Finding the startup items has become difficult in Windows, as Microsoft Configuration Utility often fails to list down startup scripts from offline malicious sources. One of the solutions that most power users suggest is to search the Windows registry to find and remove all malicious startup programs, but this process is quite tiring and can take quite a while to explore all the programs that surreptitiously invoke their processes and services when Windows logon process starts. If you’re having a hard time finding all the startup programs, processes, services and scripts, we recommend giving RunAlyzer a spin. It’s an advanced system startup manager that collects all the programs and their registry keys under one hood.
When you run the application, it starts collecting all the locations where Windows looks for startup applications and services and then organizes them into different groups. Using the the available information, you can easily keep a check on all hidden system locations where hijackers, spyware, malware hide their data. Since it automatically starts the system analysis operation, you may need to wait a bit to explore all the scanned locations. However during the scanning process, you can choose to Browse System Settings or Save a log file to review the analysis report later; the former option shows you all the locations where registered autorun items are residing, whereas the latter lets you save the log to analyze and filter the information as per your requirements.
The main screen includes a total of 12 tabs including Autorun, Advanced Startups, Services, Winsock LSPs, Scheduled Tasks, Explorer Plugins, Installed Software, Browser Pages, Hosts, Process List, Logs and Analysis. By default, it takes you to Autorun tab to quickly find and analyze the locations where autorun agents are present. As mentioned earlier, it includes both system wide locations and registry keys that automatically start at system startup.
You can easily check whether the listed items belong to verified or unverified author from Company column. The right-click context menu lets you open Google search results and find additional information for the selected autorun item on SysInfo.org, copy the autorun item’s location to clipboard and jump directly to selected location (registry key).
Surely, the most noticeable aspect of the application is its ability to control and change the settings of autorun items. When you select the item in the Autorun list, it allows you to toggle it on or off, change its source location, and delete the autorun item from the toolbar. Apart from the main window, which is context sensitive and displays only the selected tab-related information, the bottom pane shows additional information about the selected item including File Info, Version Info and More Information (includes extra information such as Makro location path, related registry key source path). The Search & Filters tab includes search function that may help you quickly filter the search results according to selected search type.
In Advanced Startups tab, you will find all the related dynamic link libraries of startup items and applications. Using the information, you no longer need to deploy a dedicated solution to find the system resources that are being used by malicious apps and scripts. By default, it shows the source path of the autorun registry key, but you can expand it to view the related DLLs. For each registry key, you can define a new source path, a handy option for those items that are locked by the system. Don’t forget to use the right-click context menu to find additional information about the selected item.
From Services tab, you can find all the Services Control Sets, including currently active one. It lets you view all services included in the selected Control Set with information including Value name, Data, Company and Description. Using the right click context menu, you can quickly copy the path to clipboard and open registry key in Windows registry editor, while the toolbar offers options to start/stop services from Current Control Set, delete the selected key and save the changes made to the selected Services Control Set.
WinSock’s LSP (Layered Service Provider) is one of the features that is often exploited by a number of malware and viruses. With its ability to become the part of TCP/IP protocol stack, it can affect the internet inbound and outbound traffic. Since most malware are programmed to use LSPs, they can easily send and receive the requests from malicious sources. RunAlyzer gives you the option to not only view all the Winsock LSPs, but also delete the selected entries from Current Control Set registry keys. In addition, the right click context menu holds options to open selected key in Windows registry and copy the source path to clipboard.
Next up, you have Scheduled Tasks tab, containing the tasks that run at Windows logon. Here, you may find all the paths of executable files that run in parallel to perform a specific operation of a task. It could help you in situations where it becomes quite difficult to find the offline sources of spyware, malware and like threats. If your PC is infected with viruses that execute some commands at system startup, then here you may be able to find the associated executable files that trigger the operation. The Toggle button on toolbar lets you enable or disable the selected task, while you can jump to source location and copy the source path to clipboard from right-click context menu.
Managing Internet Explorer plugins can be a mess sometimes. Not only does it become difficult to find the required installed plugin, but it’s also quite tiring to disable and remove them. RunAlyzer offers a simple Internet Explorer plugin manager that collects all the installed components from the Windows registry and lists them down, so that you can easily find and manage them. The toolbar at the top enables you to toggle the components’ related keys and delete the selected ones. The main windows includes Description column to help you find the registry keys of required Internet Explorer’s plugins and components.
The next four tabs including Installed Software, Browser Pages, Hosts, and Logs show the basic information about the respective categories. The Installed Software includes a list of both 32-bit and 64-bit applications’ registry keys, and allows you to search the source location of application’s related registry keys. You can also find the registered uninstallers for installed software. This may assist you in finding the uninstaller from all local disk volumes if it’s not listed in “Windows Uninstall a program” dialog.
The Browser Pages and Hosts tab show configuration settings of your default browser and “hosts” file entries, respectively. The Browser Pages tab displays the default settings including homepage, start page URL, browser startup homepage and default search engine. In Hosts tab, you will find all the IP addresses mapped with domains. Using the Hosts tab, you can easily check whether or not any installed apps forcibly blocking access to those websites that you frequently visit.
The Process List tab has controls to force quit the selected process, unload module (if selected and loaded into the memory) and refresh the process list to view the most recent processes from all active user accounts.
Logs tab deals with all the saved logs, and provides options for creating SBSD and HJT log files for selected components. Just select the components that you wish to create logs for, and hit Save.
Finally, the Analysis tab offers an easy way to analyze all the logged information. The Online Analysis option is designed to send your logged data to RunAlyzer’s servers to create an in-depth analysis report on your startup items’ configurations. All you need is to check the analysis related options and hit “Online Analysis” to begin the process.
In a nutshell, RunAlyzer is all-in-one autorun and system configuration manager that not only organizes the autorun programs, scripts and services, but also enables you to manage them without having to find them from different system locations. The application is in beta, so you might encounter some bugs while listing down the startup items and system settings. During testing, it worked without any major issues. It supports both 32-bit and 64-bit editions of Windows XP, Windows Vista, Windows 7 and Windows 8. Testing was carried out on Windows 7 64-bit system.