Security

Sysinternals Autoruns: The Right Tool for the Job?

Erik Eckel needed a accurate, effective tool for tracking down DLLs, services and applications that automatically load at system startup. He found Sysinternals' Autoruns, now a free Microsoft-provided troubleshooting application. Is it the Right Tool for the Job?
The Job TechRepublic's Erik Eckel needed a accurate, effective tool for tracking down DLLs, services and applications that automatically load at system startup. The Tool He found Sysinternals' Autoruns, now a free Microsoft-provided troubleshooting application.

Autoruns provides a simple but powerful graphical user interface that monitors DLLs, services, applications and other critical objects that load behind the scenes on Windows systems. In Autoruns, disabling and enabling entries is as easy as checking or clearing an item's respective checkbox.

Sysinternals Autoruns

After taking Autoruns for a test drive, Erik identified the following strengths and weaknesses:

Pros
  • Great price (it's free!)
  • Simple installation
  • Administration is easy, thanks to a straightforward GUI
  • Thorough tracking of installed and active processes
Cons
  • Some malware applications may not register within active processes, rendering Autoruns less than helpful when combating particularly problematic infections
  • Deleting processes won't remove all remnants of many unwanted programs from the hard disk
  • Removing infections that infest multiple user accounts may need to be removed as many times as there are user accounts
The Right Tool For The Job?

This highly effective monitoring and administrative tool that most Windows administrators could justify purchasing is provided free by Microsoft. What more could a Windows user ask? Microsoft's Autoruns is the right tool for tracking down and eliminating wayward services, processes, programs and more. With thorough coverage and dependable performance, the free utility is the right tool for most any malware troubleshooting routine (any for use anytime an administrators seeks to easily tweak system performance).

Read Erik's comprehensive screenshot review of Sysinternals Autoruns.

70 comments
BALTHOR
BALTHOR

The Buss can exist in the BIOS,CPU,hard drive,audio card,memory and so on.Each computer device would have its own buss.A Ram disk is a file type or a partition in a chip.Bin files like a BIOS flash file could be Ram disk files.The wireless connection point can be typed in.

BALTHOR
BALTHOR

The above(virus)prompt appears to originate from the BIOS and can not be stopped.It sure would be nice to know what some of these files like'svchost'or'spools'do.How about it Microsoft!By the way I think that dll's are connected together in the program application folder with wireless.

Fireboss
Fireboss

I like TUT from www.answersthatwork.com It's inexpensive, give explanations of what processes are, who owns them and whether they are essential and allows you to make changes as you go. I know I should be omnipotent and understand all DLLs all the time but I'm getting old and forgetful. TUT doesn't forget and gets updated regularly

asraf_4u
asraf_4u

process exporer is also a software by microsoft corp is same like the autorun software. its easy to rectify the unwanted process running behind the system. The software by the microsoft corporation is great again and also the process explorer

rwbyshe
rwbyshe

Autoruns has been available for some time now. I first became aware of and started using it about a year and a half ago because of a tip here on TR. Autoruns was developed by the Sysinternals folks and the company was bought up by Microsoft in early 2007. The original developers are now with Microsoft also. Several programs out there do pretty much the same thing. I currently use Autoruns, What's Running, and CCleaner to monitor and control start up items, etc. If you don't have any of them, get them and learn to use them. They are all very, very, useful in keeping your PC's running efficiently.

samjose87
samjose87

is it safe to download autorun using a pirated window xp?

BALTHOR
BALTHOR

Many of the software programs that you see run in the background so you don't have to call them up when needed.The Adobe PDF reader is an example.If all virus at their commonality were blocked from the computer everything would be as per design!

jbarrett
jbarrett

Great tool. Thank you for the link.

ElectraGlideInBlue
ElectraGlideInBlue

With regard to both Sysinternals and Whatsrunning, are they compatible on Vista? Especially Whatsrunning, that looks like a great tool?

jsegal
jsegal

It is good to let people know about this tool, but it is a little disingenuous to say that "now, thanks to Microsoft's acquisition of Sysinternals, this tool is free." This tool has always been free! I have been a satisfied user of it since long before the Microsoft acquisition. It is quite useful in performance tuning, especially after installing applications that seem to assume that they are the most important application in the world, and therefore installs a (superfluous) startup application of some sort. Regardless, thank you Mark Russinovich and Bryce Cogswell!

jpowersj
jpowersj

Hi all, I was wondering if anyone had the link to download AutoRuns handy? Thanks

Gis Bun
Gis Bun

Autoruns - as well as all Sysinternal utilities have always been free.

Jessica.Funk
Jessica.Funk

I thought Microsoft intentionally left holes in their OS to allow spyware and adware programs into the users systems and then received a profit from the spyware/adware companies. Is this not so? Perhaps MS is just trying to give their users a false sense of security. Where can I find out more on the validity of this subject?

Jessica.Funk
Jessica.Funk

I thought Microsoft intentionally left holes in their OS to allow spyware and adware programs into the users systems and then received a profit from the spyware/adware companies. Is this not so? Perhaps MS is just trying to give their users a false sense of security. Where can I find out more on the validity of this subject?

moonwalker_21
moonwalker_21

I have been a fan of Mark Russinovich/sysinternals from the start, he has been around for ages and over the years has provided some great software for free, however since Microsoft acquired sysinternals, the new software release seems to have dropped dramatically however a lot of Mark's old work is still available on the net and is definitely worth a look

kev.baker
kev.baker

I've been using Autoruns for several months now and i think its fantastic. i wouldn't really say its a good for finding malware and infections but its a great tool to speed up or clean your computer. New and old machines always get clogged up with useless processes that eat into resources. this tool allows you to stop them from running and only hae critical services etc startup. when used in conjunction with Spybot (tool to keep your registry tidy, allowing and blocking the creation and deletion of registry keys) i've found that keeping my laptop running smoothly, without the need to wipe it every couple of months, a peice of cake. Highly recommend both tools

kennyschachat
kennyschachat

I agree, Autorun is excellent. I also like to use What's Running (http://whatsrunning.net), which is an excellent utility that very clearly shows running processes, services, drivers, modules (DLLs), active IP connections, startup programs and system info. I love how easy it is to drill down and see which files are associated with what is currently running. It can also link to web searches on the process names, which makes it very easy to investigate questionable software. It's also great as a performance tweaking and learning tool. There are other features as well, such as snapshots. And yes, it's completely free. I'd rate it as an essential tool.

$$$$$$$$$$
$$$$$$$$$$

a rumor that that's just an urban myth.

santeewelding
santeewelding

At times I think you have miniaturized yourself to the point where you rappel and swing from component to component.

michaelsaltmarsh
michaelsaltmarsh

Actually i believe (correct me if i am wrong) it originates from the cmd. To stop it open a cmd prompt. EX hold windows key hit r type cmd hit enter. Then type "shutdown -a" hit enter and it will stop that count down use /? for the arguments/switches. svchost.exe is used to manage, run, etc services on your computer. spoolsv.exe is your print spooler, so if you would like to print you will be needing that. :-D http://support.microsoft.com/kb/314056 svchost.exe http://support.microsoft.com/kb/321614/en-us\ spoolsv.exe - it's actually a may crash under stress sort of thing but it still says what kind of service it is.

seanferd
seanferd

Userenv error? Policy Propagation?

$$$$$$$$$$
$$$$$$$$$$

"By the way I think that dll's are connected together in the program application folder with wireless."

TheGooch1
TheGooch1

Yes. Btw, there is no such thing as Pirated. To pirate means to steal, to steal means to take away so that the original owner no longer has what you stole. However, if you make a copy of something in a country where it is not legal to have made such a copy, then you have committed a copyright violation(CV). So, you have a CV'd copy of Windows XP.

cathysgardens
cathysgardens

samjose, You sound like you been threw $$ms$$ WGA bull why would you want Sysinternals Autoruns on your PC you had better go with (http://whatsrunning.net), and make sure you know who owns that. The program will have complete control of your PC

$$$$$$$$$$
$$$$$$$$$$

Find out where Board Members, CxOs and large shareholders go to get together. Meet malware writers, and find out who paid them, before identity theft became the fastest-growing job in IT.

john
john

Yes Jessica and I hear the US govenment really did blow up the World Trade Center too. You can hear more on the validity of this and more at your local library in the fiction and fantasy section.

ben
ben

While I enjoy Microsoft bashing as much as anyone, I don't buy the conspiracy theories of colaboration between MS and the bad guys. Simply doesn't make sense. Simple human falibility explains it more simply (and the simpler explanation is usually the right one). The holes are there because real people build the software, to real schedules with real demands from marketting/customers for ever more complex features, with real pressure to get it out the door. Oh yeah, and don't forget the real bastards who have nothing better to do than figure out how to do malicious things. Vandals have been around as long as human beings have been creating things I suppose. Clever vandals are still vandals. The silver lining is that there are always good people trying to help solve the problems created by the vandals.

s31064
s31064

I started using Mark's utilities back in the NT 3.5 days to fill in the gaps that Microsoft left in their admin tools. One of the most important (at the time) was NTFSDOS, which let you read and write NTFS partitions while booting from a DOS floppy. We would have been lost back then with Mark.

kennyschachat
kennyschachat

I'm also a huge admirer of Sysinternals and Mark R's work. He did a great job of keeping the Windows community informed and MS on their toes, on a lot complex Windows technical issues and his work and commentary are still a fantastic resource for Windows users and developers. It sometimes appeared that Mark knew more about how Windows worked than MS! And I can hardly blame him for taking what must have been an extremely lucrative offer from MS. My concern is about Mark's loss of independence from MS. Would Mark have been free to fight that battle with Sony over the root kit debacle if he was working for MS at that time? The silver lining that I'm hoping to see appear from this is that MS will turn Mark loose and they'll be able to put their egos aside and let him bring his deep technical insights to bear on the future development of Windows. I'd like to dream that Mark will be the one who will influence Gates & Ballmer to really put some intense effort into stabilizing and refining the core Windows technology, and to prioritize that over gee gaw UI upgrades like Aero, which is actually shockingly lame compared to some of the much more advanced and uber cool Linux UI features, IMO. Nevertheless, I *love* this video of a live Linux vs Vista UI face off where Ubuntu's Beryl UI eats Aero's lunch: http://www.youtube.com/watch?v=xC5uEe5OzNQ OK, one last point before I shut up: I've been a Windows user since 1.0 (that's right, I'm not proud but it's true) and I've always been pretty fast out of the gate to either test the next version or get it installed right away. My motivation has been to stay on top of things but in addition, I've always found that the new technology and features in the next version of Windows were compelling enough get me to go to all of the trouble of dual booting, testing, resinstalling, etc. For me, Vista simply doesn't have enough compelling technology to inspire me to try it at all. If MS can lose the interest of someone like me, then I think they might be heading for serious trouble. It seems to me that unless MS can pull a miraculous OS rabbit out of it's hat in the next 2 years, that we might very well see the MS walls start crumbling, at least as far as OS's go. OK, I'm done ;-)

patrick
patrick

Having used Spybot and AdAware for some time I am glad to see an additional tools for combating the ever present malware/adware. I use HijackThis to kill adware as well. I find HijackThis is the best "finisher."

sky40912
sky40912

i can recognize quality when i see it :) great program What's Running. the only wish i can see now is a possibility to get a better font.

rod.garnett
rod.garnett

I AM CERTAIN THAT AUTO-RUNS IS A GREAT PRODUCT. BUT YOU LOST ME JUST AFTER CLEARLY SHOWS RUNNING PROCESS. I WOULD LOVE TOO KNOW HOW TO GET MY COMPUTER BACK FROM SLOW MODE; BUT I DON'T UNDERSTAND MOST OF WHAT YOU SAID. I AM A RETIRED MINISTER AND I USE THE COMPUTER BUT I WILL NEVER NE ABLE TO UNDERSTAND WHAT YOU ARE SAYING. IT SEEMS THOSE IN THE TECKIE FIELDS DON'T KNOW HOW TO TALK TO REGULAR PEOPLE. THEY ALWAYS USE INDUSTRY LANGUAGE. NO ONE IN SALES COULD MAKE A LIVING DOING THE SAME. HE HAD TO LEARN TOO TALK ABOUT BENEFITS AND FEATURES.WHEN I WAS A MINISTER IT WAS MY JOB TO HELP PEOPLE UNDERSTAND THE WORD OF GOD. THE SIMPLE APPROACH ALWAYS WORKER BEST EVEN THOUGHT I WAS ABLE TO GET VERY DEEP. I WISH JUST ONE OF YOU COULD DO THE SAME WITH COMPUTERS. THANKS ROD GARNETT

gettinoriginal2
gettinoriginal2

I am running Windows ME and it tells me I need Windows 5.0 or newer !!! ????

troykshafer
troykshafer

How is autoruns/whatisrunning different than process explorer already provided by sysinternals?

Starrdaark
Starrdaark

Just thought I'd throw another log in the fire. I've been using a number of Sysinternals tools for several years now, including Autoruns. I also use Spybot and Adaware. A combination (along with careful email and web usage) that has provided clean running machines.

TheGooch1
TheGooch1

Another tool that is similar. I usually just use it to kill processes that have a lock on the file that I want to delete.

anilkool
anilkool

try security task manager too..it has ways to stop processes when rebooted ..good for some pesky malware..

sky40912
sky40912

What's Running looks even better then the certainly not bad Autoruns : both are better then Microsofts Task manager : Microsoft just bought Sysinternals to agree with this fact :)(as far as Autoruns concerns) Thanks Kenny for your great find

issy
issy

Regardless of whether you call it Pirated or Copyright Violated, if you are aware of its illegitimacy and use it, then you, the User are a thief. There are plenty of Open Source Operating Systems and Applications, which are freely available to choose from. If you use Copyrighted Software, then respect the Owner/Developer and pay for it.

Jessica.Funk
Jessica.Funk

I'm sorry, but I didn't see how my post could provoke other posters to be so rude. I was simply asking a question for which I expected a logical answer. My query was innocent, or so I assumed it would appear. I was not bashing Microsoft, nor did I find my question as a reason to rehash the tragedies of 911. I apologize if I upset anyone with my obviously naive post. I was simply questioning the validity of the statements I have heard in the past. If anyone intelligent and unbiased would care to respond with a legitimate answer to my question, I'd be happy to view it. Otherwise, please stop with the rude posts. Thank you.

drpruner
drpruner

Over the decades I've worked in several tech companies. (Can't hold a job? :-) ) Most of the problems I've seen were directly related to marketing decisions trumping engineering decisions. It has been cheaper for MS to let the industry debug each new OS than to do it themselves. Maybe someone could track down the origin of this, but it's clear that, for the last several iterations, Windows gets most of its QC from ... us! Of course, one can't discount Roswell ... Doug in New Mexico

s31064
s31064

Actually, it just sounds to me like you're getting bored. I was around back then also (my first version was Windows/286, unless you count the runtime version that came with Excel 1.0) and I find Vista just as much fun to screw around with as all of the earlier versions.

ehanner
ehanner

Kenny, I think you hit the nail on the head with your comment about Vista being a huge yawn. I have installed a few new systems with Vista and honestly I don't get it. While there are a few management tools that make it easier for an informed user to get to the bottom of system issues, the over all confusion factor of this new MS OS is way greater than any new usefulness. I also don't like the way it seems to be doing things in the background, finishing up installations when you thought it was done.

TheGooch1
TheGooch1

I've never seen it, so I don't quite understand what it is. Perhaps that is because I browse with Firefox?

IC-IT
IC-IT

You can add to its functionality by adding this switch /allhives This will load all the hives including compatable OSs on other drives and partitions.

$$$$$$$$$$
$$$$$$$$$$

A bit of specialized vocabulary is a far cry from conducting business in a separate language. [i]IT SEEMS THOSE IN THE TECKIE FIELDS DON'T KNOW HOW TO TALK TO REGULAR PEOPLE. THEY ALWAYS USE INDUSTRY LANGUAGE. NO ONE IN SALES COULD MAKE A LIVING DOING THE SAME.[/i] Wanna buy a used car? I won't bore you with any "TECKIE" details, I'll just tell you the color, gas mileage, peak horsepower, list of push-button devices, and odometer reading. That information might be sufficient for a driver, but it's not enough for a mechanic. That said, I've seen simple answers to simple, direct questions. [i]HE HAD TO LEARN TOO TALK ABOUT BENEFITS AND FEATURES. WHEN I WAS A MINISTER IT WAS MY JOB TO HELP PEOPLE UNDERSTAND THE WORD OF GOD. THE SIMPLE APPROACH ALWAYS WORKER BEST EVEN THOUGHT I WAS ABLE TO GET VERY DEEP.[/i] Yea, well, God doesn't appear to just anybody as a burning bush. Why should techs try to anticipate every casual-user's question? You remind me of the sermon of the guy who prays to win the lottery, complains that he doesn't, and God finally answers "BUY A TICKET!"

seanferd
seanferd

the article was written for a more-or-less technical audience. I don't know whether or not you'd like the explanations any better at the SysInternals site, but you could try reading what they have to say there. Alternatively, you could ask specific questions about what it is you don't understand about Autoruns (the subject of the article) or Process Explorer or What's Running. I am not entirely sure which one you want to know more about. You could ask questions here, or you could start your very own Question thread in the Questions Forum by clicking the Ask A Question button above this thread, or on the Forums page. If you have more specific questions on how to speed up your computer, rather than just an explanation of Autoruns, you can ask those questions also, as that would seem to be more important than just understanding Autoruns. My short explanation: Autoruns shows all the programs that are set to start when your computer starts up. If therre are too many programs running all the time, they can slow your system down. This includes viruses and other bad things you don't want to have at all. With Autoruns, you can keep these programs from starting automatically. Of course, you want to make sure you don't "turn off" something your computer really needs at startup. If you were to download Autoruns and find out what is starting automatically, you could post that information with a question, and someone could help you sort out what you can turn off. One final suggestion: Using ALL CAPITAL LETTERS is generally viewed as SHOUTING in most forums, and many folks find it hard to read as well. If you can avoid doing so, please don't post to the forums in all caps. I hope something in here helps you out. As always, feel free to ask further questions in this thread (about Autoruns), or in the Questions forum (if you want more general help with your slow computer). Good day and good luck to you.

Greg Mix
Greg Mix

Windows 5.0 is Windows 2000. Are you really using ME or are you joking? If you like ME, you will like Vista (ME 2.0).

xyvyx
xyvyx

Windows ME? really? still?

Ed G
Ed G

AutoRuns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. Process Explorer provides detailed information on processes that are currently running.

dariced
dariced

I had Process Explorer for awhile. Then I was knocked over by What's Running. Much more info that PE. Dawn

monett.computers
monett.computers

CCleaner (free from Piriform) has this functionality, too.

$$$$$$$$$$
$$$$$$$$$$

For every useful reply, expect ~2 jackasses. I think of the Internet as a ginormous game of Whack-A-Mole. I never liked that game, either.

s31064
s31064

You really should learn the difference between rudeness and sarcasm before you start complaining. It would also help if you read your own posts out loud before hitting the Post button, as you just might realize how ridiculous it sounds before you open yourself up to the "rude" responses.

$$$$$$$$$$
$$$$$$$$$$

It is also cool to bash SCO, McAfee, TrendMicro, Symantec, HP/Compaq, sometimes IBM ... Who did I forget? But, comparing software with similar function, it is only fair to take into account the cost, and to judge the quality delivered as a ratio of that promised. First, "don't look a gift-horse in the mouth." It would be pretty silly to claim I felt "cheated" by a product I never had to pay to use, or to write an article in those terms. If I did, my readers would rightly suspect I had a cracked gasket. So of course, Firefox and other free-of-charge software get a bit more leeway, even up to the point of accepting comparable numbers of vulnerabilities. Second, Mr. Torvalds never promised me an easy-to-use operating system out of the box. Mr. Gates and Mr. Ballmer did. (So did Mr. Jobs, but in my limited experiences with his work, he delivered.) Finally, although some people do consider it "cool" to "bash" Microsoft, it's also true that some (other) people consider it equally "cool" to cast every critique of Microsoft as motivated by hate for their success, their wealth, freedom, democracy ... Wait, no, some of those are from a different famous persecution complex.

s31064
s31064

If you got the CERT Advisory emails, you'd realize that all the so-called "safe" programs like FireFox and Mosaic, and OS's like linux or OSX, have just as many bugs, security holes, virus attacks, etc. The difference is you don't hear about them. It's only cool to bash Microsoft, not the rest of the industry.

ben@channells
ben@channells

Outlook uses IE for browser interface, Autoroutes also uses IE, RealPlayer uses IE many BitTollerent clients use IE. Even Firefox gets cookies and cookie harvesters. My kids have been using Firefox for over 2 years only inthe last 2 months the tool bar has been HiJacked by Twingo/Twinky it's gone now and added to blocked sites, and firewall prohibited. Yahoo tool bar gets in but that easy to get rid of I use CrapCleaner to clear out IE,FireFox and Opera and SpyBot S&D

dariced
dariced

Download What Running for the heck of it whe you have a few free moments. I like CCleaner for some purposes but for this there's no comparison to What's Running. I have to take a little time to compare it to Autoruns.

deepsand
deepsand

Thank you for the attibution; unnecessary, but thoughtful. I didn't copyright that, and have no intent to do so, so you can deem it to be in the public domain. Use it well and often.

suziep12
suziep12

Wow! I never knew that CCleaner had so many options to choose from. I usually just use it to clean out our systems at the end of the day after everyone has gone home. 2 programs that I have found very useful for BHOs and other web residue is CounterSpy and Zone Alarm's Adware removal engines. CounterSpy is still a bit problematic to initially install on Windows and Vista but the programmers are working on it.

CharlieSpencer
CharlieSpencer

Try the "Questions" forum; the "Discussion" forum is for matters of general discussion, not specific problems in search of a solution. Post problems such as this to the "Question" forum, rather than the "Discussion" forum. There are those who specifically seek out problems in need of a solution, and that's where they go to look for such. Additionally there are the benefits that: 1) The "Questions" forum provides for your feedback, by way of your being able to mark "helpful" responses as such. This does not necessarily mean that a given response contained the complete solution to your problem, but only that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours, so that they might have a ready source of reference available, thereby perhaps obviating the need for them to repeat questions previously asked and answered. 2) The revised TR makes it quite difficult to find both "Discussions" and "Questions" that have not had a fairly recent post, owing to some functions comingling them in the listings. By keeping each type in their respective forums, it is easier for all to find what they are looking for. This response borrowed from Deepsand.

chsmith
chsmith

I'm needing a trace of tasks run upon XP login (not boot). Some task hangs for about 60 seconds, which sounds like tcpip timeout, which makes sense since my wan card isn't up yet. Tools, tactics? tnx curt

rod.garnett
rod.garnett

where do i get the new download so i can run the new auto run product.

hansa
hansa

Crap cleaner is great for cleaning out temp files, mru's and many junk registry entries. It can also do uninstalls. In the Startup area it mainly shows the startup folder and registry Run areas. On the other hand, Autoruns can do much more as is apparent by the plethora of tabs along the top. For example, if you are trying to fix some slimeware in a computer, you might want to look at BHO's that are attached to the browser. That is one of the favorite hiding spots. CCleaner cannot do this. There are many ways that slimeware can infiltrate a computer and something like Autoruns with the high level of detail it provides is an invaluable tool. I use many tools to remove very sneaky slimeware from computers and this is one of the best tools to find something that others do not.

Editor's Picks