14 DAY TRIAL // Startup monitoring is a very useful tool when it comes to finding out what processes are loading up with Windows and using the memory of your computer. It also comes in handy when you want to kill the processes started by different malware on your computer. There are many such utilities on the market and they all strive to bring you the best features.
But there is one such application that, in my opinion, beats them all. Now you are probably wondering about the price of such a software. Amazing as it may sound, this program is free. What's the catch? There is absolutely no catch here. The developer used to be Sysinternals which, by the way, has been acquired by Microsoft this year.
The name of the software may sound familiar to you, as it is pretty old (it has reached version 8.54). It is called Autoruns and - judging by the number of downloads on Softpedia - I am sure it has made quite a few thousands people happy enough. Of course, the user rating and the fact that Autoruns is a Softpedia pick speak for themselves.
The interface of the software is Sysinternals specific in the way that Mark Russinovich and Bryce Cogswell have emphasized a whole lot more on the utility of the application rather than on its looks. This is a working tool and having all sorts of fallals would just have distracted the attention.
I have to mention that the utility has the most comprehensive knowledge of auto-starting locations I have ever seen and as the authors of the program say, "A starting list of auto-run locations was obtained from David Solomon's "Windows Internals" seminar". David Solomon teaches classes on Windows internals and advanced system troubleshooting.
Autoruns - as the name itself explains quite well - will provide the user with detailed information about the processes that are set to run at system startup or login, registry key, the ones found in the Start-up folder, as well as in Run and RunOnce. I have to mention that the order they are displayed in is not random, but the order in which Windows processes them.
To be frank, until I ran Autoruns, I had absolutely no idea how many executables are launched automatically. I just thought that there are some processes I do not really know about and that are part of Windows, besides the ones that are set by me. But I had a big surprise to see the myriad of processes I had on.
You will see what I am talking about when first launching the application, as the application window opens the Everything tab by default and there you have all the main applications and the processes that "work" for it.
In Logon, Autoruns displays the applications present in Autostart locations such as Startup folder of the current user. In other words, you will see here all the programs that begin their work immediately after Windows loads up (e.g. Yahoo! Messenger/Widget Engine, Antivirus etc.).
In Explorer the user has access to viewing the Explorer shell extensions (browser helper objects, explorer toolbars, shell execute hooks and active setup execution). The Internet Explorer provides you the BHO's, IE toolbars and extensions.
Scheduled Tasks displays the tasks in Windows Task Scheduler that are configured to start at boot or logon. Services is the place where you need to go when you want to see the services that are configured to automatically start at system boot while Drivers shows you all active kernel mode drivers registered on your machine.
In BootExecute there are presented all the processes that are configured to run during the boot process. In my case, I have another Sysinternals application that is designed to defragment the page files of the system (PageDefrag). AppInit contains the DLLs registered as application initialization DLLs and in Known DLLs the user will see the locations of DLLs Windows is loading into applications that require them.
Winlogon shows DLLs that register for Winlogon notification of logon events. Winsock Prividers displays the registered Winsock Protocols and the Winsock service providers. This window is useful as malware often installs itself as a Winsock service provider as the tools to remove them are scarce. Unfortunately, all Autoruns can do in this case is uninstall them, but they will not be disabled.
LSA Providers (Local Security Authority) provides LSA authentification, notification and security packages.
Besides the windows of information displayed in the above mentioned tabs Autoruns also comes accompanied by some other options, like Verify Signatures in the Options menu that allows the software to query certificate revocation list websites and determine if the image signatures are valid.
Hide Signed Microsoft Entries option under Options helps you identify the software that has been added to a system since installation.
The Good
Easy to use application for checking out the processes running on your computer. You can delete the processes, verify them, jump to their location or search them online. If you have Process Explorer installed on your computer, you can choose the option available in the right-click menu and the application will open for you to manage the process.
The Bad
I wished that, when opening Process Explorer from Autoruns, I was directed at the same process and I did not have to look for it by myself.
The Truth
Autoruns is an extremely useful application in detecting malware processes that are running on your computer, as well as for verifying the processes that are currently running.
Here are some snapshots of the application in action:
