Nirsoft Startup

0 views
Skip to first unread message

Jomega Gibson

unread,
Aug 3, 2024, 11:14:40 AM8/3/24
to centgeabvixer

This utility, which has the most comprehensive knowledge ofauto-starting locations of any startup monitor, shows you what programsare configured to run during system bootup or login, and when you startvarious built-in Windows applications like Internet Explorer, Explorerand media players. These programs and drivers include ones in yourstartup folder, Run, RunOnce, and other Registry keys.Autoruns reports Explorer shell extensions, toolbars, browser helperobjects, Winlogon notifications, auto-start services, and muchmore. Autoruns goes way beyond other autostart utilities.

Autoruns' Hide Signed Microsoft Entries option helps you to zoomin on third-party auto-starting images that have been added to yoursystem and it has support for looking at the auto-starting imagesconfigured for other accounts configured on a system. Also included inthe download package is a command-line equivalent that can output in CSVformat, Autorunsc.

Simply run Autoruns and it shows you the currently configuredauto-start applications as well as the full list of Registry and filesystem locations available for auto-start configuration. Autostartlocations displayed by Autoruns include logon entries, Explorer add-ons,Internet Explorer add-ons including Browser Helper Objects (BHOs),Appinit DLLs, image hijacks, boot execute images, Winlogon notificationDLLs, Windows Services and Winsock Layered Service Providers, mediacodecs, and more. Switch tabs to view autostarts from differentcategories.

To view the properties of an executable configured to run automatically,select it and use the Properties menu item or toolbar button. IfProcess Explorer isrunning and there is an active process executing the selected executablethen the Process Explorer menu item in the Entry menu will openthe process properties dialog box for the process executing the selectedimage.

Navigate to the Registry or file system location displayed or theconfiguration of an auto-start item by selecting the item and usingthe Jump to Entry menu item or toolbar button, and navigate tothe location of an autostart image.

The Options menu includes several display filtering options, such asonly showing non-Windows entries, as well as access to a scan optionsdialog from where you can enable signature verification and Virus Totalhash and file submission.

BlueScreenView utility allows you to watch the blue screen crashes occurred in your system by reading and analyzing the MiniDump files created on every crash by the operating system. The MiniDump files are usually created under C:\WINDOWS\Minidump, unless the path was modified in the system failure settings of Windows.

@Lotez. Sounds like your problem is more related to a hardware issue due to a corrupted BIOS. Try removing the battery and power adapter then press and hold the power button for at least 30 sec to clear the BIOS. Reinsert the battery, connect the power adapter, and try to reboot. If that does not solve your issue and you are adventurous, dismantle your laptop and remove the CMOS coin cell battery for at least 30 sec to clear the BIOS. Reinsert the CMOS battery and re-assemble the laptop. Again, insert the battery and power adapter and reboot. If the coin cell battery is soldered, short it by touching a conductive metal (screwdriver) across its terminals. You can find specific instructions on how to dismantle your laptop by either googling or searching Youtube. HTH

What are the settings for Vista. XP & Win7 are posted. Where is Vista info.
Why Small memory dump vs Kernel memory dump which is default on my Vista box.
Can this app open Kernel memory dumps or Complete Memory Dumps as well?

I applied the startup and recovery setting, small memory dump, and windows itself said it would make %systemroot%\minidump. I restarted the computer, but the file is nowhwere to be seen. Also memory.dmp is nowhwere.

i kneel at your feet sir ! i have had grief with my computer windows 7 64 for several months with random bsods i bought new ram trying to fix the problem to no avail i spent hundreds of hours trying to figure out the mindless drivel google provided me with, i was about to throw it through the window of the shop i purchased it from ,then i found you =) once i read your posts and followed your instructions my computer responded positively! THANK YOU SO MUCH !! one whole week has passed now and not a glitch VERY VERY HAPPY =) you rock kind regards guy nz

I get a minidump file but i cannot open it. The size of the file is 290K. The Viewbluescreen program do not see it by default. I need to choose VIEW ALL FILE to see the file and if i choose OPEN IT, windows 7 answer that i do not have the right.

It means that the power was back on around 15:37.
The reason for the 2 minutes time-difference between the access points is their loading speed. In the slower routers, the timer started 2 minutes after the power was back on.

In the last few weeks, I added support for recovering passwords from external hard drive contains the most recent versions of Windows (Windows 10, Windows 8, Windows 7) for some of the NirSoft Password-Recovery tools, including IE PassView, ChromePass, Network Password Recovery, and WirelessKeyView.
Until now there was only support for reading external drive passwords of Windows XP or Windows Vista and I had to do a very intensive reverse engineering in order to upgrade my DPAPI decryption code to work with Windows 7 and newer systems.
In addition to the upgrade of existing tools, there are also a few new utilities in development process that are specifically designed to extract passwords from external hard drive.

For example, if your user profile is stored in c:\users\nirsoft64 and the shadow copy path is \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 then the correct path that you have to type is \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\users\nirsoft64 :

You also have to type the logon password of this user profile, because the logon password is needed to decrypt the passwords.
Assuming that you type the correct user profile path and logon password, IE PassView will decrypt the passwords stored by IE in the date that the shadow copy was created.
You can also use the same technique with the other tools that have external drive support (ChromePass, Network Password Recovery, WirelessKeyView, Dialpass )

Be aware that like any password-recovery tool, these tools trigger warnings and alerts in many Antivirus programs and your Antivirus software, firewall, or even your Web browser may block you from downloading them.

There are 2 freeware utilities that can help you to recover your lost Gmail password: Mail PassView to recover the password from popular email clients, like Outlook and Windows Live Mail, and WebBrowserPassView, to recover the password from your Web Browser.

After running Mail PassView, the main window displays the details of all email accounts found in your system. In order to find the password of your Gmail account, you should locate the record where the value of the server column is pop.gmail.com or imap.gmail.com

After you download it, open the zip file and run the WebBrowserPassView.exe executable. Be aware that because this utility can extract password from your system, your Antivirus software may display an alert and even block you from running this .exe file.

Just want to start my mount from login/boot without having a cmd window open. I have the batch file and when using shell:startup, it works and runs when i log in but the cmd window just stays open ready to print a log for me. Want to just get rid of it and mount only

You can create a scheduled task to run it with. If you check "Run whether user is logged on or not", it will run hidden in background (there is a "Hidden" checkbox, but it is only to hide the task from the Task Scheduler user interface).

It is also possible to create a simple launcher script with WScript/VB that you can double click from Explorer, create shortcut for, add to StartUp etc, that will execute rclone normally as current user, but hidden. Simple and easy to use, but could be a bit too "naive", depending on your use case.. Example: Create a plain text file with extension .wsf, e.g. "RcloneMount.wsf", with the following content (edit in your specific rclone command line, of course):

These messages are sent by users who think that there is a bug or problem with my utility, without knowing that this problem is actually caused by their Antivirus.
In some circumstances, the Antivirus software runs in the background, and when it detect a threat, it simply block the .exe file, put the file in quarantine, or simply delete it, without telling the user anything.
The frustrated user think that there is a problem in the software he tries to run, without knowing that the Antivirus software, that should protect his computer, is actually the troublemaker that causes this problem.

These messages are sent by users who think that there is a problem in my Web site, because they cannot browse into a Web page in my site or download a utility from my site. But once again, this problem is caused by Antivirus or Firewall that decided to block my Web site without explaining the user about the site blocking.

In the bottom line, if the false positives problem will make too much noise in the media, the Antivirus companies will understand that false positives may also hurt their reputation and decrease their product sells, and eventually they will give more priority to fix the false alerts in their products.

I agree this is a pain, whenever I plug in my thumb drive into another computer I find Norton happily deleting files from it for me. So now I tend to disable any AV before plugging it in (a lot easier).

Of course I also firmly believe most of them intentionally jack up the false positives (affecting primarily small developers) so they can boast higher detection rates.
And you are right, they justify this on the technicality that the software *could* be used maliciously.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages