GetCommonStartups v3.07

[ripdad]

Correction Update - see Edit6

[wakillon]

When i uninstall a driver i get a message of StartupMonitor that there is a new entry : grpconv.exe -o

But after accept it, i try your script for find his reg key, but unsuccessfully...

[ripdad]

wakillon,

I've seen that exact thing before from StartupMonitor. I was never able to track it down doing a manual search.

Most of the time it's located here when activated:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce: [GrpConv] grpconv.exe -o

I think what might be happening is it gets deleted after it writes it. I don't know .. strange.

I never did extensive testing to find out for sure.

It's an old app from older OS's like 3.1 thru 98, mainly for conversion to a new OS from 3.1.

It deals with "program groups" which is not needed in newer OS's. It's never caused me any troubles though.

[ripdad]

Updated 1st post - see Edit 7

[ripdad]

Updated 1st post - see Edit8

[ripdad]

Updated - see Edit9

[guinness]

Nice Example of using Native Code!

[P0lo]

Hello,

My fifty cents:

A collection of autostart location: http://gladiator-antivirus.com/forum/index.php?showtopic=24610

and Silentrunners lauchpoints: http://www.silentrunners.org/launchpoints.html

the french page of ZHPdiag lists many lauchpoints http://www.premiumorange.com/zeb-help-process/zhpdiag.html

regards

[ripdad]

P0lo,

Thanks for the links!

I'm very aware that Windows is full of holes.

Just when you think they are all plugged up, another one appears.

This script was never meant to be all conclusive.

It's just a quick look at what might be going on with a PC.

I will be adding a little more to it when I have the time.

By the way, this is an example script. Feel free to add what you wish to it.

[ripdad]

Updated 1st post

[Chimaera]

Good stuff ripdad

Two thoughts for you on your right click menus

When on the startup page grey out the common startups text as you are viewing that page and the reverse when on the running programs page

I kept clicking on the common startups as i had no idea i was on it already.

Last thought maybe a refresh or reload in the right click menu just in case you have deleted some startups?

EDIT

another thing i found if you copy to clipboard on the registry ones you get this result when you paste it

HKEY_USERS64\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce|||||| << im assuming the "|" are because of the extra info for other things?

and would it be possible to select all and copy to clipboard instead of one by one?

Great stuff though

Chimaera

Edited June 13, 2011 by Chimaera

[ripdad]

Thanks Chimaera.

Right-Click Menu:

Common Startups is both the refresh and to switch back and forth between Running Programs.

It would be the same function no matter how it was worded. (I'll give it some more thought)

It will automatically refresh itself when an item is deleted from Common Startups.

ClipBoard:

First issue has been revised. (Guess I was asleep on that one -or- it wasn't a top priority)

On the second issue, I'm not sure how that would affect other functions. I need to test and see.

I have added a new function, _ListDump. It will save both list to a log file with date/time.

Would that solve the second issue, or do you need that specifically?

On another note:

1) I finally tracked down a flicker problem to GUICtrlSetBkColor()in one of the loops.

I guess I'll have to rethink the color scheme again or do away with it altogether.

2) The WMI function for Running Programs is quite sluggish because it's sifting through 700 to 3500 entries.

So, thats not helping the previous issue either. Someone might ask why I'm using it instead of a built-in

function. The answer is, it's one heck of a function. It does all the queries automatically. All I have

to do is collect the data.

It returns all loaded dll's, drv's, exe's and a few extensions I haven't seen before.

Along with that, it returns the PID of each of those along with it's exact path.

I can match the PID of dll's and drv's to the executable that started it, within the same function.

I don't know of any function that can do all that. Until I find something to replace it, I'm sticking to it.

As far as it being a little slow ... I'm in no hurry anyways.

Anyways ... enough of my rattling. First post updated.

[ripdad]

update

[Chimaera]

Thanks m8 ill give them a run tommoz on a few machines and report back

[ripdad]

Updated 1st post.

Please report any bugs, quirks or crashes. Thanks.

[MindlessGenius]

Ripdad

Just tested your new version... Wow!

I'm still reading through all that code analyzing it line by line and boy, all I can say is nice work!

Must have taken forever to do all this research as this implementation seems rather flawless minus the color scheme .

Yes, it's a bit sluggish but it works...

[Chimaera]

Looks good m8, getting definitely complicated now

Keep up the good work

Works fine on Win7 Ultimate 64bit

Chimaera

[ripdad]

MindlessGenius - Thanks. Made you change the colors? <grin>

Chimaera - Thanks. My production script is twice the lines. Might have to change the name!

I will be making some minor updates soon, after I re-read the script and see if my logic was logical. <eh?>

[ripdad]

Updated first post. Please report any problems.

[storme]

Updated first post. Please report any problems.

Minor bug

Line 288

$string & '.exe'; out-->somefile.exe

I'm guessing it should be

$string &= '.exe'; out-->somefile.exe

and a BIG thanks this is a great bit of code you've produced!

Storm-E