Q: Is there an easy way to find out which programs automatically start on my Windows PC after Windows has booted? I'm particularly interested in non-Microsoft programs that automatically start—these programs could point to malicious third-party applications that are on my system.

A: In Windows, programs can be configured to automatically run at system startup from many different locations: the Startup folder, configuration files, and registry keys. One of the most commonly used locations to configure a program to autorun is the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.
An excellent tool that you can use to get an overview of all the programs that automatically run on your Windows system is the Microsoft Sysinternals Autoruns utility, which is shown in Figure 1.

Figure 1: Microsoft Sysinternals' Autorun utility

Three particularly interesting Autoruns features are the Hide Signed Microsoft Entries option, which makes Autoruns display only third-party autorun images that have been added to your system; the ability to verify the code signatures of all autorun images; and the Autorunsc command-line tool, which can output all autorun information in a comma-separated value (CSV) file.

Another tool you can use to detect autorun programs on your Windows system is Windows Defender's Software Explorer tool. The Software Explorer window, which is shown in Figure 2, can be accessed from the Windows Defender Tools and Settings menu option. Windows Defender is bundled with Windows Vista, and you can download a version for Windows XP SP2 and Windows Server 2003 SP1 and later from the Microsoft Web site.

Figure 2: Windows Defender's Software Explorer