How To Use Autoruns to Manage StartUp Applications in Windows

When your Windows take a long time to boot up and reach the Desktop, you will know that there are plenty of (useless) processes and startup applications running in the background. To deal with this, we tend to use the built-in Windows start-up manager or other third party tools like CCleaner. But these tools are usually fairly limited. In this article, we will show you how to use a powerful application like Autoruns to manage your Windows start up programs, processes and other entries.

Autoruns is an advanced start up manager which is a part of SysInternals package. It allows you to delve deep into the startup programs and shows almost all the programs that are loaded automatically at every startup. Due to the increased efficiency of the programs, developers are using different methods to load their programs at start up. These methods include, hooking their programs to services, scheduled tasks, system DLLs, helper objects, etc. Autoruns can display almost all the startup programs and processes, and because of this, it can also be used to clean infected PCs by removing the malicious startup items.

Autoruns is a powerful tool, yet it is very simple to use. It is also a portable application, and you can start working with it without any need for installation. Just download and launch the application.

To disable a startup item, all you have to do is to uncheck the check box next to the entry. For instance, here I have disabled a startup item related to CyberGhost as it is not needed at every startup.

autoruns-disable-startup-item

One thing though, don’t get overwhelmed by all those tabs displayed in the Autoruns. Here is a basic rundown of some of the important tabs.

Everything: The Everything tab in Autoruns lists all the programs and processes at one place regardless of their categories.

Logon: This tab displays all the programs and processes that are launched during login and log off. Usually, this is where you will find most of the startup programs.

Explorer: This tab displays all the Windows Explorer-related and add-on objects like shell extensions, explorer toolbars, active setup executions, shell execute hooks, etc.

Internet Explorer: The Internet Explorer tab contains all the add-on objects like IE toolbars, browser helper objects, etc.

Scheduled Tasks: If there are any programs that are scheduled to start up in Windows, then they are listed here.

Services: Any windows and third party services (like Chrome update, etc.) that are configured to load at boot time are listed here.

Drivers: All the Windows and kernel-mode drivers are listed here. You have to be very careful here. If you disable a necessary driver, your PC may not work as it should.

Boot Execute: Any programs (like chkdsk) that are configured to load at boot time are listed here.

Image Hijacks: Simply put, image hijacking is nothing but swapping one program for another. Generally, you shouldn’t see any entries in this tab. But if you see any suspicious entries then it is good to disable them.

AppInit: Here you will find all the digitally signed Application Initialization DLLs that are automatically loaded at the time of startup.

KnownDLLs: This tab shows all the DLLs that are loaded into applications. Usually, you don’t have to worry about this unless you fear that your PC is infected.

Apart from disabling the startup entries and browsing through the tabs, you can also verify the code signatures of all the entries. To verify code signatures, navigate to “Options” and then select “Filter Options.” This will open another window; select the radio button “Verify code signatures” and click on the “Rescan” button.

autoruns-verify-code-signatures

Once you have done that, Autoruns will rescan all the startup entries to verify code signatures and will display them in colored entries.

autoruns-code-signatures

Here is the what each color means:

Green: Green color is generally used to identify a startup item which isn’t there according to the previous known scan.

Yellow: Yellow color is generally used to identify a start up item which no longer exists.

Pink: Pink is used to identify the start up item with no code signatures or the publisher information.

If you are not so sure about a particular startup item, you can just right click on it and select the option “Search Online” to get more details from the Internet. Also, by using the options like “Jump to Entry” and “Jump to Image,” you can know more about the registry entries and the program that is responsible for that startup item.

autoruns-right-click-options

Autoruns is a powerful and feature-rich start up manager. Using the details provided by the Autoruns tool, you can effectively manage all the startup programs and it can also be used to find and clean any unwanted malware and junkware in your PC. In fact, it is a must have tool for any Windows power user.

Do comment below to share your thoughts on Autoruns.