windows regidtry question

Discussion in 'Windows Desktop Systems' started by celticfan11, Dec 15, 2004.

  1. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    I found that MSCONFIG wont remove everything from startup. Programs can still hide in the registry and startup when your pc loads. All the registry keys are below. What i want to know is there a way to copy and paste those strings somewhere and it will bring me directly to that place, so i dont have to manually goto those locations all the time? Or if there is a program that will do that. Thanks in advance.


    Here is the list of all Registry spots that could potentially load applications on Windows startup (you may or may not find them on your computer, depending on version of Windows you have):All of these willnot be found in MSCONFIG

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
     
  2. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    seems i made a typo on the topic of this post :(
     
  3. Zaphod1620

    Zaphod1620 OSNN Junior Addict

    Messages:
    23
    I don't know of a way to "jump" to a spot in the registry. I think they purposely make it difficult to navigate through the registry to scare off novices from mucking about in there. However, if you are attempting to slim down your startup processes, you can check the services on your machine, by running "services.msc" This will show ALL the services, and when and if they start up on your machine. A great guide for tweaking these are here.-Zaphod
     
  4. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    not looking to slim my services. I am thinking about spyware/viruses. When they imbed them selves into the OS and MSCONFIG wont pick it up. Sometimes they hide in the registry startup places described above. its just annoying to manually goto each string. I am all about shortcuts :)
     
  5. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Use the Favorites menu built into regedit. First go to the key you want, and select Favorites>Add to Favorites. Do that for all of the above keys, and they'll be stored so that you can get to them quickly next time. :)
     
  6. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    AdAware in combination with Spybot can crawl your registry (deep registry scan) and clear out everything for you. :)
     
  7. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    thanks netryder
     
  8. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Not a problem. I have quite a few common locations stored that way. Very convenient. :)
     
  9. hawedi

    hawedi supermod@windows-board.de

    Messages:
    20
    Location:
    Germany
    Use a vbs-script like this, replace strKeyPath as you need. Save the file for example as runs.vbs. Multiple vbs-files you may merge to a batch-file or other.
    Sorry, it´s half past eleven pm CET, therefore my English drops down :)
     
    NetRyder likes this.
  10. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Very nice, hawedi. :)
     
  11. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    never wrote or did anything with VB scripts... i understand batch files..not vb scripts...
     
  12. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Steevo likes this.
  13. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Good find J. I didn't realise that the notify key could be used.
     
  14. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    wow thats alot of areas to check. Would have been easier ois MS would have stuck to the HKLM Run and HKLU Run areas as wel as the stertup folder. The ones Startup Control Panel look at.
     
  15. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    then a good time to learn a little more?
     
  16. hawedi

    hawedi supermod@windows-board.de

    Messages:
    20
    Location:
    Germany
    celticfan11 wrote :


    Well, I believe there is no CMD-Batch-Command to analyse the windows registry. But the link posted by j79zlr refers to http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
    The autorunstool especially autorunsc.exe, the command-line version of autoruns is a good basic approach.

    I extracted this file (autorunsc.exe) from the downloaded zip-file to a new folder (for example I:\tools\autoruns in my way)

    Next I build this batch - named compare.bat in the same folder :


    I started compare.bat to create the initial level and then I added the location of my batch-file
    first to one of this auto-run locations and at last to autostart - folder.

    Running my compare.bat again and the batch notified me that there was an alternation.

    [​IMG]


    Now I deleted the entry of my virus-av-guard using the (same, but GUI - ) tool autoruns and restarted my computer.
    Perfect - it advised me about this change in the registry. O.K. - it is not the fastest way and expanding with the using syntax of autorunsc.exe it will become particularly slow.

    But the main thing for my study was : less tools as possible !
     
  17. Tweakfiend

    Tweakfiend OSNN Senior Addict

    Messages:
    340
    Location:
    UK