Portable Thunderbird isn't STEALTH either.

Discuss anything related to portable freeware here.
Post Reply
Message
Author
ohiozzz
Posts: 13
Joined: Wed Apr 25, 2007 4:00 pm
Location: Gatlinburg Tn

Portable Thunderbird isn't STEALTH either.

#1 Post by ohiozzz »

Regshot 1.8.1
Comments:
Datetime:2007/6/28 23:42:56 , 2007/6/28 23:45:20
Computer:
Username:

----------------------------------
Keys added:3
----------------------------------
HKLM\SOFTWARE\Mozilla Thunderbird
HKLM\SOFTWARE\Mozilla Thunderbird\Desktop
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\1

----------------------------------
Values added:5
----------------------------------
HKLM\SOFTWARE\Mozilla Thunderbird\Desktop\showMapiDialog: "0"
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\1: 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 00 31 00 00 00 00 00 8B 36 51 2C 10 00 54 48 55 4E 44 45 7E 31 00 00 3E 00 03 00 04 00 EF BE 8B 36 51 2C 8B 36 00 20 14 00 00 00 54 00 68 00 75 00 6E 00 64 00 65 00 72 00 62 00 69 00 72 00 64 00 50 00 6F 00 72 00 74 00 61 00 62 00 6C 00 65 00 00 00 18 00 00 00
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\1\ViewView2: 1C 00 00 00 06 00 00 00 00 00 00 00 00 00 9C 00 00 00 00 00 01 00 00 00 FF FF FF FF F0 F0 F0 F0 14 00 03 00 9C 00 00 00 00 00 00 00 30 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\ThunderbirdPortable\ThunderbirdPortable.exe: "Mozilla Thunderbird, Portable Edition"
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\ThunderbirdPortable\App\Thunderbird\Thunderbird.exe: "Mozilla Thunderbird"

----------------------------------
Values modified:5
----------------------------------
HKLM\SOFTWARE\FullCircle\TalkBack\MozillaOrgThunderbird2Win322007032620\Thunderbird.exe: "E:\ThunderbirdPortable\App\Thunderbird\Thunderbird.exe"
HKLM\SOFTWARE\FullCircle\TalkBack\MozillaOrgThunderbird2Win322007032620\Thunderbird.exe: "D:\ThunderbirdPortable\App\Thunderbird\Thunderbird.exe"
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 00 DA CD 2A DB C8 6F EB 08 B3 DB 89 C3 2E 25 FE 99 A6 A8 E5 A7 15 C4 53 4B 73 84 73 D6 6B 1B A7 96 C5 97 75 20 24 28 C2 47 B5 3C 2C 92 D3 5C BB 8B 3D BE 50 79 F4 C0 C1 C9 4F CF 0C A0 91 E8 64 48 73 F2 FF ED 69 48 F7 8E FA 54 53 01 A1 EA 9C
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: CE 47 96 D6 A5 64 31 24 28 B6 A1 68 76 53 93 4B A4 99 A7 7F 8B 7B 42 38 77 96 FB AB 0A 28 6C C0 77 B9 38 EB 87 14 70 B7 C9 69 E5 4D 02 C1 B1 5F 34 70 74 0C 93 E0 62 FB AE 0F 1F 90 DD 12 AD CB 7C 67 14 B8 27 E0 4D 78 2F C7 71 45 80 F3 88 97
HKLM\SOFTWARE\Microsoft\SystemCertificates\SPC\Certificates\020FD7AC863B3DB98179806AC933970765D2E820\Blob: 03 80 00 00 01 00 00 00 ED 02 00 00 4B 4C 73 77 00 00 4B 4C 73 77 04 00 00 00 73 77 EF 6A CC 0E 67 83 B3 43 D9 21 3D 30 7B BC F6 A6 56 1E 7D DE 86 D4 43 4A 21 35 90 9A B7 AC EF 6A 21 64 A9 89 79 69 6B 99 35 4D 8A 1E 4E 10 25 01 1B FA 7A 7C EC B7 65 A4 49 58 DD A9 64 9C DC 39 FB F6 79 B9 2F A1 43 2F 41 B1 23 C4 82 1B 37 AA 65 6F A4 C1 66 C6 D3 FD 63 2B 51 CE 73 61 F1 CE EA F7 8D 9E 8C 17 06 80 58 6D 88 18 9D E6 EC A6 E7 BA DF 1B 44 E8 FC BC 5A D9 6A DA 52 B4 50 EB BD 24 D5 61 14 DA 4A FE 6E 5B 04 78 BE D0 E4 31 CC E2 B6 25 CF D2 86 3F 03 8D 4A 78 E5 B6 F2 64 0B C3 51 71 F2 4D B4 F2 4F 26 76 66 4A 8D 2B A8 A9 8C 56 50 2E 15 74 6A 14 DA 52 D0 AE CE B9 A3 4E 04 A3 E0 3F 40 D2 6E C4 14 69 09 CA 08 1E F6 FB 60 41 7F B3 41 92 36 8C CA 99 AA B9 D3 F0 22 CE B9 4E F6 38 65 72 00 9F 2D A6 39 05 26 5E 8A 8F AF 24 3F 4D 1D DA 4D 01 48 F4 77 46 DA 47 6C EC B9 33 8F 27 5D 03 E5 0A E7 71 9C CA FA C7 A4 6F 00 C4 54 3A 66 4C 28 42 ED 78 BD 7A D4 F1 F0 12 80 49 91 7C 1E 28 68 D7 3E 07 6B C8 9F EE 2B 87 0F 5E 01 57 56 52 E8 1A A6 EF A1 8E 8A A5 34 9E E4 1B 64 38 3E E9 42 B4 31 AE 0F 89 25 51 CC 68 BC EF 79 67 DB 4D 4A DE 49 7B 6B 14 28 C1 4F A0 8D B5 DE 09 40 4A 00 17 A1 A4 8E 08 98 DC AC BF 3B F0 88 56 F3 CF 5A AE 9A F5 5C 19 5B B6 F0 54 B5 8E 9E 9B 6F 2B 9A F3 17 E2 6E 58 24 67 80 8A 8C FD 81 A9 94 5B C9 5C D4 3E B6 51 92 D9 B9 97 BF 20 FC AD A8 8C B1 3E 73 FE 32 D1 13 2B B1 F0 51 F2 02 29 95 E3 47 B9 12 3A 9E 61 29 BC 1D 55 80 12 F5 49 36 44 8D C1 A5 9F 66 D3 2C 15 C8 02 3D F7 6D 04 3E 7F B3 B1 C9 58 B4 2F 79 C8 35 8C A9 81 3F EC B2 91 3E C6 D5 35 49 61 7B 75 CF 6E 81 5D 0D E3 C2 F0 E1 1F 13 21 44 13 41 D5 4F 8B 49 33 E6 86 0E A1 68 AB DF 89 B7 54 F0 7B 02 66 CD D0 82 72 05 19 60 DD D8 7A 26 5B 29 01 46 E2 D3 92 90 01 52 4D D2 D2 88 0B 2F D9 A7 20 B1 75 0F 8C D1 53 2F D3 EB A0 9D 13 AC C6 56 C3 A3 11 78 D6 91 3B 81 8A 4C 75 CB 94 3A 05 55 D6 D5 37 AD D6 85 9A C7 58 1E 76 8F 2A A1 F2 9F E3 E0 96 9C 8B 44 9E FD 4E 0C F6 19 0E 53 98 48 28 07 87 63 C2 47 8C C2 07 9C 77 97 58 BA 74 57 02 0F 5B F8 46 A3 EA D5 87 19 96 71 94 D0 93 9A 69 3E 9D A3 26 8D 10 07 9A F8 D9 1F 75 66 90 AD 72 01 ED B6 5E C8 5E 19 D7 A3 03 1F 9E E3 B9 48 A2 83 56 46 DD 70 7D 65 C7 71 4C 67 8A 24 57 E3 BD 64 A6 C8 54 4F B6 C2 D5 E9 38 0B 08 03 ED F6 1A 17 86 87 B7 6E 4F 7E F6 AD F7 67 04 2B FD 04 80 00 00 01 00 00 00 04 00 00 00 0C 2F 84 46 03 00 00 00 01 00 00 00 14 00 00 00 02 0F D7 AC 86 3B 3D B9 81 79 80 6A C9 33 97 07 65 D2 E8 20 02 80 00 00 01 00 00 00 04 00 00 00 01 00 00 00 05 80 00 00 01 00 00 00 10 00 00 00 6B FF B5 7C 5D AA 48 17 1C 58 81 46 00 00 00 00 20 00 00 00 01 00 00 00 0B 01 00 00 30 82 01 07 A0 03 02 01 02 02 11 36 6C 6F 61 04 13 03 04 55 03 06 0B 30 0D 31 0F 30 30 09 06 05 2B 0E 03 02 1D 05 00 30 0F 31 0D 30 0B 06 03 55 04 03 13 04 61 6F 6C 36 30 1E 17 0D 30 37 30 33 31 36 31 32 31 36 30 33 5A 17 0D 30 37 30 33 31 36 31 32 31 36 30 33 5A 30 0F 31 0D 30 0B 06 03 55 04 03 13 04 61 6F 6C 36 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A6 EC EE DF B8 29 35 76 89 37 BE 88 8D 83 A7 C8 82 84 BE 60 2D 41 35 52 6E 44 05 79 C9 F9 C2 8A B8 51 E8 9F 8F 7A 87 EE 00 55 21 BF 12 A2 6B 47 C1 98 CB 34 00 F1 35 DF 79 42 8A B5 85 BB B5 42 7A 3D AB 06 E4 F9 6A 69 26 76 72 C6 8F DB 5C DE C5 B6 A9 49 DE 6A 2D 11 86 FD D0 50 50 88 06 73 F2 4B 41 C8 86 E6 F7 49 46 D6 BD 73 83 2D B5 73 41 AD 76 AB 6A 96 48 A3 74 20 FF 16 C6 96 6B 21 02 03 01 00 01
HKLM\SOFTWARE\Microsoft\SystemCertificates\SPC\Certificates\020FD7AC863B3DB98179806AC933970765D2E820\Blob: 03 80 00 00 01 00 00 00 ED 02 00 00 4B 4C 73 77 00 00 4B 4C 73 77 04 00 00 00 73 77 EF 6A CC 0E 67 83 B3 43 D9 21 3D 30 7B BC F6 A6 56 1E 7D DE 86 D4 43 4A 21 35 90 9A B7 AC EF 6A 21 64 A9 89 79 69 6B 99 35 4D 8A 1E 4E 10 25 01 1B FA 7A 7C EC B7 65 A4 49 58 DD A9 64 9C DC 39 FB F6 79 B9 2F A1 43 2F 41 B1 23 C4 82 1B 37 AA 65 6F A4 C1 66 C6 D3 FD 63 2B 51 CE 73 61 F1 CE EA F7 8D 9E 8C 17 06 80 58 6D 88 18 9D E6 EC A6 E7 BA DF 1B 44 E8 FC BC 5A D9 6A DA 52 B4 50 EB BD 24 D5 61 14 DA 4A FE 6E 5B 04 78 BE D0 E4 31 CC E2 B6 25 CF D2 86 3F 03 8D 4A 78 E5 B6 F2 64 0B C3 51 71 F2 4D B4 F2 4F 26 76 66 4A 8D 2B A8 A9 8C 56 50 2E 15 74 6A 14 DA 52 D0 AE CE B9 A3 4E 04 A3 E0 3F 40 D2 6E C4 14 69 09 CA 08 1E F6 FB 60 41 7F B3 41 92 36 8C CA 99 AA B9 D3 F0 22 CE B9 4E F6 38 65 72 00 9F 2D A6 39 05 26 5E 8A 8F AF 24 3F 4D 1D DA 4D 01 48 F4 77 46 DA 47 6C EC B9 33 8F 27 5D 03 E5 0A E7 71 9C CA FA C7 A4 6F 00 C4 54 3A 66 4C 28 42 ED 78 BD 7A D4 F1 F0 12 80 49 91 7C 1E 28 68 D7 3E 07 6B C8 9F EE 2B 87 0F 5E 01 57 56 52 E8 1A A6 EF A1 8E 8A A5 34 9E E4 1B 64 38 3E E9 42 B4 31 AE 0F 89 25 51 CC 68 BC EF 79 67 DB 4D 4A DE 49 7B 6B 14 28 C1 4F A0 8D B5 DE 09 40 4A 00 17 A1 A4 8E 08 98 DC AC BF 3B F0 88 56 F3 CF 5A AE 9A F5 5C 19 5B B6 F0 54 B5 8E 9E 9B 6F 2B 9A F3 17 E2 6E 58 24 67 80 8A 8C FD 81 A9 94 5B C9 5C D4 3E B6 51 92 D9 B9 97 BF 20 FC AD A8 8C B1 3E 73 FE 32 D1 13 2B B1 F0 51 F2 02 29 95 E3 47 B9 12 3A 9E 61 29 BC 1D 55 80 12 F5 49 36 44 8D C1 A5 9F 66 D3 2C 15 C8 02 3D F7 6D 04 3E 7F B3 B1 C9 58 B4 2F 79 C8 35 8C A9 81 3F EC B2 91 3E C6 D5 35 49 61 7B 75 CF 6E 81 5D 0D E3 C2 F0 E1 1F 13 21 44 13 41 D5 4F 8B 49 33 E6 86 0E A1 68 AB DF 89 B7 54 F0 7B 02 66 CD D0 82 72 05 19 60 DD D8 7A 26 5B 29 01 46 E2 D3 92 90 01 52 4D D2 D2 88 0B 2F D9 A7 20 B1 75 0F 8C D1 53 2F D3 EB A0 9D 13 AC C6 56 C3 A3 11 78 D6 91 3B 81 8A 4C 75 CB 94 3A 05 55 D6 D5 37 AD D6 85 9A C7 58 1E 76 8F 2A A1 F2 9F E3 E0 96 9C 8B 44 9E FD 4E 0C F6 19 0E 53 98 48 28 07 87 63 C2 47 8C C2 07 9C 77 97 58 BA 74 57 02 0F 5B F8 46 A3 EA D5 87 19 96 71 94 D0 93 9A 69 3E 9D A3 26 8D 10 07 9A F8 D9 1F 75 66 90 AD 72 01 ED B6 5E C8 5E 19 D7 A3 03 1F 9E E3 B9 48 A2 83 56 46 DD 70 7D 65 C7 71 4C 67 8A 24 57 E3 BD 64 A6 C8 54 4F B6 C2 D5 E9 38 0B 08 03 ED F6 1A 17 86 87 B7 6E 4F 7E F6 AD F7 67 04 2B FD 05 80 00 00 01 00 00 00 10 00 00 00 6B FF B5 7C 5D AA 48 17 1C 58 81 46 00 00 00 00 02 80 00 00 01 00 00 00 04 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 02 0F D7 AC 86 3B 3D B9 81 79 80 6A C9 33 97 07 65 D2 E8 20 04 80 00 00 01 00 00 00 04 00 00 00 0C 2F 84 46 20 00 00 00 01 00 00 00 0B 01 00 00 30 82 01 07 A0 03 02 01 02 02 11 36 6C 6F 61 04 13 03 04 55 03 06 0B 30 0D 31 0F 30 30 09 06 05 2B 0E 03 02 1D 05 00 30 0F 31 0D 30 0B 06 03 55 04 03 13 04 61 6F 6C 36 30 1E 17 0D 30 37 30 33 31 36 31 32 31 36 30 33 5A 17 0D 30 37 30 33 31 36 31 32 31 36 30 33 5A 30 0F 31 0D 30 0B 06 03 55 04 03 13 04 61 6F 6C 36 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A6 EC EE DF B8 29 35 76 89 37 BE 88 8D 83 A7 C8 82 84 BE 60 2D 41 35 52 6E 44 05 79 C9 F9 C2 8A B8 51 E8 9F 8F 7A 87 EE 00 55 21 BF 12 A2 6B 47 C1 98 CB 34 00 F1 35 DF 79 42 8A B5 85 BB B5 42 7A 3D AB 06 E4 F9 6A 69 26 76 72 C6 8F DB 5C DE C5 B6 A9 49 DE 6A 2D 11 86 FD D0 50 50 88 06 73 F2 4B 41 C8 86 E6 F7 49 46 D6 BD 73 83 2D B5 73 41 AD 76 AB 6A 96 48 A3 74 20 FF 16 C6 96 6B 21 02 03 01 00 01
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\SessionInformation\ProgramCount: 0x00000003
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\SessionInformation\ProgramCount: 0x00000002

----------------------------------
Total changes:13
----------------------------------
After running Thunderbird and removing usb drive I deleted all reg entries and folders from %appdata%. I plugged usb drive back in ran Thunderbird again and same thing happened it adds reg entries and adds 3 folders to %appdata%. These folders are Thunderbird and Mozilla both these folders are empty. It adds a folder called Talkback in that folder are a few subfolders and finally a .ini file called manifest
; manifest.init;
; WARNING - Do not edit this file. It will likely be overwritten if you do so.

VendorID = "MozillaOrg"
ProductID = "Thunderbird2"
PlatformID = "Win32"
BuildID = "2007032620"
ManifestVersion = 3

ApplicationName = "Thunderbird2"

DisableDontAsk = 0

MaxTriggerCount = 1

DisableUI = 0

DisableWizard = 0

EnableSaveAs = 1

KeyVetoDisabled = 0

ServerCount = 1
ServerAddress0 = 1, "http://talkback.mozilla.org/spiral-bin/Collector.dll"

NubCollectors = UIProcess, CommandLine, StackDump, CurrentUser, ModuleList, MemoryStatus, ProcessList95, ProcessListNT, ExceptionType, Registers, PCMemory, PC, StackTrace, ThreadList95, ThreadListNT, ThreadRegisters, ThreadStackDump, ThreadIDList, ThreadIDTrigger, ThreadStackTrace, Trigger, TriggerTime
UIProcess = 0xa000000f, "SWin32 UI Process"
CommandLine = 0xa000000d, "SWin32 Command Line"
StackDump = 0xa0000001, "SDump of Stack windows", 4096
CurrentUser = 0xa000000e, "SWin32 Current User"
ModuleList = 0xa0000003, "SLoaded Module list Win32"
MemoryStatus = 0xa000000b, "SWin32 MEMORYSTATUS struct"
ProcessList95 = 0xa0000009, "SWindows 95 process list"
ProcessListNT = 0xa0000007, "SWindows NT process list"
ExceptionType = 0xa0000004, "SWin32 Processor exception type"
Registers = 0xa0000000, "SWin32 x86 registers"
PCMemory = 0xa000000a, "SCode memory windows", 32, 64
PC = 0xa0000002, "SPC at time of crash"
StackTrace = 0xa0000005, "SWin32 stack trace"
ThreadList95 = 0xa0000008, "SWindows 95 thread list"
ThreadListNT = 0xa0000006, "SWindows NT thread list"
ThreadRegisters = 0xa0000010, "SWin32 x86 thread registers"
ThreadStackDump = 0xa0000011, "SStack dump thread"
ThreadIDList = 0xa0000013, "SWin32 thread id list"
ThreadIDTrigger = 0xa0000014, "SWin32 trigger thread id"
ThreadStackTrace = 0xa0000012, "SWin32 thread stack trace"
Trigger = 0x80000000, "STrigger Event"
TriggerTime = 0x80000001, "SNub trigger event time"

TransceiverCollectors5 = CurrentUser,MemoryStatus,XcvrProcessList95,XcvrProcessListNT
XcvrProcessList95 = 0x3000000e, "SWindows 95 process list"
XcvrProcessListNT = 0x3000000f, "SWindows NT process list"

TransceiverCollectors = ModuleListInfo, DriveList, ProcessorVendor, ProcessorFeature, ProcessorSpeed, SysInfo, GetWindowsVersionEx, ManifestVersionColl, DeploymentIDColl, VendorIDColl, ProductIDColl, PlatformIDColl, BuildIDColl, Platform
ModuleListInfo = 0x3000000b, "SWin32 module list info"
DriveList = 0x30000006, "SWin32 Drive Info"
ProcessorVendor = 0x30000012, "SIntel Processor Vendor"
ProcessorFeature = 0x30000013, "SIntel Processor Features"
ProcessorSpeed = 0x3000000d, "SIntel Processor Speed"
SysInfo = 0x30000005, "SWin32 SYSTEM_INFO struct"
GetWindowsVersionEx = 0x30000001, "SWindows GetVersionEx"
ManifestVersionColl = 1, "SManifest ver transceiver init"
DeploymentIDColl = 2, "SDeployment ID", 1
VendorIDColl = 2, "SVendor ID", 2
ProductIDColl = 2, "SProduct ID", 3
PlatformIDColl = 2, "SPlatform ID", 4
BuildIDColl = 2, "SBuild ID", 5
Platform = 3, "SPlatform Identifier", 0x30000000




TraceConfig = 128, 0, 20

AssertConfig = 0, 20, 0

TraceParamTrackCount = 32

AssertParamTrackCount = 32

MaxBoxAge = 172800

RandomFilter = 100, 100

APIErrorConfig = 0, 20

FullCircleURL0 = 1, 1, "http://www.fullcirclesoftware.com/"
Top
User avatar
Andrew Lee
Posts: 3065
Joined: Sat Feb 04, 2006 9:19 am
Contact:
Contact Andrew Lee

#2 Post by Andrew Lee »

Thanks for the detailed report. I have updated the entry.
Top
User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:
Contact m^(2)

#3 Post by m^(2) »

According to John T. Haller, it's fixed already.
Top
Post Reply

Return to “Portable Freeware Discussion”