Defrag Tools: #5 - Autoruns and MSConfig
- Posted: Aug 27, 2012 at 10:18 AM
- 58,694 Views
- 11 Comments
In this episode of Defrag Tools, Chad and I walk you through Sysinternals Autoruns. We also look at its predecessors: MSConfig and SysEdit. AutoRuns and MSConfig allow you to view and disable autostart entries on the computer. The autostart entries are locations in the registry and file system that can cause applications and DLLs to be automatically run at startup, login, application launch, and at many more registration points in Windows.
Resources:
Sysinternals Autoruns
Timeline:
[01:05] - A look back in time...
[03:20] - SysEdit on Windows 95
[04:32] - Bar Napkin (Janet Harris)
[06:19] - MSConfig on Windows 98
[07:25] - MSConfig on Windows 7
[13:03] - Sysinternals Autoruns
[33:19] - Reboot required
Raymond Chen's Blog:
The Old New Thing
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More episodes in this show
-
Defrag Tools: #4 - Process Monitor - Examples
-
Defrag Tools: #5 - Autoruns and MSConfig
-
Defrag Tools: #6 - RAMMap
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
Also Another great tool I used to use during my time at MS support
Bean town is Chicago
What kind of remote desktop connection is that? The one which has Ctrl+Alt+Del and some other menus in title bar?
@gt65345: It's not Remote Desktop, it's Virtual PC.
History of the nickname Beantown. Though apparently a lot of Boston residents dislike the nickname. Sorry, Boston residents.
Can I find if an USB drive have added any autorun or scripts in the system,after it has been plugged into the system??
@Debojyoti: Some of that kind of stuff might show up if you look for it with Autoruns, but it sounds like what you're really looking for is real-time malware protection such as that provided by Microsoft Security Essentials.
@ChadBeeder Actually I am facing a problem with my filter driver. The driver is for volume wide encryption of files.
The driver attaches itself on top of removable media only and it works fine. There is a 6x delay when an USB drive is first attached to the system. Generally it takes 20 - 30 second to install the driver but with my filter driver it takes somewhere about 2 mins. The delay is not the there when the USB drive is plugged into the system from second time onwards.
It's certain that the delay happens for my filter driver but I am not sure how to approch this problem.
@Debojyoti: xPerf (WPT) profiling can help you here. We'll go over this in detail on a future episode but the gist is:
xperf -on Diag+Latency -stackwalk Profile+CSwitch+ReadyThread+ThreadCreate -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular
echo Press a key when you want to stop...
pause
xperf -stop -d result.etl
Look at the result.etl with xperfview.exe
@Debojyoti: That doesn't quite sound like the sort of problem that Autoruns would be able to help you troubleshoot. Personally I'd probably bring out the big guns and use a kernel debugger for that. Break in during the 2-minute delay and try to see what the filter driver is waiting on.
Or, I agree with Andrew, you could probably figure it out from an xperf trace as well.
@windev and @ChadBeeder , Thanks. I will try out xperf...
I've found that disabling all the 'File not found' Autorun-entries could leave you with an un-bootable system. I would like to know if there's a way to determine if a 'File not found' entry can be safely disabled/deleted or not.
Remove this comment
Remove this thread
close