BleepingComputer.com: Startup questions

I've been meaning to try to do things with the Startup programs to see if there's anything I don't need...of course, there's a few things I don't quite get.....

1. I'm noticing that in Autoruns that there's a Save option. Is that to save out some readable file or save changes to the startup entries that you changed or what?

2. Is it the whole list or just a certain section of the list that should be looked over when going through the Startup Database? I'm just going to assume the whole thing for now unless noted otherwise........(and I already know I'm not going to find everything in the startup database)

3. Out of the ones I've gone through on a comparative note (under HKLM\software\Microsoft\Windows\CurrentVersion\Run), there's just something bothering me. I know that the nwiz.exe is a part of nVidia, but the command line is nwiz.exe /installquiet. What does the installquiet command mean exactly?

4. In other areas outside of the above mentioned HKEY, I'm seeing a few entries where it says that the file could not be found. Is it safe to shut these off/delete them or should I leave these alone?

Excuse me for the number of questions. Some of these just confuse me, that's all.

Sorry for the delay on this.

1. The save button just creates a log file of your startups.

2. I would look at the following tabs: logon, shell, services, winlogon, appinit, and image hijacks. Also please note that everything under those tabs is not covered by the statup database. Also not that a lot of the entries under those tabs are going to be microsoft installer autostarts.

3. Who knows. Maybe to start and not give any indication its running such as a message box or to show a screen.

4. Typically if an autostart is pointing to a file that is not there, then it can be removed. I would manually check to make sure the file is indeed not there. Have an example?

Don't worry about the delay. I'm cool with it (as I'm pretty sure you're busy with site maintenance and helping some people in the HJT area as well as doing testing on some malware, as I remember you mentioning you have a dummy rig )

One of the files that it says that is not found is gmer.sys. I'm pretty sure that it refers to the gmer rootkit scanner thingamabobber (whatever the name is, it slips my mind ATM), in which I had it on here to see if I can tell anything off of it during a random little false alarmed crisis I had (which proved to be my own stupid paranoia), and which I took gmer off after that. Of course, I don't think that's a startup as that sounds more like something else, if I wanted to guess, so I'll definitely have to be careful where I venture into...especially since I found this entry under the Everything tab (then again, what do I know. My computer knowledge is paultry compared to other people's here. But this is why this site is here, to help those that don't know ). But now that I know what to look under, it'll make things easier. I also knew already that not everything will be covered in the startup database after reading through the sticky.

Thanks for answering my questions. I'll get to working on this thing as soon as my brain lets me (which is probably tomorrow ). If I have any questions about something, I know where to look!

This post has been edited by scff249: 21 February 2009 - 02:52 AM