{"id":8406,"date":"2014-10-05T08:46:40","date_gmt":"2014-10-05T12:46:40","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=8406"},"modified":"2014-10-05T08:46:40","modified_gmt":"2014-10-05T12:46:40","slug":"do-you-know-wmic","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/do-you-know-wmic\/","title":{"rendered":"Do You Know WMIC?"},"content":{"rendered":"<p>First you must be using Windows 7 or Windows 8x for this to work, so if you&#8217;re not, this won&#8217;t work for you.<\/p>\n<p>There are a lot of ways to see what starts with Windows &#8211; but we&#8217;ve found yet another. And maybe this one drills down a little deeper. So if you&#8217;re running Windows 7\u00a0or Windows 8.1, why not\u00a0give WMIC a try? WMIC is a program built into Windows 7 and Windows 8x that allows you to create a list of applications that run at startup. So let&#8217;s try it now, okay?<\/p>\n<p>1. Press the Windows key + the &#8220;R&#8221; key. Now type CMD in the Run dialog and press Enter.<\/p>\n<p>2. At the cursor type wmic and press Enter. You&#8217;ll now see the command prompt change to &#8220;wmic:root\\cli&gt;&#8221;.<\/p>\n<p>3. At that command prompt type startup and press Enter &#8211; and you&#8217;ll the list of applications that run at startup displayed immediately.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"http:\/\/thundercloud.net\/infoave\/images\/2015\/wmic1.png\" alt=\"\" width=\"600\" height=\"318\" \/><\/p>\n<p>You say you want to print it &#8211; or save a copy of it in Notepad or Word or whatever? Easy.<\/p>\n<p>1. Right-click on the Command dialog&#8217;s title bar.<\/p>\n<p>2. Choose &#8220;Edit&#8221; , then &#8220;Select all&#8221;<\/p>\n<p>3. Right-click (again) on the title bar and select &#8220;Copy&#8221; (or press &#8220;Enter&#8221;)<\/p>\n<p>4. Paste your list in Word, Notepad, your favorite word processing program &#8211; or even an email (send it to yourself).<\/p>\n<p>See?<\/p>\n<p><em>Microsoft Windows [Version 6.1.7601]<\/em><\/p>\n<p><em>Copyright (c) 2009 Microsoft Corporation. All rights reserved.<\/em><\/p>\n<p><em>C:\\Users\\TC&gt;wmic<\/em><br \/>\n<em>wmic:root\\cli&gt;startup<\/em><br \/>\n<em>Caption Command Description Location Name SettingID User UserSID<\/em><br \/>\n<em>BrightExplorer C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\BrightNewWorlds\\BrightExplorer\\BrightExplorer.exe startup BrightExplorer Startup BrightExplorer TC-PC\\TC S-1-5-21-44831512-2148771416-1077363250-1001<\/em><br \/>\n<em>GoToAssist Remote Support Expert &#8220;C:\\Users\\TC\\AppData\\Local\\Citrix\\GoToAssist Remote Support Expert\\758\\g2ax_start.exe&#8221; &#8220;\/Trigger RunAtLogon&#8221; GoToAssist Remote Support Expert HKU\\S-1-5-21-44831512-2148771416-1077363250-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run GoToAssist Remote Support Expert TC-PC\\TC S-1-5-21-44831512-2148771416-1077363250-1001<\/em><br \/>\n<em>EPLTarget\\P0000000000000002 C:\\WINDOWS\\system32\\spool\\DRIVERS\\x64\\3\\E_IATILBE.EXE \/EPT &#8220;EPLTarget\\P0000000000000002&#8221; \/M &#8220;XP-310 Series&#8221; \/EF &#8220;HKCU&#8221; EPLTarget\\P0000000000000002 HKU\\S-1-5-21-44831512-2148771416-1077363250-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run EPLTarget\\P0000000000000002 TC-PC\\TC S-1-5-21-44831512-2148771416-1077363250-1001<\/em><br \/>\n<em>PureText.exe C:\\Users\\TC\\Downloads\\puretext_3.0_64-bit\\PureText.exe PureText.exe HKU\\S-1-5-21-44831512-2148771416-1077363250-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run PureText.exe TC-PC\\TC S-1-5-21-44831512-2148771416-1077363250-1001<\/em><br \/>\n<em>ETDCtrl C:\\Program Files\\Elantech\\ETDCtrl.exe ETDCtrl HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run ETDCtrl Public<\/em><\/p>\n<p><em>wmic:root\\cli&gt;<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>First you must be using Windows 7 or Windows 8x for this to work, so if you&#8217;re not, this won&#8217;t work for you. There are a lot of ways to see what starts with Windows &#8211; but we&#8217;ve found yet another. And maybe this one drills down a little deeper. So if you&#8217;re running Windows 7\u00a0or Windows 8.1,\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/do-you-know-wmic\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/8406"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=8406"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/8406\/revisions"}],"predecessor-version":[{"id":8407,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/8406\/revisions\/8407"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=8406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=8406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=8406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}