Jump to content

GetCommonStartups v3.07


ripdad
 Share

Recommended Posts

GetCommonStartups v3.00

Initial Release: September 17, 2012

Last Updated: July 29, 2014
Current Version: 3.07

What is it?
It had a very humble beginning with some minimal coding to display Run Keys and their values in the registry.

Since then, it has grown into a tool that I use to trouble-shoot computers.

Credits and Updates:

-Credits:

- trancexx for listview onhover snippet.
- GeoSoft for Regedit jump snippet.
- wraithdu for _IsJunction().
- and the many who contributed to Array.au3.

-Updates:

October 01, 2012 - v.3.01 - Various Code Improvements.

October 03, 2012 - v3.02 - Fixed a few problems with object errors in _WMI_InstancesOf().
1) If a device is not found (like a sound card), it will return a blank string when the "object count" is zero.
2) If a "property name" returns an error of "not found" at the "qualifier loop", then the function will continue without it.
Thanks goes to ricky03 for posting the errors and testing.

November 05, 2012 - v3.03 - Updated _WMI_GetATAPISmartData() with v1.00

December 09, 2012 - v3.04
* Upgraded _WMI_InstancesOf() to v1.00 -- Getting a "bit" more from WMI.
* Updated _WMI_GetATAPISmartData() with v1.01
* Moved _WMI_QuickFixEngineering() to it's own window.
* Fixed a crash issue with _Drivers_Services() when a PathName was blank. (Case: DisplayName -> SASKUTIL)
* Removed _WMI_MiniInstancesOf() and _WMI_ProcessItem(). The new version of _WMI_InstancesOf() replaced them.
* Added _WMI_GetErrorDescription() for when the Error Handler fails to give one.
* Added the ability to also run au3 scripts in _RunProgram().
* Updated various other functions. ie: Reg_Debuggers(), GetCommonstartups(), _ObjErrorHandler(), etc.

January 03, 2013 - v3.05 (not released)
Added: _Clean_ContentIE5 v0.2b

July 14, 2014 - v3.06

Modified to support Win8.0 and newer AutoIt versions (ie: 3.3.12.0).

* Removed _StartService() and modified GCS_TestWMI() to a simpler code.

July 29, 2014 - v3.07

Modified to support Win8.1

This script must be compiled 64Bit if used on a 64Bit OS.

Download Version 3.07

GetCommonStartups_v3.07.zip

Please let me know if you have any issues or complaints.

 

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

Thanks wakillon

I have tested it on 4 machines without trouble. You guys let me know if any quirks or bugs you find, please.

I have also made a few updates.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

It reports to me that appinitdll might be infected, should I be worried?

EDIT:

Answer = I'm not much worried, since the dll file it referenced is part of my firewall and need to run at startup.

Edited by JohnOne

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

wakillon - I'll leave that in your capable hands <grin>. I have other plans for it.

I used Startup Monitor for several years. My clients would still click yes when

prompted, then ask me how they got infected?!

JohnOne - It's unusual for anything valid to start from AppInit_DLLs. Name of the firewall?

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

G'day ripdDad

Great script and will come in VERY useful!

But, i've got another false positive for the Appint_dll warning

"BdGamingMonitor.dll"

It belongs to BullGuard antivirus package.

Thanks for takeing the time to share!

John Morrison

Link to comment
Share on other sites

As long as you guys know your dll is valid.

It's not a matter of a false positive.

The script just checks if anything is written to it. It's blank by default.

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.

But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.

But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

Hay don't get me wrong. :unsure:

The script is great and I can see a lot of uses for it.

I just wanted to let you know that "JohnOne" wasn't the only one that had a DLL in that area.

John (well TWO I guess) :>

Storm-E

Link to comment
Share on other sites

:unsure: storme

ripdad, maybe just a message change would suffice.

Instead of "This file might be infected", something like "Check this file belongs to a valid application, installed on your computer".

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

storme - nah, I didn't take it wrong. I appreciate your input.

This is where manual research is needed to make a determination if that dll is valid.

Not much I can do (on my end) from the scripts point of view. Thats all I was trying to say.

You can modify the script to allow your dll .. and then warn if that changes.

In addition, I would make an MD5 check on it.

By the way, the AppInit_DLLs entry works the same way as UserInit. Comma-separated entries.

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

  • 2 weeks later...

Just noticed since I use another language-version... autostart-folders are not named the same.

You should use: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"

...and the value of: "Common Startup"

It looks like this for me: "%ALLUSERSPROFILE%\Start-meny\Program\Autostart"

Dunno if that is true of Vista/Win7. (Most likely.)

And btw, great work!

/Manko [EDIT: Provide value of key, so you don't have to look...]

Edited by Manko
Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

Manko - Thanks, first post updated.

I have to add another section of code for Win7.

In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup

In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

I don't have time right now. I'll work on it later tonight.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Link to comment
Share on other sites

Manko - Thanks, first post updated.

I have to add another section of code for Win7.

In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup

In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

I don't have time right now. I'll work on it later tonight.

Alright! It works much better... Thanks.

http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!)

Somewhere Out ThereJames Ingram

somewh10.png

dropbo10.pngDownload Dropbox - Simplify your life!
Your virtual HD wherever you go, anywhere!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...