Utility SpotlightAutoruns
Lance Whitney
Download the code for this article: Autoruns (490KB)
The typical PC running Windows® loads an array of items at startup, including files, drivers, tasks, and services. At some point, it’s quite likely you’ll need to view and perhaps disable certain startup items—to troubleshoot a startup conflict, to track down malware in the autostart sequence, to reduce Windows launch time, or to free up memory and system resources.
The System Configuration Utility (msconfig.exe) lets you view and disable a number of startup files and services, but there are many it misses—toolbars, browser helper objects, Windows Explorer shell extensions. Furthermore, msconfig doesn’t share many details about these items. For a better way to view and manage everything that loads at startup, take a look at Autoruns from Sysinternals.
Autoruns, written by Mark Russinovich and Bryce Cogswell, is a free utility that unveils every startup item—also known as an image—on a Windows-based PC. You can view all images stored in the startup folders, the Registry, and other areas where they like to hide (see Figure 1).
Figure 1** Viewing startup items with Autoruns **(Click the image for a larger view)
Autoruns shows you the name and location of each image. For files it displays the directory path; for Registry entries you get the exact key. Autoruns also supplies the name of the publisher and a brief description based on the item’s version data. Double-clicking on an entry takes you to its directory or Registry key; right-clicking opens a popup menu with more options, including a Properties command that displays the standard File Properties window with full version information. An option to "Include Empty Locations" shows all of the PC’s startup areas, whether or not they currently have any entries. You can also select other user accounts on the PC to see their startup environments.
You can check on the digital signature of an entry through the Verify command, which queries Web sites with certificate revocation lists (CRLs) to determine if an image is digitally signed and whether the signature is valid. Another option to "Hide Signed Microsoft Entries" excludes entries already signed by Microsoft allowing you to focus on third-party images.
The entire list of startup items can be exported into a text file—handy if you want to disable any items and need a snapshot of your startup environment before you tweak it. You can then compare the exported text file with your revised startup configuration to see your changes.
Here are just a few of the startup categories Autoruns covers:
Logon includes the user and all users’ startup folders and the Run keys that are found in the Registry.
Explorer includes a list of Explorer shell extensions, toolbars, and active setup executions.
Internet Explorer includes Browser Helper Objects and Internet Explorer® toolbars and extensions.
LSA Providers includes Local Security Authority authentication, notification, and security packages.
In Autoruns, you can permanently delete a startup item or just disable it. An Online Search option helps you find which items you can safely disable. This option runs an Internet search for Web pages that describe an item or its category and advises you whether to remove it from startup. When you disable an item, Autoruns moves it to a backup location in the Registry or on the hard drive.
Autoruns works under all versions of Windows including Windows XP 64-bit Edition and Windows Server® 2003 64-bit Edition. Grab a copy from microsoft.com/technet/technetmag/code07.aspx.
Lance Whitney is an IT consultant, trainer, and technical writer. He has spent countless hours tweaking Windows workstations and servers. Originally a journalist, he took a blind leap into the IT world 15 years ago.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.