Jump to content

Recommended Posts

Posted (edited)

GetCommonStartups v3.00

Initial Release: September 17, 2012

Last Updated: July 29, 2014
Current Version: 3.07

What is it?
It had a very humble beginning with some minimal coding to display Run Keys and their values in the registry.

Since then, it has grown into a tool that I use to trouble-shoot computers.

Credits and Updates:

-Credits:

- trancexx for listview onhover snippet.
- GeoSoft for Regedit jump snippet.
- wraithdu for _IsJunction().
- and the many who contributed to Array.au3.

-Updates:

October 01, 2012 - v.3.01 - Various Code Improvements.

October 03, 2012 - v3.02 - Fixed a few problems with object errors in _WMI_InstancesOf().
1) If a device is not found (like a sound card), it will return a blank string when the "object count" is zero.
2) If a "property name" returns an error of "not found" at the "qualifier loop", then the function will continue without it.
Thanks goes to ricky03 for posting the errors and testing.

November 05, 2012 - v3.03 - Updated _WMI_GetATAPISmartData() with v1.00

December 09, 2012 - v3.04
* Upgraded _WMI_InstancesOf() to v1.00 -- Getting a "bit" more from WMI.
* Updated _WMI_GetATAPISmartData() with v1.01
* Moved _WMI_QuickFixEngineering() to it's own window.
* Fixed a crash issue with _Drivers_Services() when a PathName was blank. (Case: DisplayName -> SASKUTIL)
* Removed _WMI_MiniInstancesOf() and _WMI_ProcessItem(). The new version of _WMI_InstancesOf() replaced them.
* Added _WMI_GetErrorDescription() for when the Error Handler fails to give one.
* Added the ability to also run au3 scripts in _RunProgram().
* Updated various other functions. ie: Reg_Debuggers(), GetCommonstartups(), _ObjErrorHandler(), etc.

January 03, 2013 - v3.05 (not released)
Added: _Clean_ContentIE5 v0.2b

July 14, 2014 - v3.06

Modified to support Win8.0 and newer AutoIt versions (ie: 3.3.12.0).

* Removed _StartService() and modified GCS_TestWMI() to a simpler code.

July 29, 2014 - v3.07

Modified to support Win8.1

This script must be compiled 64Bit if used on a 64Bit OS.

Download Version 3.07

GetCommonStartups_v3.07.zip

Please let me know if you have any issues or complaints.

 

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

Thanks wakillon

I have tested it on 4 machines without trouble. You guys let me know if any quirks or bugs you find, please.

I have also made a few updates.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

wakillon - I'll leave that in your capable hands <grin>. I have other plans for it.

I used Startup Monitor for several years. My clients would still click yes when

prompted, then ask me how they got infected?!

JohnOne - It's unusual for anything valid to start from AppInit_DLLs. Name of the firewall?

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

JohnOne - ok, thanks

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

G'day ripdDad

Great script and will come in VERY useful!

But, i've got another false positive for the Appint_dll warning

"BdGamingMonitor.dll"

It belongs to BullGuard antivirus package.

Thanks for takeing the time to share!

John Morrison

Posted

As long as you guys know your dll is valid.

It's not a matter of a false positive.

The script just checks if anything is written to it. It's blank by default.

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.

But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.

But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

Hay don't get me wrong. :unsure:

The script is great and I can see a lot of uses for it.

I just wanted to let you know that "JohnOne" wasn't the only one that had a DLL in that area.

John (well TWO I guess) :>

Storm-E

Posted

storme - nah, I didn't take it wrong. I appreciate your input.

This is where manual research is needed to make a determination if that dll is valid.

Not much I can do (on my end) from the scripts point of view. Thats all I was trying to say.

You can modify the script to allow your dll .. and then warn if that changes.

In addition, I would make an MD5 check on it.

By the way, the AppInit_DLLs entry works the same way as UserInit. Comma-separated entries.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

JohnOne - Thanks, I'll give it some thought.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

  • 2 weeks later...
Posted (edited)

Just noticed since I use another language-version... autostart-folders are not named the same.

You should use: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

...and the value of: "Common Startup"

It looks like this for me: "%ALLUSERSPROFILE%\Start-meny\Program\Autostart"

Dunno if that is true of Vista/Win7. (Most likely.)

And btw, great work!

/Manko [EDIT: Provide value of key, so you don't have to look...]

Edited by Manko
Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Posted (edited)

Manko - Thanks, first post updated.

I have to add another section of code for Win7.

In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup

In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

I don't have time right now. I'll work on it later tonight.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Posted

Manko - Thanks, first post updated.

I have to add another section of code for Win7.

In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup

In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

I don't have time right now. I'll work on it later tonight.

Alright! It works much better... Thanks.

http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!)

Somewhere Out ThereJames Ingram

somewh10.png

dropbo10.pngDownload Dropbox - Simplify your life!
Your virtual HD wherever you go, anywhere!

Posted

First Post Updated

Let me know if any issues - thanks

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...