Microsoft Sysinternals Autoruns for Windows is one of the best tools to view, monitor and control start-up items. This portable tool, when run, provides a comprehensive list of all programs that are configured to run when your Windows starts. Autoruns is a start-up cleaner utility that is similar to the MSCONFIG utility, but more powerful. MSCONFIG only shows you start-up and services and it doesn’t check digital signatures, which means anything can hide from it.
Autoruns for Windows 10 / 8 / 7
Autoruns will not just show the startup programs which are placed in your Startup folder, the Run, RunOnce or other registry keys, but it will also show you in details the File Explorer & Internet Explorer shell extensions, toolbars, Browser Helper Objects, context menu items that start, the Drivers which start up, the Services, Winlogon items, Codecs, WinSock providers and more! It thus also works an a context menu editor and lets you manage context menu items in File Explorer and in Internet Explorer.
Autoruns will display entries from the following location:
- Logon. This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.
- Explorer. This entry shows Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
- Internet Explorer. This entry shows Browser Helper Objects (BHO’s), Internet Explorer toolbars and extensions.
- Services. It shows all Windows services configured to start automatically when the system boots.
- Drivers. This displays all kernel-mode drivers registered on the system except those that are disabled.
- Scheduled Tasks. Task scheduler tasks configured to start at boot or logon.
- AppInit DLLs. This has Autoruns shows DLLs registered as application initialization DLLs.
- Boot Execute Native images (as opposed to Windows images) that run early during the boot process.
- Image Hijacks Image file execution options and command prompt autostarts.
- Known DLLs. This reports the location of DLLs that Windows loads into applications that reference them.
- Winlogon Notifications. Shows DLLs that register for Winlogon notification of logon events.
- Winsock Providers. Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them.
- LSA Providers. Shows registers Local Security Authority (LSA) authentication, notification and security packages.
- Printer Monitor Drivers. Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.
- Sidebar. Displays Windows Sidebar gadgets.
Open this utility by clicking on Autoruns.exe. From Options > Filter options, you may want to first select the Verify Code Signatures and Hide Signed Microsoft Entries. Check these two and hit the Rescan button or F5 to refresh the scan.
If you don’t want an entry to activate the next time you boot or login you can either disable or delete it. To disable an entry uncheck it. To delete it, right-click on the entry and select Delete.
The right-click menu also lets you directly jump to the concerned registry location in Windows Registry, or the file in File Explorer, if you select Jump to Entry or Jump to Image, respectively.
The download package also include a command-line equivalent that can output in CSV format, Autorunsc.exe.
Not only will Autoruns verify the authenticity of everything being loaded in to Windows through cryptographic signatures, it also recognizes files that have been tampered with. Using the Hide all the Microsoft entries, and you can also spot potentially unwanted or dangerous entries, Crapware and third-party auto-starting images that have been added to your system and easily disable it with this wonderful tool.
We have already seen several freeware to manage start up programs. Among third-party freeware, WinPatrol would more than suffice, as it also keeps a watch on the changes made to you system, But power users who are looking for a powerful tool to understand and control all that starts up with Windows – Autoruns would the be tool to go in for. Go get it at TechNet.