Hunt down autostart programs wherever they hide -
Why does logon take so long? What are all those icons in the system tray? How do I stop programs from starting automatically? How do I get rid of that strange error that keeps cropping up during logon? You’ve probably heard these questions plenty of times, especially from Windows users who are working on new systems that came preloaded with applications or on older systems on which they’ve installed numerous programs over time. There is a free tool that can answer those questions: Sysinternals Autoruns.
Download it from this site (freeware) -
Upon installation, many applications configure themselves to start automatically when you log on. Applications do this so that they can automatically check for updates, because they use system tray icons to interact with users, or because they add functionality to Windows components such as Windows Explorer. However, most such applications don’t ask permission before inserting themselves in your logon process and almost never provide an interface to let you disable their autostart functionality.
Windows Server 2003 and Windows XP include the System Configuration utility (Msconfig.exe), which is based on a similar tool in Windows Me. Msconfig features a Startup tab that lists and lets you disable certain items that run automatically when you log on. However, Msconfig has two major limitations: It displays items from only a fraction of the locations in which autostart applications can hide and it shows limited information about the items it does list. Furthermore, if you run Windows 2000 or Windows NT 4.0, you’re out of luck. Neither OS contains Msconfig or other built-in tools to report components that automatically execute at logon.
You can use Autoruns not only to identify the applications that have configured themselves to start at logon but to see all the locations where autostart applications might be configured on the system. Autoruns works on all versions of Windows, including Windows Me and Windows 9x.
What You See -
Autoruns displays each location that contains autostart items, or images, in the order in which the locations are processed during system startup and user logon; all images in each location are listed in alphabetical order. Besides providing insight into the Windows logon process, this order can have important repercussions: Programs that launch first might be overwritten by programs that launch later.
Autoruns displays more information about each image than Msconfig does. Autoruns lists each entry in the subkey, as well as a description of the entry’s corresponding image, the company that created the image, and the path to the image file. And Autoruns lists the path to the image file.
Autoruns obtains the description and company name from the image’s version data, which stores details that help identify the image and its purpose. You can examine the rest of an image’s version information by selecting the image and choosing Entry, Properties from Autoruns’ menu bar or by right-clicking the image and selecting Properties from the context menu.
Autoruns gives you the option to show only images that are unsigned, or not published by Microsoft; just select View, Hide Signed Microsoft Entries. An image is said to be signed when it includes a digital signature issued by a digital signing authority that the system’s security policy trusts. Unsigned images’ company names will be preceded by (Not verified) in Autoruns’ display.
Autoruns doesn’t show an image’s startup command, but you can find that information by double-clicking the entry or by selecting the entry and choosing Entry, Jump To. If the image is in the registry, Autoruns executes regedit and navigates to the appropriate subkey or entry. If the image is in the file system, which is the case for items in the Start menu’s Startup folder, Autoruns opens Windows Explorer and navigates to the directory that contains the image.
Autoruns focuses on images that execute when you log on, but many components run as Windows services and automatically execute when the system boots. For example, to toggle Autoruns’ display of autostart services, select View, Show Services; to see Windows Explorer add-ons, select View, Show Explorer Addons.
Where They Hide -
Autoruns usually lists more entries than Msconfig because Msconfig is programmed to be aware of only some of the two dozen or so startup entries honored by Windows and its logon components. For example, consider the HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\Userinit registry subkey. After you interactively log on to a system, the Winlogon process executes the program listed in this subkey (userinit.exe by default). Userinit.exe executes logon scripts, restores drive letter and printer mappings, and applies configured Group Policy settings. Msconfig doesn’t list this image.
To see all the locations that Autoruns knows about, select all the View menu items that begin with Show, then select View, Include Empty Locations.
What to Do -
Like Msconfig, Autoruns lets you temporarily disable an entry by clearing the item’s check box. When you do so, Autoruns moves the entry into a backup location in the registry or file system. For example, if you disable an entry under the HKEY_LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run subkey, Autoruns creates an AutorunsDisabled subkey under that registry subkey and moves the entry’s value into AutorunsDisabled. When you disable an entry in the Startup folder, Autoruns creates a subdirectory named Autorunsdisabled, into which it moves the disabled entry. When you log on, Windows Explorer opens the Autorunsdisabled folder so that you can see any disabled entries.
Autoruns also lets you permanently delete enabled or disabled entries by selecting the entry and typing Ctrl+D or by selecting Entry, Delete from the menu bar. Before you delete an item, though, you might want to save the Autoruns output to a text file for archiving purposes. To do so, choose File, Save.
You’ll probably find autostart programs that you’ll want to remove.
The list of locations in which applications can configure themselves is astounding and nowhere does Microsoft documentation provide the entire list. Autoruns has evolved and continues to evolve over time to include more and more of these locations as Autoruns’ authors learn of them.
Hey, it sounds very useful!
Has anyone one used it and survived? I’d like to try it but I feel I’d like to hear a positive testimony first.
I’ve used many utilities from Sysinternals. All been good, powerful stuff.
Thanks for the link Bill.
Just tried it on my w98 box. Seems OK. I can’t vouch for what would happen if you removed something important, but at least it lets you put things back if you made a mistake.
Thanks Mark–I’ve also been a big fan of the Sysinternals stuff for years (filemon, regmon, tdimon, ntfsdos, etc.). This is one I haven’t tried yet, but I will soon…I’ve always suspected msconfig’s list of startup processes wasn’t complete, and it looks like this util will let me get at more/all of them.
Also thanks to Bill for bringing this up!
Hey this sounds like exactly what I’ve been looking for. I’m gonna give it a try.
Another good resource that IDs all those start up progs is:
I’d like to hear if someone uses this Autorun.
A little late now in responding to Mike’s question, but I have been using it on my WinXP system without any problems. I haven’t tried it out on my wife’s WinME or my old 98se systems, but I don’t anticipate any grief.
If in doubt, just use it to gather information about the various processes (it has a built-in “Google It” function) and then decide what you want to do.
Of course with anything like this it is always wise to back-up your registry first. But having said that, I didn’t (laziness on my part) and still no grief.
Sorry I didn’t get that link correct that lists start up tasks.
Talking about sysinternal utilities, one i found usefull when having registry problems, is the “Regmon” one. It monitors in realtime what is been writing in the registry, in this way you can learn how tweak some hidden things and to avoid more efficiently spyware and viruses.