Windows

Question

How to create a list of Everything that is run or started during startup

By Ghred131 ·
Tags: Windows
I need to see every process (and optionally service) or whatnot that actually ran during startup and in what order, but I can't find a way to do this.

I am delighted with Chameleon Startup Manager Pro because it allows me to create and select which of several startup configurations I wish to use at startup, and even on demand anytime after startup. But now I've found an issue in that Chameleon and the normal windows utilities related to startup don't get along.

For example, if I launch the task manager and look at the Startup tab, I never see more than 3 items, and usually just 1: Chameleon Startup Manager. I've tried a variety of tools which purport to show this info, such as Nirsoft's WhatsInStartup and others, but it's the same list.

And if I use AutoRuns, it doesn't show which processes or services actually ran and in what order, just the ones that are enabled. You'd think that would tell me what I want to know, but it doesn't show sub-startups, such as commands in a batch file that launches any number of other processes or services. More to the point, when I look at "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" -- again, all I see is the Chameleon Startup Manager.

Does anyone know a tool or setting that would provide the info I want? If it doesn't list services startup, that's fine too.

Thank you!
Thread display: Collapse - | Expand +

All Answers

Collapse -

Use Autoruns for Windows from Sysinternals.

by rproffitt Moderator In reply to How to create a list of E ...
Collapse -

Re: Autoruns

by Kees_B Moderator In reply to Use Autoruns for Windows ...

I doubt if it's complete. Three examples:
- It doesn't list winlogon, which certainly runs to let you enter a password.
- In Task Manager in Windows 10 I see YourPhone, not shown by Autoruns.
- In Task Manager I see a program Canon Extended Service Program, which might be loaded by a driver.

It's possible the last two aren't run when starting Windows, but only after logging in, but winlogon certainly isn't.

Collapse -

Winlogon Notification DLLs are listed.

by rproffitt Moderator In reply to Re: Autoruns

https://attack.mitre.org/techniques/T1547/004/ for a primer about this area.

Since Windows would be fundamentally broken if the Winlogin didn't start, I consider this part of the core OS.

If I wanted to look at the OS coming up, Read https://www.howtogeek.com/howto/32477/use-verbose-boot-messages-to-troubleshoot-windows-startup-problems/ to see how to enable the boot log and get even more VERBOSE ouput.
Outdated but useful Image:

For me, Autoruns has been more than sufficient but let's say one doesn't want to dig through all this? I suggest a post at BLEEPINGCOMPUTER.COM and follow their instructions.

Related Discussions

Related Forums