Services and msconfig

I used msconfig (System Configuration) to disable BlueStacks Android and Updater Services, as well as the BlueStacks startup entry. After restarting the PC, I again ran msconfig and these services are running. Task Manager confirms this.
I then opened Services and noticed that both services are set to automatic start up. What is the point of using msconfig when Services overrides it? Or am I missing something? :confused

 

There may be a policy that sets them to autorun. I'd just go into the services.msc and manually set them to manual.

 

Install WinPatrol. If you tell it you do not want something to run, it will not run.
http://www.majorgeeks.com/files/details/winpatrol.html

 

Thanks to both. After 10 years of using msconfig I have now learned it's pointless if any service is set to Automatic startup.

Also, with BlueStacks a lot of Google junk (toolbar, updater x 2, etc.) installed. I used Revo Uninstaller to remove everything only to find out most of the files in the Google folders, in both Program Files and ProgramData folders, are still there. I deleted them. How do I get rid of the obsolete entries that still show in Services? Will WinPatrol do that?

 

I don't think WinPatrol does this. I know I did remove some service in the past but I don't remember what I used.
Here is a program to do it
http://www.thewindowsclub.com/how-to-completely-remove-unwanted-services-in-windows

The Windows Club does have some pretty neat programs. I've used a few of them but I don't think I used this one to remove services.

If I can figure out what I did use, I'll post to this thread.

 

Thanks plodr. I'm familiar with the Windows Club. I have downloaded the app and will try it.

 

Maybe using: |MG| Microsoft Autoruns?:



Or, using the sc.exe command from an elevated command prompt window?:

sc delete ServiceName: Sc delete - Technet.Microsoft.​

ServiceName is the name shown in the properties window of the service, not the display name.
Either of these methods will remove the service from the "Services" Console along with the corresponding registry entry, but won't delete/remove any associated files.

 

If you want to go there, then using powershell:

Get-service (this shows all services on your computer running or stopped)

To stop a service...

Stop-Service wsearch (for Windows Search)

or

Stop-Service -displayname "Windows Search"

In windows 7 just click start, then type in power and powershell should pop up.

But, using 3rd party programs can be easier if you don't want to type as much. I prefer powershell.

 

Thanks again to everyone.

I ran out of internet data and had an hour to spare. I manually deleted 6 registry entries relating to Google Toolbar and Update. System Configuration showed no Google services, but Task Manager and Services still did. I then used CCleaner's Registry Cleaner and found another 30+ obsolete registry entries which were removed, restarted the PC and now nothing Google-related shows in Services and Task Manager.

I have changed the start up of BlueStacks Android and Updater Services to manual. When I run BlueStacks, both are changed back to automatic.
Any advice? Or should I start a new thread?

 

Try looking in "Task Scheduler" for any references to those update services. Is there any way to change update settings in BlueStacks?

 

Get WinPatrol
http://www.winpatrol.com/startup.html
any time a program wants to change its behavior, like wanting to auto start when you already said no, WinPatrol pops up an alert and asks if you want to allow the change. Just click no and it won't auto start.

I have something Intel that insists on putting a tray icon near the clock on my husband's desktop computer. I don't want or need that. About once every two weeks WinPatrol alerts me to the fact. I just keep saying no and the icon never appears.

 

There's no BlueStacks tasks in Task Scheduler, and no update settings in BlueStacks. I will check the latter again.

Yesterday I downloaded and installed WinPatrol. Today, when I started my PC, WinPatrol allerted me to "igfxdev.dll" wanting to start. I have no idea what this is, as I previously disabled "hkcmd.exe (Hot Keys)", "igfxtray.exe (Tray Icon)", "and igfxpers.exe (Persistence)" in msconfig. I don't know what the latter is, but all 4 are Intel files. And my PC is running fine.

I am not starting BlueStacks while connected to the internet*. When I later start BlueStacks, I will carefully monitor whether WinPatrol alerts me to the startup type (in Services) being changed. Thát's my problem. I understand a program being added to Services, but Windows 7 Ultimate should not allow any program to change any Service.

*BlueStacks downloaded 180MB before I pulled the modem. I will start another thread and share my experience.

You can disable Intel's tray icon in msconfig, and WinPatrol will not bother you every 2 weeks about that one.

 

I started BlueStacks and received no warning from WinPatrol. And as I expected, both start up types (BlueStacks Android & Update) were changed back from manual to automatic.

 

Instead of manual, try disabled for those two items.

 

Awesome thread everybody...

Eldon...

Just took a look and thought I would just pass it on in case you hadn't run across the info yourself. igfxdev.dll is associated with your graphics card driver. The similarly named igfxtray.exe is another element of that, and I would guess is the tray icon for making graphics adjustments like contrast, brightness, color, and the rest.

Info on Intel graphics files:
http://www.bleepingcomputer.com/startups/igfxdev.dll-16164.html
http://www.bleepingcomputer.com/startups/igfxpers.exe-12481.html
http://www.bleepingcomputer.com/startups/igfxtray.exe-2147.html

I have a PCIe graphics card on this PC, but I have had motherboard graphics that had a graphics client like your apparently does, which was for making adjustments. I didn't like running it on boot either, and disabling it was perfectly OK for me.

On BlueStacks, I think theefool's advice to turn off the service should be perfectly safe and sounds like a reasonable option, especially if you don't use the program. Gotta say, that's weird that it downloaded 180 MB. Sometimes, I wonder what on earth developers are thinking. Hopefully disabling the service will end your woes with that connection.

I think on this MS may not have had much of a choice when I think about it. When a program is installed that requires a service be on to function fully, that means the service must be on and so on. Seems like MS perhaps had to put themselves in a precarious position of allowing programs to change that status and trust that developers would use the privilege wisely, especially in the case of programs that simply routinely change a service's status (not just at installation).

I would be interested to see if anyone knows if disabling a service guarantees that it cannot be turned on by a program routinely running (I am referring to times BEYOND the installation of the program)...

Just for the record, I am becoming higher and higher on Private Firewall. It performs so well on Win 7. WinPatrol has some nice features going for it, but there is so much power for controlling data exchange with a straight firewall like PF. Best part is that it's only like 8 MB to install. That's compared to over 200 for Comodo Internet Security (has anti-virus). Comodo firewall only is I think around 150 MB. At any rate, the better I get the hang of PF, the more I am really loving using the program, even though it took me a couple of months of blocking things one time and then over and over to get the hang of what to allow. Now I feel like I really know my way around the program very well at the typical user level, so to speak...

Thanks to all for the info on deleting services. You guys are my kind of marines fo' real! :major

 

Thanks to everyone.

At first I thought your advice is illogical, because I want to run BlueStacks. I just don't want it to start automatically. More importantly, I don't want it to change the Startup type.

But, I did change both startups to Disabled and when I double-clicked the BlueStacks shortcut, the program opened! (No warning from WinPatrol...rolleyes) And again it changed the startups to Automatic.

The plot thickens. :confused I disabled the Bluetooth Support Service, and it stayed disabled.

It seems there's no way to stop a third-party program from changing it's own Services. The great Windows 7 Ultimate... being dictated to by a third-party program. Does Bill know?

 

Thanks for the links AltBo. And yes, igfxtray.exe is for the tray icon. There's a fourth item - hkcmd.exe is for the Hot Keys. I have all 4 disabled and my graphics is fine.

 

The same can be said about your reply. rolleyes
I use Windows 7 Ultimate. System Configuration (msconfig) is fine for disabling Startups, but not Services. Read my posts again. In Services I changed the Startup type for BlueStacks first to Manual, and then to Disabled. The latter should stop the app from starting when I double-click the shortcut, but it doesn't. Not only does it start, it changes the Startup type to Automatic.
Using WinPatrol to do the same, makes no difference.

My question was and still is, how do I stop a program like BlueStacks from changing what I do in services? :confused

 

Thank you MattMailer. I understand the difference between Startup in MSCONFIG (System Configuration) and Startup type in Services. MSCONFIG is fine for stopping a program from starting with Windows, but not for stopping a service from running.

I wrongly thought the following to be true in Services:
Automatic = Service will start with Windows.
Manual = Service will start when needed.
Disabled = Service will never start.
Afterall, this makes sense. When I disabled the Bluetooth Support Service, it did not start when the transceiver was plugged in. But it did start when it was set to Manual.

My problem is when I start BlueStacks, the Startup type in Services is changed to Automatic, after I set it to Manual. This applies to both BlueStacks Updater and Android Services.
How do I stop BlueStacks from changing it's Startup type?confused

 

Revo Uninstaller in Advanced Mode is excellent. This is only the second time it let me down. There was no option to not install the Google junk. BlueStacks is an Android Emulator, Android belongs to Google, and Google probably wants a piece of the pie... In a previous post I mentioned CCleaner's Registry Cleaner found and cleared about 30 obsolete entries. That part of the initial problem has been solved.

 

Finally, all along I suspected it's the way BlueStacks has been written. The irony, when I run a tried and trusted program Windows 7 Ultimate hits me with a UAC warning, but when a program changes a Service (this could be dangerous), I get no warning.

BTW, I chose Bluetooth to test the Startup types only because it was the first one to catch my eye. Thanks for your help.

 

I used Revo to uninstall Google Updater and Toolbar which installed without my knowledge. That makes it sneaky junkware. While Android is Google's OS, I don't think :confused BlueStacks has anything to do with Google. Then again, how do you write an emulator for an OS without help from the OS publisher?

I only installed BlueStacks to have a look at Android apps on my PC. Afterall, the PC's 18.5" monitor is so much better than the phone's 3" screen.

 

Your missing the point. I know what UAC is, and I know how to bypass it for a single program without turning it off. I'm just saying, Windows warns about this, but not about that.

 

Eldon...

I feel like there are alot of security holes in Windows like the one you are referring to with BlueStacks. For me right now, it seems like it's part of the price of owning a computer that we have to make posts here and there and watch over our PCs very closely, so we can hopefully work toward having only good software and hands free security.

I guess I have felt for 15+ years that we need a system for program "accredidation" or certification where developers are required to send their finished program for tests to earn the certification. Also, if there were a problem with a program later that could be documented, even then the accredidation board could remove any certification that exists for a program that was once certified but later found to be dangerous. Lots of complications in doing all this I guess, but I do feel like maybe it would be one piece of a multiple piece set of proactive security measures the PC industry could institute.

Eventually, business will demand security, and it will filter down to the rest of us, but, for now, looks like we're stuck fishing around for ways to get rid of bad programs sometimes.

That leads me to this. Under the circumstance, do you plan to get rid of BlueStacks? Haven't done the Googling, but it sounds like rogueware to me. If you disable a service, it should stay off...

 

You have a valid argument. Some years ago Microsoft introduced digitally signing drivers, the so-called Microsoft Windows Hardware Compatibility Publisher. Unfortunately, introducing a similar system for programs that can have 1,000+ files will cost an enormous amount of money and time.

"If you disable a service, it should stay off..." I totally agree. Afterall, what point is there having a 'Disabled' option when it is exactly the same as 'Manual' option? At least in the case of BlueStacks.

Anyhow, I am going to share my experience with BlueStacks in a new thread, after I installed it under Windows XP. I run both Windows 7 and XP on a partitioned Hard Disc.

Thanks to everybody who posted on this thread. I didn't get a solution to the problem, but I learned something. Now if only some of Microsoft's software developers and programmers would sign-up...

 

Yes it does.

 

Oh no! You're killing me. And no, it doesn't. And yes, it should. But not with BlueStacks.

In a nutshell: BlueStacks installs 3 Services, 1 set to Manual, and 2 set to Automatic. I changed the 2 Automatic to Manual, but after opening and closing BlueStacks, I noticed the Startup types were changed back to Automatic.
I then changed them to Disabled and yet BlueStacks still opened when I double-clicked the shortcut, and again changed the Startup type to Automatic.

That's the problem. :confused

 

MMk.

On my machines, it does not work that way. So....

I know this because you can see the service start failure message in event viewer.

 

I am refering only to BlueStacks. MattMailer knows of 2 other programs that display the same behaviour.

 

Now that's a new one. I remember discussions about SASCore I have run across many times. Haven't seen it in 3D like that before. I guess that would be one loophole I wouldn't have believed if I hadn't seen it that way.

On a separate but sort of related issue. I have been working on understanding services and how programs use svchost.exe and System while running discreetly. That's dangerous, because many firewalls see a process as svchost or System when they run that way. svchost and system are approved for behaviors and even internet connections, and many firewalls don't catch this when it happens. Actually, it can happen with any process in theory. Well, there is a test called the Gibson leak test that tests this, but this services issue seems similar in scale and importance to me. I guess overcoming this new strangeness gets added to my list of things to look for in security programs, along with Gibson proof...

 

Interesting, though that is reproducible by not stopping the service after setting the startup type.

Not saying you did. Though I will say I will never use a program that does that.

 

On Win7 x64, stopping and disabling the "SAS Core Service", then launching SUPERAntiSpyware looks like this:



Takes longer for SAS to launch(understandable), and no Explorer context menu entry when "SAS Core Service" is disabled.
Didn't see any "service start failure message" in the event viewer though.

 

I can't post any screenshot because BlueStacks goes 1 better... by starting, and changing the Startup Type!

 

Personally, I would be ridding myself of BlueStacks if it caused me this much trouble. Anything that arbitrarily downloads 180MB of who knows what, would be gone.

What are the display names as well as the actual names(one shown in the properties window) of these "Updater Services"? Earlier you checked in Task Scheduler and said there weren't any "BlueStacks" tasks scheduled. But these "Updater Services" may be listed as something other than "BlueStacks" scheduled task(s).

 

Task Scheduler is not the problem. But, here you go.

1. Majorgeeks - :-o Will leave this 1 for another thread. rolleyes
2. Nero burn Rights - Will remove this useless utility from my PC.
3-10. Self-explanatory.

 

Well then, just play smarter. So you have a service that won't play nice. Just hard-disable it.

HKLM\system\currentcontrolset\services\name_of_service change that to

HKLM\system\currentcontrolset\services\name_of_service_1

Done.

Note: if may require more action then this, this is just a partial stop-gate for this.

 

I don't want to disable BlueStacks. What is the point of having a disabled program on a PC? Uninstall it.

I want BlueStacks to stop changing it's Startup Type from Manual to Automatic, i.e. BlueStacks will start when I run the program. I believe MattMailer nailed it. It has been written into the program, i.e. BlueStacks will check it's Startup Type and if it's not set to Automatic, will change it to such.

The irony is, I don't actually need BlueStacks. It's an Android emulator. I just wanted to have a look at the many available Android apps on my PC. Afterall, my Smartphone doesn't have a 18.5" screen.

PS While I am disappointed that WinPatrol doesn't notify me when BlueStacks starts (and changes it Startup type), it does have the option to "list non-Microsoft Services only". This is invaluable. Thanks go to plodr.

 

Eldon...

I wonder if Private Firewall would solve your problem. Overall, PF gives you the ability to manage 21 different behaviors of each process detected. One of these is "Open processes", meaning that PF will give you the ability to block a process from starting another one.

Of the 21 things you can control about each process, maybe it's possible to regulate somehow the service portion of BlueStacks with one of them. I assume that the BlueStacks service program is separate from the main program, but I know that if the service program runs...whether it starts itself or whether the BlueStacks program runs it, PF will detect the process and tell you what it's trying to do.

If you would like to try this, I will give you the settings for PF that are best for seeing what is happening. There is one setting change from the defaults that improves this alot. Basically, instead of getting a small system tray alert for each behavior that says very little, you get a larger center screen alert with alot of useful info.

You could actually try to see if Blue Stacks even needs the service by blocking all of the service's behaviors. Anyway, PF is only 8 MB to install and try.

 

Thank you so much.

Some time ago I installed Private Firewall under Windows XP, with which I do not connect to the internet. Every program I launched, I recieved a warning. And I uninstalled it. Under Windows 7 Ultimate programs do as they please, i.e. they try to add themselves to the allowed programs in Windows Firewall (yes, there's a warning). Winamp (the greatest music player ever) is 1 of the culprits. Remove Winamp, and the next time it's back. I know Winamp has a built-in browser. But, that's another story. LexMark is another 1. Why do I need to connect to the internet when printing? My printer is 5 years old. I do not need and/or want anything from LexMark. Go away...:mad

I will install the latest Private Firewall, and post what happens. And I will take you up on your offer. Thanks again.

I think I will now uninstall BlueStacks, and install FreeStacks. And I will not start a new thread...:-o

 

Eldon...

NP :-D...

Get ready for the laugh of your life when you see the prompts from PF. I PM you with the details...

 

Thanks. And I'm ready. I am disappointed with the Firewall in the Great rolleyesWindoes 7 Ultimate...

You are never to old to learn - My late Father.

PS It's 11PM. I'm going to enjoy my last cry:cry:cry) beer, and turn in.

 

Eldon...

Me too. On the bright side, PF is so good that I have turned off UAC. PF does all that and a whole lot more. Windows firewall doesn't even compare to PF...

Takes a while to learn fully PF, but if you get down some things, it will come together pretty quickly.

Settings pic I promised is attached...