Advanced AutoRuns Login Tab
- Posted by wadehatler on 08.27.2012
In the previous post, you probably managed to delete a few entries that were blisteringly obvious, and probably found a few more that leave you scratching your head. This doesn't make you stupid ? far from it. Lots of entries are obscure enough that they take me a while to figure out and I've been at this a while, and I've even seen some that took a real expert hours to fix. In this section, I'll go through a few of the tricks you can use to try to understand what these things are. Of course, if you deleted a few of the worst offenders, and your machine is now fast as lightning you can quit right now.
I'm going to walk you through a few of the available tools using a silly example that I'm certain is in your system. Up near the top of the screen you should see a line that looks something like this:
This is obviously Windows Explorer. A new user might be surprised that it's running when you're not exploring files, but it's also used for other things such as the Start Menu and managing the icons on the desktop. It doesn't actually manage the desktop itself (as in the background), but many of the things associated with the desktop are handled by Explorer. For the moment though, let's presume you didn't know that, and wondered what explorer.exe is all about.
When you see an unknown program like this, you want to ask a few questions such as:
- What is this program and what does it do?
- Do I need it?
- What is its impact on the system? If its impact is minimal, then you don't really need to spend a lot of time on it.
- Is it something I need? Something I want? Something I loathe and detest? Something killing my system? (The latter are what you're after).
Let's take a minute to examine it and see what we can find out about it using the tools that are now in your hands.
Process Explorer
The first thing you want to find out about is whether the program is still running or not, and if so how much effect it's having on your system. If a program starts, does some work and then exits, it will make login and reboots slow, but usually won't otherwise affect your system, so it's not a problem. If it starts and keeps running, it has the potential of slowing down the system all the time, and those are what you most want to be rid of.
To do this, we'll use a wonderful tool called Process Explorer, another cool SysInternals tool. This extremely powerful tool tells you exactly what's happening on your computer at any moment in detail. It will show you every program or service that is running, what resources they are consuming, and tons of other useful information. If you're familiar with Task Manager in Windows, Process Explorer is what Task Manager aspires to be when it grows up. In fact, you can even make Process Explorer completely replace task manager so you never see it again if you choose to. I'll show you how to do that in a minute.
Let's go back to our example above. Right-click on any entry, and select Process Explorer and you'll open up Process Explorer and it will attempt to find the program referenced on that line. That's where you will get the first useful piece of information.
Process Explorer will come up as a window that looks something like a much bigger version of this.
If the program is currently running, Process Explorer will also show a Process Properties dialog on top of the summary display that looks something like this:
If you don't see the Process Properties window, it means that the program started, did its work and exited? or at least that it has exited sometime since you logged in. You usually want to run this test right after you've logged in, and if you don't find the process running, you can be reasonably certain that particular program isn't hurting runtime performance, although it could be making your login take longer.
For example, a few auto-upgrade programs (very few) only check for upgrades on startup, and once the check is done they exit. Sometimes configuration programs will set up the machine as expected and they're done. Sometimes cleanup programs might start and exit. For example, I have one I wrote myself that sorts the Start Menu, because I always want it sorted and it always gets unsorted when you install anything. The next time I log in, it fixes itself.
You probably shouldn't completely disregard a program that starts and then terminates, but unless it does something else that you don't want done, it's probably not the first thing you want to work on because it's not causing you misery all day every day. That's not universally true, but you really want to start with the low hanging fruit.
Process Properties
If the program is currently running, Process Explorer will show you a window that has a tremendous amount of detail about exactly what's happening with that particular program. Note that the program running isn't guaranteed to be the exact same one that was started automatically. For example, explorer.exe is always running to manage your Start Menu, but if you actually use Explorer to look at some files, you'll have another copy of it running. Process Explorer has no way to know which is which.
The Process Properties window has several tabs containing way more than you ever wanted to know about the process. The Image tab shown above is the first one you see, and it contains basic information about the process (another name for a program). This information includes how it was started, what its Command Line parameters were, and the directory at the time started. This information is frequently useful because you can look up the program somewhere on the Internet and find out what the Command Line parameters mean, and decipher exactly what the thing is doing. This is especially useful for programs like SvcHost.exe, which is a generic process that is used to start many different services. They all show up with the same process name (there are usually at least 4-5 running at any time), and the only way you can tell what it's actually doing is to look at the Command Line parameters.
The buttons highlighted in yellow are handy tools to manipulate the process to see what happens. They're both relatively self-explanatory.
The Bring to Front button tries to bring the process to the foreground so you can get a look at it. This can be useful when you're trying to separate out from others that might also be running. It doesn't always work because not all processes can be brought to the front. In fact, most of the processes that you'll be looking at in this example fall in that category. For example, if I try to bring Explorer to the front nothing happens, because it doesn't have any main window that can be brought forward ? unless I have another instance of Explorer running, in which case I'm not even sure the one highlighted is the one that started. Explorer and quite a few other programs can run sometimes with visible output that you can see, and other times completely invisibly. When in doubt, you can sort the Process Explorer output by Process Name and just look to see if there are multiple copies running.
If you kill a process, you get to see what happens once you kill it. Sometimes, killing a process will kill your whole machine, so don't click this button if you have any documents open. Killing a process is frequently the best way to see if you really need it or not, as long as you are prepared for the consequences if it goes badly. If you kill it, work with your computer for a while, and nothing bad happens, the chances are good that you don't really need it all that much. Note that it's pretty rare for killing a process to kill your whole machine, and if it does, all you have to do is reboot and you're back in business.
Explorer is an interesting case in point. You might think killing it would kill your computer but it doesn't. The Desktop Icons, Taskbar and Start Menu disappear, but your computer keeps on running. Of course, if you didn't plan ahead you won't have any way to start any new programs, so you will wind up having to log out and back in before you can do anything. You should try it just for fun to see what happens. Ideally, you should start a Command Prompt first, and then you can restart it by typing Explorer.
Performance Tab
Once you understand the basics of the Image Tab, you can flip over to the Performance Tab to get a bit of insight into whether this process is hurting your performance or not.
The Performance Tab will give you a tremendous amount of information about what this process is doing, and this will help you understand how big of a performance hit it has, but it's not definitive. For example, if you look to your Virus Scanner's Task Scheduler, it might seem that it doesn't take very much time. The Task Scheduler itself doesn't really take up much time, but when it launches a Virus Scan, that's the real killer and it's a different process. If you just look at the scheduler process, you might be lulled into a false sense of security because it can run for weeks consuming negligible resources.
There a few interesting items in this section:
- Priority is the current priority for this process. Priority is a flag telling your computer how much attention to give to this program. Something like a media player might be very high priority because if it doesn't react quickly, you lose your sound or video. Indexing your hard disk is low priority because it should only be done when the machine is completely idle. Priority values range from 4-24, with 24 meaning Real Time (the highest priority) and 4 meaning Idle (the lowest). 8 means Normal, which is what most processes use most of the time. Occasionally a developer will set something to use a very high or very low priority, but it's not very common. Of course, any process can change its priority anytime it wants to, so what you're seeing here is just a snapshot of what priority this process has right now.
- Kernel Time and User Time indicate the total amount of processor time that this process has consumed since it started, which can give you an idea of what effect it's had on the system since it started. This particular example has very small numbers because I killed the process five minutes ago and restarted it. A process with very large numbers is almost certainly killing your performance. A process with very small numbers is less likely to be killing your performance, but it's not certain because a process might run up big numbers doing a big job while the computer is idle, but go completely to sleep when you're doing anything (like the indexing task above).
- The I/O Tab gives you an idea of how much this process is hitting your hard disk, printers, etc. Large numbers here indicate that you are probably doing a lot of reading and writing, and sometimes this can adversely affect performance even if the CPU numbers aren't very big. The hard disk is frequently the biggest bottleneck in the system, so if you are hitting it hard, it won't matter how much idle time the processor has because it will be sitting around waiting for the hard disk all the time. Virus Scanners are good examples. They don't really use much processor time, but in the time that is left over the processor is I/O bound so it can't really work very effectively, even though the processor isn't being heavily loaded.
- The two Memory groups indicate how much physical and virtual memory this process is using. Thoroughly understanding these numbers is beyond the scope of this post, and in reality is beyond the understanding of even most software developers. In general, you want a process to have numbers that are relatively small. It stands to reason that if you have a process running all the time that's chewing up a bunch of memory, that's probably not good. However, you don't need to get to panicky about big numbers in the Virtual Memory column, because many programs allocate a lot of virtual memory but don't really use it all. It doesn't mean you should completely disregard the virtual memory numbers because they do have a real cost, but they're not something to be worried about as much as the physical memory numbers.
The bottom line here is that you're looking for things that are running all the time and consume lots of resources. Anything that consumes a lot of I/O, processor time, or memory is hurting your performance. Something that sits there for a long time without consuming much of any of those probably won't have a noticeable effect on your performance, and going to a lot of effort to kill it won't make much difference. For example, my video card comes with a little program to try to make it easy to change the screen resolution. I kill it off because I find it annoying, but in reality it really didn't consume very many resources anyway and killing it off didn't make any noticeable difference.
For the sake of this discussion, that's all I'm going to say about Process Explorer, except to point out that there's a lot more information there if you want to go digging for it. You could spend days digging around in it, and I frequently do when I'm trying to troubleshoot the software I'm writing. If you're an ordinary user just trying to make your computer work better, you probably don't need to know a lot more than what I've shown above. If you're a computer professional, you'll do yourself to really dig through Process Explorer and see what you can learn about your application.
Back to AutoRuns
Process Explorer is the best way to find out what real effect any particular program is having on your system, but it doesn't necessarily help you very much in understanding exactly what the program is and what its purpose is. For that, you need to go back to AutoRuns and do a little bit of spelunking.
In an earlier post I mentioned that I saw a Google Update, but couldn't quite remember what Google software I have installed that might need an update. Back in AutoRuns, I can right click on the entry and click Search Online, and it will search for the executable that is referenced by this entry. (I know, it's only saving a couple of little steps... every little bit helps).
In this case, it gave me this handy dandy Google page to tell me exactly what this update is doing.
Now that I see it, I can remember that I installed the Google Chrome browser just to see if I like it any better than Firefox or Opera (I don't), and Google helpfully installed this automatic updater.
I'm sure they think this is a very cool thing, and considering the number of security vulnerabilities that have been showing up in browsers it probably is. However, I don't feel an obsessive need to have this updater running all the time for a browser that I only use once or twice a month, if that.
The next step is to go to Process Explorer just like we did above to see if this is an updater that runs all the time, or if it's one that starts and terminates. In this case, I found it was running all the time, so I probably don't want it.
This particular program demonstrates some of the design trade-offs that software vendors have. Everyone agrees that it's a good idea to automatically check for upgrades and make it easy to upgrade, particularly in these days when Malware is running rampant. That means that it's an exceedingly good idea for any browser vendor to create some kind of automatic upgrade path.
Once they decide to create an automatic upgrade system, they could run it on startup like Opera and Firefox, or they could choose some other time. Doing it at startup as less of an overall impact on the system, but it makes startup slightly slower. Choosing "some other time", means you need to find some way to be sure that it gets executed at the right time, and that generally means you need to have something running all the time. In this particular case, Chrome's claim to fame is its speed, so they clearly wanted to start up time to be as fast as possible, since it's feature set is crippled to the bone. They probably figured that chewing up a couple of megabytes of RAM all the time to get slightly better startup performance was a reasonable trade off, in fact it might even be a good trade-off if Chrome was my primary browser. In an isolated world where Chrome was the only upgrade running, it wouldn't really be noticeable.
However, on my machine if I had not vigorously pruned down my startup tree I would have at least five upgraders running all the time. These things add up. The most annoying part is the Google didn't bother to tell me that they were installing this. They also had an easy choice of installing this somewhere that was easily discoverable, versus somewhere that is obscure and hidden. They went with obscure and hidden, which I think is somewhat evil. On the other hand, if somewhat funny that the first search result for this in Google was how to remove some Google program that you don't want ;)
Shut It Down
Since I made the determination that I don't really want this thing, it's relatively easy to do.
- Uncheck the checkbox in AutoRuns so that it won't start next time I reboot
- Right-click on the AutoRuns entry, select Process Explorer, and then kill the process.
- Run the computer for a while to make sure there are no bad effects.
That's just about all there is to removing this particular annoyance. Later on, if I find out that I actually needed again ran AutoRuns again, check the checkbox, and either start the process manually just log out and log back in.
More on Searching
When you perform a web search for something you find in AutoRuns, most of the time the first dozen or so entries in Google are almost worthless, but you have to dig through them to see which are and which aren't. This is especially true if you're looking for information on DLLs. You'll find a bunch of sites that allow you to download the DLL, or claim to have information about the DLL, or claim to offer virus information about the DLL, etc. Most of these don't have any real information, or at best they have copies of information from somewhere else, but they do have a lot of ads that generate revenue for the site. They are pretty annoying, but if you keep at it long enough, you usually find what you need eventually.
A few tricks I've shown above will help you find everything you need to know about most of the things you'll find in the Login Tab. Here are a few more Rules of Thumb:
- A lot of video drivers start a little helper programs in this section. Most of the time, these are essentially worthless but don't really consume very many resources anyway. I always disable them myself. The filename is always pretty obscure, but you can usually identify it by performing a search as shown above, or by looking at the Publisher column, and comparing it to the manufacturer of your video card. To find out the manufacturer of your video card, go to the Wade's Toolbox | Windows Tools | System Information, then expand the Components tab and look under Display.
- If you have a portable hard disk or some other kind of backup system, they frequently install a scheduler to do a daily backup. If you're actually using these that's all well and good, but most of the time people aren't using it, or they have some other scheduler that would be a better choice.
- Anything called Quick Start, or something similar should generally be disabled. Most of the time, they give only marginally better results anyway, and they do so at the expense or other programs. This isn't universally true, but I've yet to see one that I left enabled.
- Most CD-ROM and DVD players install something of dubious value in the startup section. It could be something that makes it easy to burn CDs with drag-and-drop, or some type of auto play, etc. Most of the time, you don't need whatever it is that. Occasionally, you will want to make it so that you can manually start one of these programs when you want it, but other than that, I usually find I can turn them off without any penalty.
- Some programs will stubbornly turn themselves back on every time you turn them back off. They usually do this by creating another entry the next time you actually run the program. In these cases, you should look carefully at what the startup program does, and what kind of resources it consumes. If they're not significant, you can probably just ignore that one of move on. If they are significant, you have to make a second auto start program that starts later in the sequence and kills the first.
One last word of caution - don't over obsess about this section. On most machines, I find a lot of performance robbing bandits here, but once you've deleted the obvious ones, you usually reach a point of diminishing returns. I push the envelope pretty hard on my machine because I want the absolute best performance, but most of the benefit usually comes from the first few you disable.
Trackback address for this post
Trackback URL (right click and copy shortcut/link location)
Feedback awaiting moderation
This post has 771 feedbacks awaiting moderation...