Take control of your system by finding programs that Windows starts automatically.
One of the many problems Windows users face is being able to keep track of all the methods Windows uses to automatically start programs at system boot and when a user logs in. Of course, any programs in a user’s Startup folder are automatically launched when the user logs in. The Registry keys that control system services, scheduled tasks, and Internet Explorer add-ons are just a few of the other things that can cause a program to be started automatically.
The onslaught of spyware has made it important to be able to find out exactly what’s being automatically launched on your system and what’s causing it to be launched. At the very least, finding out why a program is started automatically can be a minor annoyance. Many software packages install add-on utilities that start up automatically, and disabling these is usually easy to do so. However, spyware can be much more difficult to deal with, as it often uses more obscure Registry locations to launch itself.
Because spyware packages often launch via more than one avenue, they can be difficult to remove. If you notice something odd in one place and remove it, you’ll often find that there’s an entry buried somewhere else deep within the system Registry that either undoes your attempts to remove the software or attempts to start the offending piece of software. To completely rid yourself of the spyware, you need to remove all traces of it in one shot.
You’ve probably gotten the idea by now, but completely removing a spyware package can be difficult because all of these different avenues are buried deep within the system Registry. This problem is compounded by the fact that mistakes made when editing the Registry can often leave a system either partially or wholly inoperable. Luckily, some programs can help you track down all of the programs that are executed automatically and show you the Registry locations that are causing them to be executed.
One such program is
Autoruns (http://www.sysinternals.net/Utilities/Autoruns.html). Not only does it let you find the programs, but it also lets you easily disable them. To install Autoruns, download the .zip archive from the Sysinternals site and then extract its contents to a suitable directory (e.g., C:\Program Files\Autoruns).
Then, launch autoruns.exe. After accepting the license agreement, you should see the window shown in Figure 2-4.
As you can see, the Autoruns interface is fairly simple. The tabs at the top of the window allow you to filter by method of automatic execution. The Everything tab, of course, shows all automatically executed items, while the Logon tab shows items that are executed when you log in. Figure 2-4 displays the contents of the Internet Explorer tab, which shows the helper plug-ins loaded by Internet Explorer. The Internet Explorer tab is especially useful for tracking down browser toolbars and other pieces of software that can be used to monitor your web browsing.
If you feel that you’re staring at too much information, you can ignore any standard items that are legitimate Microsoft programs. Just choose Options→Hide Microsoft Signed Entries to display only third-party programs. Make sure to choose File→Refresh to update the display.
If you want to disable an item, simply uncheck the box next to it. Autoruns will make a backup of the information, so that you can re-enable it later if you need to (simply recheck the entry). Also, if you’re not quite sure what a program is, you can click on the item and choose Entry→Google to launch your web browser with search results for the item.