Defrag Tools: #5 - Autoruns and MSConfig

Download this episode

Download Video

Description

In this episode of Defrag Tools, Chad and I walk you through Sysinternals Autoruns. We also look at its predecessors: MSConfig and SysEdit. AutoRuns and MSConfig allow you to view and disable autostart entries on the computer. The autostart entries are locations in the registry and file system that can cause applications and DLLs to be automatically run at startup, login, application launch, and at many more registration points in Windows.

Resources:
Sysinternals Autoruns

Timeline:
[01:05] - A look back in time...
[03:20] - SysEdit on Windows 95
[04:32] - Bar Napkin (Janet Harris)
[06:19] - MSConfig on Windows 98
[07:25] - MSConfig on Windows 7
[13:03] - Sysinternals Autoruns
[33:19] - Reboot required

Raymond Chen's Blog:
The Old New Thing

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Typhos

      Also Another great tool I used to use during my time at MS support Smiley

    • User profile image
      artisticche​ese

      Bean town is Chicago

    • User profile image
      artisticche​ese

      What kind of remote desktop connection is that? The one which has Ctrl+Alt+Del and some other menus in title bar?

    • User profile image
      ChadBeeder

      @gt65345: It's not Remote Desktop, it's Virtual PC.

      History of the nickname Beantown. Though apparently a lot of Boston residents dislike the nickname. Sorry, Boston residents.

    • User profile image
      Debojyoti

      Can I find if an USB drive have added any autorun or scripts in the system,after it has been plugged into the system??

    • User profile image
      ChadBeeder

      @Debojyoti: Some of that kind of stuff might show up if you look for it with Autoruns, but it sounds like what you're really looking for is real-time malware protection such as that provided by Microsoft Security Essentials.

    • User profile image
      Debojyoti

      @ChadBeeder Actually I am facing a problem with my filter driver. The driver is for volume wide encryption of files.

      The driver attaches itself on top of removable media only and it works fine. There is a 6x delay when an USB drive is first attached to the system. Generally it takes 20 - 30 second to install the driver but with my filter driver it takes somewhere about 2 mins. The delay is not the there when the USB drive is plugged into the system from second time onwards.

      It's certain that the delay happens for my filter driver but I am not sure how to approch this problem.

    • User profile image
      windev

      @Debojyoti: xPerf (WPT) profiling can help you here.  We'll go over this in detail on a future episode but the gist is:

      xperf -on Diag+Latency -stackwalk Profile+CSwitch+ReadyThread+ThreadCreate -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular

      echo Press a key when you want to stop...
      pause
      xperf -stop -d result.etl

      Look at the result.etl with xperfview.exe

    • User profile image
      ChadBeeder

      @Debojyoti: That doesn't quite sound like the sort of problem that Autoruns would be able to help you troubleshoot. Personally I'd probably bring out the big guns and use a kernel debugger for that. Break in during the 2-minute delay and try to see what the filter driver is waiting on.

      Or, I agree with Andrew, you could probably figure it out from an xperf trace as well.

    • User profile image
      Debojyoti

      @windev and @ChadBeeder , Thanks. I will try out xperf...

    • User profile image
      Marcel Oonk

      I've found that disabling all the 'File not found' Autorun-entries could leave you with an un-bootable system. I would like to know if there's a way to determine if a 'File not found' entry can be safely disabled/deleted or not.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.