Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup questions


  • Please log in to reply
2 replies to this topic

#1 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:25 PM

Posted 12 February 2009 - 07:19 PM

I've been meaning to try to do things with the Startup programs to see if there's anything I don't need...of course, there's a few things I don't quite get.....

1. I'm noticing that in Autoruns that there's a Save option. Is that to save out some readable file or save changes to the startup entries that you changed or what?

2. Is it the whole list or just a certain section of the list that should be looked over when going through the Startup Database? I'm just going to assume the whole thing for now unless noted otherwise........(and I already know I'm not going to find everything in the startup database)

3. Out of the ones I've gone through on a comparative note (under HKLM\software\Microsoft\Windows\CurrentVersion\Run), there's just something bothering me. I know that the nwiz.exe is a part of nVidia, but the command line is nwiz.exe /installquiet. What does the installquiet command mean exactly?

4. In other areas outside of the above mentioned HKEY, I'm seeing a few entries where it says that the file could not be found. Is it safe to shut these off/delete them or should I leave these alone?

Excuse me for the number of questions. Some of these just confuse me, that's all.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:25 PM

Posted 20 February 2009 - 12:15 PM

Sorry for the delay on this.

1. The save button just creates a log file of your startups.

2. I would look at the following tabs: logon, shell, services, winlogon, appinit, and image hijacks. Also please note that everything under those tabs is not covered by the statup database. Also not that a lot of the entries under those tabs are going to be microsoft installer autostarts.

3. Who knows. Maybe to start and not give any indication its running such as a message box or to show a screen.

4. Typically if an autostart is pointing to a file that is not there, then it can be removed. I would manually check to make sure the file is indeed not there. Have an example?

#3 scff249

scff249

    Indecisive Lurker

  • Topic Starter

  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:08:25 PM

Posted 21 February 2009 - 02:50 AM

Don't worry about the delay. I'm cool with it (as I'm pretty sure you're busy with site maintenance and helping some people in the HJT area as well as doing testing on some malware, as I remember you mentioning you have a dummy rig :thumbsup:)

One of the files that it says that is not found is gmer.sys. I'm pretty sure that it refers to the gmer rootkit scanner thingamabobber (whatever the name is, it slips my mind ATM), in which I had it on here to see if I can tell anything off of it during a random little false alarmed crisis I had (which proved to be my own stupid paranoia), and which I took gmer off after that. Of course, I don't think that's a startup as that sounds more like something else, if I wanted to guess, so I'll definitely have to be careful where I venture into...especially since I found this entry under the Everything tab (then again, what do I know. My computer knowledge is paultry compared to other people's here. But this is why this site is here, to help those that don't know :flowers:). But now that I know what to look under, it'll make things easier. I also knew already that not everything will be covered in the startup database after reading through the sticky.

Thanks for answering my questions. I'll get to working on this thing as soon as my brain lets me (which is probably tomorrow :trumpet:). If I have any questions about something, I know where to look!

Edited by scff249, 21 February 2009 - 02:52 AM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users