also "the" definitive rootkit detection tool to find hidden items running in your startup and hiding in svchost processes.

Forgot about that one. I used it and found a rootkit on a relative's PC once. :(

It's a very useful program.

Thanks guys, will download the Explorer and get back to you all tomorow.

I used it and found a rootkit on a relative's PC once. .

Upon reading this, it got me to thinking that just in case I should come across someone else's pc in the future which may not have a connection to the net at that time for any given reason so I will still need to know how to locate things in the startup. I will try the Explorer tomorow but for now, for example, when I use msconfig and go to Startup, I see programs belonging to "Startup" and "common startup" in the location column but l have looked everywhere and can't find those folders anywhere on my pc, I thought these 2 folders would be either in the Windows or System folders but nothing there. I tried using the "Search for all files and folders" and also the "Run" search tool but nothing comes up with these folder names.

I believe that "Common startup" refers to the startup folder located in "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" (or whatever your drive name is), and "startup" refers to the folder under:
"C:\Documents and Settings\<username>\Start Menu\Programs\Startup"

These folders just contain shortcuts for programs that run at startup. If a shortcut is in there, the program (or task) will run when your computer starts. If it is under "common startup", it will start on any profile/user account on your PC, if under "startup", it will start on your profile/user account.

I see 5 items showing the location as common startup but when I go to the folder following the path you've give, nothing in there.

I see 4 items showing the location as the startup folder and following your path, I am seeing only 2 of them in there.

Any ideas? Thanks.

Are these items checked? If so, what are their names, ex. "Adobe Reader Speed Launch" in Common Startup.

Oh, I think I see what you mean, the items have to be checked to show in the folder? Ok, that's one hurdle [thanks] now can you tell me how to find other folders without knowing the paths to them beforehand like you do? Meaning, how can I find them from what's listed only in the "locations" column?

OK. I'll give an example, like the one from before "Adobe Reader Speed Launch". Under location, it says, Common Startup, then under command, it says "C:\PROGRA~1\Adobe\ACROBA~1\Reader\READER~1.EXE". So, the "Common Startup" refers to the location of the shortcut, or "C:\Documents and Settings\All Users\Start Menu\Programs\Startup". "Command"refers the location of the shortcut.

In addition to Startup and Common Startup, there are also locations in the registry:
HKLM\Software\Microsoft\Current Version\Run, which, like Common Startup, runs the shortcuts for any and every user and:
HKCU\Software\Microsoft\Current Version\Run, which is similar to Startup.

To find these, open the registry (be very careful, and backup first if you change anything) by going to Start/Run and typing regedit. HKLM stands for HKEY_LOCAL_MACHINE and HKCU = HKEY_CURRENT_USER, so navigate through the keys & subkeys (kind of like folders) until you find the entries. You can delete them if you wish, but I would recommend doing it through msconfig.

When items are unchecked, they do not exist in that folder any more, but in a different location instead so they do not startup, but are kept in case you would like them to be a startup item.

Really appreciate the help and info, please stay tuned, will go through this later this evening and post any relevant questions, thanks.

ok, a couple of things here please. First, unless I am missing something here, how will I know to which programs each startup item belongs to? Some of these items have very strange names so I can't tell just by looking at the name.

ok, a couple of things here please. First, unless I am missing something here, how will I know to which programs each startup item belongs to? Some of these items have very strange names so I can't tell just by looking at the name.

Mike, you have to be like a detective. Start from the info provided in Startup,
and trace it back to the folder or registry key and keep working backwards
to try to determine what program it is connected with. You could also take
some of the filenames involved and google them to see what comes up.

If you see file names that make no sense such as.. aotjww.exe
then you should suspect it is virus or spyware named randomly to
avoid detection.

---pete---

HKLM\Software\Microsoft\Windows\Current Version\Run

As Pi points out, in order to load at startup, it must have a reg key.

This is where rootkits, trojans, and self-replicating virus live. The bad stuff does not initiate a key that places something in your systray or make it visible in your Msconfig or otherwise tell you it is in startup.
As the registry loads, these keys silently launch whatever the associated exe or dll is.
In the case of self-replicators, they launch a dll that checks to see if the (bad stuff) exe is there (because you may have found and killed it) and if not, the dll launches another exe to extract and install it again from a hidden file (often found in system or system32)
This is the purpose of PROCESS EXPLORER which will show you hidden items that otherwise do not show up anywhere unless you carefully comb the registry.

Using Msconfig or Mike Lin Startup Monitor or Startup Control
http://www.mlin.net/StartupMonitor.shtml
Only shows you those items in HKLM\....\run, not the other hidden ...\run and Current Control Set keys.

UNCHECK of one of these keys simply places a NoStart parameter on the key but does not delete it.
CHECK it again to turn it back on.

Many programs and utilities that run at startup have a control in the program which, when you tell it no startup, will actually DELETE the key rather than just turn it off.
It will no longer be visible in startup because the key has been removed. If you use the program control panel to tell it to run at startup, it will add a key in the appropriate section of the reg. (This is where your various reg locks and startup monitor will ask if you want to allow that change)

Now ... once you learn how to comb the registry and startup,
You can create a USER for testing or installing purposes which has MINIMAL startup items ... only essentials
HKCU section

This does relate to how you INSTALL programs ...
CURRENT USER or ALL USERS as that choice determines what part of the registry these keys are located in and ALL USERS will override CURRENT USER in most cases.

If you don't have the Mike Lin program .... GET IT!
It is much easier to use than Msconfig.
It also allows you to MOVE items from HKLM to HKCU ect and change how and when startup items load.
(often useful when they conflict and you need to change the order in which they load)

The Mike Lin STARTUP MONITOR locks certain (not all) sections of the reg to prevent unauthorized modification.
This is where AdAware SE Plus AdWatch does a more thorough job (locking down almost all of the registry)

Locking the reg prevents hidden (malware) from creating the necessary STARTUP keys it needs to execute.

There are several other REGISTRY LOCK freeware programs out there if you hunt for them.

This is both the key to preventing bad stuff or programs doing things you don't want them to do as well as a total PITA!
Again, this is where you have a USER with these features turned off for the purpose of doing unimpeded installs and changes. Make your changes and do your installs under that user then switch back to your regular user and be fully protected again.

A USER with restricted rights is barred from making these changes (as opposed to a USER with Administrative rights)
Which is why MS recommends using a USER profile with limited privledges for web surfing (so nothing can install),
but there are ways to BACKDOOR this and easily get around it. (EXPLOITS that use common Windows Processes that have system admin rights regardless of USER rights)
There are also ways to use other common Windows program features to navigate to Internet and Security options which are otherwise blocked out for a restricted USER and turn on downloads and installs. The fence is full of holes....

Mike, sorry if I have you thoroughly confused now .. too little sleep and not enough coffee yet...

Much of this, from info I have run across, is being addressed with Vista.
The problem with XP was, too many departments each doing their own thing. While one was slamming and locking the door, the next one down the line was holding the gate open. In order not to annoy the "average" user, many of these doors were intentionally left open.

As you become expert with XP, you will see that there are often many ways to reach the same point using different paths. Many of these, with the size and complexity of XP, where totally overlooked by MS or never noticed.

The "bad guys" and even legit software writers take the time and trouble to disect and find them and then make use of them. Once you become expert with the workings of XP, you will find that you can often do things MS says you can't do and find ways to bypass much of their so called security.

Vista promises to be a very different OS as they now cooperate on these errors as a unified body.
And... from the looks of it... will annoy the hell out of the "average" user as well as the software writers. Expect a lot of major conflicts and problems in the first few months.

@Pete
did a net search as you suggested for those items which I did not recognize and lucky for me I did so as most of those are neccesary files from different programs I have, I only found 1 spyware [gator], thanks for the advice, will do this from now on!

@DBarrow
Appreciate you taking the time to write all of that info, some of it I still have to figure out but you are sending me in the right direction as I intend on doing "Registry" stuff next. I will download the Mlin, thanks.

@Pi Rules
That was very well explained, thanks. I went into the registry but could not locate the files.

Ok, so for everyone here, now that I know how to recognize each item in the startup via the msconfig, my next step is to remove the no longer needed items that are still there, how can I do so please?

Ok, so for everyone here, now that I know how to recognize each item in the startup via the msconfig, my next step is to remove the no longer needed items that are still there, how can I do so please?
Did you see the link in my first post? You can put the name of the item in the text box in that site and it will recommend what to do. If it shows a red X, scan your computer immediately and put a HijackThis log where they belong here (Virus/Spyware/Firewall forum?). Many will say optional, which pretty much means it is up to you. It won't wreck anything, but you will have to start it manually if necessary.

To remove the unnecessary ones, uncheck them and click OK. When you restart, you'll get a notification that your startup items changed... Choose to not show the message every time.

I went into the registry but could not locate the files.
Are there checked items whose location says: HKLM/... or HKCU/...
If so, try navigating there again. Please select the "run" subkey, then go to Edit/Copy Key Name and paste it here.

PS: Run this tool (http://www.majorgeeks.com/download4434.html) to make sure Gator is gone, and scan your computer to make sure you don't have anything else.

Use the Mike Lin program as it is much easier and does DELETE keys you no longer want.
Deleted keys are stored and you can restore them from within the program.

I don't think you are ready for manual reg editing at this point, but that is another way to remove keys.
Whenever messing in registry, it is important to know the steps to EXPORT keys and branches as files to store in case you have to ever put them back! That is a more detailed subject.

Mike, as you build your "toolkit" you will find many of these little "utility" programs, like Process Explorer are very small.
Note that you can load a whole "toolkit" on a larger flash drive.
This is very handy if you have to look at another system.
Just plug in the flash drive and run your toolkit utils.

Ok, understood now, I can download the handy utilities on a cd maybe and load and run on any pc?

can all programs be added to startup "after" installation?

I can download the handy utilities on a cd maybe and load and run on any pc?
Yes.

can all programs be added to startup "after" installation?
Would you please give an example of what you mean? If I understand you correctly, then yes, they should be able to be added to startup later.

Thanks but found out a short while ago how to add programs without startup options by simply creating a shortcut and then dragging it into the startup folder.

Tried out the 2 utilities mentioned [Mlin and Process Explorer], very nice items indeed especially the Mlin!!

Can anyone tell me please what the difference is between "Common Startup" and "Startup"? Also, when I go to "Documents and Settings", I see 3 folders [All Users, Default User and another with my name on it], why do some items go into the All users and some into the one with my name, I mean, why don't they all go into just one of those folders?

There are various STARTUPs
There are the things in registry HKLM\...\Windows\Run
that load at boot because the reg key tells it to load ...exe or ...dll
Then, there are items loaded using the %\Documents and Settings\User\Start Menu\Programs\Startup
If you place a shortcut in All Users, the program will start for all users
If you place it in the same folder under YOUR user, it will only start when you logon using that user. It won't start logging on as another user.

These also relate to reg keys under HKCU\Run where the Current User control sets are kept.

Default User is a template used for creating new users with a pre-configured setup.

The same goes for making items available to the USER.
If you install a program and check "make available to all users", the menu item goes under All Users\..\Programs
Items under All Users appear in the START menus for every user.
Items only in Your user Start menu only appear under that user logon.
ie: if I put Winamp in All users, it will appear in every user's Start Menu under Programs (or wherever I choose to place it).
If I only put it in My User, I will have it but no other users will have a Start menu item for it.

Now, if you create a custom menu like UTILITY which has all the shortcuts to your utility programs, you can place that UTILITY folder in All Users\Start Menu\Utility and it will be available to all users.

Likewise, let's say you had a Word document you wanted to open every time you logged on. Create a shortcut to it in (Your User)\Start Menu\Programs\Startup\shortcut and it will launch when you logon.

Documents and Settings USER folders allow you to customize what each USER has access to.
This can be particularly important for limited users with no admin rights.
If you take the shortcuts out of their Start Menu folders, they can't see or access them.
This is common in a business department where they will configure work stations so users only have limited rights and limited access only to what the employer wants them to access. Other programs and settings may be there but that user can't access or change them.
Also handy if you have kids who like to tinker with things they should keep their hands off!

As I said before, the funny thing about Windows is, there are a hundred different roads that all lead to the same place. Once you know the roadmap, it's easy to bypass any roadblocks and still get where you want to go.
A limited user with restricted rights can still often take a different road, drive around, and come in from the back to accomplish what they want ... if they know how.

OK, very well explained, thanks!

I think this will be my final question on this topic until I get to the Registry section of my book later on at which time I will come back to this, my next step now is to figure out how to change the Startup order? I searched the net last night and came across this

http://www.windowsbbs.com/showthread.php?t=7329

Looking in msconfig, I do not see that the startup items are listed in ABC order, if you read this DBarrow, please note that I am looking for a "manual" way to do this so I'll have the knowledge, I will get back to the Mlin immediately and soon as I figure this out, thanks.

You could try to write a batch file and put that in startup instead, but it might be more trouble then it is worth.

well, seeing that I don't know what a batch file is [yet] then I will have to wait until I get to that point, I was thinking that there might be some way to rearrange the order of the startup items according to your preference, if there isn't an easy way to do this without using a utility such as Mlin then maybe I should go straight to the Mlin for this?

You can try it, but I've never used the program.

Like I said, I was looking for a manual way first so now I'll go try out the Mlin and will report back here, thanks.

You can try to shuffle the hive it is in with MLin but I believe they still abc.
I think HKLM loads before HKCU.
I do recall something that was giving me a conflict and I had to move the hive it was in to get it to load later in the stack.

There was a boot optimization tool (MS) Bootvis where I believe you could change the order. Can't find it right now on the machine.
The problem is, XP will optimize the order anyway by default every so many days.

I suggest a trip to the MSKB searching boot, boot order, startup, etc.

The problem is, XP will optimize the order anyway by default every so many days.
.

If this is the case then there is no sense in anyone attempting to change the startup order of the items in startup, correct?