wklejto.pl

Dodane przez: ~Technomaro (2019-11-16 13:54) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473.
474.
475.
476.
477.
478.
479.
480.
481.
482.
483.
484.
485.
486.
487.
488.
489.
490.
491.
492.
493.
494.
495.
496.
497.
498.
499.
500.
501.
502.
503.
504.
505.
506.
507.
508.
509.
510.
511.
512.
513.
514.
515.
516.
517.
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
581.
582.
583.
584.
585.
586.
587.
588.
589.
590.
591.
592.
593.
594.
595.
596.
597.
598.
599.
600.
601.
602.
603.
604.
605.
606.
607.
608.
609.
610.
611.
612.
613.
614.
615.
616.
617.
618.
619.
620.
621.
622.
623.
624.
625.
626.
627.
628.
629.
630.
631.
632.
633.
634.
635.
636.
637.
638.
639.
640.
641.
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
695.
696.
697.
698.
699.
700.
701.
702.
703.
704.
705.
706.
707.
708.
709.
710.
711.
712.
713.
714.
715.
716.
717.
718.
719.
720.
721.
722.
723.
724.
725.
726.
727.
728.
729.
730.
731.
732.
733.
734.
735.
736.
737.
738.
739.
740.
741.
742.
743.
744.
745.
746.
747.
748.
749.
750.
751.
752.
753.
754.
755.
756.
757.
758.
759.
760.
761.
762.
763.
764.
765.
766.
767.
768.
769.
770.
771.
772.
773.
774.
775.
776.
777.
778.
779.
780.
781.
782.
783.
784.
785.
786.
787.
788.
789.
790.
791.
792.
793.
794.
795.
796.
797.
798.
799.
800.
801.
802.
803.
804.
805.
806.
807.
808.
809.
810.
811.
812.
813.
814.
815.
816.
817.
818.
819.
820.
821.
822.
823.
824.
825.
826.
827.
828.
829.
830.
831.
832.
833.
834.
835.
836.
837.
838.
839.
840.
841.
842.
843.
844.
845.
846.
847.
848.
849.
850.
851.
852.
853.
854.
855.
856.
857.
858.
859.
860.
861.
862.
863.
864.
865.
866.
867.
868.
869.
870.
871.
872.
873.
874.
875.
876.
877.
878.
879.
880.
881.
882.
883.
884.
885.
886.
887.
888.
889.
890.
891.
892.
893.
894.
895.
896.
897.
898.
899.
900.
901.
902.
903.
904.
905.
906.
907.
908.
909.
910.
911.
912.
913.
914.
915.
916.
917.
918.
919.
920.
921.
922.
923.
924.
925.
926.
927.
928.
929.
930.
931.
932.
933.
934.
935.
936.
937.
938.
939.
940.
941.
942.
943.
944.
945.
946.
947.
948.
949.
950.
951.
952.
953.
954.
955.
956.
957.
958.
959.
960.
961.
962.
963.
964.
965.
966.
967.
968.
969.
970.
971.
972.
973.
974.
975.
976.
977.
978.
979.
980.
981.
982.
983.
984.
985.
986.
987.
988.
989.
990.
991.
992.
993.
994.
995.
996.
997.
998.
999.
1000.
1001.
1002.
1003.
1004.
1005.
1006.
1007.
1008.
1009.
1010.
1011.
1012.
1013.
1014.
1015.
1016.
1017.
1018.
1019.
1020.
1021.
1022.
1023.
1024.
1025.
1026.
1027.
1028.
1029.
1030.
1031.
1032.
1033.
1034.
1035.
1036.
1037.
1038.
1039.
1040.
1041.
1042.
1043.
1044.
1045.
1046.
1047.
1048.
1049.
1050.
1051.
1052.
1053.
1054.
1055.
1056.
1057.
1058.
1059.
1060.
1061.
1062.
1063.
1064.
1065.
1066.
1067.
1068.
1069.
1070.
1071.
1072.
1073.
1074.
1075.
1076.
1077.
1078.
1079.
1080.
1081.
1082.
1083.
1084.
1085.
1086.
1087.
1088.
1089.
1090.
1091.
1092.
1093.
1094.
1095.
1096.
1097.
1098.
1099.
1100.
1101.
1102.
1103.
1104.
1105.
1106.
1107.
1108.
1109.
1110.
1111.
1112.
1113.
1114.
1115.
1116.
1117.
1118.
1119.
1120.
1121.
1122.
1123.
1124.
1125.
1126.
1127.
1128.
1129.
1130.
1131.
1132.
1133.
1134.
1135.
1136.
1137.
1138.
1139.
1140.
1141.
1142.
1143.
1144.
1145.
1146.
1147.
1148.
1149.
1150.
1151.
1152.
1153.
1154.
1155.
1156.
1157.
1158.
1159.
1160.
1161.
1162.
1163.
1164.
1165.
1166.
1167.
1168.
1169.
1170.
1171.
1172.
1173.
1174.
1175.
1176.
1177.
1178.
1179.
1180.
1181.
1182.
1183.
1184.
1185.
1186.
1187.
1188.
1189.
1190.
1191.
1192.
1193.
1194.
1195.
1196.
1197.
1198.
1199.
1200.
1201.
1202.
1203.
1204.
1205.
1206.
1207.
1208.
1209.
1210.
1211.
1212.
1213.
1214.
1215.
1216.
1217.
1218.
1219.
1220.
1221.
1222.
1223.
1224.
1225.
1226.
1227.
1228.
1229.
1230.
1231.
1232.
1233.
1234.
1235.
1236.
1237.
1238.
1239.
1240.
1241.
1242.
1243.
1244.
1245.
1246.
1247.
1248.
1249.
1250.
1251.
1252.
1253.
1254.
1255.
1256.
1257.
1258.
1259.
1260.
1261.
1262.
1263.
1264.
1265.
1266.
1267.
1268.
1269.
1270.
1271.
1272.
1273.
1274.
1275.
1276.
1277.
1278.
1279.
1280.
1281.
1282.
1283.
1284.
1285.
1286.
1287.
1288.
1289.
1290.
1291.
1292.
1293.
1294.
1295.
1296.
1297.
1298.
1299.
1300.
1301.
1302.
1303.
1304.
1305.
1306.
1307.
1308.
1309.
1310.
1311.
1312.
1313.
1314.
1315.
1316.
1317.
1318.
1319.
1320.
1321.
1322.
1323.
1324.
1325.
1326.
1327.
1328.
1329.
1330.
1331.
1332.
1333.
1334.
1335.
1336.
1337.
1338.
1339.
1340.
1341.
1342.
1343.
1344.
1345.
1346.
1347.
1348.
1349.
1350.
1351.
1352.
1353.
1354.
1355.
1356.
1357.
1358.
1359.
1360.
1361.
1362.
1363.
1364.
1365.
1366.
1367.
1368.
1369.
1370.
1371.
1372.
1373.
1374.
1375.
1376.
1377.
1378.
1379.
1380.
1381.
1382.
1383.
1384.
1385.
1386.
1387.
1388.
1389.
1390.
1391.
1392.
1393.
1394.
1395.
1396.
1397.
1398.
1399.
1400.
1401.
1402.
1403.
1404.
1405.
1406.
1407.
1408.
1409.
1410.
1411.
1412.
1413.
1414.
1415.
1416.
1417.
1418.
1419.
1420.
1421.
1422.
1423.
1424.
1425.
1426.
1427.
1428.
1429.
1430.
1431.
1432.
1433.
1434.
1435.
1436.
1437.
1438.
1439.
1440.
1441.
1442.
1443.
1444.
1445.
1446.
1447.
1448.
1449.
1450.
1451.
1452.
1453.
1454.
1455.
1456.
1457.
1458.
1459.
1460.
1461.
1462.
1463.
1464.
1465.
1466.
1467.
1468.
1469.
1470.
1471.
1472.
1473.
1474.
1475.
1476.
1477.
1478.
1479.
1480.
1481.
1482.
1483.
1484.
1485.
1486.
1487.
1488.
1489.
1490.
1491.
1492.
1493.
1494.
1495.
1496.
1497.
1498.
1499.
1500.
1501.
1502.
1503.
1504.
1505.
1506.
1507.
1508.
1509.
1510.
1511.
1512.
1513.
1514.
1515.
1516.
1517.
1518.
1519.
1520.
1521.
1522.
1523.
1524.
1525.
1526.
1527.
1528.
1529.
1530.
1531.
1532.
1533.
1534.
1535.
1536.
1537.
1538.
1539.
1540.
1541.
1542.
1543.
1544.
1545.
1546.
1547.
1548.
1549.
1550.
1551.
1552.
1553.
1554.
1555.
1556.
1557.
1558.
1559.
1560.
1561.
1562.
1563.
1564.
1565.
1566.
1567.
1568.
1569.
1570.
1571.
1572.
1573.
1574.
1575.
1576.
1577.
1578.
1579.
1580.
1581.
1582.
1583.
1584.
1585.
1586.
1587.
1588.
1589.
1590.
1591.
1592.
1593.
1594.
1595.
1596.
1597.
1598.
1599.
1600.
1601.
1602.
1603.
1604.
1605.
1606.
1607.
1608.
1609.
1610.
1611.
1612.
1613.
1614.
1615.
1616.
1617.
1618.
1619.
1620.
1621.
1622.
1623.
1624.
1625.
1626.
1627.
1628.
1629.
1630.
1631.
1632.
1633.
1634.
1635.
1636.
1637.
1638.
1639.
1640.
1641.
1642.
1643.
1644.
1645.
1646.
1647.
1648.
1649.
1650.
1651.
1652.
1653.
1654.
1655.
1656.
1657.
1658.
1659.
1660.
1661.
1662.
1663.
1664.
1665.
1666.
1667.
1668.
1669.
1670.
1671.
1672.
1673.
1674.
1675.
1676.
1677.
1678.
1679.
1680.
1681.
1682.
1683.
1684.
1685.
1686.
1687.
1688.
1689.
1690.
1691.
1692.
1693.
1694.
1695.
1696.
1697.
1698.
1699.
1700.
1701.
1702.
1703.
1704.
1705.
1706.
1707.
1708.
1709.
1710.
1711.
1712.
1713.
1714.
1715.
1716.
1717.
1718.
1719.
1720.
1721.
1722.
1723.
1724.
1725.
1726.
1727.
1728.
1729.
1730.
1731.
1732.
1733.
1734.
1735.
1736.
1737.
1738.
1739.
1740.
1741.
1742.
1743.
1744.
1745.
1746.
1747.
1748.
1749.
1750.
1751.
1752.
1753.
1754.
1755.
1756.
1757.
1758.
1759.
1760.
1761.
1762.
1763.
1764.
1765.
1766.
1767.
1768.
1769.
1770.
1771.
1772.
1773.
1774.
1775.
1776.
1777.
1778.
1779.
1780.
1781.
1782.
1783.
1784.
1785.
1786.
1787.
1788.
1789.
1790.
1791.
1792.
1793.
1794.
1795.
1796.
1797.
1798.
1799.
1800.
1801.
1802.
1803.
1804.
1805.
1806.
1807.
1808.
1809.
1810.
1811.
1812.
1813.
1814.
1815.
1816.
1817.
1818.
1819.
1820.
1821.
1822.
1823.
1824.
1825.
1826.
1827.
1828.
1829.
1830.
1831.
1832.
1833.
1834.
1835.
1836.
1837.
1838.
1839.
1840.
1841.
1842.
1843.
1844.
1845.
1846.
1847.
1848.
1849.
1850.
1851.
1852.
1853.
1854.
1855.
1856.
1857.
1858.
1859.
1860.
1861.
1862.
1863.
1864.
1865.
1866.
1867.
1868.
1869.
1870.
1871.
1872.
1873.
1874.
1875.
1876.
1877.
1878.
1879.
1880.
1881.
1882.
1883.
1884.
1885.
1886.
1887.
1888.
1889.
1890.
1891.
1892.
1893.
1894.
1895.
1896.
1897.
1898.
1899.
1900.
1901.
1902.
1903.
1904.
1905.
1906.
1907.
1908.
1909.
1910.
1911.
1912.
1913.
1914.
1915.
1916.
1917.
1918.
1919.
1920.
1921.
1922.
1923.
1924.
1925.
1926.
1927.
1928.
1929.
1930.
1931.
1932.
1933.
1934.
1935.
1936.
1937.
1938.
1939.
1940.
1941.
1942.
1943.
1944.
1945.
1946.
1947.
1948.
1949.
1950.
1951.
1952.
1953.
1954.
1955.
1956.
1957.
1958.
1959.
1960.
1961.
1962.
1963.
1964.
1965.
1966.
1967.
1968.
1969.
1970.
1971.
1972.
1973.
1974.
1975.
1976.
1977.
1978.
1979.
1980.
1981.
1982.
1983.
1984.
1985.
1986.
1987.
1988.
1989.
1990.
1991.
1992.
1993.
1994.
1995.
1996.
1997.
1998.
1999.
2000.
2001.
2002.
2003.
2004.
2005.
2006.
2007.
2008.
2009.
2010.
2011.
2012.
2013.
2014.
2015.
2016.
2017.
2018.
2019.
2020.
2021.
2022.
2023.
2024.
2025.
2026.
2027.
2028.
2029.
2030.
2031.
2032.
2033.
2034.
2035.
2036.
2037.
2038.
2039.
2040.
2041.
2042.
2043.
2044.
2045.
2046.
2047.
2048.
2049.
2050.
2051.
2052.
2053.
2054.
2055.
2056.
2057.
2058.
2059.
2060.
2061.
2062.
2063.
2064.
2065.
2066.
2067.
2068.
2069.
2070.
2071.
2072.
2073.
2074.
2075.
2076.
2077.
2078.
2079.
2080.
2081.
2082.
2083.
2084.
2085.
2086.
2087.
2088.
2089.
2090.
2091.
2092.
2093.
2094.
2095.
2096.
2097.
2098.
2099.
2100.
2101.
2102.
2103.
2104.
2105.
2106.
2107.
2108.
2109.
2110.
2111.
2112.
2113.
2114.
2115.
2116.
2117.
2118.
2119.
2120.
2121.
2122.
2123.
2124.
2125.
2126.
2127.
2128.
2129.
2130.
2131.
2132.
2133.
2134.
2135.
2136.
2137.
2138.
2139.
2140.
2141.
2142.
2143.
2144.
2145.
2146.
2147.
2148.
2149.
2150.
2151.
2152.
2153.
2154.
2155.
2156.
2157.
2158.
2159.
2160.
2161.
2162.
2163.
2164.
2165.
2166.
2167.
2168.
2169.
2170.
2171.
2172.
2173.
2174.
2175.
2176.
2177.
2178.
2179.
2180.
2181.
2182.
2183.
2184.
2185.
2186.
2187.
2188.
2189.
2190.
2191.
2192.
2193.
2194.
2195.
2196.
2197.
2198.
2199.
2200.
2201.
2202.
2203.
2204.
2205.
2206.
2207.
„Silent Runners.vbs - dowiedz się, co uruchamia się w systemie Windows!
'(kompatybilny z Windows 95/98 / Millennium / NT 4.0 Workstation / NT 4.0 Server / 2000/2000 Server /
”oraz w 32- i 64-bitowych wersjach XP / Server 2003 / Vista / 7/8/10 / Server 2008) 
„
„NIE USUWAJ TEGO NAGŁÓWKA!
„
„Prawa autorskie Andrew ARONOFF 15 kwietnia 2018 r., Http://www.silentrunners.org/
„Ten skrypt jest dostarczany bez żadnej gwarancji, wyraźnej lub dorozumianej
„Nie można go kopiować ani rozpowszechniać bez pozwolenia
„
'** UŻYWAJ TEGO PISMU NA WŁASNE RYZYKO! ** (KONIEC NAGŁÓWKA)
 
Opcja Jawna
 
Dim strRevNo: strRevNo = "72"
 
Public flagTest: flagTest = False 'Prawda, jeśli jest w trybie testowym
'flagTest = True' Odkomentowanie przejścia w tryb testowy
Public arSecTest: arSecTest = Array () 'tablica numerów sekcji do przetestowania 
 
„Ten skrypt jest podzielony na 36 sekcji.
 
„punkty uruchamiania złośliwego oprogramowania:
„klucze rejestru (1-17, 19, 22)
„Pliki INI / INF (20–21, 23)
„foldery (24–25)
„włączone zaplanowane zadania (26)
„Biblioteki DLL dostawcy usług Winsock2 (27)
„Paski narzędzi IE, paski eksploratora, rozszerzenia (28)
„rozpoczęte usługi (32)
„sterowniki i usługi w trybie awaryjnym (33)
„narzędzia ułatwień dostępu (34)
„filtry sterowników klawiatury (35)
„monitory wydruku (36)
 
„punkty przejęcia:
„Zasady systemu / grupy (18)
„prefiksy dla adresów URL IE (29)
„różne punkty IE (30)
„Plik HOSTS (31)
 
„Wyjście jest pomijane, jeśli zostanie uznane za normalne, chyba że użyto parametru -all 
„Sekcja 23 jest pomijana, chyba że zastosowano parametry -supp / -all lub 
„na pierwsze okno komunikatu zostanie udzielona odpowiedź„ Nie ”, a na następne okno komunikatu„ Tak ”
 
„1. HKCU / HKLM / HKLM-WOW ... Uruchom
„HKCU / HKLM ... RunOnce / RunOnce \ Setup / RunOnceEx
„HKLM ... RunServices / RunServicesOnce
„HKCU / HKLM ... Policies \ Explorer \ Run
'2. HKLM / HKLM-WOW ... Aktywna konfiguracja \ Zainstalowane komponenty
„HKCU / HKCU-WOW ... Aktywna konfiguracja \ Zainstalowane komponenty
'(StubPath <> „” I wersja HKLM #> wersja HKCU #)
'3. HKLM / HKLM-WOW ... Explorer \ Browser Helper Objects
„4. HKCU / HKLM / HKLM-WOW ... Explorer \ ShellIconOverlayIdentifiers
„5. HKCU / HKLM / HKLM-WOW ... Explorer \ ShellServiceObjects
„6. HKCU / HKLM / HKLM-WOW ... Rozszerzenia powłoki \ Zatwierdzone
„7. HKLM / HKLM-WOW ... Explorer \ DeviceNotificationCallbacks / SharedTaskScheduler / ShellExecuteHooks
„8. HKCU / HKLM / HKLM-WOW ... ShellServiceObjectDelayLoad
„9. HKCU / HKLM / HKLM-WOW ... Command Processor \ AutoRun
'HKCU ... Policies \ System \ Shell (tylko W2K / WXP / WVa / Wn7)
„HKCU ... Windows \ load & run
„HKLM / HKLM-WOW ... Windows \ AppInit_DLLs
„HKLM ... Windows NT ... Aedebug
„HKCU / HKLM ... Windows NT ... Winlogon \ Shell
'HKLM ... Windows NT ... Winlogon \ Userinit, System, Ginadll, Taskman, VmApplet 
„HKLM ... Control \ ServiceControlManagerExtension
„HKLM ... Control \ BootVerificationProgram \ ImagePath
„HKLM ... Control \ Lsa \ Pakiety uwierzytelniania
„HKLM ... Control \ Lsa \ Notification Packages
„HKLM ... Control \ Lsa \ Security Packages
'HKLM ... Control \ SafeBoot \ Option \ UseAlternateShell
„HKLM ... Control \ SafeBoot \ AlternateShell
„HKLM ... Control \ SecurityProviders \ SecurityProviders
„HKLM ... Control \ Session Manager \ BootExecute
„HKLM ... Control \ Session Manager \ Execute
„HKLM ... Control \ Session Manager \ SetupExecute
„HKLM ... Control \ Session Manager \ WOW \ cmdline, wowcmdline
„10. HKLM ... Uwierzytelnianie \ Filtry dostawcy poświadczeń / Dostawcy poświadczeń / Dostawcy PLAP
„11. HKLM ... Windows NT ... Winlogon \ Notify podklucz DLLName wartości
„12. HKLM ... Windows NT ... Winlogon \ GPExtensions GUID podklucza
„13. HKLM / HKLM-WOW ... Windows NT ... Opcje wykonywania pliku obrazu (wartości „Debugger”)
„14. HKCU / HKLM ... Zasady ... Skrypty uruchamiania / zamykania, logowania / wylogowywania (W2K / WXP / WVa / Wn7)
„15. HKCU / HKLM PROTOCOLS \ Filter & PROTOCOLS \ Handler
„16. Rozszerzenia powłoki menu kontekstowego
„17. Typ pliku wykonywalnego HKCU / HKLM (bat / cmd / com / exe / hta / pif / scr)
„18. Zasady systemowe / grupowe
„19. Włączone tapety i wygaszacz ekranu
„20. Ładowanie / uruchamianie WIN.INI, powłoka SYSTEM.INI / scrnsave.exe, WINSTART.BAT, IniFileMapping
„21. AUTORUN.INF w katalogu głównym lokalnych stałych dysków
„22. HKLM ... Explorer \ AutoplayHandlers \ Handlers
„23. DESKTOP.INI w dowolnym lokalnym katalogu na dysku stałym (sekcja jest domyślnie pomijana)
„24. Katalogi startowe
„25. Gadżety paska bocznego systemu Windows
„26. Włączone zaplanowane zadania
„27. Biblioteki DLL dostawcy usług Winsock2
„28. Paski narzędzi Internet Explorera, paski eksploratora, rozszerzenia
„29. Prefiksy adresów URL programu Internet Explorer
„30. Różne. Punkty przejęcia IE
„31. Plik HOSTS
„32. Rozpoczęte usługi
„33. Sterowniki i usługi w trybie awaryjnym
„34. Narzędzia ułatwień dostępu
„35. Filtry sterowników klawiatury
„36. Drukuj Monitory
 
„Sekcja Wykrywanie konfiguracji
 
„Dim (123)
„Błąd tworzenia FileSystemObject (143)
„CScript / WScript (173)
„Dim (202)
„GetFileVersion (WinVer.exe) (VBScript 5.1) (336)
„WMI (388)
„Wersja systemu operacyjnego (419)
„bitness (522)
„Ponowne uruchomienie WVa / Wn7 z uprawnieniami administratora (592)
argumenty wiersza poleceń (636)
„dodatkowe wyszukiwanie MsgBox (714)
'startup Popup (751)
„Błąd CreateTextFile (780)
„nagłówek pliku wyjściowego (818)
 
Dim Wshso: Ustaw Wshso = WScript.CreateObject („WScript.Shell”)
Dim WshoArgs: Ustaw WshoArgs = WScript.Arguments
Dim oNetwk: Ustaw oNetwk = WScript.CreateObject („WScript.Network”)
Dim oShellApp
Dim intErrNum, intMB, intMB1 'Err.Number, Zwracana wartość MsgBox x 2
Dim strURL 'pobierz URL
Dim strflagTest: strflagTest = ""
Dim flagOut
 
„stałe
Stała DQ = „” „”, SP = „”, BS = „\”, HKCU = i H80000001, HKLM = i H80000002, KQV = i H1, KSV = i H2 
Stała strHKLM = „HKLM”, strHKCU = „HKCU”
Stała REG_SZ = 1, REG_EXPAND_SZ = 2, REG_BINARY = 3, REG_DWORD = 4, REG_MULTI_SZ = 7, REG_QWORD = 11 
Stała REG_SZ_NO_CN = 9 'utwórz ten typ wartości reg, aby uniknąć nazwy CoName
                      'szukaj ciągów, które nie są nazwami plików
Stała MS = „[MS]”, LBr = „{”
Const IWarn = „<<! >>”, HWarn = „<<H>>”
Const SysFolder = 1, WinFolder = 0
Stała LIP = „...” elLIPsis
 
Po błędzie Wznów dalej
 Dim Fso: Set Fso = CreateObject ("Scripting.FileSystemObject")
 intErrNum = Err.Number: Err.Clear
W przypadku błędu GoTo 0
 
Jeśli intErrNum <> 0 wtedy
 
 strURL = "http://bit.ly/JIZp7"
 
 intMB = MsgBox (DQ i „Silent Runners” oraz DQ i _
  „nie może uzyskać dostępu do usług plików kluczowych dla” & vbCRLF & _
  „prawidłowe działanie skryptu”. & vbCRLF i vbCRLF i _
  „Jeśli korzystasz z systemu Windows XP, upewnij się, że” & _
  vbCRLF i DQ oraz „Usługi kryptograficzne” oraz DQ i _
  „usługa jest uruchomiona”. & vbCRLF i vbCRLF i _
  „Możesz także spróbować ponownie zainstalować najnowszą wersję MS” & _
  vbCRLF i „Windows Script Host”. & vbCRLF i vbCRLF i _
  „Naciśnij” i DQ oraz „OK” i DQ & ”, aby skierować przeglądarkę do„ & _ 
  „witryna pobierania” lub „& vbCRLF & Space (10) i DQ &„ Cancel ”& _
  DQ & „quit.”, VbOKCancel + vbCritical, _
  „Nie można uzyskać dostępu do FileSystemObject!”)
 
  „jeśli dl chce teraz, wyślij przeglądarkę na stronę dl
 Jeśli intMB = 1, to Wshso.Run strURL
 
 WScript.Quit
 
End If
 
„ustal, czy dane wyjściowe są przesyłane za pośrednictwem MsgBox / PopUp lub Echo
Jeśli InStr (LCase (WScript.FullName), „wscript.exe”)> 0 to
 flagOut = „W” WScript
ElseIf InStr (LCase (WScript.FullName), „cscript.exe”)> 0 Następnie
 flagOut = „C” CScript
W przeciwnym razie echo i kontynuuj, jeśli to działa
 flagOut = "C" 'zakłada zgodność z CScript
 WScript.Echo „Ani”, DQ, „WSCRIPT.EXE”, DQ, „nor”, ​​_
  DQ i „CSCRIPT.EXE” i DQ & ”zostały wykryte jako„ & _ 
  „host skryptu”. & vbCRLF i DQ oraz „Silent Runners” i DQ & _
  „przyjmie, że host skryptu jest kompatybilny z CSCRIPT i” i vbCRLF i _
  „używaj WScript.Echo dla wszystkich wiadomości.”
Host skryptu End If
 
Jeśli flagTest To
 
 strflagTest = "TEST"
 
 Jeśli flagOut = „W”, to
  Wshso.Popup „Silent Runners jest w trybie testowym.”, 1, _
      „Testowanie, testowanie, 1-2-3 ...”, vbOKOnly + vbExclamation
 Jeszcze
  WScript.Echo „Silent Runners jest w trybie testowym”. i vbCRLF
 End If 'flagOut?
 
End If 'flagTest?
 
„tablice
„Uruchom klucze / nazwy, klucze, podklucze, typ wartości, dostawcy zabezpieczeń, filtry protokołów, 
'wartości, argumenty skryptu kopiowane
Dim arRunKeys, arNames, arKeys, arSubKeys, arType, arSP (), arFilter (), arValues, arArgsCopy () 
Dim arSK, arSKk, słownik arSKi, klucze, przedmioty
'znaleziono tablicę dynamiczną CLSID InprocServer32 DLL
Publiczny arIPSDLL ()
'dozwolone CLSID i IPSDLLs dynamiczne tablice kluczy, dynamiczne podklucze Explorer 
Dim arAllowedCLSID (), arAllowedDlls (), arExpSubKeys () 
„Tablica podkatalogów DeskTop.Ini, Tablica błędów podkatalogów, Tablica błędów 
„Rozpoznane nazwy GP, dozwolone nazwy GP, narzędzia ułatwień dostępu
Dim arSUFN, nazwy folderów startowych arSUFDN / nazwy wyświetlane
Publiczne arSDDTI (), arSDErr (), arErr (), arRecNames (), arAllowedNames (), arAcc ()
„tablica ula
Artykuły publiczne (1,1)
arHives (0,0) = „HKCU”: arHives (1,0) = „HKLM”
arHives (0,1) = i H80000001: arHives (1,1) = i H80000002
 
liczniki
Liczniki Dim i, j, k, ii, jj, kk, intKey 'x 7
„DeskTop.Ini licznik, licznik błędów x 2, dane klas Licznik gałęzi 
Publiczne ctrArDTI, ctrArErr, ctrErr, ctrCH
Licznik intCnt publiczny
Publiczny licznik folderów ctrFo: ctrFo = 0 '
Public intSection: intSection = 0 'counter counter
 
„obiekty
Dim colOS, oOS  'OS collection/object
Public oReg  'WMI registry object
Dim colDisks  'hard disk collection
'startup folder file, startup file shortcut, startup folder 
Dim oSUFi, oSUSC, oSUF
Dim oTempFi  'temp file object
Dim oRoot  'drive root directory
Dim oOFFo  'output file folder
 
'string variables
Public strOS : strOS = "Unknown"
Public strOSSS : strOSSS = "Unknown"  'OS SubSet
Public strOSLong : strOSLong = "Unknown"
Public strPgmFilesDir : strPgmFilesDir = Wshso.ExpandEnvironmentStrings("%PROGRAMFILES%") 
Public strFPWF : strFPWF = Fso.GetSpecialFolder(WinFolder).Path  'FullPathWindowsFolder 
Public strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path  'FullPathSystemFolder 
Dim strSysVer  'Winver.exe version number
Dim strArgUAC  'argument passed with elevated privileges
'temp directory file name, temp file contents, temp strings x 3 
Dim strTempFN, strTempFC, strTemp, strTemp1, strTemp2
Dim strArgs : strArgs = ""  'concatenated script arguments 
'HKCU/HKLM CLSID Lower Limit, default is HKLM for OS > NT4
'key array member x 2
Dim strMemKey, strMemSubKey 
'values x 9
Dim strValue, strValue1, strValue2, strValue3, strValue4, strValue5, strValue6 
Dim strVal, strCmd, strIPSDLL, strHashValue
'name, single character, array member, temp var 
Dim strName, strChr, strArMember, strTmp, strTmp2
'ProgID value, context menu shell extension class/handler/allowed DLLs
Dim strProgID, strClass, strHandler, strAllowedDlls
'output string x 3
Public strOut, strOut1, strOut2
Public strAbbrevValue  'value name without type prefix
'output file msg x 2, warning string, title line
Dim strLine, strLine1, strLine2, strWarn, strTitleLine
'register key x 3, sub-key, CLSID key
Dim strKey, strKey1, strKey2, strSubKey, strCLSIDKey
'output file name string (incl. path), file name (wo path),
'PIF path string, single binary character
Dim strFN, strFNNP, strPIFTgt, bin1C
Dim strRptOutput : strRptOutput = "Output limited to non-default values, " &_
 "except where indicated by " & DQ & "{++}" & DQ  'output file string
Public strTitle : strTitle = ""
Public strSubTitle : strSubTitle = ""
Public strSubSubTitle : strSubSubTitle = ""
Dim strDLL, strCN  'DLL name, company name
'string to signal all output by default
Public strAllOutDefault : strAllOutDefault = ""
Dim strCTHL  'CLSID Title Hive Location Prefix (SW\Classes or SW\Wow6432Node\Classes) 
 
Dim ScrPath : ScrPath = Fso.GetParentFolderName(WScript.ScriptFullName)
If Right(ScrPath,1) <> "\" Then ScrPath = ScrPath & BS 
'initialize Path of Output File Folder to script path
Dim strPathOFFo : strPathOFFo = ScrPath
 
'integer variables
'error numbers x 13
Dim intErrNum0, intErrNum1, intErrNum2, intErrNum3, intErrNum4, intErrNum5, intErrNum6, intErrNum7 
Dim intErrNum8, intErrNum9, intErrNum10, intErrNum11, intErrNum12, intErrNum13 
Public intCLL : intCLL = 0
Dim intBits : intBits = 32  '32- or 64-bit OS
Dim intHKE  'Hive Key Enabler
Dim intLBSP  'Last BackSlash Position in path string
Dim intSS  'lowest sort subscript
Dim intType  'value type
Dim intCTHLS  'CLSID Title Hive Location Spaces 
Dim intCS : intCS = 19  'CLSID Spaces 
Dim intCWS : intCWS = 25  'CLSID Wow Spaces
Dim intValue, intValue1, intValue2  'values x 3 
 
'flags
Dim flagGP : flagGP = False  'assume Group Policies cannot be set in the OS
Dim flagElevated : flagElevated = False  'existence of elevated privileges in WVa/Wn7 
'infection/hijack warning detection flags -- add footer note if True
Public flagIWarn : flagIWarn = False
Public flagHWarn : flagHWarn = False
'TRUE if show all output (default values not filtered) 
Public flagShowAll : flagShowAll = False
Dim flagAccess : flagAccess = False
Public flagNames : flagNames = False  'existence of names under a key
Public flagInfect : flagInfect = False  'flag infected condition
Dim flagMatch  'flag matching keys
Dim flagAllow  'flag key on approved list
Dim flagFound  'flag something that exists
Public flagValueFound  'flag value that exists in Registry
Dim flagDirArg : flagDirArg = False  'presence of output directory argument 
Dim flagIsCLSID : flagIsCLSID = False  'true if argument in CLSID format 
Dim flagTitle  'True if title has already been written
Dim flagAllArg : flagAllArg = False  'presence of all output argument 
Dim flagArray  'flag array containing elements
Public flagSupp : flagSupp = False  'do *not* check for DESKTOP.INI in all 
                                    'directories of local fixed disks
Public flagWOW : flagWOW = False  'True if in 32-bit environment under 64-bit OS 
 
'times
Public datLaunch : datLaunch = Now  'script launch time
'ref time, time taken by 2 pop-up boxes
Public datRef : datRef = 0
Public datPUB1 : datPUB1 = 0 : Public datPUB2 : datPUB2 = 0
 
'set up argument usage message string
Dim strLSp, strCSp  'Leading Spaces, Centering Spaces
strLSp = Space(4) : strCSp = Space(33)  'WScript spacing
If flagOut = "C" Then  'CScript spacing
 strLsp = Space(3) : strCSp = Space(28)
End If
 
'Winver.exe is in \Windows under W98, but in \System32 for other OS's
'trap GetFileVersion error for VBScript version < 5.1
On Error Resume Next
 If Fso.FileExists (strFPSF & "\Winver.exe") Then
  strSysVer = Fso.GetFileVersion(strFPSF & "\Winver.exe")
 Else
  strSysVer = Fso.GetFileVersion(strFPWF & "\Winver.exe")
 End If
 intErrNum = Err.Number : Err.Clear
On Error GoTo 0
 
'if GetFileVersion returns error due to old WSH version
If intErrNum <> 0 Then
 
 'store dl URL
 strURL = "http://bit.ly/JIZp7"
 
 'if using WScript
 If flagOut = "W" Then
 
  'explain the problem
  intMB = MsgBox ("This script requires Windows Script Host (WSH) 5.1 " &_ 
   "or higher to run." &_
   vbCRLF & vbCRLF &_
   "If you're running Windows 95, 98, or NT 4.0, WSH is no longer available" &_
   vbCRLF & "from Microsoft." &_ 
   vbCRLF & vbCRLF &_
   "If you're running Windows XP, press " & DQ & "OK" &_
   DQ & " to direct" & vbCRLF &_
   "your browser to Microsoft to download WSH 5.7 or " & DQ & "Cancel" & DQ & " to quit." &_
   vbCRLF & vbCRLF &_
   "BTW, WMI is also required. If it's missing, download instructions will" & vbCRLF &_ 
   "appear later.", vbOKCancel + vbExclamation, _
   "Unsupported WSH Version!") 
 
  'if dl wanted now, send browser to dl site
  If intMB = 1 Then Wshso.Run strURL
 
 'if using CScript
 Else  'flagOut = "C"
 
  'explain the problem
  WScript.Echo DQ & "Silent Runners" & DQ & " requires " &_
   "Windows Script Host 5.1 or higher to run." & vbCRLF & vbCRLF &_
  "It can be downloaded at: " & strURL
 
 End If  'WScript or CScript?
 
 'quit the script
 WScript.Quit
 
End If  'VBScript version error encountered?
 
'test for WMI connection; use WMI to find OS & SP#
On Error Resume Next
 'get the OS collection
 Set colOS = GetObject("winmgmts:\root\cimv2").ExecQuery _
  ("Select * from Win32_OperatingSystem")
 
 intErrNum = Err.Number
On Error GoTo 0
 
If intErrNum <> 0 Then
 
 intMB = MsgBox (DQ & "Silent Runners" & DQ & " cannot use WMI to " &_
  "identify the operating system." & vbCRLF & "Either WMI is missing or " &_
  "corrupt." &_
  vbCRLF & vbCRLF &_
  "If you're using Windows 95/98/98 SE, then WMI may not be installed." & vbCRLF &_
  "It can be downloaded here: http://tinyurl.com/jbxe" & vbCRLF & vbCRLF &_ 
  "If you're using Windows NT 4.0, WMI can be downloaded here:" & vbCRLF &_ 
  "http://tinyurl.com/7wd7" & vbCRLF & vbCRLF &_
  "If WMI *is* installed, it may be corrupt. WMI is complex and it's" & vbCRLF &_ 
  "recommended that you use a Microsoft tool, " & DQ & "WMIDiag" & DQ & "," & vbCRLF &_ 
  "to diagnose WMI on your system. It can be downloaded here:" & vbCRLF &_ 
  "http://tinyurl.com/4yj9m2q",_
  vbOKOnly + vbCritical + + vbSystemModal + vbDefaultButton2,_ 
  "Can't connect to WMI Win32_OperatingSystem!")
 
 WScript.Quit
 
End If  'WMI connection error?
 
'find OS name, abbreviation & SP #
'strOS values: W98, NT4, WME, W2K, WXP, WVA, WN7
For Each oOS in colOS
 
 If InStr(oOS.Name,"|") > 1 Then
  strOSLong = Left(oOS.Name,InStr(oOS.Name,"|")-1)
 Else
  strOSLong = oOS.Name
 End If
 
 'assign abbreviation
 If InStr(strOSLong,"Windows 95") > 0 Then strOS = "W98"
 If InStr(strOSLong,"Windows 98") > 0 Then
  strOS = "W98"
  'id W98 SE
  If Instr(Wshso.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\VersionNumber"), _
   "2222") > 0 Then strOSLong = "Windows 98 Second Edition"
 End If
 If InStr(strOSLong,"Windows NT") > 0 Then strOS = "NT4"
 
 'complement WME id
 If InStr(strOSLong,"Windows ME") > 0 Then
  strOS = "WME"
  strOSLong = strOSLong & SP & "(Millennium Edition)"
 End If
 
 If InStr(strOSLong,"Windows 2000") > 0 Then strOS = "W2K"
 If InStr(strOSLong,"Windows XP") > 0 Then strOS = "WXP" 
 If InStr(strOSLong,"2003") > 0 Then
  strOS = "WXP" : strOSSS = "WS2K3"
 End If
 If InStr(strOSLong,"Vista") > 0 Then strOS = "WVA"
 If InStr(strOSLong,"Windows 7") > 0 Or _
  InStr(strOSLong,"Windows" & Chr(160) & "7") > 0 Then strOS = "WN7"
 If InStr(strOSLong,"Windows 8") > 0 Or _
  InStr(strOSLong,"Windows" & Chr(160) & "8") > 0 Then
   strOS = "WN7" : strOSSS = "WN8"
 End If
 If InStr(strOSLong,"Windows 10") > 0 Or _
  InStr(strOSLong,"Windows" & Chr(160) & "10") > 0 Then
   strOS = "WN7" : strOSSS = "W10"
 End If
 If InStr(strOSLong,"Windows Server 2008") > 0 Or _
  InStr(strOSLong,"Windows" & Chr(160) & "Server" & Chr(160) & "2008") > 0 Then _
  strOS = "WN7"
 
 'id NT version & SP #
 If strOS = "NT4" Then
  'add NT version #
  strOSLong = strOSLong & SP & Wshso.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion") 
  'add SP #
  strOSLong = strOSLong & SP & Wshso.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion") 
 'add SP # for W2K/WXP/WVA/WN7
 ElseIf strOS <> "W98" And strOS <> "WME" then
  'add SP # (RTrim imposed by WVA)
  If oOS.ServicePackMajorVersion >= 1 Then strOSLong = RTrim(strOSLong) &_
   " Service Pack " & oOS.ServicePackMajorVersion
 End If
 
 'reset HKCU/HKLM CLSID lower limit for OS <= NT4
 If strOS = "W98" Or strOS = "NT4" Or strOS = "WME" Then intCLL = 1 
 
 'reset flagGP for OS's using Group Policy
 If strOS = "W2K" Or strOS = "WXP" Or strOS = "WVA" Or strOS = "WN7" Then _
  flagGP = True 
 
 Exit For
 
Next  'oOS
 
Set colOS=Nothing
 
'quit if OS unknown
If strOS = "Unknown" Then
 
 If flagOut = "W" Then
 
  intMB = MsgBox ("The " & DQ & "Silent Runners" & DQ &_
   " script cannot determine the operating system. " &_
   vbCRLF & "A compatible version of the script may be available." &_
   vbCRLF & vbCRLF &_ 
   "Click " & DQ & "OK" & DQ & " to be directed to the script download location or" &_
   vbCRLF & DQ & "Cancel" & DQ & " to quit.", _
   vbOKCancel + vbExclamation + vbSystemModal,"OS Unknown!")
 
  If intMB = 1 Then Wshso.Run "http://www.silentrunners.org/"
 
'  If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
'   "<%6F%73.%76%65%72.%65%72%72%6F%72@%73%69%6C%65%6E%74%72%75%6E%6E%65%72%73.%6F%72%67>?" &_
'   "subject=Silent%20Runners%20OS%20Version%20Error&body=WINVER.EXE" &_
'   "%20file%20version%20=%20" & strSysVer
 
 Else  'flagOut = "C"
 
  WScript.Echo DQ & "Silent Runners" & DQ & " cannot " &_ 
   "determine the operating system." & vbCRLF & vbCRLF & "This script will exit."
 
 End If  'flagOut?
 
 WScript.Quit
 
End If  'stOS Unknown?
 
 
'determine if 32-bit or 64-bit, quit if 32-bit under 64-bit
If strOS = "WXP" Or strOS = "WVA" Or strOS = "WN7" Then
 
 If UCase(Wshso.ExpandEnvironmentStrings("%PROCESSOR_ARCHITEW6432%")) = "AMD64" Then 
 
  MsgBox DQ & "Silent Runners" & DQ & " has been launched as a " &_
   "32-bit process in a 64-bit OS," & vbCRLF &_ 
   "which will prevent it from functioning correctly." & vbCRLF & vbCRLF &_ 
   "This script must exit.",vbOKOnly + vbCritical + vbSystemModal, _
   "32-bit process in 64-bit OS!"
 
  WScript.Quit
 
 ElseIf UCase(Wshso.ExpandEnvironmentStrings("%PROCESSOR_ARCHITECTURE%")) = "AMD64" Then 
 
  intBits = 64 :  strOSLong = strOSLong & SP & "(64-bit)"
 
 Else  '32-bit
 
  strOSLong = strOSLong & SP & "(32-bit)"
 
 End If  'env string=amd64?
 
 'append W10 version number
 If strOSSS = "W10" Then
  strTemp = ""
  On Error Resume Next
   strTemp = Wshso.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId") 
  On Error Goto 0
  If strTemp = "" Then
   strOSLong = strOSLong & " (version unavailable)"
  Else
   strOSLong = strOSLong & ", Version " & strTemp
  End If  'version MT?
 
 End If  'env string=amd64?
 
End If  'WXP/WVA/WN7?
 
 
'interpret command-line arguments
strArgUAC = "" : strArgs = ""
 
If WshoArgs.count > 0 Then
 
 'copy all arguments, quote-enclose & concatenate
 For i = 0 To (WshoArgs.count-1)
  ReDim Preserve arArgsCopy(i+1)
  arArgsCopy(i) = WshoArgs(i)
  strArgs = LTrim(strArgs & SP & DQ & WshoArgs(i) & DQ)
 Next
 
 'test 1st arg for elevated privileges string
 If Len(arArgsCopy(0)) >= 7 Then
 
  If InStr(arArgsCopy(0), "__UAC__") > 0 Then
   strArgUAC = "__UAC__" 
   arArgsCopy(0) = Replace (arArgsCopy(0),"__UAC__","",1,1,1)
  End If
 
 End If  'Len >= 7?
 
End If  'argument(s) passed to script?
 
Set oReg = GetObject("winmgmts:root\default:StdRegProv")
strKey = "System\CurrentControlSet\Control\Session Manager"
 
'if on first pass w/o elevated privileges, launch re-entry
'via Shell.Application with runas
 
'for WVa/Wn7, relaunch with admin rights unless elevated privileges already provided 
If strOS = "WVA" Or strOS = "WN7" Then
 
 'check for Admin rights
 intErrNum = oReg.CheckAccess(HKLM,strKey,KQV + KSV,flagAccess)
 
 'if can't read & write to Session Manager and on second pass
 If Not flagAccess And strArgUAC = "__UAC__" Then 
 
  'warn about lack of admin rights and quit
  MsgBox "This script requires admin rights." &_
   vbCRLF & vbCRLF &_
   "This script must exit.",vbOKOnly + vbCritical + vbSystemModal, _
   "Admin rights required!" 
 
  WScript.Quit
 
 'if can't read & write to Session Manager (and on initial pass)
 ElseIf Not flagAccess Then
 
  strArgs = "__UAC__" & strArgs 
 
  Set oShellApp = CreateObject("Shell.Application")
  oShellApp.ShellExecute WScript.FullName, _
   DQ & WScript.ScriptFullName & DQ & Space(1) & strArgs, "", "runas", 1
 
  WScript.Quit
 
 End If  'flagAccess?
 
End If  'WVA Or WN7?
 
strOut = "Only two arguments are permitted:" &_
 vbCRLF & vbCRLF &_
 "1. the name of an existing directory for the output report" &_ 
 vbCRLF & strLSp & "(embed in quotes if it contains spaces)" &_
 vbCRLF & vbCRLF & strCSp & "AND:" & vbCRLF & vbCRLF &_
 "2. " & DQ & "-supp" & DQ & " to search " &_ 
 "all directories for DESKTOP.INI DLL" & vbCRLF &_
 strLSp & "launch points" &_
 vbCRLF & vbCRLF & strCSp & "-OR-" & vbCRLF & vbCRLF &_
 "3. " & DQ & "-all" & DQ & " to output all non-empty " &_ 
 "values and all launch" & vbCRLF & strLSp & "points checked"
 
'check if output directory or "-all" or "-supp" was supplied as argument
If WshoArgs.count > 0 And WshoArgs.count <= 2 Then
 
 For i = 0 To WshoArgs.count-1
 
  'if directory arg not already passed and arg directory exists
  If Not flagDirArg And Fso.FolderExists(arArgsCopy(i)) Then
 
   'get the path & toggle the directory arg flag
   Set oOFFo = Fso.GetFolder(arArgsCopy(i))
   strPathOFFo = oOFFo.Path : flagDirArg = True
   If Right(strPathOFFo,1) <> "\" Then strPathOFFo = strPathOFFo & BS 
   Set oOFFo=Nothing
 
  'if -all arg not already passed and is this arg
  ElseIf Not flagAllArg And LCase(arArgsCopy(i)) = "-all" Then
 
   'toggle ShowAll flag, toggle the all arg flag, fill report string 
   flagShowAll = True : flagAllArg = True
   strRptOutput = "Output of all locations checked and all values found." 
 
  'if -all arg not already passed and this arg is -supp
  ElseIf Not flagAllArg And LCase(arArgsCopy(i)) = "-supp" Then
   flagSupp = True : flagAllArg = True
   strRptOutput = "Search enabled of all directories on local fixed " &_
    "drives for DESKTOP.INI DLL launch points" &_
    vbCRLF & strRptOutput
 
  'non-empty argument can't be interpreted, so explain & quit
  ElseIf arArgsCopy(i) <> "" Then
 
   If flagOut = "W" Then  'pop up a message window
 
    MsgBox "The argument:" & vbCRLF &_
     DQ & UCase(arArgsCopy(i)) & DQ & vbCRLF &_
    "... can't be interpreted." & vbCRLF & vbCRLF &_
     strOut, vbOKOnly + vbExclamation,"Bad Script Argument"
 
   Else  'flagOut = "C"  'write the message to the console
 
    WScript.Echo vbCRLF & "The argument: " &_
     DQ & UCase(arArgsCopy(i)) & DQ &_
     " can't be interpreted." & vbCRLF & vbCRLF &_
     strOut & vbCRLF
 
   End If  'WScript host?
 
   WScript.Quit
 
  End If  'argument can be interpreted?
 
 Next  'argument
 
'too many args passed
ElseIf WshoArgs.count > 2 Then
 
 'explain & quit
 If flagOut = "W" Then  'pop up a message window
 
  Wshso.Popup "Too many arguments (" & WshoArgs.count & ") were passed." &_ 
   vbCRLF & vbCRLF & strOut,10,"Too Many Arguments",_
   vbOKOnly + vbCritical
 
 Else  'flagOut = "C"  'write the message to the console
 
  WScript.Echo "Too many arguments (" & WshoArgs.count & ") were passed." &_ 
   vbCRLF & vbCRLF & strOut & vbCRLF
 
 End If  'WScript host?
 
 WScript.Quit
 
End If  'directory arguments passed?
 
Set WshoArgs=Nothing
 
datRef = Now
 
'if no cmd line argument for flagSupp and not testing, show popup
If Not flagTest And Not flagShowAll And Not flagSupp And flagOut = "W" Then
 
 intMB = Wshso.Popup ("Do you want to skip the supplementary search?" &_
  vbCRLF & "(It typically takes several minutes.)" & vbCRLF & vbCRLF &_
  "Press " & DQ & "Yes" & DQ & Space(5) &_
  " to skip the supplementary search (default)" & vbCRLF & vbCRLF &_ 
  Space(10) & DQ & "No" & DQ & Space(6) &_
  " to perform it, or" & vbCRLF & vbCRLF &_
  Space(10) & DQ & "Cancel" & DQ &_
  " to get more information at the web site" & vbCRLF &_
  Space(25) & "and exit the script.",_
  15,"Skip supplementary search?",_
  vbYesNoCancel + vbQuestion + vbDefaultButton1 + vbSystemModal) 
 
 If intMB = vbNo Then
 
  flagSupp = True
 
  intMB1 = MsgBox ("Are you SURE you want to run the supplementary " &_
   "search?" & vbCRLF & vbCRLF & "It's _rarely_ necessary " &_ 
   "and it takes a *long* time." & vbCRLF & vbCRLF & "Press " & DQ &_ 
   "Yes" & DQ & " to confirm running the supplementary search, " &_ 
   "or" & vbCRLF & Space(10) & DQ & "No" & DQ & " to run without it.", _
   vbYesNo + vbQuestion + vbDefaultButton2 + vbSystemModal,"Are you sure?")
 
   If intMB1 = vbNo Then flagSupp = False
 
 ElseIf intMB = vbCancel Then
  Wshso.Run "http://www.silentrunners.org/sr_thescript.html#supp"
  WScript.Quit
 End If
 
End If
 
datPUB1 = DateDiff("s",datRef,Now) : datRef = Now
 
'inform user that script has started
If Not flagTest Then
 If flagOut = "W" Then
  Wshso.PopUp DQ & "Silent Runners" & DQ & " has started." &_
   vbCRLF & vbCRLF & "A message box like this one will appear " &_
   "when it's done." & vbCRLF & vbCRLF & "Please be patient...",3,_
   "Silent Runners R" & strRevNo & " startup", _
   vbOKOnly + vbInformation + vbSystemModal
 Else
  WScript.Echo DQ & "Silent Runners" & DQ & " has started." &_
   " Please be patient..." & vbCRLF
 End If  'flagOut?
End If  'flagTest?
 
datPUB2 = DateDiff("s",datRef,Now)
 
'create Unicode output file name with computer name & today's date
'Startup Programs (pc_name_here) yyyy-mm-dd.txt
 
strFNNP = "Startup Programs (" & oNetwk.ComputerName & ") " &_ 
 FmtDate(datLaunch) & " " & FmtHMS(datLaunch) & ".txt"
strFN = strPathOFFo & strflagTest & strFNNP
On Error Resume Next
 If Fso.FileExists(strFN) Then Fso.DeleteFile(strFN)
 Err.Clear
 Public oFN : Set oFN = Fso.CreateTextFile(strFN,True,True) 
 intErrNum = Err.Number : Err.Clear
On Error GoTo 0
 
'if can't create report file
If intErrNum > 0 Then
 
  strURL = "http://www.silentrunners.org/Silent%20Runners%20RED.vbs"
 
 'invite user to run RED version & quit
 If flagOut = "W" Then
 
  intMB = MsgBox ("The script cannot create its report file. " &_
   "This is a known, intermittent" & vbCRLF & "problem under " &_
   strOSLong & "." & vbCRLF & vbCRLF &_
   "An alternative script version is available for download. " &_
   "After it runs, " & vbCRLF & "the script you're using now will " &_
   "run correctly." & vbCRLF & vbCRLF &_
   "Press " & DQ & "OK" & DQ & " to direct your browser " &_
   "to the alternate script location, or" & vbCRLF & Space(10) &_
   DQ & "Cancel" & DQ & " to quit.",49,"CreateTextFile Error!")
 
  'if alternative script wanted now, send browser to dl site
  If intMB = 1 Then Wshso.Run strURL
 
 'explain & quit
 Else  'flagOut = "C"
 
  WScript.Echo DQ & "Silent Runners" & DQ & " cannot " &_ 
   "create the report file." & vbCRLF & vbCRLF &_
   "An alternative script is available. Run it, then rerun this version." &_ 
   vbCRLF & "The alternative script can be downloaded at: " & vbCRLF &_ 
   vbCRLF & strURL
 
 End If
 
 WScript.Quit
 
End If  'report file creation error?
 
Set oNetwk=Nothing
 
'add report header
oFN.WriteLine DQ & "Silent Runners.vbs" & DQ &_
 ", revision " & strRevNo & ", http://www.silentrunners.org/" &_
 vbCRLF & "Operating System: " & strOSLong & vbCRLF & strRptOutput
 
 
 
 
'#1. HKCU/HKLM/HKLM-WOW... Run
'    HKCU/HKLM... RunOnce/RunOnce\Setup/RunOnceEx 
'    HKLM... RunServices/RunServicesOnce
'    HKCU/HKLM/HKLM-WOW... Policies\Explorer\Run
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
'write registry header lines to file
strTitle = "Startup items buried in registry:"
TitleLineWrite
 
 
'put keys in array (Key Index 0 - 9)
arRunKeys = Array ("Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", _ 
 "Software\Microsoft\Windows\CurrentVersion\Run", _  
 "Software\Microsoft\Windows\CurrentVersion\RunOnce", _ 
 "Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup", _ 
 "Software\Microsoft\Windows\CurrentVersion\RunOnceEx", _ 
 "Software\Microsoft\Windows\CurrentVersion\RunServices", _ 
 "Software\Microsoft\Windows\CurrentVersion\RunServicesOnce", _ 
 "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", _ 
 "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run", _
 "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx")
 
'0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
'1 Software\Microsoft\Windows\CurrentVersion\Run
'2 Software\Microsoft\Windows\CurrentVersion\RunOnce
'3 Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
'4 Software\Microsoft\Windows\CurrentVersion\RunOnceEx 
'5 Software\Microsoft\Windows\CurrentVersion\RunServices
'6 Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
'7 Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
'8 Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
'9 Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx 
 
'RunOnceEx: values at this key are informational (they are *not* executed)
' but are displayed by the script. (The value for the "Title" name is used
' by Windows.)
'
' HKCU\RunOnceEx launches *only* if HKLM\RunOnceEx is populated and it
' launches _after_ the HKLM executable has exited
' HKCU\Wow6432Node\RunOnceEx does not launch under any circumstances
 
'Policies\Explorer\Run: HKLM...Wow6432Node is mirror of HKLM and
'modification/deletion of one modifies/deletes the other
 
 
'Key Execution Flag/Subkey Recursion Flag array
 
'first number in the ordered pair in the array immediately below
' pertains to execution of the key: 
'0: not executed (ignore)
'1: may be executed so display with EXECUTION UNLIKELY warning
'2: executable
 
'second number in the ordered pair pertains to subkey recursion
'0: subkeys not used
'1: subkey recursion necessary
 
'Hive                   HKCU - 0                                  HKLM - 1 
'
'Key      0   1   2   3   4   5   6   7   8   9     0   1   2   3   4   5   6   7   8   9 
'Index
 
'OS:
'W95     0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   0,0 2,0 2,0 0,0 2,1 2,0 2,0 0,0 0,0 0,0 
'W98     0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   0,0 2,0 2,0 2,0 2,1 2,0 2,0 0,0 0,0 0,0 
'WMe     2,1 2,1 2,0 2,0 2,1 0,0 0,0 0,0 0,0 0,0   2,1 2,1 2,0 2,0 2,1 2,0 2,0 0,0 0,0 0,0 
'NT4     0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'W2K     2,1 2,1 2,1 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,1 2,1 2,1 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'WXP     2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'WXP64   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,1 
'WS2K3   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'WS2K364 2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,1 
'WVa     2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'WVa64   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,1 
'Wn7     2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0 
'Wn764   2,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 0,0 0,0   2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,1 
 
'arRegFlag(i,j,k): put flags in array by OS:
'hive = i (0 or 1), key_# = j (0-9),
'flags (key execution/subkey recursion) = k (0 or 1) 
' k = 0 holds key execution value = 0/1/2
'     1 holds subkey recursion value = 0/1
Dim arRegFlag(1,9,1)
 
'initialize entire array to zero
For i = 0 To 1 : For j = 0 To 9 : For k = 0 To 1
 arRegFlag(i,j,k) = 0
Next : Next : Next
 
'add data to array for OS that's running
 
'W98
If strOS = "W98" Then
 arRegFlag(0,1,0) = 2  'HKCU,Run = no-warn
 arRegFlag(0,2,0) = 2  'HKCU,RunOnce = no-warn
 arRegFlag(0,4,0) = 2  'HKCU,RunOnceEx = no-warn
 arRegFlag(0,4,1) = 1  'HKCU,RunOnceEx = sub-keys
 arRegFlag(1,1,0) = 2  'HKLM,Run = no-warn
 arRegFlag(1,2,0) = 2  'HKLM,RunOnce = no-warn
 
 'don't set HKLM,RunOnce\Setup for W95
 If InStr(strOSLong,"Windows 98") > 0 Then arRegFlag(1,3,0) = 2  'HKLM,RunOnce\Setup = no-warn
 
 arRegFlag(1,4,0) = 2  'HKLM,RunOnceEx = no-warn
 arRegFlag(1,4,1) = 1  'HKLM,RunOnceEx = sub-keys
 arRegFlag(1,5,0) = 2  'HKLM,RunServices = no-warn
 arRegFlag(1,6,0) = 2  'HKLM,RunServicesOnce = no-warn
End If
 
If strOS = "WME" Then
 arRegFlag(0,0,0) = 2  'HKCU,Policies\Explorer\Run = no-warn
 arRegFlag(0,0,1) = 1  'HKCU,Policies\Explorer\Run = sub-keys
 arRegFlag(0,1,0) = 2  'HKCU,Run = no-warn
 arRegFlag(0,1,1) = 1  'HKCU,Run = sub-keys
 arRegFlag(0,2,0) = 2  'HKCU,RunOnce = no-warn
 arRegFlag(0,3,0) = 2  'HKCU,RunOnce\Setup = no-warn
 arRegFlag(0,4,0) = 2  'HKCU,RunOnceEx = no-warn
 arRegFlag(0,4,1) = 1  'HKCU,RunOnceEx = sub-keys
 arRegFlag(1,0,0) = 2  'HKLM,Explorer\Run = no-warn
 arRegFlag(1,0,1) = 1  'HKLM,Explorer\Run = sub-keys
 arRegFlag(1,1,0) = 2  'HKLM,Run = no-warn
 arRegFlag(1,1,1) = 1  'HKLM,Run = sub-keys
 arRegFlag(1,2,0) = 2  'HKLM,RunOnce = no-warn
 arRegFlag(1,3,0) = 2  'HKLM,RunOnce\Setup = no-warn
 arRegFlag(1,4,0) = 2  'HKLM,RunOnceEx = no-warn
 arRegFlag(1,4,1) = 1  'HKLM,RunOnceEx = sub-keys
 arRegFlag(1,5,0) = 2  'HKLM,RunServices = no-warn
 arRegFlag(1,6,0) = 2  'HKLM,RunServicesOnce = no-warn
End If
 
'NT4
If strOS = "NT4" Then
 arRegFlag(0,1,0) = 2  'HKCU,Run = no-warn
 arRegFlag(0,2,0) = 2  'HKCU,RunOnce = no-warn
 arRegFlag(0,4,0) = 2  'HKCU,RunOnceEx = no-warn
 arRegFlag(0,4,1) = 1  'HKCU,RunOnceEx = sub-keys
 arRegFlag(1,1,0) = 2  'HKLM,Run = no-warn
 arRegFlag(1,2,0) = 2  'HKLM,RunOnce = no-warn
 arRegFlag(1,4,0) = 2  'HKLM,RunOnceEx = no-warn
 arRegFlag(1,4,1) = 1  'HKLM,RunOnceEx = sub-keys
End If
 
'W2K
If strOs = "W2K" Then
 arRegFlag(0,0,0) = 2  'HKCU,Policies\Explorer\Run = no-warn
 arRegFlag(0,0,1) = 1  'HKCU,Policies\Explorer\Run = sub-keys
 arRegFlag(0,1,0) = 2  'HKCU,Run = no-warn
 arRegFlag(0,1,1) = 1  'HKCU,Run = sub-keys
 arRegFlag(0,2,0) = 2  'HKCU,RunOnce = no-warn
 arRegFlag(0,2,1) = 1  'HKCU,RunOnce = sub-keys (incl. Setup)
 arRegFlag(0,4,0) = 2  'HKCU,RunOnceEx = no-warn
 arRegFlag(0,4,1) = 1  'HKCU,RunOnceEx = sub-keys
 arRegFlag(1,0,0) = 2  'HKLM,Explorer\Run = no-warn
 arRegFlag(1,0,1) = 1  'HKLM,Explorer\Run = sub-keys
 arRegFlag(1,1,0) = 2  'HKLM,Run = no-warn
 arRegFlag(1,1,1) = 1  'HKLM,Run = sub-keys
 arRegFlag(1,2,0) = 2  'HKLM,RunOnce = no-warn
 arRegFlag(1,2,1) = 1  'HKLM,RunOnce = sub-keys (incl. Setup)
 arRegFlag(1,4,0) = 2  'HKLM,RunOnceEx = no-warn
 arRegFlag(1,4,1) = 1  'HKLM,RunOnceEx = sub-keys
End If
 
'WXP/WVa/Wn7
If strOs = "WXP" Or strOS = "WVA" Or strOS = "WN7" Then
 arRegFlag(0,0,0) = 2  'HKCU,Policies\Explorer\Run = no-warn
 arRegFlag(0,1,0) = 2  'HKCU,Run = no-warn
 arRegFlag(0,2,0) = 2  'HKCU,RunOnce = no-warn
 arRegFlag(0,4,0) = 2  'HKCU,RunOnceEx = no-warn
 arRegFlag(0,4,1) = 1  'HKCU,RunOnceEx = sub-keys
 arRegFlag(1,0,0) = 2  'HKLM,Explorer\Run = no-warn
 arRegFlag(1,1,0) = 2  'HKLM,Run = no-warn
 arRegFlag(1,2,0) = 2  'HKLM,RunOnce = no-warn
 arRegFlag(1,4,0) = 2  'HKLM,RunOnceEx = no-warn
 arRegFlag(1,4,1) = 1  'HKLM,RunOnceEx = sub-keys
 
 'for 64-bit OS, enable HKLM|Wow6432Mode,Policies\Explorer\Run
 '                      HKLM|Wow6432Node...Run
 '                      HKLM|Wow6432Node...RunOnceEx 
 If intBits = 64 Then
  arRegFlag(1,7,0) = 2  'HKLM|Wow6432Mode,Policies\Explorer\Run = no-warn
  arRegFlag(1,8,0) = 2  'HKLM|Wow6432Mode,Run = no-warn
  arRegFlag(1,9,0) = 2  'HKLM|Wow6432Mode,RunOnceEx = no-warn
  arRegFlag(1,9,1) = 1  'HKLM|Wow6432Mode,RunOnceEx = sub-keys
 End If  'x64?
 
End If  'WXP/WVA/WN7?
 
'if not ShowAll, show all output for Run keys
If Not flagShowAll Then strAllOutDefault = " {++}"
 
'for each hive
For i = 0 To 1
 
 'for each key
 For j = 0 To 9
 
  'if key is not ignored
  If arRegFlag(i,j,0) > 0 Then
 
   flagNames = False
 
   'intialize string with warning if necessary
   strWarn = ""
   If arRegFlag(i,j,0) = 1 Then strWarn = "EXECUTION UNLIKELY: " 
 
   'INFO
   'with no name/value pairs (sub-keys are identical)
   'array must not be Dimmed as dynamic()
   '
   '      IsArray    TypeName    UBound
   'W98    True     "Variant()"    -1
   'WMe    True     "Variant()"    -1
   'NT4    True     "Variant()"    -1
   'W2K    False      "Null"      error (--)
   'WXP    False      "Null"      error (--)
   'WS2K3  False      "Null"      error (--)
   'WVa    False      "Null"      error (--)
   'Wn7    False      "Null"      error (--)
 
   'enumerate names and types under a key
   EnumNT arHives(i,1), arRunKeys(j), arNames, arType
 
   If flagNames Then  'name/value pairs exist
 
    'write the full key name
    oFN.WriteLine vbCRLF & SOCA(arHives(i,0) & BS & arRunKeys(j) &_
     BS & strAllOutDefault) 
 
     'for each data type in the names array
    For k = LBound(arNames) To UBound(arNames)
 
     'use the type to find the value
     strValue = RtnValue (arHives(i,1), arRunKeys(j), arNames(k), arType(k)) 
     'write the name & value
     WriteValueData arNames(k), strValue, arType(k), strWarn
 
    Next  'member of names array
 
   Else  'no name/value pairs
 
    If flagShowAll Then _
     oFN.WriteLine vbCRLF & SOCA(arHives(i,0) & BS & arRunKeys(j) & BS) 
 
   End If  'flagNames?
 
   'recurse subkeys if necessary
   If arRegFlag(i,j,1) = 1 Then
 
    'put all subkeys into array
    oReg.EnumKey arHives(i,1),arRunKeys(j),arKeys 
 
    'excludes W2K/WXP/WVa/Wn7 with no sub-keys
    If IsArray(arKeys) Then
 
     'excludes W98/WMe/NT4 with no sub-keys
     For Each strMemKey in arKeys
 
      flagNames = False
      strSubKey = arRunKeys(j) & BS & strMemKey
 
      EnumNT arHives(i,1), arRunKeys(j) & BS & strMemKey,arNames,arType 
 
      If flagNames Then  'if name/value pairs exist
 
       'write the full key name
       oFN.WriteLine vbCRLF & SOCA(arHives(i,0) & BS & strSubKey &_
        BS & strAllOutDefault) 
 
       'for each data type in the names array
       For k = LBound(arNames) To UBound(arNames)
 
        'use the type to find the value
        strValue = RtnValue (arHives(i,1), strSubKey, arNames(k), arType(k)) 
        'write the name & value
        WriteValueData arNames(k), strValue, arType(k), strWarn
 
       Next  'member of names array
 
      Else  'no name/value pairs
 
       If flagShowAll Then _
        oFN.WriteLine vbCRLF & SOCA(arHives(i,0) & BS & strSubKey & BS) 
 
      End If  'flagNames?
 
     Next  'sub-key
 
    End If  'sub-keys exist? W2K/WXP/WVa/Wn7
 
   End If  'enum sub-keys?
 
  End If  'arRegFlag(i,j,0) > 0
 
 Next  'Run key
 
Next  'Hive
 
strAllOutDefault = "" : flagNames = False
 
End If  'flagTest And SecTest?
 
 
 
 
'#2. HKLM/HKLM-WOW... Active Setup\Installed Components\
'    HKCU/HKCU-WOW... Active Setup\Installed Components\
 
'if HKLM key exists with StubPath value (SPV), SPV will execute on
'next logon, creating HKCU key with same name
'HKLM key name can be any alphanumeric, GUIDs included
'if HKLM Version value exists, it will be placed into HKCU key
'if HKLM Version value does not exist (or has bad format), HKCU key will be empty
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
'flag True if only numeric & comma chrs in Version value
Dim flagHKLMVer
'StubPath Value, HKLM/HKCU Version, HKLM program name, HKLM array/element 
Dim strSPV, strHKLMVer, strHKCUVer, strPgmName, arHKLMKeys, strHKLMKey
 
arKeys = Array("Software\Microsoft\Active Setup\Installed Components")
 
'WXP 64-bit ignores HKLM...Wow even though it's populated
If intBits = 64 And strOS <> "WXP" Then
 
 arKeys = Array("Software\Microsoft\Active Setup\Installed Components", _
  "Software\Wow6432Node\Microsoft\Active Setup\Installed Components") 
 
End If
 
'for each arKey
For intKey = 0 To UBound(arKeys)
 
 strSubTitle = SOCA("HKLM" & BS & arKeys(intKey) & BS)
 
 'find all the subkeys
 oReg.EnumKey HKLM, arKeys(intKey), arHKLMKeys 
 
 'enumerate HKLM keys if present
 If IsArray(arHKLMKeys) Then
 
  'for each HKLM key
  For Each strHKLMKey In arHKLMKeys
 
  'INFO
  'Default Value not set:
  'W98/WMe:                   returns 0,        strValue = ""
  'NT4/W2K/WXP/WS2K3/WVa/Wn7: returns non-zero, strValue = Null
 
  'Non-Default name inexistent:
  'W98/WMe/NT4/W2K/WXP/WS2K3/WVa/Wn7: returns non-zero, strValue = Null 
 
  'Non-Default Value not set:
  'W2K:                           returns 0, strValue = unwritable string 
  'W98/WMe/NT4/WXP/WS2K3/WVa/Wn7: returns 0, strValue = ""
 
   'get the StubPath value
   On Error Resume Next
    intErrNum = oReg.GetStringValue (HKLM,arKeys(intKey) & BS & strHKLMKey,"StubPath",strSPV) 
   On Error GoTo 0
 
   'retrieve the HKLM Version value
   On Error Resume Next
    intErrNum1 = oReg.GetStringValue (HKLM,arKeys(intKey) & BS & strHKLMKey,"Version",strHKLMVer) 
   On Error GoTo 0
 
   'retrieve the program name
   On Error Resume Next
    intErrNum2 = oReg.GetStringValue (HKLM,arKeys(intKey) & BS & strHKLMKey,"",strPgmName) 
   On Error GoTo 0
 
   'if the StubPath name exists And value set (exc for W2K!)
   If intErrNum = 0 And strSPV <> "" Then
 
    flagMatch = False  'assume StubPath will execute
 
    'look for HKCU key 
    intErrNum3 = oReg.EnumValues (HKCU,arKeys(intKey) & BS & strHKLMKey,arNames,arType) 
 
    'if HKCU key exists
    If intErrNum3 = 0 Then
 
     flagMatch = True  'assume StubPath will *not* execute
 
     'if HKLM Version exists
     If intErrNum1 = 0 And strHKLMVer <> "" Then
 
      'assume correct format (# & ",")
      flagHKLMVer = True
 
      'toggle flag if one chr found in incorrect format
      For i = 1 To Len(Trim(strHKLMVer))
       strChr = Mid(strHKLMVer,i,1) 
       If Not IsNumeric(strChr) And strChr <> "," Then
        flagHKLMVer = False : Exit For
       End If
      Next 
 
      'if HKLM Version format OK, check for HKCU Version and compare
      If flagHKLMVer Then
 
       'look for HKCU Version value
       On Error Resume Next
        intErrNum3 = oReg.GetStringValue (HKCU,arKeys(intKey) & BS & strHKLMKey,"Version",strHKCUVer) 
       On Error GoTo 0
 
       'toggle flag if HKLM Version > HKCU Version
       'comparison works with comma delimited numeric string
       If Trim(strHKLMver) > Trim(strHKCUVer) Then flagMatch = False
 
      End If  'flagHKLMVer?
 
     End If  'HKLM Version value exists?
 
    End If  'HKCU Installed Components subkey exists?
 
    'if the StubPath will launch
    If Not flagMatch Then
 
     flagAllow = False  'assume StubPath DLL not on approved list
     strCN = CoName(IDExe(strSPV))
 
     'test for lone approved StubPath DLL
     'removed strCN = MS requirement due to W10 StubPath with invalid path 
     If LCase(strHKLMKey) = ">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" And _
      (InStr(LCase(strSPV),"wmpocm.exe") > 0 Or _
      InStr(LCase(strSPV),"unregmp2.exe") > 0) And _
      Not flagShowAll Then flagAllow = True
 
     'StubPath DLL not approved
     If Not flagAllow Then
 
      TitleLineWrite
 
      'output the CLSID & pgm name
      oFN.WriteLine vbCRLF & strHKLMKey & "\(Default) = " & strPgmName 
 
      'output the StubPath value
      oFN.WriteLine Space(Len(strHKLMKey)) & "\StubPath  = " & strSPV & strCN 
 
     End If  'flagAllow false?
 
    End If  'flagMatch false?
 
   End If  'StubPath value exists?
 
  Next  'HKLM Installed Components subkey
 
 End If  'HKLM Installed Components subkeys exist?
 
Next  'arKeys member
 
If flagShowAll Then TitleLineWrite
 
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""
 
End If  'SecTest?
 
 
 
 
'#3. HKLM/HKLM-WOW... Explorer\Browser Helper Objects\
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects")
 
If intBits = 64 Then
 
 arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects", _
  "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects") 
 
End If
 
For intKey = 0 To UBound(arKeys)
 
 strSubTitle = SOCA("HKLM" & BS & arKeys(intKey) & BS)
 
 'find all the subkeys
 oReg.EnumKey HKLM, arKeys(intKey), arSubKeys
 
 'enumerate data if present
 If IsArray(arSubKeys) Then
 
  TitleLineWrite
 
  'for each key
  For Each strSubKey In arSubKeys
 
   strOut = ""
   CLSID_ID strSubKey, False
 
   If strOut <> "" Then
    CLSIDLocTitle HKLM, arKeys(intKey) & BS & strSubKey, "", strLocTitle
    oFN.WriteLine vbCRLF & strSubKey & "\(Default) = " & strLocTitle 
    oFN.WriteLine strOut
   End If
 
  Next  'BHO subkey
 
 Else
 
  'if ShowAll, output the key name if not already done
  If flagShowAll Then TitleLineWrite
 
 End If  'BHO subkeys exist?
 
Next  'arKeys member
 
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""
 
End If  'SecTest?
 
 
 
 
'#4. HKCU/HKLM/HKLM-WOW... Explorer\ShellIconOverlayIdentifiers
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
ReDim arAllowedCLSID(14,1)
 
'Offline Files 
arAllowedCLSID(0,0)  = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" : arAllowedCLSID(0,1)  = "cscui.dll"
arAllowedCLSID(1,0)  = "{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" : arAllowedCLSID(1,1)  = "EhStorShell.dll"  'Enhanced Storage Icon Overlay Handler Class 
arAllowedCLSID(2,0)  = "{4E77131D-3629-431c-9818-C5679DC83E81}" : arAllowedCLSID(2,1)  = "cscui.dll"
arAllowedCLSID(3,0)  = "{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" : arAllowedCLSID(3,1)  = "ntshrui.dll"
arAllowedCLSID(4,0)  = "{7D688A77-C613-11D0-999B-00C04FD655E1}" : arAllowedCLSID(4,1)  = "shell32.dll"
arAllowedCLSID(5,0)  = "{BBACC218-34EA-4666-9D7A-C78F2274A524}" : arAllowedCLSID(5,1)  = "FileSyncShell64.dll"
arAllowedCLSID(6,0)  = "{5AB7172C-9C11-405C-8DD5-AF20F3606282}" : arAllowedCLSID(6,1)  = "FileSyncShell64.dll"
arAllowedCLSID(7,0)  = "{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" : arAllowedCLSID(7,1)  = "FileSyncShell64.dll"
arAllowedCLSID(8,0)  = "{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" : arAllowedCLSID(8,1)  = "FileSyncShell64.dll"
arAllowedCLSID(9,0)  = "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" : arAllowedCLSID(9,1)  = "FileSyncShell64.dll"
arAllowedCLSID(10,0) = "{BBACC218-34EA-4666-9D7A-C78F2274A524}" : arAllowedCLSID(10,1) = "FileSyncShell.dll"
arAllowedCLSID(11,0) = "{5AB7172C-9C11-405C-8DD5-AF20F3606282}" : arAllowedCLSID(11,1) = "FileSyncShell.dll"
arAllowedCLSID(12,0) = "{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" : arAllowedCLSID(12,1) = "FileSyncShell.dll"
arAllowedCLSID(13,0) = "{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" : arAllowedCLSID(13,1) = "FileSyncShell.dll"
arAllowedCLSID(14,0) = "{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" : arAllowedCLSID(14,1) = "FileSyncShell.dll"
 
Dim strCLSIDLoc  'CLSID location (key name or default value)
 
arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" )
intHKE = 3  'HKCU...SW + HKLM...SW = 1 + 2 
 
If intBits = 64 Then
 
 arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers", _
  "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers") 
 
 intHKE = 11  'HKCU...SW + HKLM...SW + HKLM...SW\Wow = 1 + 2 + 8 
              'omit HKCU...SW\Wow 
 
End If
 
'for every arKey member
For intKey = 0 To UBound(arKeys)
 
 'for each hive
 For i = intCLL To 1
 
  'respect Hive Key Enabler map
  If HKInclude(intHKE,i,intKey) Then
 
   'assign title
   strSubTitle = SOCA(arHives(i,0) & BS & arKeys(intKey) & BS)
 
   'find all the subkeys
   oReg.EnumKey arHives(i,1), arKeys(intKey), arSubKeys
 
   'enumerate data if present
   If IsArray(arSubKeys) Then
 
    'for each subkey
    For Each strSubKey In arSubKeys
 
    'find default value
     On Error Resume Next
      intErrNum = oReg.GetStringValue(arHives(i,1),arKeys(intKey) & BS & strSubKey,"",strCLSID) 
     On Error GoTo 0
 
     'if default value is CLSID
     If intErrNum = 0 And IsCLSID(strCLSID) Then
 
      'find the default value name
      CLSIDLocTitle arHives(i,1), arKeys(intKey) & BS & strSubKey,"",strLocTitle 
 
      'look for IPSDLL in each hive
      For j = intCLL To 1
 
       flagMatch = False
 
       'find CLSID title & IPSDLL
       flagWOW = False
       If InStr(UCase(arKeys(intKey)),"WOW") > 0 Then flagWOW = True
       ResolveCLSID strCLSID, arHives(j,1), strCLSIDTitle, strIPSDLL, flagWOW 
 
       'if IPSDLL not empty
       If strIPSDLL <> "" Then
 
        strCN = CoName(IDExe(strIPSDLL))
 
        'see if allowed
        For k = 0 To UBound(arAllowedCLSID,1)
 
         'toggle match flag if allowed CLSID, allowed IPSDLL, CoName = MS 
         If Not flagShowAll And LCase(strCLSID) = LCase(arAllowedCLSID(k,0)) And _ 
          Fso.GetFileName(LCase(strIPSDLL)) = LCase(arAllowedCLSID(k,1)) And _ 
          strCN = MS Then
           flagMatch = True : Exit For
         End If
 
        Next  'arAllowedCLSID
 
        If flagShowAll Or Not flagMatch Then
 
         'output the title line if not already done
         TitleLineWrite
 
         oFN.WriteLine vbCRLF & strSubKey & "\(Default) = " & strLocTitle 
 
         strCTHL = LIP & "CLSID} = " : intCTHLS = intCS
         If flagWOW Then
          strCTHL = LIP & "Wow" & LIP & "CLSID} = " : intCTHLS = intCWS 
         End IF
 
         'output CLSID title, InProcServer32 DLL & CoName
         oFN.WriteLine "  -> {" & arHives(j,0) & strCTHL &_
          strCLSIDTitle & vbCRLF & Space(intCTHLS) & "\InProcServer32\(Default) = " &_ 
          strIPSDLL & strCN
 
        End If  'flagShowAll or not flagMatch?
 
       End If  'strIPSDLL exists?
 
      Next  'CLSID hive
 
     End If  'default value is CLSID?
 
    Next  'SIOI subkey
 
    If flagShowAll Then TitleLineWrite  'W98/WMe/NT4 IFF arKeys(intKey) exists 
 
   Else  'no SIOI subkey array for this hive
 
    If flagShowAll Then TitleLineWrite
 
   End If  'SIOI subkeys exist?
 
  End If  'HKInclude
 
 Next  'hive
 
Next  'arKeys member
 
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""
 
'recover array memory
ReDim arAllowedCLSID(0,0)
 
End If  'SecTest?
 
 
 
 
'#5. HKCU/HKLM/HKLM-WOW... Explorer\ShellServiceObjects
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
ReDim arAllowedCLSID(29,1)
 
'WVA
arAllowedCLSID(0,0) = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" : arAllowedCLSID(0,1) = "webcheck.dll" 
arAllowedCLSID(1,0) = "{FD6905CE-952F-41F1-9A6F-135D9C6622CC}" : arAllowedCLSID(1,1) = "wscntfy.dll" 
 
'WN7
arAllowedCLSID(2,0)  = "{003e0278-eca8-4bb8-a256-3689ca1c2600}" : arAllowedCLSID(2,1)  = "shell32.dll" 
arAllowedCLSID(3,0)  = "{3BF043EF-A974-49B3-8322-B853CF1E5EC5}" : arAllowedCLSID(3,1)  = "SndVolSSO.dll" 
arAllowedCLSID(4,0)  = "{566296fe-e0e8-475f-ba9c-a31ad31620b1}" : arAllowedCLSID(4,1)  = "dxp.dll" 
arAllowedCLSID(5,0)  = "{68ddbb56-9d1d-4fd9-89c5-c0da2a625392}" : arAllowedCLSID(5,1)  = "stobject.dll" 
arAllowedCLSID(6,0)  = "{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03}" : arAllowedCLSID(6,1)  = "ehSSO.dll" 
arAllowedCLSID(7,0)  = "{7007ACCF-3202-11D1-AAD2-00805FC1270E}" : arAllowedCLSID(7,1)  = "netshell.dll" 
arAllowedCLSID(8,0)  = "{7849596a-48ea-486e-8937-a2a3009f31a9}" : arAllowedCLSID(8,1)  = "shell32.dll" 
arAllowedCLSID(9,0)  = "{900c0763-5cad-4a34-bc1f-40cd513679d5}" : arAllowedCLSID(9,1)  = "hcproviders.dll" 
arAllowedCLSID(10,0) = "{A1607060-5D4C-467a-B711-2B59A6F25957}" : arAllowedCLSID(10,1) = "AltTab.dll" 
arAllowedCLSID(11,0) = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" : arAllowedCLSID(11,1) = "wpdshserviceobj.dll" 
arAllowedCLSID(12,0) = "{C2796011-81BA-4148-8FCA-C6643245113F}" : arAllowedCLSID(12,1) = "pnidui.dll" 
arAllowedCLSID(13,0) = "{C51F0A6B-2A63-4cf4-8938-24404EAEF422}" : arAllowedCLSID(13,1) = "cscui.dll" 
arAllowedCLSID(14,0) = "{DA67B8AD-E81B-4c70-9B91-B417B5E33527}" : arAllowedCLSID(14,1) = "srchadmin.dll" 
arAllowedCLSID(15,0) = "{EF4D1E1A-1C87-4AA8-8934-E68E4367468D}" : arAllowedCLSID(15,1) = "shdocvw.dll" 
arAllowedCLSID(16,0) = "{F08C5AC2-E722-4116-ADB7-CE41B527994B}" : arAllowedCLSID(16,1) = "bthprops.cpl" 
arAllowedCLSID(17,0) = "{F20487CC-FC04-4B1E-863F-D9801796130B}" : arAllowedCLSID(17,1) = "SyncCenter.dll" 
arAllowedCLSID(18,0) = "{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" : arAllowedCLSID(18,1) = "Actioncenter.dll" 
arAllowedCLSID(19,0) = "{fbeb8a05-beee-4442-804e-409d6c4515e9}" : arAllowedCLSID(19,1) = "shell32.dll" 
arAllowedCLSID(20,0) = "{ff363bfe-4941-4179-a81c-f3f1ca72d820}" : arAllowedCLSID(20,1) = "hgcpl.dll" 
 
'W81
arAllowedCLSID(21,0) = "{59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70}" : arAllowedCLSID(21,1) = "twinui.dll" 
arAllowedCLSID(22,0) = "{811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB}" : arAllowedCLSID(22,1) = "shell32.dll" 
arAllowedCLSID(23,0) = "{A8CD0ADC-23D6-4B79-BCC9-D3309DF34760}" : arAllowedCLSID(23,1) = "authui.dll" 
 
'W10
arAllowedCLSID(24,0) = "{4DC9C264-730E-4CF6-8374-70F079E4F82B}" : arAllowedCLSID(24,1) = "pwsso.dll" 
arAllowedCLSID(25,0) = "{78DE489B-7931-4f14-83B4-C56D38AC9FFA}" : arAllowedCLSID(25,1) = "shell32.dll" 
arAllowedCLSID(26,0) = "{811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB}" : arAllowedCLSID(26,1) = "windows.storage.dll" 
arAllowedCLSID(27,0) = "{872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac}" : arAllowedCLSID(27,1) = "SystemResetSSO.dll" 
arAllowedCLSID(28,0) = "{B5CFEB0E-9C01-4942-A5CB-F62EB09D808F}" : arAllowedCLSID(28,1) = "SettingMonitor.dll" 
arAllowedCLSID(29,0) = "{D46A0B4F-4EEC-4A83-8DE5-9C86F0DFA34D}" : arAllowedCLSID(29,1) = "SettingMonitor.dll" 
 
'arAllowedCLSID(30,0) = "" : arAllowedCLSID(30,1) = "" 
 
arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" )
intHKE = 3  'HKCU...SW + HKLM...SW = 1 + 2 
 
If intBits = 64 Then
 
 arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects", _
  "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects") 
 
 intHKE = 11  'HKCU...SW + HKLM...SW + HKLM...SW\Wow = 1 + 2 + 8 
              'omit HKCU...SW\Wow 
 
End If
 
'for every arKey member
For intKey = 0 To UBound(arKeys)
 
 'for each hive
 For i = intCLL To 1
 
  'respect Hive Key Enabler map
  If HKInclude(intHKE,i,intKey) Then
 
   strSubTitle = SOCA(arHives(i,0) & BS & arKeys(intKey) & BS)
 
   'find all the subkeys
   oReg.EnumKey arHives(i,1), arKeys(intKey), arSubKeys
 
   'enumerate data if present
   If IsArray(arSubKeys) Then
 
    'for each key
    For Each strCLSID In arSubKeys
 
     flagMatch = False
 
     'find CLSID title & IPSDLL
     flagWOW = False
     If InStr(UCase(arKeys(intKey)),"WOW") > 0 Then flagWOW = True
     ResolveCLSID strCLSID, arHives(i,1), strCLSIDTitle, strIPSDLL, flagWOW 
 
     If strIPSDLL <> "" Then
 
      'find CN
      strCN = CoName(IDExe(strIPSDLL))
 
      'check for allowed GUID
      For j = 0 To UBound(arAllowedCLSID,1)
 
       'toggle match flag if allowed CLSID, allowed IPSDLL, CoName = MS 
       If Not flagShowAll And LCase(strCLSID) = LCase(arAllowedCLSID(j,0)) And _ 
        Fso.GetFileName(LCase(strIPSDLL)) = LCase(arAllowedCLSID(j,1)) And _ 
        strCN = MS Then
         flagMatch = True : Exit For
       End If
 
      Next  'arAllowedCLSID member
 
      If Not flagMatch Or flagShowAll Then
 
       'output title line if not already done
       TitleLineWrite
 
       oFN.WriteLine vbCRLF & strCLSID
 
       strCTHL = LIP & "CLSID} = " : intCTHLS = intCS
       If flagWOW Then
        strCTHL = LIP & "Wow" & LIP & "CLSID} = " : intCTHLS = intCWS 
       End IF
 
       'output CLSID title, InProcServer32 DLL & CoName
       oFN.WriteLine "  -> {" & arHives(i,0) & strCTHL &_
        strCLSIDTitle & vbCRLF & Space(intCTHLS) & "\InProcServer32\(Default) = " &_ 
        strIPSDLL & strCN
 
      End If  'not flagMatch Or ShowAll?
 
     End If  'MT strIPSDLL?
 
    Next  'SSO CLSID
 
   Else  'no SSO subkey array for this hive
 
    If flagShowAll Then TitleLineWrite
 
   End If  'SSO subkeys exist?
 
  End If  'HKInclude
 
 Next  'hive
 
Next  'arKeys member
 
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""
 
'recover array memory
ReDim arAllowedCLSID(0,0)
 
End If  'SecTest?
 
 
 
 
'#6. HKCU/HKLM/HKLM-WOW... Shell Extensions\Approved\
 
intSection = intSection + 1
 
'execute section if not in testing mode or (in testing mode And this section selected for testing) 
If Not flagTest Or (flagTest And SecTest) Then
 
'CLSID value, InProcessServer32 DLL name & output file version,
'CLSID Key Title display flag
Dim strCLSID, strIPSDLLOut, strCLSIDTitle, strLocTitle
 
'Shell Extension Approved array
Dim arSEA() : ReDim arSEA(430,1)
'WXP
arSEA(0,0) = "{00022613-0000-0000-C000-000000000046}" : arSEA(0,1) = "mmsys.cpl"
arSEA(1,0) = "{176d6597-26d3-11d1-b350-080036a75b03}" : arSEA(1,1) = "icmui.dll"
arSEA(2,0) = "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" : arSEA(2,1) = "rshx32.dll"
arSEA(3,0) = "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" : arSEA(3,1) = "docprop.dll"
arSEA(4,0) = "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" : arSEA(4,1) = "ntshrui.dll"
arSEA(5,0) = "{41E300E0-78B6-11ce-849B-444553540000}" : arSEA(5,1) = "themeui.dll"
arSEA(6,0) = "{42071712-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(6,1) = "deskadp.dll"
arSEA(7,0) = "{42071713-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(7,1) = "deskmon.dll"
arSEA(8,0) = "{42071714-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(8,1) = "deskpan.dll"
arSEA(9,0) = "{4E40F770-369C-11d0-8922-00A024AB2DBB}" : arSEA(9,1) = "dssec.dll"
arSEA(10,0) = "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" : arSEA(10,1) = "SlayerXP.dll"
arSEA(11,0) = "{56117100-C0CD-101B-81E2-00AA004AE837}" : arSEA(11,1) = "shscrap.dll"
arSEA(12,0) = "{59099400-57FF-11CE-BD94-0020AF85B590}" : arSEA(12,1) = "diskcopy.dll"
arSEA(13,0) = "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" : arSEA(13,1) = "ntlanui2.dll"
arSEA(14,0) = "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" : arSEA(14,1) = "icmui.dll"
arSEA(15,0) = "{675F097E-4C4D-11D0-B6C1-0800091AA605}" : arSEA(15,1) = "icmui.dll"
arSEA(16,0) = "{764BF0E1-F219-11ce-972D-00AA00A14F56}" : arSEA(16,1) = ""
arSEA(17,0) = "{77597368-7b15-11d0-a0c2-080036af3f03}" : arSEA(17,1) = "printui.dll"
arSEA(18,0) = "{7988B573-EC89-11cf-9C00-00AA00A14F56}" : arSEA(18,1) = "dskquoui.dll"
arSEA(19,0) = "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" : arSEA(19,1) = ""
arSEA(20,0) = "{85BBD920-42A0-1069-A2E4-08002B30309D}" : arSEA(20,1) = "syncui.dll"
arSEA(21,0) = "{88895560-9AA2-1069-930E-00AA0030EBC8}" : arSEA(21,1) = "hticons.dll"
arSEA(22,0) = "{BD84B380-8CA2-1069-AB1D-08000948F534}" : arSEA(22,1) = "fontext.dll"
arSEA(23,0) = "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" : arSEA(23,1) = "icmui.dll"
arSEA(24,0) = "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" : arSEA(24,1) = "rshx32.dll"
arSEA(25,0) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" : arSEA(25,1) = "ntshrui.dll"
arSEA(26,0) = "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" : arSEA(26,1) = "deskperf.dll"
arSEA(27,0) = "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(27,1) = "cryptext.dll"
arSEA(28,0) = "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(28,1) = "cryptext.dll"
arSEA(29,0) = "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" : arSEA(29,1) = "NETSHELL.dll"
arSEA(30,0) = "{992CFFA0-F557-101A-88EC-00DD010CCC48}" : arSEA(30,1) = "NETSHELL.dll"
arSEA(31,0) = "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" : arSEA(31,1) = "wiashext.dll"
arSEA(32,0) = "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" : arSEA(32,1) = "wiashext.dll"
arSEA(33,0) = "{905667aa-acd6-11d2-8080-00805f6596d2}" : arSEA(33,1) = "wiashext.dll"
arSEA(34,0) = "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" : arSEA(34,1) = "wiashext.dll"
arSEA(35,0) = "{83bbcbf3-b28a-4919-a5aa-73027445d672}" : arSEA(35,1) = "wiashext.dll"
arSEA(36,0) = "{F0152790-D56E-4445-850E-4F3117DB740C}" : arSEA(36,1) = "remotepg.dll"
arSEA(37,0) = "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" : arSEA(37,1) = "wuaucpl.cpl"
arSEA(38,0) = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" : arSEA(38,1) = "wshext.dll"
arSEA(39,0) = "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" : arSEA(39,1) = "oledb32.dll"
arSEA(40,0) = "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" : arSEA(40,1) = "mstask.dll"
arSEA(41,0) = "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" : arSEA(41,1) = "mstask.dll"
arSEA(42,0) = "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" : arSEA(42,1) = "mstask.dll"
arSEA(43,0) = "{0DF44EAA-FF21-4412-828E-260A8728E7F1}" : arSEA(43,1) = ""
arSEA(44,0) = "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(44,1) = "shdocvw.dll"
arSEA(45,0) = "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(45,1) = "shdocvw.dll"
arSEA(46,0) = "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(46,1) = "shdocvw.dll"
arSEA(47,0) = "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(47,1) = "shdocvw.dll"
arSEA(48,0) = "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(48,1) = "shdocvw.dll"
arSEA(49,0) = "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(49,1) = "shdocvw.dll"
arSEA(50,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524152}" : arSEA(50,1) = "shdocvw.dll"
arSEA(51,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524153}" : arSEA(51,1) = "shdocvw.dll"
arSEA(52,0) = "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" : arSEA(52,1) = "shmedia.dll"
arSEA(53,0) = "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" : arSEA(53,1) = "shmedia.dll"
arSEA(54,0) = "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" : arSEA(54,1) = "shmedia.dll"
arSEA(55,0) = "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" : arSEA(55,1) = "shmedia.dll"
arSEA(56,0) = "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" : arSEA(56,1) = "shmedia.dll"
arSEA(57,0) = "{c5a40261-cd64-4ccf-84cb-c394da41d590}" : arSEA(57,1) = "shmedia.dll"
arSEA(58,0) = "{5E6AB780-7743-11CF-A12B-00AA004AE837}" : arSEA(58,1) = "browseui.dll"
arSEA(59,0) = "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" : arSEA(59,1) = "browseui.dll"
arSEA(60,0) = "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" : arSEA(60,1) = "browseui.dll"
arSEA(61,0) = "{6413BA2C-B461-11d1-A18A-080036B11A03}" : arSEA(61,1) = "browseui.dll"
arSEA(62,0) = "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" : arSEA(62,1) = "browseui.dll"
arSEA(63,0) = "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" : arSEA(63,1) = "browseui.dll"
arSEA(64,0) = "{30D02401-6A81-11d0-8274-00C04FD5AE38}" : arSEA(64,1) = "browseui.dll"
arSEA(65,0) = "{32683183-48a0-441b-a342-7c2a440a9478}" : arSEA(65,1) = "browseui.dll"
arSEA(66,0) = "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" : arSEA(66,1) = "browseui.dll"
arSEA(67,0) = "{07798131-AF23-11d1-9111-00A0C98BA67D}" : arSEA(67,1) = "browseui.dll"
arSEA(68,0) = "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" : arSEA(68,1) = "browseui.dll"
arSEA(69,0) = "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" : arSEA(69,1) = "browseui.dll"
arSEA(70,0) = "{A08C11D2-A228-11d0-825B-00AA005B4383}" : arSEA(70,1) = "browseui.dll"
arSEA(71,0) = "{00BB2763-6A77-11D0-A535-00C04FD7D062}" : arSEA(71,1) = "browseui.dll"
arSEA(72,0) = "{7376D660-C583-11d0-A3A5-00C04FD706EC}" : arSEA(72,1) = "browseui.dll"
arSEA(73,0) = "{6756A641-DE71-11d0-831B-00AA005B4383}" : arSEA(73,1) = "browseui.dll"
arSEA(74,0) = "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" : arSEA(74,1) = "browseui.dll"
arSEA(75,0) = "{7e653215-fa25-46bd-a339-34a2790f3cb7}" : arSEA(75,1) = "browseui.dll"
arSEA(76,0) = "{acf35015-526e-4230-9596-becbe19f0ac9}" : arSEA(76,1) = "browseui.dll"
arSEA(77,0) = "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" : arSEA(77,1) = "browseui.dll"
arSEA(78,0) = "{00BB2764-6A77-11D0-A535-00C04FD7D062}" : arSEA(78,1) = "browseui.dll"
arSEA(79,0) = "{03C036F1-A186-11D0-824A-00AA005B4383}" : arSEA(79,1) = "browseui.dll"
arSEA(80,0) = "{00BB2765-6A77-11D0-A535-00C04FD7D062}" : arSEA(80,1) = "browseui.dll"
arSEA(81,0) = "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" : arSEA(81,1) = "browseui.dll"
arSEA(82,0) = "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" : arSEA(82,1) = "browseui.dll"
arSEA(83,0) = "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" : arSEA(83,1) = "browseui.dll"
arSEA(84,0) = "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" : arSEA(84,1) = "browseui.dll"
arSEA(85,0) = "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" : arSEA(85,1) = "browseui.dll"
arSEA(86,0) = "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" : arSEA(86,1) = "browseui.dll"
arSEA(87,0) = "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" : arSEA(87,1) = "shdocvw.dll"
arSEA(88,0) = "{0A89A860-D7B1-11CE-8350-444553540000}" : arSEA(88,1) = "shdocvw.dll"
arSEA(89,0) = "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" : arSEA(89,1) = "shdocvw.dll"
arSEA(90,0) = "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" : arSEA(90,1) = "shdocvw.dll"
arSEA(91,0) = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" : arSEA(91,1) = "shdocvw.dll"
arSEA(92,0) = "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" : arSEA(92,1) = "shdocvw.dll"
arSEA(93,0) = "{FF393560-C2A7-11CF-BFF4-444553540000}" : arSEA(93,1) = "shdocvw.dll"
arSEA(94,0) = "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" : arSEA(94,1) = "shdocvw.dll"
arSEA(95,0) = "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" : arSEA(95,1) = "shdocvw.dll"
arSEA(96,0) = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" : arSEA(96,1) = "shdocvw.dll"
arSEA(97,0) = "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" : arSEA(97,1) = "shdocvw.dll"
arSEA(98,0) = "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" : arSEA(98,1) = "shdocvw.dll"
arSEA(99,0) = "{131A6951-7F78-11D0-A979-00C04FD705A2}" : arSEA(99,1) = "shdocvw.dll"
arSEA(100,0) = "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" : arSEA(100,1) = "shdocvw.dll"
arSEA(101,0) = "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" : arSEA(101,1) = "shdocvw.dll"
arSEA(102,0) = "{871C5380-42A0-1069-A2EA-08002B30309D}" : arSEA(102,1) = "shdocvw.dll"
arSEA(103,0) = "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" : arSEA(103,1) = "shdocvw.dll"
arSEA(104,0) = "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" : arSEA(104,1) = "sendmail.dll"
arSEA(105,0) = "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" : arSEA(105,1) = "sendmail.dll"
arSEA(106,0) = "{88C6C381-2E85-11D0-94DE-444553540000}" : arSEA(106,1) = "occache.dll"
arSEA(107,0) = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" : arSEA(107,1) = "webcheck.dll"
arSEA(108,0) = "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" : arSEA(108,1) = "webcheck.dll"
arSEA(109,0) = "{F5175861-2688-11d0-9C5E-00AA00A45957}" : arSEA(109,1) = "webcheck.dll"
arSEA(110,0) = "{08165EA0-E946-11CF-9C87-00AA005127ED}" : arSEA(110,1) = "webcheck.dll"
arSEA(111,0) = "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" : arSEA(111,1) = "webcheck.dll"
arSEA(112,0) = "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" : arSEA(112,1) = "webcheck.dll"
arSEA(113,0) = "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" : arSEA(113,1) = "webcheck.dll"
arSEA(114,0) = "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" : arSEA(114,1) = "webcheck.dll"
arSEA(115,0) = "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" : arSEA(115,1) = "webcheck.dll"
arSEA(116,0) = "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" : arSEA(116,1) = "webcheck.dll"
arSEA(117,0) = "{352EC2B7-8B9A-11D1-B8AE-006008059382}" : arSEA(117,1) = "appwiz.cpl"
arSEA(118,0) = "{0B124F8F-91F0-11D1-B8B5-006008059382}" : arSEA(118,1) = "appwiz.cpl"
arSEA(119,0) = "{CFCCC7A0-A282-11D1-9082-006008059382}" : arSEA(119,1) = "appwiz.cpl"
arSEA(120,0) = "{e84fda7c-1d6a-45f6-b725-cb260c236066}" : arSEA(120,1) = "shimgvw.dll"
arSEA(121,0) = "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" : arSEA(121,1) = "shimgvw.dll"
arSEA(122,0) = "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" : arSEA(122,1) = "shimgvw.dll"
arSEA(123,0) = "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" : arSEA(123,1) = "shimgvw.dll"
arSEA(124,0) = "{EAB841A0-9550-11cf-8C16-00805F1408F3}" : arSEA(124,1) = "shimgvw.dll"
arSEA(125,0) = "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" : arSEA(125,1) = "shimgvw.dll"
arSEA(126,0) = "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" : arSEA(126,1) = "netplwiz.dll"
arSEA(127,0) = "{add36aa8-751a-4579-a266-d66f5202ccbb}" : arSEA(127,1) = "netplwiz.dll"
arSEA(128,0) = "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" : arSEA(128,1) = "netplwiz.dll"
arSEA(129,0) = "{58f1f272-9240-4f51-b6d4-fd63d1618591}" : arSEA(129,1) = "netplwiz.dll"
arSEA(130,0) = "{7A9D77BD-5403-11d2-8785-2E0420524153}" : arSEA(130,1) = ""
arSEA(131,0) = "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" : arSEA(131,1) = "zipfldr.dll"
arSEA(132,0) = "{BD472F60-27FA-11cf-B8B4-444553540000}" : arSEA(132,1) = "zipfldr.dll"
arSEA(133,0) = "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" : arSEA(133,1) = "zipfldr.dll"
arSEA(134,0) = "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" : arSEA(134,1) = "cdfview.dll"
arSEA(135,0) = "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" : arSEA(135,1) = "cdfview.dll"
arSEA(136,0) = "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" : arSEA(136,1) = "cdfview.dll"
arSEA(137,0) = "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" : arSEA(137,1) = "cdfview.dll"
arSEA(138,0) = "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" : arSEA(138,1) = "cdfview.dll"
arSEA(139,0) = "{63da6ec0-2e98-11cf-8d82-444553540000}" : arSEA(139,1) = "msieftp.dll"
arSEA(140,0) = "{883373C3-BF89-11D1-BE35-080036B11A03}" : arSEA(140,1) = "docprop2.dll"
arSEA(141,0) = "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" : arSEA(141,1) = "docprop2.dll"
arSEA(142,0) = "{8EE97210-FD1F-4B19-91DA-67914005F020}" : arSEA(142,1) = "docprop2.dll"
arSEA(143,0) = "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" : arSEA(143,1) = "docprop2.dll"
arSEA(144,0) = "{6A205B57-2567-4A2C-B881-F787FAB579A3}" : arSEA(144,1) = "docprop2.dll"
arSEA(145,0) = "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" : arSEA(145,1) = "docprop2.dll"
arSEA(146,0) = "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" : arSEA(146,1) = "dsquery.dll"
arSEA(147,0) = "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" : arSEA(147,1) = "dsquery.dll"
arSEA(148,0) = "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" : arSEA(148,1) = "dsquery.dll"
arSEA(149,0) = "{F020E586-5264-11d1-A532-0000F8757D7E}" : arSEA(149,1) = "dsquery.dll"
arSEA(150,0) = "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" : arSEA(150,1) = "dsuiext.dll"
arSEA(151,0) = "{62AE1F9A-126A-11D0-A14B-0800361B1103}" : arSEA(151,1) = "dsuiext.dll"
arSEA(152,0) = "{ECF03A33-103D-11d2-854D-006008059367}" : arSEA(152,1) = "mydocs.dll"
arSEA(153,0) = "{ECF03A32-103D-11d2-854D-006008059367}" : arSEA(153,1) = "mydocs.dll"
arSEA(154,0) = "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" : arSEA(154,1) = "mydocs.dll"
arSEA(155,0) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" : arSEA(155,1) = "cscui.dll"
arSEA(156,0) = "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" : arSEA(156,1) = "cscui.dll"
arSEA(157,0) = "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" : arSEA(157,1) = "cscui.dll"
arSEA(158,0) = "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" : arSEA(158,1) = "agentpsh.dll"
arSEA(159,0) = "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" : arSEA(159,1) = "dfsshlex.dll"
arSEA(160,0) = "{60fd46de-f830-4894-a628-6fa81bc0190d}" : arSEA(160,1) = "photowiz.dll"
arSEA(161,0) = "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" : arSEA(161,1) = "mmcshext.dll"
arSEA(162,0) = "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" : arSEA(162,1) = "cabview.dll"
arSEA(163,0) = "{32714800-2E5F-11d0-8B85-00AA0044F941}" : arSEA(163,1) = "wabfind.dll"
arSEA(164,0) = "{8DD448E6-C188-4aed-AF92-44956194EB1F}" : arSEA(164,1) = "wmpshell.dll"
arSEA(165,0) = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" : arSEA(165,1) = "wmpshell.dll"
arSEA(166,0) = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" : arSEA(166,1) = "wmpshell.dll"
'W2K
arSEA(167,0) = "{41E300E0-78B6-11ce-849B-444553540000}" : arSEA(167,1) = "plustab.dll"
arSEA(168,0) = "{1A9BA3A0-143A-11CF-8350-444553540000}" : arSEA(168,1) = "shell32.dll"
arSEA(169,0) = "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" : arSEA(169,1) = "shell32.dll"
arSEA(170,0) = "{86747AC0-42A0-1069-A2E6-08002B30309D}" : arSEA(170,1) = "shell32.dll"
arSEA(171,0) = "{0AFACED1-E828-11D1-9187-B532F1E9575D}" : arSEA(171,1) = "shell32.dll"
arSEA(172,0) = "{12518493-00B2-11d2-9FA5-9E3420524153}" : arSEA(172,1) = "shell32.dll"
arSEA(173,0) = "{21B22460-3AEA-1069-A2DC-08002B30309D}" : arSEA(173,1) = "shell32.dll"
arSEA(174,0) = "{B091E540-83E3-11CF-A713-0020AFD79762}" : arSEA(174,1) = "shell32.dll"
arSEA(175,0) = "{FBF23B41-E3F0-101B-8488-00AA003E56F8}" : arSEA(175,1) = "shell32.dll"
arSEA(176,0) = "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" : arSEA(176,1) = "shell32.dll"
arSEA(177,0) = "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" : arSEA(177,1) = "shell32.dll"
arSEA(178,0) = "{13709620-C279-11CE-A49E-444553540000}" : arSEA(178,1) = "shell32.dll"
arSEA(179,0) = "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}" : arSEA(179,1) = "shell32.dll"
arSEA(180,0) = "{4622AD11-FF23-11d0-8D34-00A0C90F2719}" : arSEA(180,1) = "shell32.dll"
arSEA(181,0) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}" : arSEA(181,1) = "shell32.dll"
arSEA(182,0) = "{D969A300-E7FF-11d0-A93B-00A0C90F2719}" : arSEA(182,1) = "shell32.dll"
arSEA(183,0) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}" : arSEA(183,1) = "shell32.dll"
arSEA(184,0) = "{3FC0B520-68A9-11D0-8D77-00C04FD70822}" : arSEA(184,1) = "shell32.dll"
arSEA(185,0) = "{75048700-EF1F-11D0-9888-006097DEACF9}" : arSEA(185,1) = "shell32.dll"
arSEA(186,0) = "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}" : arSEA(186,1) = "shell32.dll"
arSEA(187,0) = "{57651662-CE3E-11D0-8D77-00C04FC99D61}" : arSEA(187,1) = "shell32.dll"
arSEA(188,0) = "{4657278A-411B-11d2-839A-00C04FD918D0}" : arSEA(188,1) = "shell32.dll"
arSEA(189,0) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" : arSEA(189,1) = "shell32.dll"
arSEA(190,0) = "{568804CA-CBD7-11d0-9816-00C04FD91972}" : arSEA(190,1) = "browseui.dll"
arSEA(191,0) = "{5b4dae26-b807-11d0-9815-00c04fd91972}" : arSEA(191,1) = "browseui.dll"
arSEA(192,0) = "{8278F931-2A3E-11d2-838F-00C04FD918D0}" : arSEA(192,1) = "browseui.dll"
arSEA(193,0) = "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" : arSEA(193,1) = "browseui.dll"
arSEA(194,0) = "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" : arSEA(194,1) = "browseui.dll"
arSEA(195,0) = "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" : arSEA(195,1) = "browseui.dll"
arSEA(196,0) = "{0E5CBF21-D15F-11d0-8301-00AA005B4383}" : arSEA(196,1) = "browseui.dll"
arSEA(197,0) = "{7487cd30-f71a-11d0-9ea7-00805f714772}" : arSEA(197,1) = "browseui.dll"
arSEA(198,0) = "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}" : arSEA(198,1) = "thumbvw.dll"
arSEA(199,0) = "{EAB841A0-9550-11CF-8C16-00805F1408F3}" : arSEA(199,1) = "thumbvw.dll"
arSEA(200,0) = "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}" : arSEA(200,1) = "thumbvw.dll"
arSEA(201,0) = "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}" : arSEA(201,1) = "thumbvw.dll"
arSEA(202,0) = "{500202A0-731E-11D0-B829-00C04FD706EC}" : arSEA(202,1) = "thumbvw.dll"
arSEA(203,0) = "{0B124F8C-91F0-11D1-B8B5-006008059382}" : arSEA(203,1) = "appwiz.cpl"
arSEA(204,0) = "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}" : arSEA(204,1) = "dsfolder.dll"
arSEA(205,0) = "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" : arSEA(205,1) = "dsfolder.dll"
arSEA(206,0) = "{450D8FBA-AD25-11D0-98A8-0800361B1103}" : arSEA(206,1) = "mydocs.dll"
'WXP SP2
arSEA(207,0) = "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(207,1) = "shdocvw.dll"
arSEA(208,0) = "{596AB062-B4D2-4215-9F74-E9109B0A8153}" : arSEA(208,1) = "twext.dll"
arSEA(209,0) = "{9DB7A13C-F208-4981-8353-73CC61AE2783}" : arSEA(209,1) = "twext.dll"
arSEA(210,0) = "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" : arSEA(210,1) = "extmgr.dll"
'NT4
arSEA(211,0) = "{764BF0E1-F219-11ce-972D-00AA00A14F56}" : arSEA(211,1) = "shcompui.dll"
arSEA(212,0) = "{8DE56A0D-E58B-41FE-9F80-3563CDCB2C22}" : arSEA(212,1) = "thumbvw.dll"
arSEA(213,0) = "{13709620-C279-11CE-A49E-444553540000}" : arSEA(213,1) = "SHDOC401.DLL"
arSEA(214,0) = "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}" : arSEA(214,1) = "SHDOC401.DLL"
arSEA(215,0) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}" : arSEA(215,1) = "SHDOC401.DLL"
arSEA(216,0) = "{D969A300-E7FF-11d0-A93B-00A0C90F2719}" : arSEA(216,1) = "SHDOC401.DLL"
arSEA(217,0) = "{4622AD11-FF23-11d0-8D34-00A0C90F2719}" : arSEA(217,1) = "SHDOC401.DLL"
arSEA(218,0) = "{3AD1E410-AAB9-11d0-89D7-00C04FC9E26E}" : arSEA(218,1) = "SHDOCVW.DLL"
arSEA(219,0) = "{57651662-CE3E-11D0-8D77-00C04FC99D61}" : arSEA(219,1) = "SHDOC401.DLL"
arSEA(220,0) = "{B091E540-83E3-11CF-A713-0020AFD79762}" : arSEA(220,1) = "SHDOC401.DLL"
arSEA(221,0) = "{3FC0B520-68A9-11D0-8D77-00C04FD70822}" : arSEA(221,1) = "SHDOC401.DLL"
arSEA(222,0) = "{7D688A77-C613-11D0-999B-00C04FD655E1}" : arSEA(222,1) = "SHELL32.dll"
arSEA(223,0) = "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" : arSEA(223,1) = "MSONSEXT.DLL"
arSEA(224,0) = "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" : arSEA(224,1) = "SHDOC401.DLL"
arSEA(225,0) = "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" : arSEA(225,1) = "SHDOC401.DLL"
arSEA(226,0) = "{75048700-EF1F-11D0-9888-006097DEACF9}" : arSEA(226,1) = "SHDOC401.DLL"
arSEA(227,0) = "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}" : arSEA(227,1) = "SHDOC401.DLL"
arSEA(228,0) = "{FBF23B41-E3F0-101B-8488-00AA003E56F8}" : arSEA(228,1) = "SHDOC401.DLL"
arSEA(229,0) = "{5a61f7a0-cde1-11cf-9113-00aa00425c62}" : arSEA(229,1) = "w3ext.dll"
'WMe
arSEA(230,0) = "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" : arSEA(230,1) = "THUMBVW.DLL"  'see (122) 
arSEA(231,0) = "{53C74826-AB99-4d33-ACA4-3117F51D3788}" : arSEA(231,1) = "SHELL32.DLL" 
arSEA(232,0) = "{992CFFA0-F557-101A-88EC-00DD010CCC48}" : arSEA(232,1) = "rnaui.dll"  'see (30) 
arSEA(233,0) = "{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}" : arSEA(233,1) = "SHELL32.DLL"
'MS PowerToys
arSEA(234,0) = "{AA7C7080-860A-11CE-8424-08002B2CFF76}" : arSEA(234,1) = "SENDTOX.DLL"
arSEA(235,0) = "{7BB70120-6C78-11CF-BFC7-444553540000}" : arSEA(235,1) = "SENDTOX.DLL"
arSEA(236,0) = "{7BB70122-6C78-11CF-BFC7-444553540000}" : arSEA(236,1) = "SENDTOX.DLL"
arSEA(237,0) = "{7BB70121-6C78-11CF-BFC7-444553540000}" : arSEA(237,1) = "SENDTOX.DLL"
arSEA(238,0) = "{7BB70123-6C78-11CF-BFC7-444553540000}" : arSEA(238,1) = "SENDTOX.DLL"
arSEA(239,0) = "{9E56BE62-C50F-11CF-9A2C-00A0C90A90CE}" : arSEA(239,1) = "SENDTOX.DLL"
arSEA(240,0) = "{90A756E0-AFCF-11CE-927B-0800095AE340}" : arSEA(240,1) = "target.dll"
arSEA(241,0) = "{afc638f0-e8a4-11ce-9ade-00aa00a42d2e}" : arSEA(241,1) = "TTFExtNT.dll"
'etc
arSEA(242,0) = "{1D2680C9-0E2A-469d-B787-065558BC7D43}" : arSEA(242,1) = "mscoree.dll"
arSEA(243,0) = "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" : arSEA(243,1) = "wuaueng.dll"
'WXP IE 7
arSEA(244,0) = "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" : arSEA(244,1) = "ieframe.dll"
arSEA(245,0) = "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" : arSEA(245,1) = "ieframe.dll"
arSEA(246,0) = "{205D7A97-F16D-4691-86EF-F3075DCCA57D}" : arSEA(246,1) = "ieframe.dll"
arSEA(247,0) = "{3028902F-6374-48b2-8DC6-9725E775B926}" : arSEA(247,1) = "ieframe.dll"
arSEA(248,0) = "{30D02401-6A81-11d0-8274-00C04FD5AE38}" : arSEA(248,1) = "ieframe.dll"
arSEA(249,0) = "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" : arSEA(249,1) = "ieframe.dll"
arSEA(250,0) = "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" : arSEA(250,1) = "ieframe.dll"
arSEA(251,0) = "{43886CD5-6529-41c4-A707-7B3C92C05E68}" : arSEA(251,1) = "ieframe.dll"
arSEA(252,0) = "{44C76ECD-F7FA-411c-9929-1B77BA77F524}" : arSEA(252,1) = "ieframe.dll"
arSEA(253,0) = "{4B78D326-D922-44f9-AF2A-07805C2A3560}" : arSEA(253,1) = "ieframe.dll"
arSEA(254,0) = "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" : arSEA(254,1) = "ieframe.dll"
arSEA(255,0) = "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" : arSEA(255,1) = "ieframe.dll"
arSEA(256,0) = "{6CF48EF8-44CD-45d2-8832-A16EA016311B}" : arSEA(256,1) = "ieframe.dll"
arSEA(257,0) = "{73CFD649-CD48-4fd8-A272-2070EA56526B}" : arSEA(257,1) = "ieframe.dll"
arSEA(258,0) = "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" : arSEA(258,1) = "ieframe.dll"
arSEA(259,0) = "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" : arSEA(259,1) = "ieframe.dll"
arSEA(260,0) = "{871C5380-42A0-1069-A2EA-08002B30309D}" : arSEA(260,1) = "ieframe.dll"
arSEA(261,0) = "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" : arSEA(261,1) = "ieframe.dll"
arSEA(262,0) = "{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}" : arSEA(262,1) = "ieframe.dll"
arSEA(263,0) = "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" : arSEA(263,1) = "ieframe.dll"
arSEA(264,0) = "{B31C5FAE-961F-415b-BAF0-E697A5178B94}" : arSEA(264,1) = "ieframe.dll"
arSEA(265,0) = "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" : arSEA(265,1) = "ieframe.dll"
arSEA(266,0) = "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" : arSEA(266,1) = "ieframe.dll"
arSEA(267,0) = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" : arSEA(267,1) = "ieframe.dll"
arSEA(268,0) = "{E6EE9AAC-F76B-4947-8260-A9F136138E11}" : arSEA(268,1) = "ieframe.dll"
arSEA(269,0) = "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" : arSEA(269,1) = "ieframe.dll"
arSEA(270,0) = "{F0353E1D-FEEC-474e-A984-1E5C6865E380}" : arSEA(270,1) = "ieframe.dll"
arSEA(271,0) = "{F2CF5485-4E02-4f68-819C-B92DE9277049}" : arSEA(271,1) = "ieframe.dll"
arSEA(272,0) = "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" : arSEA(272,1) = "ieframe.dll"
arSEA(273,0) = "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" : arSEA(273,1) = "ieframe.dll"
arSEA(274,0) = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" : arSEA(274,1) = "ieframe.dll"
arSEA(275,0) = "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" : arSEA(275,1) = "ieframe.dll"
arSEA(276,0) = "{FF393560-C2A7-11CF-BFF4-444553540000}" : arSEA(276,1) = "ieframe.dll"
'WVa
arSEA(277,0) = "{00021401-0000-0000-C000-000000000046}" : arSEA(277,1) = "shell32.dll"
arSEA(278,0) = "{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" : arSEA(278,1) = "PhotoAcq.dll"
arSEA(279,0) = "{025A5937-A6BE-4686-A844-36FE4BEC8B6D}" : arSEA(279,1) = "shdocvw.dll"
arSEA(280,0) = "{056440FD-8568-48e7-A632-72157243B55B}" : arSEA(280,1) = "browseui.dll"
arSEA(281,0) = "{0a4286ea-e355-44fb-8086-af3df7645bd9}" : arSEA(281,1) = "wmpband.dll"
arSEA(282,0) = "{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B}" : arSEA(282,1) = "shell32.dll"
arSEA(283,0) = "{0BFCF7B7-E7B6-433a-B205-2904FCF040DD}" : arSEA(283,1) = "appwiz.cpl"
arSEA(284,0) = "{11dbb47c-a525-400b-9e80-a54615a090c0}" : arSEA(284,1) = "ExplorerFrame.dll"
arSEA(285,0) = "{13D3C4B8-B179-4ebb-BF62-F704173E7448}" : arSEA(285,1) = "wab32.dll"
arSEA(286,0) = "{1531d583-8375-4d3f-b5fb-d23bbd169f22}" : arSEA(286,1) = "shell32.dll"
arSEA(287,0) = "{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" : arSEA(287,1) = "TipBand.dll" 
arSEA(288,0) = "{15eae92e-f17a-4431-9f28-805e482dafd4}" : arSEA(288,1) = "appwiz.cpl"
arSEA(289,0) = "{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" : arSEA(289,1) = "wab32.dll" 
arSEA(290,0) = "{176d6597-26d3-11d1-b350-080036a75b03}" : arSEA(290,1) = "colorui.dll"
arSEA(291,0) = "{17cd9488-1228-4b2f-88ce-4298e93e0966}" : arSEA(291,1) = "shdocvw.dll"
arSEA(292,0) = "{1a184871-359e-4f67-aad9-5b9905d62232}" : arSEA(292,1) = "fontext.dll" 
arSEA(293,0) = "{1FA9085F-25A2-489B-85D4-86326EEDCD87}" : arSEA(293,1) = "wlanpref.dll"
arSEA(294,0) = "{21569614-B795-46b1-85F4-E737A8DC09AD}" : arSEA(294,1) = "browseui.dll"
arSEA(295,0) = "{21ec2020-3aea-1069-a2dd-08002b30309d}" : arSEA(295,1) = "shell32.dll" 
arSEA(296,0) = "{25336920-03f9-11cf-8fd0-00aa00686f13}" : arSEA(296,1) = "mshtml.dll" 
arSEA(297,0) = "{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" : arSEA(297,1) = "shell32.dll" 
arSEA(298,0) = "{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(298,1) = "shdocvw.dll"
arSEA(299,0) = "{2781761E-28E0-4109-99FE-B9D127C57AFE}" : arSEA(299,1) = "MpOav.dll"
arSEA(300,0) = "{289978AC-A101-4341-A817-21EBA7FD046D}" : arSEA(300,1) = "SyncCenter.dll"
arSEA(301,0) = "{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E}" : arSEA(301,1) = "fontext.dll"
arSEA(302,0) = "{2E9E59C0-B437-4981-A647-9C34B9B90891}" : arSEA(302,1) = "SyncCenter.dll"
arSEA(303,0) = "{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}" : arSEA(303,1) = "mshtml.dll" 
arSEA(304,0) = "{3080F90D-D7AD-11D9-BD98-0000947B0257}" : arSEA(304,1) = "shdocvw.dll"
arSEA(305,0) = "{3080F90E-D7AD-11D9-BD98-0000947B0257}" : arSEA(305,1) = "shdocvw.dll"
arSEA(306,0) = "{328B0346-7EAF-4BBE-A479-7CB88A095F5B}" : arSEA(306,1) = "shell32.dll"
arSEA(307,0) = "{335a31dd-f04b-4d76-a925-d6b47cf360df}" : arSEA(307,1) = "shdocvw.dll"
arSEA(308,0) = "{35786D3C-B075-49b9-88DD-029876E11C01}" : arSEA(308,1) = "wpdshext.dll"
arSEA(309,0) = "{36eef7db-88ad-4e81-ad49-0e313f0c35f8}" : arSEA(309,1) = "shdocvw.dll"
arSEA(310,0) = "{3c2654c6-7372-4f6b-b310-55d6128f49d2}" : arSEA(310,1) = "shell32.dll"
arSEA(311,0) = "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" : arSEA(311,1) = "PhotoMetadataHandler.dll"
arSEA(312,0) = "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" : arSEA(312,1) = "mediametadatahandler.dll"
arSEA(313,0) = "{4336a54d-038b-4685-ab02-99bb52d3fb8b}" : arSEA(313,1) = "shdocvw.dll"
arSEA(314,0) = "{437ff9c0-a07f-4fa0-af80-84b6c6440a16}" : arSEA(314,1) = "shell32.dll"
arSEA(315,0) = "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" : arSEA(315,1) = "XPSSHHDR.DLL"
arSEA(316,0) = "{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}" : arSEA(316,1) = "mydocs.dll" 
arSEA(317,0) = "{45670FA8-ED97-4F44-BC93-305082590BFB}" : arSEA(317,1) = "XPSSHHDR.DLL"
arSEA(318,0) = "{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}" : arSEA(318,1) = "cscui.dll"
arSEA(319,0) = "{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" : arSEA(319,1) = "icsigd.dll" 
arSEA(320,0) = "{4B534112-3AF6-4697-A77C-D62CE9B9E7CF}" : arSEA(320,1) = "SyncCenter.dll"
arSEA(321,0) = "{4D1209BD-36E2-4e2f-840D-6C7FB879DD9E}" : arSEA(321,1) = "shdocvw.dll"
arSEA(322,0) = "{4d5c8c2a-d075-11d0-b416-00c04fb90376}" : arSEA(322,1) = "browseui.dll" 
arSEA(323,0) = "{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" : arSEA(323,1) = "gameux.dll" 
arSEA(324,0) = "{4E77131D-3629-431c-9818-C5679DC83E81}" : arSEA(324,1) = "cscui.dll"
arSEA(325,0) = "{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" : arSEA(325,1) = "wab32.dll"
arSEA(326,0) = "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" : arSEA(326,1) = "acppage.dll"
arSEA(327,0) = "{53BEDF0B-4E5B-4183-8DC9-B844344FA104}" : arSEA(327,1) = "mssvp.dll"
arSEA(328,0) = "{576C9E85-1300-4EF5-BF6B-D00509F4EDCD}" : arSEA(328,1) = "SyncCenter.dll"
arSEA(329,0) = "{58E3C745-D971-4081-9034-86E34B30836A}" : arSEA(329,1) = "shdocvw.dll"
arSEA(330,0) = "{596742A5-1393-4e13-8765-AE1DF71ACAFB}" : arSEA(330,1) = "browseui.dll"
arSEA(331,0) = "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" : arSEA(331,1) = "colorui.dll"
arSEA(332,0) = "{5FA29220-36A1-40f9-89C6-F4B384B7642E}" : arSEA(332,1) = "inetcomm.dll"
arSEA(333,0) = "{60632754-c523-4b62-b45c-4172da012619}" : arSEA(333,1) = "shdocvw.dll"
arSEA(334,0) = "{640167b4-59b0-47a6-b335-a6b3c0695aea}" : arSEA(334,1) = "audiodev.dll"
arSEA(335,0) = "{66742402-F9B9-11D1-A202-0000F81FEDEE}" : arSEA(335,1) = "shell32.dll"
arSEA(336,0) = "{675F097E-4C4D-11D0-B6C1-0800091AA605}" : arSEA(336,1) = "colorui.dll"
arSEA(337,0) = "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" : arSEA(337,1) = "shwebsvc.dll"
arSEA(338,0) = "{6b9228da-9c15-419e-856c-19e768a13bdc}" : arSEA(338,1) = "sbdrop.dll" 
arSEA(339,0) = "{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}" : arSEA(339,1) = "browseui.dll"
arSEA(340,0) = "{708e1662-b832-42a8-bbe1-0a77121e3908}" : arSEA(340,1) = "shell32.dll"
arSEA(341,0) = "{71D99464-3B6B-475C-B241-E15883207529}" : arSEA(341,1) = "SyncCenter.dll"
arSEA(342,0) = "{71f96385-ddd6-48d3-a0c1-ae06e8b055fb}" : arSEA(342,1) = "shell32.dll"
arSEA(343,0) = "{74246bfc-4c96-11d0-abef-0020af6b0b7a}" : arSEA(343,1) = "devmgr.dll" 
arSEA(344,0) = "{78F3955E-3B90-4184-BD14-5397C15F1EFC}" : arSEA(344,1) = "shdocvw.dll"
arSEA(345,0) = "{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" : arSEA(345,1) = "SyncCenter.dll" 
arSEA(346,0) = "{7b81be6a-ce2b-4676-a29e-eb907a5126c5}" : arSEA(346,1) = "appwiz.cpl"
arSEA(347,0) = "{7D4734E6-047E-41e2-AEAA-E763B4739DC4}" : arSEA(347,1) = "wmpshell.dll" 
arSEA(348,0) = "{7EFA68C6-086B-43e1-A2D2-55A113531240}" : arSEA(348,1) = "cscui.dll"
arSEA(349,0) = "{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" : arSEA(349,1) = "wab32.dll"
arSEA(350,0) = "{865e5e76-ad83-4dca-a109-50dc2113ce9a}" : arSEA(350,1) = "shell32.dll" 
arSEA(351,0) = "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" : arSEA(351,1) = "mediametadatahandler.dll"
arSEA(352,0) = "{877ca5ac-cb41-4842-9c69-9136e42d47e2}" : arSEA(352,1) = "sdshext.dll"
arSEA(353,0) = "{8856f961-340a-11d0-a96b-00c04fd705a2}" : arSEA(353,1) = "ieframe.dll" 
arSEA(354,0) = "{89D83576-6BD1-4c86-9454-BEB04E94C819}" : arSEA(354,1) = "mssvp.dll"
arSEA(355,0) = "{8A734961-C4AA-4741-AC1E-791ACEBF5B39}" : arSEA(355,1) = "wmpshell.dll" 
arSEA(356,0) = "{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}" : arSEA(356,1) = "fontext.dll" 
arSEA(357,0) = "{8E25992B-373E-486E-80E5-BD23AE417E66}" : arSEA(357,1) = "SyncCenter.dll"
arSEA(358,0) = "{8E908FC9-BECC-40f6-915B-F4CA0E70D03D}" : arSEA(358,1) = "shdocvw.dll"
arSEA(359,0) = "{90b9bce2-b6db-4fd3-8451-35917ea1081b}" : arSEA(359,1) = "ExplorerFrame.dll" 
arSEA(360,0) = "{90f8c90b-04e0-4e92-a186-e6e9c125d664}" : arSEA(360,1) = "shdocvw.dll"
arSEA(361,0) = "{91ADC906-6722-4B05-A12B-471ADDCCE132}" : arSEA(361,1) = "TouchX.dll" 
arSEA(362,0) = "{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" : arSEA(362,1) = "oleprn.dll" 
arSEA(363,0) = "{92dbad9f-5025-49b0-9078-2d78f935e341}" : arSEA(363,1) = "inetcomm.dll"
arSEA(364,0) = "{96AE8D84-A250-4520-95A5-A47A7E3C548B}" : arSEA(364,1) = "shdocvw.dll"
arSEA(365,0) = "{97e467b4-98c6-4f19-9588-161b7773d6f6}" : arSEA(365,1) = "propsys.dll"
arSEA(366,0) = "{9C60DE1E-E5FC-40f4-A487-460851A8D915}" : arSEA(366,1) = "shdocvw.dll"
arSEA(367,0) = "{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}" : arSEA(367,1) = "SyncCenter.dll"
arSEA(368,0) = "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" : arSEA(368,1) = "shell32.dll"
arSEA(369,0) = "{a38b883c-1682-497e-97b0-0a3a9e801682}" : arSEA(369,1) = "PhotoMetadataHandler.dll"
arSEA(370,0) = "{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3}" : arSEA(370,1) = "shell32.dll"
arSEA(371,0) = "{a542e116-8088-4146-a352-b0d06e7f6af6}" : arSEA(371,1) = "browseui.dll"
arSEA(372,0) = "{add36aa8-751a-4579-a266-d66f5202ccbb}" : arSEA(372,1) = "shwebsvc.dll"
arSEA(373,0) = "{b155bdf8-02f0-451e-9a26-ae317cfd7779}" : arSEA(373,1) = "shdocvw.dll"
arSEA(374,0) = "{b2952b16-0e07-4e5a-b993-58c52cb94cae}" : arSEA(374,1) = "shell32.dll"
arSEA(375,0) = "{B32D3949-ED98-4DBB-B347-17A144969BBA}" : arSEA(375,1) = "SyncCenter.dll"
arSEA(376,0) = "{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af}" : arSEA(376,1) = "zipfldr.dll"
arSEA(377,0) = "{b9815375-5d7f-4ce2-9245-c9d4da436930}" : arSEA(377,1) = "inetcomm.dll"
arSEA(378,0) = "{BB06C0E4-D293-4f75-8A90-CB05B6477EEE}" : arSEA(378,1) = "shdocvw.dll"
arSEA(379,0) = "{BB6B2374-3D79-41DB-87F4-896C91846510}" : arSEA(379,1) = "emdmgmt.dll" 
arSEA(380,0) = "{BC48B32F-5910-47F5-8570-5074A8A5636A}" : arSEA(380,1) = "SyncCenter.dll"
arSEA(381,0) = "{BC65FB43-1958-4349-971A-210290480130}" : arSEA(381,1) = "NcdProp.dll" 
arSEA(382,0) = "{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}" : arSEA(382,1) = "mssvp.dll"
arSEA(383,0) = "{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}" : arSEA(383,1) = "shdocvw.dll" 
arSEA(384,0) = "{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B}" : arSEA(384,1) = "comdlg32.dll"
arSEA(385,0) = "{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}" : arSEA(385,1) = "browseui.dll"
arSEA(386,0) = "{c5a40261-cd64-4ccf-84cb-c394da41d590}" : arSEA(386,1) = "mediametadatahandler.dll"
arSEA(387,0) = "{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9}" : arSEA(387,1) = "shdocvw.dll"
arSEA(388,0) = "{C7657C4A-9F68-40fa-A4DF-96BC08EB3551}" : arSEA(388,1) = "PhotoMetadataHandler.dll"
arSEA(389,0) = "{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}" : arSEA(389,1) = "oobefldr.dll"
arSEA(390,0) = "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" : arSEA(390,1) = "shwebsvc.dll"
arSEA(391,0) = "{ceefea1b-3e29-4ef1-b34c-fec79c4f70af}" : arSEA(391,1) = "appwiz.cpl"
arSEA(392,0) = "{CF67796C-F57F-45F8-92FB-AD698826C602}" : arSEA(392,1) = "wab32.dll" 
arSEA(393,0) = "{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}" : arSEA(393,1) = "shdocvw.dll" 
arSEA(394,0) = "{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}" : arSEA(394,1) = "appwiz.cpl"
arSEA(395,0) = "{D555645E-D4F8-4c29-A827-D93C859C4F2A}" : arSEA(395,1) = "shdocvw.dll"
arSEA(396,0) = "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" : arSEA(396,1) = "wpdshext.dll"
arSEA(397,0) = "{D9EF8727-CAC2-4e60-809E-86F80A666C91}" : arSEA(397,1) = "shdocvw.dll"
arSEA(398,0) = "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" : arSEA(398,1) = "colorui.dll"
arSEA(399,0) = "{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}" : arSEA(399,1) = "comdlg32.dll"
arSEA(400,0) = "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" : arSEA(400,1) = "shdocvw.dll"
arSEA(401,0) = "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" : arSEA(401,1) = "dfshim.dll"
arSEA(402,0) = "{E413D040-6788-4C22-957E-175D1C513A34}" : arSEA(402,1) = "SyncCenter.dll"
arSEA(403,0) = "{E598560B-28D5-46aa-A14A-8A3BEA34B576}" : arSEA(403,1) = "PhotoViewer.dll"
arSEA(404,0) = "{E7DE9B1A-7533-4556-9484-B26FB486475E}" : arSEA(404,1) = "shdocvw.dll"
arSEA(405,0) = "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" : arSEA(405,1) = "dfshim.dll"
arSEA(406,0) = "{E95A4861-D57A-4be1-AD0F-35267E261739}" : arSEA(406,1) = "shdocvw.dll"
arSEA(407,0) = "{eb124705-128b-40d4-8dd8-d93ed12589a4}" : arSEA(407,1) = "shdocvw.dll"
arSEA(408,0) = "{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60}" : arSEA(408,1) = "gameux.dll"
arSEA(409,0) = "{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}" : arSEA(409,1) = "gameux.dll"
arSEA(410,0) = "{ed50fc29-b964-48a9-afb3-15ebb9b97f36}" : arSEA(410,1) = "shdocvw.dll"
arSEA(411,0) = "{ED834ED6-4B5A-4bfe-8F11-A626DCB6A921}" : arSEA(411,1) = "shdocvw.dll"
arSEA(412,0) = "{ed9d80b9-d157-457b-9192-0e7280313bf0}" : arSEA(412,1) = "zipfldr.dll"
arSEA(413,0) = "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" : arSEA(413,1) = "NetworkExplorer.dll"
arSEA(414,0) = "{F04CC277-03A2-4277-96A9-77967471BDFF}" : arSEA(414,1) = "SyncCenter.dll"
arSEA(415,0) = "{f8b8412b-dea3-4130-b36c-5e8be73106ac}" : arSEA(415,1) = "inetcomm.dll"
arSEA(416,0) = "{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C}" : arSEA(416,1) = "SyncCenter.dll"
arSEA(417,0) = "{fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}" : arSEA(417,1) = "browseui.dll"
arSEA(418,0) = "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" : arSEA(418,1) = "PhotoViewer.dll" 
arSEA(419,0) = "{28803F59-3A75-4058-995F-4EE5503B023C}" : arSEA(419,1) = "FunctionDiscoveryFolder.dll" 
arSEA(420,0) = "{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}" : arSEA(420,1) = "EhStorShell.dll" 
arSEA(421,0) = "{11016101-E366-4D22-BC06-4ADA335C892B}" : arSEA(421,1) = "ieframe.dll" 
'Wn7
arSEA(422,0) = "{00C6D95F-329C-409a-81D7-C46C66EA7F33}" : arSEA(422,1) = "shdocvw.dll" 
arSEA(423,0) = "{80009818-f38f-4af1-87b5-eadab9433e58}" : arSEA(423,1) = "mf.dll" 
'WS2K3
arSEA(424,0) = "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" : arSEA(424,1) = "shdocvw.dll" 
arSEA(425,0) = "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" : arSEA(425,1) = "audiodev.dll" 
'Wn8
arSEA(426,0) = "{289AF617-1CC3-42A6-926C-E6A863F0E3BA}" : arSEA(426,1) = "dlnashext.dll"
arSEA(427,0) = "{BFD468D2-D0A0-4bdc-878C-E69C2F5B435D}" : arSEA(427,1) = "inetcomm.dll" 
arSEA(428,0) = "{3DBEE9A1-C471-4B95-BBCA-F39310064458}" : arSEA(428,1) = "MicrosoftRawCodec.dll" 
'WS2K3
arSEA(429,0) = "{4648F940-EFE3-4BAB-9211-3BE45CD5029D}" : arSEA(429,1) = "vssui.dll" 
'W10
arSEA(430,0) = "{3DBEE9A1-C471-4B95-BBCA-F39310064458}" : arSEA(430,1) = "WindowsCodecsRaw.dll" 
 
arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved") 
intHKE = 3  'HKCU...SW + HKLM...SW = 1 + 2 
 
If intBits = 64 Then
 
 arKeys = Array("Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" , _
  "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved") 
 
 intHKE = 11  'HKCU...SW + HKLM...SW + HKLM...SW\Wow = 1 + 2 + 8 
              'omit HKCU...SW\Wow 
 
End If
 
'for every arKey member
For intKey = 0 To UBound(arKeys)
 
 'for each hive
 For i = intCLL To 1
 
  'respect Hive Key Enabler map
  If HKInclude(intHKE,i,intKey) Then
 
   'assign subtitle
   strSubTitle = SOCA(arHives(i,0) & BS & arKeys(intKey) & BS)
 
   'find all the names in the key
   oReg.EnumValues arHives(i,1), arKeys(intKey), arNames, arType 
 
   'enumerate data if present
   If IsArray(arNames) Then
 
     'for each CLSID
    For Each strCLSID in arNames
 
      flagTitle = False
 
      'find CLSID title
      CLSIDLocTitle arHives(i,1), arKeys(intKey), strCLSID, strLocTitle
 
     'for each hive
     For ctrCH = intCLL To 1
 
       'assume CLSID unapproved
       flagMatch = False
 
       flagWOW = False
       If InStr(UCase(arKeys(intKey)),"WOW") > 0 Then flagWOW = True
       ResolveCLSID strCLSID, arHives(ctrCH,1), strCLSIDTitle, strIPSDLL, flagWOW 
 
      If strIPSDLL <> "" Then
 
       strCN = CoName(IDExe(strIPSDLL))
 
       'for every member of approved shellex array in HKLM hive
       '(can't have approved shellex in HKCU)
       For j = 0 To UBound(arSEA,1)
 
        'if not ShowAll And CLSID's & DLL's identical And CoName = MS, shellex is known
        If Not flagShowAll And (LCase(strCLSID) = LCase(arSEA(j,0))) And _
         (Fso.GetFileName(LCase(strIPSDLL)) = LCase(arSEA(j,1))) And _
         (strCN = MS) And ctrCH = 1 Then
 
         'toggle flag & exit for
         flagMatch = True : Exit For 
 
        End If
 
       Next  'arSEA member
 
       'for ShowAll Or unknown shellex
       If flagShowAll Or Not flagMatch Then
 
        TitleLineWrite
 
        If Not flagTitle Then
 
         'output CLSID & title
         oFN.WriteLine vbCRLF & strCLSID & " = " & strLocTitle 
         flagTitle = True
 
        End If
 
        strCTHL = LIP & "CLSID} = " : intCTHLS = intCS 
        If flagWOW Then
         strCTHL = LIP & "Wow" & LIP & "CLSID} = " : intCTHLS = intCWS 
        End IF 
 
        'output CLSID title, InProcServer32 DLL & CoName
        oFN.WriteLine "  -> {" & arHives(ctrCH,0) & strCTHL &_
         strCLSIDTitle & vbCRLF & Space(intCTHLS) & "\InProcServer32\(Default) = " &_
         strIPSDLL & strCN
 
       End If  'flagMatch Or flagShowAll?
 
   
Wygenerowano w 0.019s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!