Over time Windows gets slower and slower to start up. Often this is due to the software that gets installed, that automatically starts programs as Windows starts up and are always running in the background even though you are not using them. Often this may not be the core software but rather a small program that runs in the background checking for updates of the software etc.
If you are looking to identify just what gets loaded as Windows starts up then the tool to use is the free SysInternal AutoRuns for Windows (v11.4 released Jan-2013). It’s free and is published by Microsoft on TechNet.
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
The utility is quick to run and you can stop a program from running by simply unchecking a checkbox. This is great because it lets you check the impact of the change and you can always check the box to re-enable. If you want to permanently stop a program then you can delete it form within the utility – super simple.
As you can see from the screenshot above this utility does more than just Windows start up programs. It will also show you what’s loaded in as Windows Explorer extensions and Internet Explorer extensions. All which may be slowing down your user experience.
Here is a full list of what this utility can scan for:
- Logon This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.
- Explorer Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
- Internet Explorer This entry shows Browser Helper Objects (BHO’s), Internet Explorer toolbars and extensions.
- Services All Windows services configured to start automatically when the system boots.
- Drivers This displays all kernel-mode drivers registered on the system except those that are disabled.
- Scheduled Tasks Task scheduler tasks configured to start at boot or logon.
- AppInit DLLs This has Autoruns shows DLLs registered as application initialization DLLs.
- Boot Execute Native images (as opposed to Windows images) that run early during the boot process.
- Image Hijacks Image file execution options and command prompt autostarts.
- Known DLLs This reports the location of DLLs that Windows loads into applications that reference them.
- Winlogon Notifications Shows DLLs that register for Winlogon notification of logon events.
- Winsock Providers Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them.
- LSA Providers Shows registers Local Security Authority (LSA) authentication, notification and security packages.
- Printer Monitor Drivers Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.
- Sidebar Displays Windows Sidebar gadgets.