Windows - Tips & Tricks

As you may know, the system requirements for Microsoft Windows Vista Home Premium, Business, and Ultimate all list 1GB of RAM as a minimum. However, we all know that Vista runs better with 2GB of RAM or more. If you’re currently running Vista on a system with only 1GB of RAM you know that the system can, at times, be frustratingly slow — especially when you are running extremely memory-intensive applications.

Of course the ultimate solution would be to add another 1GB of RAM to your system, but what if doing so is not feasible at this point in time? Are you stuck with a sluggish system? Fortunately, you can bump up Vista performance by trimming back startup programs that may not be needed. By preventing unnecessary programs from automatically starting, you’ll have more memory to spare for the programs that you do want to run.

In this edition of the Windows Vista Report, I show you several methods that you can use to investigate the programs that automatically start up on your system. I show you how you can eliminate or at least temporarily prevent them from automatically starting up.

Using WMIC

You can investigate startup programs using a specially configured WMIC (Windows Management Instrumentation Command-line) command. WMIC is built into the Windows operating system and allows you to tap into a wide variety of application systems, hardware components, and operating system subsystems.

Using WMIC command, you can easily create a very nice HTML-based report of those programs that automatically start up on your system. You can then print the report to have on hand as you investigate whether you can safely eliminate any of those programs.

To create the report, open a Command Prompt window and type the following command:

wmic startup get /format:hform > startupreport.htm

When you do, the report will be created in a matter of moments. To access the file, just type the following:

startupreport.htm

You’ll then see a report displayed in Internet Explorer similar to the one shown in Figure A.

Figure A

Using a specially configured WMIC command, you can create a nicely formatted report on startup programs.

As you can see, the report is set up in a table and uses color to make it very easy to read.

Using Reliability and Performance Monitor

You can also investigate startup programs using the Reliability and Performance Monitor. Open the Control Panel, click the System and Maintenance category, and then click the Performance Information and Tools subcategory. Then under the Tasks panel, select the Advanced Tools and click the Generate a System Health Report icon. When you do, you’ll encounter a UAC and will need to respond accordingly.

When the Reliability and Performance Monitor window opens, the utility will begin compiling its report, which will take about 2-3 minutes. Once the report is compiled, expand the Software Configuration section and scroll down to the Startup Programs section, as shown in Figure B.

Figure B

The Reliability and Performance Monitor creates a much more concise report on the Startup Programs.

Using System Configuration

You can investigate and disable startup programs using System Configuration. Open the Control Panel, click the System and Maintenance category, click the Administrative Tools subcategory, and then click the System Configuration icon. When you do, you’ll encounter a UAC and will need to respond accordingly.

When the System Configuration dialog box appears, select the Startup tab, as shown in Figure C. As you can see, the Startup tab provides a straightforward listing of the programs that automatically start up on your system.

Figure C

You can view and easily disable startup programs on the Startup tab of the System Configuration utility.

You can disable a startup program by clearing the adjacent text box. As you can see, the Startup tab makes it easy to keep track of those programs that you have disabled by recording the date and time they were disabled. When you click OK, you’ll be prompted to restart the system to activate your changes.

Using Software Explorer

You can also investigate and disable startup programs using Windows Defender's Software Explorer. Click the Start button, type Defender in the Start Search box and press [Enter]. When you see the Windows Defender Home page, click the Tools link on the menu. Once you see the Tools and Settings page you’ll find the Software Explorer link in the second column under the Tools heading. Once you click that link, you’ll see the Software Explorer, as shown in Figure D.

Figure D

Software Explorer combines detailed descriptions of each startup program with the ability to disable those programs you deem unnecessary.

As you can see, the Startup Programs category contains a list of programs and provides a detailed description of the currently selected program. To disable any program, you first click on the Show For All Users button and deal appropriately with the UAC that pops up. Once you do, you’ll see that the Remove and Disable buttons are activated. You can then click the Disable button, which will display a confirmation dialog box. To remove a program from memory and reclaim the RAM, you’ll need to restart your system.

When the system restarts, you’ll receive a pop-up message in the notification area that tells you that Vista is currently blocking some startup programs. This warning will display only momentarily, but serves as a reminder that you have disabled some startup programs each time the system is restarted.

What is SAM?

What do I do with a copy of SAM?

You get passwords. First use a copy of SAMDUMP.EXE to extract the user info out of it. You do not need to import this data into the Registry of your home machine to play with it. You can simply load it up into one of the many applications for cracking passwords, such as L0phtCrack, which is available from: http://www.L0phtCrack.com

Of interest to hackers is the fact that all access control and assorted parameters are located in the Registry. The Registry contains thousands of individual items of data, and is grouped together into "keys" or some type of optional value. These keys are grouped together into subtrees -- placing like keys together and making copies of others into separate trees for more convenient system access.

The Registry is divided into four separate subtrees. These subtrees are called

• HKEY_CLASSES_ROOT
• HKEY_CURRENT_USER
• HKEY_LOCAL_MACHINE
• HKEY_USERS

First and foremost is the HKEY_LOCAL_MACHINE subtree. It contains five different keys. These keys are as follows:

• SAM and SECURITY - These keys contain the info such as user rights, user and group info for the domain (or workgroup if there is no domain), and passwords. In the NT hacker game of capture the flag, this is the flag. Bag this and all bets are off.

• HARDWARE - this is a storage database of throw-away data that describes the hardware components of the computer. Device drivers and applications build this database during boot and update it during runtime (although most of the database is updated during the boot process). When the computer is rebooted, the data is built again from scratch. It is not recommended to directly edit this particular database unless you can read hex easily.

There are three subkeys under HARDWARE, these are the Description key, the DeviceMap key, and the ResourceMap key. The Description key has describes each hardware resource, the DeviceMap key has data in it specific to individual groups of drivers, and the ResourceMap key tells which driver goes with which resource.

• SYSTEM - This key contains basic operating stuff like what happens at startup, what device drivers are loaded, what services are in use, etc. These are split into ControlSets which have unique system configurations (some bootable, some not), with each ControlSet containing service data and OS components for that ControlSet. Ever had to boot from the "Last Known Good" configuration because something got hosed? That is a ControlSet stored here.
• SOFTWARE - This key has info on software loaded locally. File associations, OLE info, and some miscellaneous configuration data is located here.

The second most important main key is HKEY_USERS. It contains a subkey for each local user who accesses the system, either locally or remotely. If the server is a part of a domain and logs in across the network, their subkey is not stored here, but on a Domain Controller. Things such as Desktop settings and user profiles are stored here.

The third and fourth main keys, HKEY_CURRENT_USER and HKEY_CLASSES_ROOT, contain copies of portions of HKEY_USERS and HKEY_LOCAL_MACHINE respectively. HKEY_CURRENT_USER contains exactly would you would expect a copy of the subkey from HKEY_USERS of the currently logged in user. HKEY_CLASSES_ROOT contains a part of HKEY_LOCAL_MACHINE, specifically from the SOFTWARE subkey. File associations, OLE configuration and dependency information

A runtime error is a computer error that appears in the form of a message box consisting of a particular code and computer becomes noticeably slow before a runtime error appears.

No sooner the runtime error message has been displayed and closed, the software showing this error would normally hang or close automatically. In some cases, the operating system may reboot.

A wide variety of errors cause these problems. which include:

• conflicts between the TSR (Terminate and Stay Resident Program)and other
• currently running applications;
• software issues;
• memory problems;
• and harmful applications such as computer viruses.

With this, the procedures necessary to correct this type of error differs from one case to another. If the runtime error you are experiencing were caused by a TSR then you can simply use the "end task" function of the Task Manager.

If you consequently encounter a runtime error that is persistent, the software that displays the error message has certain issues and problems. You can resolve this problem by visiting the website of the software's developer and downloading and installing all the updates and patches needed for the smooth running of the software. However, if you have already installed all updates and patches and the runtime error message still appears, you can opt to uninstall and reinstall the program.

Another type of runtime error is usually caused by memory issues. In this case, it is a good idea to first contact the developer of the application that caused the error message. More often than not, they can provide you with a possible set of solutions. But if their given solutions cannot resolve the issues, you need to contact the manufacturer of your computer or motherboard and ask for a technician or someone from the company who can assess your hardware.

A different type of runtime error is caused by harmful programs such as viruses and other malicious processes. These harmful programs are capable of altering the computer's settings. With this, they are very much capable of generating runtime errors. In order to prevent runtime errors that are caused by such malicious programs, you need to frequently update your software security application. If your PC does not have a good software security program, you need to install one and scan your computer for possible threats to the stability of your system and the security of your private data.