Displayed Locations and Entries
Simply run Autoruns and it shows you the currently configured auto-start applications in the locations that most directly execute applications. Perform a new scan that reflects changes to options by refreshing the display.
Logon This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.
Explorer Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
Internet Explorer This entry shows Browser Helper Objects (BHO's), Internet Explorer toolbars and extensions.
Services All Windows services configured to start automatically when the system boots.
Drivers This displays all kernel-mode drivers registered on the system except those that are disabled.
Scheduled Tasks Task scheduler tasks configured to start at boot or logon.
AppInit DLLs This has Autoruns shows DLLs registered as application initialization DLLs.
Boot Execute Native images (as opposed to Windows images) that run early during the boot process.
Image Hijacks Image file execution options and command prompt autostarts.
Known DLLs This reports the location of DLLs that Windows loads into applications that reference them.
Winlogon Notifications Shows DLLs that register for Winlogon notification of logon events.
Winsock Providers Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them.
LSA Providers Shows registers Local Security Authority (LSA) authentication, notification and security packages.
Printer Monitor Drivers Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.
Sidebar Displays Windows Sidebar gadgets.
Unless the Include Empty Locations selection in the Options menu is checked Autoruns doesn't show locations with no entries.
The Users menu is populated with user names. Select one to view the auto-starting images for that account.