Filter Entries based on Categories
- The left side of the analyzer lists the various types of autorun items. The number in parentheses shows how many autoruns in that category were found on your machine.
- 'Everything' is the default category on display, meaning autoruns of all types are shown in the main pane.
- Click a specific category to view on the autoruns on that type:
Descriptions of Categories |
|
---|---|
Category |
Description |
Everything |
Shows every type of autorun in the main display pane. |
Logon |
Autoruns that start after a user has logged on. Locations include the startup folder for all users, registry run keys and standard application launch locations. |
Explorer |
The shell extensions of explorer from various installed applications, browser helper objects (BHO), explorer toolbars, active setup executions and shell execute hooks. |
Internet Explorer |
Lists only browser help objects (BHO), Internet Explorer toolbars and extensions. |
Scheduled Tasks |
The modules loaded by routine tasks and applications scheduled by Windows Task Scheduler. |
Services |
The modules that operate in the backgound loaded as Windows Services. |
Drivers |
Lists only the kernel-mode drivers that are currently enabled on the system. |
Codecs |
Autorun items loaded by various coders-decoders used for handling media files like audio and video files. |
Boot Execute |
Autorun items loaded between system boot-up and user log-on. |
Image Hijacks |
|
AppInit |
Application initialization Dynamic Link Library (DLL) modules loaded as autorun items. |
KnownDLLS |
The DLL modules loaded by Windows for the start-up applications that reference those DLLs. |
Winlogon |
The DLL modules registered for Winlogon notification of logon events. It is a user login subsystem meant for loading profile, user authorization and user activation checks. |
Winsock Providers |
The DLL modules registered for Winsock protocols. These handle internet input/output requests, including Winsock service providers. An anti-malware software do not scan Winsock Service Providers as it is treated as a safe zone. Taking advantage of this, some malware enter into your system as a Winsock Service Provider. But Autorun Analyzer can identify the DLL modules loaded by Winsock Service Providers and notify you if they are untrusted. It also enables you to remove those untrusted modules from your system. |
|
The DLLs load into the print spoolers configured as services to start with Windows. Some malware find their entry through print spooling service to start themselves automatically during system start-up. |
LSA Providers |
The DLL modules registered by Local Security Authority (LSA) authentication, notification and security packages. |
Network |
The DLL modules loaded by network connection services. |
Sidebar Gadgets |
The gadget modules is available for use in the current operating system. |