Silent Runners [r56]

Silent Runners R56 checks four additional values in the HKLM…Control tree and allows IPv6 localhost addresses to be recognized in the HOSTS file. Minor changes have been made to output format.

It is recommended that you download Silent Runners R56 and delete earlier versions.

1. HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath
2. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
3. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Execute
4. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SetupExecute

I added these values for a variety of reasons:

Geert M ( ) recommended that I add 1, 3 and 4. Thanks, Geert!

Microsoft documents #1:…ntry/58555.mspx

An empty value exists by default for #4 in Vista.

I included #3 because, well, Autoruns checks it. (I can’t seem to find anything else about it.)

I’ve saved #2 for last because it’s the most interesting. I thank Jay S. of for bringing it to my attention.

It’s documented by Microsoft here:…784(VS.85).aspx

It turns out that it’s an exceptionally powerful launch point, since it’s accessed during login.

IPv6 localhost notation

Vista includes “::1″ in the HOSTS file to point to localhost. This is
IPv6 shorthand for Thanks to Jules C. for cluing me in.

Vista execution tip

Silent Runners will be able to look at a lot more places in Vista if its run from an Administrative-level command prompt.

To get to such a command prompt, right-click on “Command Prompt” in the Start menu and choose “Run as Administrator”. After clicking through the UA alert, cd to the Silent Runners directory and issue the following command: cscript “Silent Runners.vbs”

Note that the quotes are mandatory.

The launch points list on the web site has been updated.

The updated script (R56) can be found here:

A zipped version can be found here:

Ad-aware Definition File Update for SE & LS 2007 Builds 27.02.08

LS 2007 users may use the web update feature to obtain this definition file.
SE users *must* manually update using one of the two below URLs >

Please see the below URL for additional information regarding this update >