How do I find out what’s running when I start windows

And furthermore.. how do i turn it off? 

I was recently asked what application you should use to detect programs and services that run when you start windows.  While it’s not my area of expertise I would personally recommend Autoruns. It’s fairly comprehensive, links to online searches, is free of additional spyware, and works on just about any version of windows. 

Comments (6)

  1. MSDNArchive says:


  2. MSDNArchive says:

    MSConfig is good since it comes installed with windows, but Autoruns has some nice shortcuts to online search when you want to find out what something is.  

  3. heaths says:

    I would actually recommend a Microsoft product that helps you avoid malicious software, namely Windows Defender at This has a view that lets you view and managed autorun apps, services, running programs, and winsock providers. Just click on Tools, then Software Explorer. Defender runs on XP and newer.

  4. MSDNArchive says:

    Good call Heath. Defender is good. People seem to miss that Autoruns is also now a "MIcrosoft Product" since we purchase Sysinternals.  🙂

  5. J.P. says:

    (As with my blog, my comment is only my opinion and not associated or supported by my employer. Though working here does tend to help answer questions about what stuff does.)

    Yeah, autoruns is good. If I remember correctly, you can also save "snapshots" and then compare later to see what little tidbits have been installed. I used this to once find the most sneaky spyware I had ever seen which was the spyware renamed the explorer.exe binary name in the registry to "explorer.exe     {repeat space a few hundred times}     spyware.exe" clever….found with autoruns. Oh and it runs fine on Vista too.

    Now aside from that, many people don’t always know which services to disable (if any).

    First of all, I should say that teams here really do take adding a service seriously, so you probably should make sure that you know what it is that you’re disabling first before you do it. However, that said, savy users can make the decision they don’t want certain features to work.

    Here is a list of the services (in vista, since thats all I use lately) that I choose to disable and why:

    1. Desktop Window Manager Session Manager – I don’t have video cards which have WDM drivers, so I don’t really care about all the cool features that the new WDM gives me, so I turn it off (I also set the theme to classic btw :)).

    2. Function Discovery Provider Host – On my work machine, I don’t forsee having to connect to various devices on the network. I usually know the address of what I am connecting to and what it is. (Note, disabling this on a home machine may make things like camera/printer/disk/etc discovery not work.

    3. Function Discovery Resource Publication – Ditto, I am not going to be advertising functions on the network either.

    4. Internet Connection Sharing – Work machine, not sharing anything.

    5. Portable Device Enumerator Service – I don’t connect any Audio player to my machine at work. This service may do more than that, I am not sure, but I have not run in to issues.

    6. ReadyBoost – If I want more memory…I’ll just add it on the mobo, thanks. 🙂

    7. Routing and Remote Access – Not a server and not making VPN connections, so no need for this.

    8. SSDP Discovery – Again, I am not doing any network or device discovery, so I don’t really care. Normally this service and UPNP are tied together.

    9. Tablet PC Input Service – Sigh, I wish it could tell this. This machine is not a tablet.

    10. Themes – Yeah, along with disabling WDM, I don’t care for themes either. Win2k look all the way. 🙂

    11. UPnP Device Host – I am not really using upnp at work, or think I need to. If you use a home router and msn/live messenger, you may want to keep this as well as ssdp.

    12. VS 2005 Remote Debugger – Hehe, sorry, I just dont see a need for this. My only remote debugger is NTSD launched under remote.exe :).

    13. Windows Media Center Extender Service – So if you start media center once, then the associated services get set to start automatically forever after that. I just keep them explicitly disabled.

    14. Windows Media Center Service Launcher – This is the thing that actually detects if you ran Media Center before.

    15. Windows Search – Yeah, its great and all, but the amount of Disk and CPU takes up is not worth it for me on my desktop machine I use all the time. I think that on my work laptop though, its worth the hit just for using it in outlook though.

    I have a bunch of other services set to manual as well, but I don’t remember if I did that or they came that way. 🙂

    Basically though I check every service running (and any marked to auto start) and make sure it does something I want (or look up what it does first). You can do the same on most of the recent OSs as well. I think this makes a big help with perf since these free up more idle cycles.

    When trying to figure out what your machine is doing (if its slow), I reccomend checking a few things.

    1. Turn on "Show Kernel Times" in the Performance Tab in Task Manager (CTRL+SHIFT+ESC), if most of the graph is red most of the time, check for hardware drivers you installed recently, there may be one of subpar value, were they all signed by the WHQL Lab? 🙂

    2. Check the Disk, is it going nuts? Whats the current page file load? Is the page file on the right disk/partition (meaning is it on a disk you use often)? Is there enough free space on the partition? Is there a problem with the drive (noise)?

    3. THEN check Memory usage (add private bytes colum to task manager in XP/Server 2k3) or just use Private Working Set in Vista (there by default) as well as Processor usage.

    If you track something down to svchost.exe, THEN you may want to check which services are running (autoruns gives you quick access, but services.msc often gives better names and descriptions). (Though not all services run in a service host. Many use there own Exe, so you may need to check anyways.)

    Is it IE or Firefox that is the culprit? Check the sites currently open. Do you keep any of them open long (RSS reader, new site, myspace :P)? Sometimes these sites have HUGE JavaScript/VBScript files that the browsers load into memory (and often the sites javascript files have memory leaks :P). Not much you can always do in these cases, perhaps other than send them a mail. If your internal, you can always use !runaway in the debugger (ntsd) to track down the offending thread and look up the code owner.

    Hope some of this helps.

  6. Faverin says:

    Try Mike Lins Startup checker thingy. It plants itself in the control panel and just works. Well.

    Also allows you to move object from startup area to startup area. It also keep a deleted section.