Home Page The Script Download Launch
Points
Terms
of Use
Proceduresclick on an item in the list Thanksclick on an item in the list SAXPAR Win 8
Install
Contact

Launch Points

Here are the registry keys, INI-file sections, files and folders that are checked by Silent Runners and the Operating Systems (OS’s) to which they apply:

 

Item Checked

OS

1. HKCU\Control Panel\Desktop\SCRNSAVE.EXE NT4+
2. HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\
W2K+
3. HKCU\Software\Classes\.bat\shell\subkey\command\
HKCU\Software\Classes\.bat\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.cmd\shell\subkey\command\
HKCU\Software\Classes\.cmd\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.com\shell\subkey\command\
HKCU\Software\Classes\.com\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.exe\shell\subkey\command\
HKCU\Software\Classes\.exe\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.hta\shell\subkey\command\
HKCU\Software\Classes\.hta\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.pif\shell\subkey\command\
HKCU\Software\Classes\.pif\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.scr\shell\subkey\command\
HKCU\Software\Classes\.scr\shell\subkey\ddeexec\
W2K+
 
 
  HKCU\Software\Classes\batfile\shell\subkey\command\
HKCU\Software\Classes\batfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\cmdfile\shell\subkey\command\
HKCU\Software\Classes\cmdfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\comfile\shell\subkey\command\
HKCU\Software\Classes\comfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\exefile\shell\subkey\command\
HKCU\Software\Classes\exefile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\htafile\shell\subkey\command\
HKCU\Software\Classes\htafile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\piffile\shell\subkey\command\
HKCU\Software\Classes\piffile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\scrfile\shell\subkey\command\
HKCU\Software\Classes\scrfile\shell\subkey\ddeexec\
W2K+
4. HKCU\Software\Classes\*\shellex\ColumnHandlers\
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
HKCU\Software\Classes\*\shellex\CopyHookHandlers\
HKCU\Software\Classes\*\shellex\DragDropHandlers\
HKCU\Software\Classes\*\shellex\PropertySheetHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Folder\shellex\ColumnHandlers\
HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Folder\shellex\CopyHookHandlers\
HKCU\Software\Classes\Folder\shellex\DragDropHandlers\
HKCU\Software\Classes\Folder\shellex\PropertySheetHandlers\
W2K+
5. HKCU\Software\Classes\PROTOCOLS\Filter\ W2K+
6. HKCU\Software\Classes\PROTOCOLS\Handler\ W2K+
7. HKCU\Software\Microsoft\Command Processor\AutoRun NT4+
8. HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ All
9. HKCU\Software\Microsoft\Internet Explorer\Extensions\ All
10. HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\ 64b
11. HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ All
12. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ All
13. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Application
WMe/W2K/WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Progid
WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice\Progid
WVa+
14. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ W2K+
15. HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
16. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
17. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
18. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell W2K+
19. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ All
20. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
21. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
22. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
23. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
24. HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
25. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
26. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
NT4/W2K/WXP/WVa
27. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell NT4+
28. HKCU\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
29. HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\
All
30. HKLM\Software\Classes\.bat\shell\subkey\command\
HKLM\Software\Classes\.bat\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.cmd\shell\subkey\command\
HKLM\Software\Classes\.cmd\shell\subkey\ddeexec\
NT4+
  HKLM\Software\Classes\.com\shell\subkey\command\
HKLM\Software\Classes\.com\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.exe\shell\subkey\command\
HKLM\Software\Classes\.exe\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.hta\shell\subkey\command\
HKLM\Software\Classes\.hta\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.pif\shell\subkey\command\
HKLM\Software\Classes\.pif\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.scr\shell\subkey\command\
HKLM\Software\Classes\.scr\shell\subkey\ddeexec\
All
 
 
  HKLM\Software\Classes\batfile\shell\subkey\command\
HKLM\Software\Classes\batfile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\cmdfile\shell\subkey\command\
HKLM\Software\Classes\cmdfile\shell\subkey\ddeexec\
NT4+
  HKLM\Software\Classes\comfile\shell\subkey\command\
HKLM\Software\Classes\comfile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\exefile\shell\subkey\command\
HKLM\Software\Classes\exefile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\htafile\shell\subkey\command\
HKLM\Software\Classes\htafile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\piffile\shell\subkey\command\
HKLM\Software\Classes\piffile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\scrfile\shell\subkey\command\
HKLM\Software\Classes\scrfile\shell\subkey\ddeexec\
All
31. HKLM\Software\Classes\*\shellex\ColumnHandlers\
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Classes\*\shellex\CopyHookHandlers\
HKLM\Software\Classes\*\shellex\DragDropHandlers\
HKLM\Software\Classes\*\shellex\PropertySheetHandlers\

HKLM\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Software\Classes\Folder\shellex\DragDropHandlers\
HKLM\Software\Classes\Folder\shellex\PropertySheetHandlers\
All
32. HKLM\Software\Wow6432Node\Classes\*\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Directory\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\PropertySheetHandlers\
64b
33. HKLM\Software\Classes\PROTOCOLS\Filter\ All
34. HKLM\Software\Classes\PROTOCOLS\Handler\ All
35. HKLM\Software\Microsoft\Active Setup\Installed Components\ All
36. HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\ 64b(7)
37. HKLM\Software\Microsoft\Command Processor\AutoRun NT4+
38. HKLM\Software\Wow6432Node\Microsoft\Command Processor\AutoRun 64b
39. HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ All
40. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\ 64b
41. HKLM\Software\Microsoft\Internet Explorer\Extensions\ All
42. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\ 64b
43. HKLM\Software\Microsoft\Internet Explorer\Toolbar\ All
44. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ 64b
45. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ WVa+
46. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ WVa+
47. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\ WVa+
48. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ WXP+
49. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ All
50. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ 64b
51. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ WVa+
52. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ 64b
53. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ All
54. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ 64b
55. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ All
56. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ 64b
57. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ All
58. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 64b
59. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
60. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
61. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
62. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ All
63. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
64. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ 64b
65. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
66. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
67. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ All
68. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
69. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ W9x
70. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ W9x
71. HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ All
72. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ 64b
73. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
74. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ 64b
75. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
76. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\ W2K (6)
77. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug\ NTx
78. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ NTx
79. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ 64b
80. HKLM\Software\Microsoft\Windows NT\CurrentVersion\InitFileMapping\ NT4+
81. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs NT4+
82. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 64b
83. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib WVa+
84. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
NT4+
85. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ W2K/WXP
86. HKLM\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
87. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
W2K+
88. HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension Wn7
89. HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath NT4+
90. HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters W2K+
91. HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\System\CurrentControlSet\Control\Lsa\Security Packages
NT4+
92. HKLM\System\CurrentControlSet\Control\Print\Monitors\ All
93. HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell
W2K+
94. HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders All
95. HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
NT4+
96. HKLM\System\CurrentControlSet\Control\WOW\cmdline
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
NTx
97. HKLM\System\CurrentControlSet\Services\ NT4+
98. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
All
99. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\
64b
100. %WINDIR%\WIN.INI [windows] load=, run= W9x
101. %WINDIR%\SYSTEM.INI [boot] shell=, scrnsave.exe= W9x
102. %WINDIR%\WINSTART.BAT W9x (2)
103. [Local Fixed Disk]\AUTORUN.INF open=, shellexecute= All (3)
104. [Local Fixed Disk]\[Any Folder with “S” Attribute]\DESKTOP.INI [.ShellClassInfo] CLSID= / UICLSID= All (1)
105. %WINDIR%\All Users\Start Menu\Programs\Startup\ W9x
106. %WINDIR%\Start Menu\Programs\Startup\ W9x
107. %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ NTx
108. %USERPROFILE%\Start Menu\Programs\Startup\ NTx
109. %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
110. %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
111. %USERPROFILE%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini WVa+
112. %WINDIR%\Tasks\ W9x/NTx
113. %WINDIR%\System32\Tasks\ WVa+

Hijack Points

These registry keys and files can be used to redirect the desktop, network and Internet Explorer:

 Item CheckedO/S
1. HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\ W9x/NTx
2. HKCU\Software\Microsoft\Internet Explorer\Main\ All (4)
3. HKCU\Software\Microsoft\Internet Explorer\SearchURL\ All (4)
4. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ All
5. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState W9x/NTx
6. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ All
7. HKCU\Software\Policies\Microsoft\Internet Explorer\ All
8. HKCU\Software\Policies\Microsoft\Windows\ All
9. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ W2K+
10. HKLM\Software\Microsoft\Internet Explorer\Main\ All (4)
11. HKLM\Software\Microsoft\Internet Explorer\Search\ All (4)
12. HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ All
13. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ All
14. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ All
15. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ All
16. HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ WXP+
17. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath NT4+
18. %WINDIR%\HOSTS
%WINDIR%\System32\drivers\etc\HOSTS
W9x
NT4+
19. %WINDIR%\INF\IERESET.INF Note 5
 
W9x: Windows 95, Windows 98 (Standard Edition), Windows 98 SE (Second Edition), and Windows Me (Millennium Edition)
NTx: Windows NT 4.0, Windows 2000, and Windows XP
NT4+: Windows NT 4.0, Windows 2000, Windows XP, Windows Vista, Windows 7, and Windows 8
W2K+: Windows 2000, Windows XP, Windows Vista, Windows 7, and Windows 8
WXP: Windows XP and Windows Server 2003
WXP+: Windows XP, Windows Vista, Windows 7, and Windows 8
WVa+: Windows Vista, Windows 7 and Windows 8
Wn7: Windows 7 and Windows 8
64b: Windows XP, Windows Vista, Windows 7 and Windows 8 64-bit only
(1): launch point checked by answering “No” at the script’s first message box and “Yes” at the message box that follows it or with the “-supp” or “-all” command line parameters
(2): excluding Windows Me
(3): excluding Windows Me, Windows XP SP2/SP3, Windows Vista, Windows 7, and Windows 8
(4): not checked by Silent Runners – reset by IERESET.INF (except Windows Vista, Windows 7 and Windows 8)
(5): Internet Explorer 5.01, 5.5 & 6.0 only
(6): only active if UtilMan service running
(7): excluding Windows XP 64-bit


Last Updated: 23 December 2012
Copyright 2013 by Andrew Aronoff