Home Page   The Script   Download   Launch
Points     		Terms
of Use    		Procedures   Thanks   Contact

Launch Points

Here are the registry keys, INI-file sections, files and folders that are checked by Silent Runners and the Operating Systems (O/S's) to which they apply:

!!
 

Item Checked

O/S
1. HKCU\Control Panel\Desktop\SCRNSAVE.EXE NT4+
2. HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\		 W2K+
3. HKCU\Software\Classes\.bat\shell\subkey\command\
HKCU\Software\Classes\.bat\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.cmd\shell\subkey\command\
HKCU\Software\Classes\.cmd\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.com\shell\subkey\command\
HKCU\Software\Classes\.com\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.exe\shell\subkey\command\
HKCU\Software\Classes\.exe\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.hta\shell\subkey\command\
HKCU\Software\Classes\.hta\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.pif\shell\subkey\command\
HKCU\Software\Classes\.pif\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.scr\shell\subkey\command\
HKCU\Software\Classes\.scr\shell\subkey\ddeexec\		 W2K+
 
 
  HKCU\Software\Classes\batfile\shell\subkey\command\
HKCU\Software\Classes\batfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\cmdfile\shell\subkey\command\
HKCU\Software\Classes\cmdfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\comfile\shell\subkey\command\
HKCU\Software\Classes\comfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\exefile\shell\subkey\command\
HKCU\Software\Classes\exefile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\htafile\shell\subkey\command\
HKCU\Software\Classes\htafile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\piffile\shell\subkey\command\
HKCU\Software\Classes\piffile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\scrfile\shell\subkey\command\
HKCU\Software\Classes\scrfile\shell\subkey\ddeexec\		 W2K+
4. HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\		 W2K+
5. HKCU\Software\Microsoft\Command Processor\AutoRun NT4+
6. HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ All
7. HKCU\Software\Microsoft\Internet Explorer\Extensions\ All
8. HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ All
9. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ All
10. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Application
 WMe/W2K/WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\ProgID
 WXP
11. HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa
12. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
13. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
14. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell W2K+
15. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ All
16. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
17. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
18. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
19. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
20. HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
21. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa
22. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run		 NT4+
23. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell NT4+
24. HKCU\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
25. HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\		 All
26. HKLM\Software\Classes\.bat\shell\subkey\command\
HKLM\Software\Classes\.bat\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.cmd\shell\subkey\command\
HKLM\Software\Classes\.cmd\shell\subkey\ddeexec\		 NT4+
  HKLM\Software\Classes\.com\shell\subkey\command\
HKLM\Software\Classes\.com\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.exe\shell\subkey\command\
HKLM\Software\Classes\.exe\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.hta\shell\subkey\command\
HKLM\Software\Classes\.hta\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.pif\shell\subkey\command\
HKLM\Software\Classes\.pif\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.scr\shell\subkey\command\
HKLM\Software\Classes\.scr\shell\subkey\ddeexec\		 All
 
 
  HKLM\Software\Classes\batfile\shell\subkey\command\
HKLM\Software\Classes\batfile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\cmdfile\shell\subkey\command\
HKLM\Software\Classes\cmdfile\shell\subkey\ddeexec\		 NT4+
  HKLM\Software\Classes\comfile\shell\subkey\command\
HKLM\Software\Classes\comfile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\exefile\shell\subkey\command\
HKLM\Software\Classes\exefile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\htafile\shell\subkey\command\
HKLM\Software\Classes\htafile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\piffile\shell\subkey\command\
HKLM\Software\Classes\piffile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\scrfile\shell\subkey\command\
HKLM\Software\Classes\scrfile\shell\subkey\ddeexec\		 All
27. HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\		 All
28. HKLM\Software\Classes\Protocols\Filter\ All
29. HKLM\Software\Microsoft\Active Setup\Installed Components\ All
30. HKLM\Software\Microsoft\Command Processor\AutoRun NT4+
31. HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ All
32. HKLM\Software\Microsoft\Internet Explorer\Extensions\ All
33. HKLM\Software\Microsoft\Internet Explorer\Toolbar\ All
34. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ WXP/WVa
35. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ All
36. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ WVa
37. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ All
38. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ All
39. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa
40. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
41. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
42. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ All
43. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
44. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
45. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
46. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ All
47. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
48. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ W9x
49. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ W9x
50. HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ All
51. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
52. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa
53. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\ W2K (6)
54. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug\ NTx
55. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ NTx
56. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs NT4+
57. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet		 NT4+
58. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ W2K/WXP
59. HKLM\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
60. HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath NT4+
61. HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters W2K+
62. HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages NT4+
63. HKLM\System\CurrentControlSet\Control\Print\Monitors\ All
64. HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell 		W2K+
65. HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders All
66. HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute 		NT4+
67. HKLM\System\CurrentControlSet\Control\WOW\cmdline
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline		 NTx
68. HKLM\System\CurrentControlSet\Services\ NT4+
69. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\		 All
70. %WINDIR%\WIN.INI [windows] load=, run= W9x
71. %WINDIR%\SYSTEM.INI [boot] shell=, scrnsave.exe= W9x
72. %WINDIR%\WINSTART.BAT W9x (2)
73. [Local Fixed Disk]\AUTORUN.INF open=, shellexecute= All (3)
74. [Local Fixed Disk]\[Any Folder with “S” Attribute]\DESKTOP.INI [.ShellClassInfo] CLSID= / UICLSID= All (1)
75. %WINDIR%\All Users\Start Menu\Programs\Startup\ W9x
76. %WINDIR%\Start Menu\Programs\Startup\ W9x
77. %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ NTx
78. %USERPROFILE%\Start Menu\Programs\Startup\ NTx
79. %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\ WVa
80. %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WVa
81. %WINDIR%\Tasks\ W9x/NTx
82. %WINDIR%\System32\Tasks\ WVa

Hijack Points

These registry keys and files can be used to redirect the desktop, network and Internet Explorer:

 Item CheckedO/S
1. HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\ W9x/NTx
2. HKCU\Software\Microsoft\Internet Explorer\Main\ All (4)
3. HKCU\Software\Microsoft\Internet Explorer\SearchURL\ All (4)
4. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ All
5. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState W9x/NTx
6. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ All
7. HKCU\Software\Policies\Microsoft\Internet Explorer\ All
8. HKCU\Software\Policies\Microsoft\Windows\ All
9. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ W2K+
10. HKLM\Software\Microsoft\Internet Explorer\Main\ All (4)
11. HKLM\Software\Microsoft\Internet Explorer\Search\ All (4)
12. HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ All
13. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ All
14. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ All
15. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ All
16. HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ WXP/WVa
17. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath NT4+
18. %WINDIR%\HOSTS
%WINDIR%\System32\drivers\etc\HOSTS		 W9x
NT4+
19. %WINDIR%\INF\IERESET.INF Note 5
 
W9x: Windows 95, Windows 98 (Standard Edition), Windows 98 SE (Second Edition), and Windows Me (Millennium Edition)
NTx: Windows NT 4.0 Workstation, Windows 2000 Professional, Windows XP Home, and Windows XP Professional
NT4+: Windows NT 4.0 Workstation, Windows 2000 Professional, Windows XP Home, Windows XP Professional, and Windows Vista
W2K+: Windows 2000 Professional, Windows XP Home, Windows XP Professional, and Windows Vista
WVa: Windows Vista
(1): launch point checked by answering “No” at the script's first message box and “Yes” at the message box that follows it or with the “-supp” or “-all” command line parameters
(2): excluding Windows Me
(3): excluding Windows Me and Windows XP SP2
(4): not checked by Silent Runners – reset by IERESET.INF (except Windows Vista)
(5): Internet Explorer 5.01, 5.5 & 6.0 only
(6): only active if UtilMan service running


Last Updated: 02 May 2008
Copyright 2008 by Andrew Aronoff