Autoruns is a Microsoft Sysinternals utility, free for download. It uses a GUI to provide deep inspection of startup applications referenced in Startup and various locations in the registry. AutorunsSC provides similar capabilities from the command line, with the command line parameters listed in Figure 1.
When Autoruns is executed, it immediately lists all applications that load at power up or logon. You can select a set of executables to view by clicking on the appropriate tab at the top of the display window. For example, Figure 2 shows applications from a test machine that load at logon as well as many of the available filtering tabs. One of the more useful features is the ability to filter out all Microsoft Windows components so you can focus on post system install additions.
When you find a suspicious application, you can get information about it in several ways. One way is to examine the application description box that appears when you click on the app, as shown in Figure 3. If this doesn't provide enough helpful information, you can select a Web search, bringing up the results of a Google search for the application.
There are two ways to prevent an application from loading. First, you can uncheck the check box at the left of the application name. This allows re-enabling startup execution if you later find you broke something. Second, you can delete the application. This is not recommended unless you're sure you no longer need it.
I tested the uncheck-the-box approach by removing the check marks from four applications I knew I no longer needed. When I rebooted my system, they did not reload.
Another use for Autoruns is checking for newly installed applications. Autoruns allows you to save a copy of the current startup list and compare it to a future list. This is useful when a user complains of system slowness or when you suspect something malicious has found its way onto the computer.
This is a very useful tool. One that every system administrator and engineer should have in his or her toolkit.
