70 replies to this topic

[ripdad]

Get Common Startups v3

Initial Release: September 17, 2012

Last Updated: December 09, 2012
Current Version: 3.04

Several changes and improvements have been made to this program.

What is it?
It had a very humble beginning with some minimal coding to display Run Keys and their values in the registry.

Since then, it has grown into a tool that I use everyday to trouble-shoot computers.
It probably should be renamed, but I'll leave that for now. Another day perhaps.

A few notes for clarity:
1) This script must be compiled 64Bit if used on a 64Bit OS.
2) _ListDump() was removed. You can use SysInfoLog instead.

Credits go to:
- SumTingWong for _StartService()
- GeoSoft for Regedit jump snippet
- wraithdu for _IsJunction()
- and the many who contributed to Array.au3

Please let me know if you have any issues or complaints.

Download v3.04
 GetCommonStartups_v3.04.zip   30.37KB   117 downloads

Updates:

Spoiler

October 01, 2012 - v.3.01 - Various Code Improvements.

October 03, 2012 - v3.02 - Fixed a few problems with object errors in _WMI_InstancesOf().
1) If a device is not found (like a sound card), it will return a blank string when the "object count" is zero.
2) If a "property name" returns an error of "not found" at the "qualifier loop", then the function will continue without it.
Thanks goes to ricky03 for posting the errors and testing.

November 05, 2012 - v3.03 - Updated _WMI_GetATAPISmartData() with v1.00

December 09, 2012 - v3.04
* Upgraded _WMI_InstancesOf() to v1.00 -- Getting a "bit" more from WMI.
* Updated _WMI_GetATAPISmartData() with v1.01
* Moved _WMI_QuickFixEngineering() to it's own window.
* Fixed a crash issue with _Drivers_Services() when a PathName was blank. (Case: DisplayName -> SASKUTIL)
* Removed _WMI_MiniInstancesOf() and _WMI_ProcessItem(). The new version of _WMI_InstancesOf() replaced them.
* Added _WMI_GetErrorDescription() for when the Error Handler fails to give one.
* Added the ability to also run au3 scripts in _RunProgram().
* Updated various other functions. ie: Reg_Debuggers(), GetCommonstartups(), _ObjErrorHandler(), etc.

Edited by ripdad, 09 December 2012 - 07:03 AM.

[wakillon]

The list of startup entries is very complete and some people may be surprised of what they will found.

Thanks ripdad !

Edited by wakillon, 13 April 2011 - 05:05 PM.

[ripdad]

Thanks wakillon

I have tested it on 4 machines without trouble. You guys let me know if any quirks or bugs you find, please.

I have also made a few updates.

[wakillon]

You should create a gui ( as codestuff starter style )
with possibilities to check or uncheck entries, and if i abuse
with the functionality of startup monitor!

It could be a complete tool !

Edited by wakillon, 14 April 2011 - 05:04 PM.

[JohnOne]

It reports to me that appinitdll might be infected, should I be worried?

EDIT:

Answer = I'm not much worried, since the dll file it referenced is part of my firewall and need to run at startup.

Edited by JohnOne, 14 April 2011 - 06:32 PM.

[ripdad]

wakillon - I'll leave that in your capable hands <grin>. I have other plans for it.
I used Startup Monitor for several years. My clients would still click yes when
prompted, then ask me how they got infected?!

JohnOne - It's unusual for anything valid to start from AppInit_DLLs. Name of the firewall?

[JohnOne]

Comodo

[ripdad]

JohnOne - ok, thanks

[storme]

G'day ripdDad
Great script and will come in VERY useful!

But, i've got another false positive for the Appint_dll warning
"BdGamingMonitor.dll"
It belongs to BullGuard antivirus package.

Thanks for takeing the time to share!
John Morrison

[JohnOne]

The dll for mine was guard32.dll

[ripdad]

As long as you guys know your dll is valid.

It's not a matter of a false positive.
The script just checks if anything is written to it. It's blank by default.

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.
But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

[storme]

If you do a search for AppInit_DLLs, you'll come up with tons of pages about virus infections.
But .. I can see discernment will be needed. There is an option to turn the warning off, btw.

Hay don't get me wrong.
The script is great and I can see a lot of uses for it.
I just wanted to let you know that "JohnOne" wasn't the only one that had a DLL in that area.

John (well TWO I guess)

Storm-E

[JohnOne]

storme

ripdad, maybe just a message change would suffice.

Instead of "This file might be infected", something like "Check this file belongs to a valid application, installed on your computer".

[ripdad]

storme - nah, I didn't take it wrong. I appreciate your input.
This is where manual research is needed to make a determination if that dll is valid.
Not much I can do (on my end) from the scripts point of view. Thats all I was trying to say.

You can modify the script to allow your dll .. and then warn if that changes.
In addition, I would make an MD5 check on it.

By the way, the AppInit_DLLs entry works the same way as UserInit. Comma-separated entries.

[ripdad]

JohnOne - Thanks, I'll give it some thought.

[Manko]

Just noticed since I use another language-version... autostart-folders are not named the same.

You should use: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
...and the value of: "Common Startup"
It looks like this for me: "%ALLUSERSPROFILE%\Start-meny\Program\Autostart"

Dunno if that is true of Vista/Win7. (Most likely.)

And btw, great work!

/Manko [EDIT: Provide value of key, so you don't have to look...]

Edited by Manko, 27 April 2011 - 10:33 AM.

[ripdad]

Manko - Thanks, first post updated.
I have to add another section of code for Win7.
In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup
In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
I don't have time right now. I'll work on it later tonight.

Edited by ripdad, 01 November 2011 - 09:19 AM.

[JScript]

Manko - Thanks, first post updated.

I have to add another section of code for Win7.

In XP, the value is: %ALLUSERSPROFILE%\Start Menu\Programs\Startup

In Win7: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

I don't have time right now. I'll work on it later tonight.

Alright! It works much better... Thanks.

[ripdad]

First Post Updated

Let me know if any issues - thanks

[wakillon]

AppInit_DLLs-->wbsys.dll

Now, It detect well WindowBlinds dll at startup
Thanks !