Acknowledgments

Development of Silent Runners has been admirably assisted by some extremely competent individuals (listed in alphabetical order):

Victor Alter - suggested the procedure to compare two script output files with ExamDiff.

Vesselin Bontchev - has tirelessly suggested additional keys to check, has relentlessly discovered bugs, and has made innumerable suggestions to improve output.

Francis Favorini - provided information that was essential to understanding how the “HKLM/HKCU… Active Setup\Installed Components\” sub-keys work.

Rossano Ferraris - initiated the development of a simple, scripted solution to CoolWebSearch infection and was the first to suggest examination of Group Policy values affecting Active Desktop and Display. His persistence, patience, and cooperation are exemplary.

Peter Ferrie - used his impressive reverse-engineering skills to confirm the code used by Windows to disable a Scheduled Task and demonstrated that HKLM… Explorer\ShellExecuteHooks\ can serve as a launch point. He was also the impetus to get the script to examine WPD (Windows Portable Device) Autoplay Handlers and he helped immeasurably to understand how this launch point is interpreted by Windows. Peter advised about the IniFileMapping launch mechanism and the launch of print monitor drivers in the spool\prtprocs directory tree. His web site can be found here.

Mike Mitchell - was the first to suggest that the script include the Group Policy entries for startup/shutdown/logon/logoff scripts.

Geert Moernaut - suggested several launch points, including HKLM…Winlogon\VmApplet and HKLM…Session Manager\Execute. Geert maintains the Runscanner launch point analyzer. His personal web site can be found here.

Axel Pettinger - revealed the virtues of using Unicode for the SAXPAR report file, which obviated the need for filtering ANSI text for “illegal” characters.

Gonzalo Santizo - prompted the discovery of the Windows 2000 submerged subkeys anomaly.