Autoruns – Hunt those nasty startup programs that slow down your bootup!

Your new PC or newly Installed Windows OS behaves well and fast. Over a period of time, the behavior changes. Every application launch takes more and more time. You get dissatisfied with your PC bootup time. Why? If you look at your Task Manager process list, you see a lot of processes running and taking a lot of your RAM. It is a fact that, installing newer applications add additional entries in your Windows startup so every time, windows boots, it has to process those additional tasks and launch extra third party processes. Most of them are background processes and you will not even notice. Some of them are essential but mostly a nuisance.


It is highly recommend that every now and then you need to keep an eye on your startup tasks list. A simple tool msconfig (Microsoft System Configuration Utility) is very popular. But it is not that comprehensive. A new tool is out there from Sysinternals, called Autoruns.


Autoruns has the most comprehensive knowledge of auto-starting locations on Windows. It shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. It runs on all versions of Windows and will surprise you with the list of tasks that run during bootup. You will say “Hmm. That’s why my PC is slow!”. Carefully see what are those nasty apps that you don’t want to run during bootup and disable them. Please be careful on what you disable as it might be a critical Windows service. Make sure you hide all Microsoft auto-start list.

Download and run Autoruns and it shows you the currently configured auto-start applications in the locations that most directly execute applications.  Perform a new scan that reflects changes to options by refreshing the display.


  • Logon This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.

  • Explorer Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.

  • Internet Explorer This entry shows Browser Helper Objects (BHO’s), Internet Explorer toolbars and extensions.

  • Services All Windows services configured to start automatically when the system boots.

  • Drivers This displays all kernel-mode drivers registered on the system except those that are disabled.

  • Scheduled Tasks Task scheduler tasks configured to start at boot or logon.

  • AppInit DLLs This has Autoruns shows DLLs registered as application initialization DLLs.

  • Boot Execute Native images (as opposed to Windows images) that run early during the boot process.

  • Image Hijacks Image file execution options and command prompt autostarts.

  • Known DLLs This reports the location of DLLs that Windows loads into applications that reference them.

  • Winlogon Notifications Shows DLLs that register for Winlogon notification of logon events.

  • Winsock Providers Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can uninstall them, but cannot disable them.

  • LSA Providers Shows registers Local Security Authority (LSA) authentication, notification and security packages.

  • Printer Monitor Drivers Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.

  • Sidebar Displays Windows Vista sidebar gadgets

Further reading:

Mark’s BlogMark Russinovich’s technical blog covering topics such as Windows troubleshooting, technologies and security.

RSS Feed

Related Posts with Thumbnails

Leave a Reply

Your email address will not be published. Required fields are marked *