Simply run Autoruns and it shows you the currently configured auto-start applications in the locations that most directly execute applications. You can toggle on other locations in the View menu. Perform a new scan that reflects changes by refreshing the display.
Show AppInit DLLs: This has Autoruns shows DLLs registered as application initialization DLLs.
Show Explorer Addons: Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
Show Services: Enabling this results in the display of all Windows services configured to start automatically when the system boots.
Show Winlogon Notifications: Shows DLLs that register for Winlogon notification of logon events.
Show Winsock Protocols: Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can uninstall them, but cannot disable them.
Unless the Include Empty Locations selection is checked Autoruns doesn't show locations with no entries.
The Verify Signatures option appears on systems that support image signing verification and can result in Autoruns querying certificate revocation list (CRL) web sites to determine if image signatures are valid. Autoruns displays the text "(Not verified)" next to the company name of an image that either does not have a signature or has a signature that is not signed by a certificate root authority on the list of root authorities trusted by the system.
Use the Hide Signed Microsoft Entries (or Hide Microsoft Entries on a system that doesn't support image signing verification or when you've deselected Verify Signatures) in the View menu to help you identify software that's been added to a system since installation. Autoruns prefixes the name of an image's publisher with "(Not verified)" if it cannot verify a digital signature for the file that's trusted by the system. The Hide Signed Microsoft Entries selection omits images that have been signed by Microsoft.
On Windows NT/XP/2000/2003 systems that have multiple user accounts the Users menu is populated with user names. Select one to view the auto-starting images for that account.