Home Page The Script Download Launch
Points
Terms
of Use
Proceduresclick on an item in the list Thanksclick on an item in the list SAXPAR Win 8
Install
Contact

Launch Points

Here are the registry keys, INI-file sections, files and folders that are checked by Silent Runners and the Operating Systems (OS’s) to which they apply:

 

Item Checked

OS

1. HKCU\Control Panel\Desktop\SCRNSAVE.EXE NT4+
2. HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\
W2K+
3. HKCU\Software\Classes\.bat\shell\subkey\command\
HKCU\Software\Classes\.bat\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.cmd\shell\subkey\command\
HKCU\Software\Classes\.cmd\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.com\shell\subkey\command\
HKCU\Software\Classes\.com\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.exe\shell\subkey\command\
HKCU\Software\Classes\.exe\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.hta\shell\subkey\command\
HKCU\Software\Classes\.hta\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.pif\shell\subkey\command\
HKCU\Software\Classes\.pif\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\.scr\shell\subkey\command\
HKCU\Software\Classes\.scr\shell\subkey\ddeexec\
W2K+
 
 
  HKCU\Software\Classes\batfile\shell\subkey\command\
HKCU\Software\Classes\batfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\cmdfile\shell\subkey\command\
HKCU\Software\Classes\cmdfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\comfile\shell\subkey\command\
HKCU\Software\Classes\comfile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\exefile\shell\subkey\command\
HKCU\Software\Classes\exefile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\htafile\shell\subkey\command\
HKCU\Software\Classes\htafile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\piffile\shell\subkey\command\
HKCU\Software\Classes\piffile\shell\subkey\ddeexec\
W2K+
  HKCU\Software\Classes\scrfile\shell\subkey\command\
HKCU\Software\Classes\scrfile\shell\subkey\ddeexec\
W2K+
4. HKCU\Software\Classes\*\shellex\ColumnHandlers\
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
HKCU\Software\Classes\*\shellex\CopyHookHandlers\
HKCU\Software\Classes\*\shellex\DragDropHandlers\
HKCU\Software\Classes\*\shellex\PropertySheetHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Folder\shellex\ColumnHandlers\
HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Folder\shellex\CopyHookHandlers\
HKCU\Software\Classes\Folder\shellex\DragDropHandlers\
HKCU\Software\Classes\Folder\shellex\ExtShellFolderViews\
HKCU\Software\Classes\Folder\shellex\PropertySheetHandlers\
W2K+
5. HKCU\Software\Classes\PROTOCOLS\Filter\ W2K+
6. HKCU\Software\Classes\PROTOCOLS\Handler\ W2K+
7. HKCU\Software\Microsoft\Command Processor\AutoRun NT4+
8. HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ All
9. HKCU\Software\Microsoft\Internet Explorer\Extensions\ All
10. HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\ x64
11. HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ All
12. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ All
13. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Application
WMe/W2K/WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Progid
WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\UserChoice\Progid
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice\Progid
WVa+
14. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ W2K+
15. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\ WVa+
16. HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
17. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
18. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
19. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell W2K+
20. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ All
21. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
22. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
23. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
24. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
25. HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
26. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
27. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
NT4/W2K/WXP/WVa
28. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell NT4+
29. HKCU\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
30. HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\
All
31. HKLM\Software\Classes\.bat\shell\subkey\command\
HKLM\Software\Classes\.bat\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.cmd\shell\subkey\command\
HKLM\Software\Classes\.cmd\shell\subkey\ddeexec\
NT4+
  HKLM\Software\Classes\.com\shell\subkey\command\
HKLM\Software\Classes\.com\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.exe\shell\subkey\command\
HKLM\Software\Classes\.exe\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.hta\shell\subkey\command\
HKLM\Software\Classes\.hta\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.pif\shell\subkey\command\
HKLM\Software\Classes\.pif\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\.scr\shell\subkey\command\
HKLM\Software\Classes\.scr\shell\subkey\ddeexec\
All
 
 
  HKLM\Software\Classes\batfile\shell\subkey\command\
HKLM\Software\Classes\batfile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\cmdfile\shell\subkey\command\
HKLM\Software\Classes\cmdfile\shell\subkey\ddeexec\
NT4+
  HKLM\Software\Classes\comfile\shell\subkey\command\
HKLM\Software\Classes\comfile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\exefile\shell\subkey\command\
HKLM\Software\Classes\exefile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\htafile\shell\subkey\command\
HKLM\Software\Classes\htafile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\piffile\shell\subkey\command\
HKLM\Software\Classes\piffile\shell\subkey\ddeexec\
All
  HKLM\Software\Classes\scrfile\shell\subkey\command\
HKLM\Software\Classes\scrfile\shell\subkey\ddeexec\
All
32. HKLM\Software\Classes\*\shellex\ColumnHandlers\
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Classes\*\shellex\CopyHookHandlers\
HKLM\Software\Classes\*\shellex\DragDropHandlers\
HKLM\Software\Classes\*\shellex\PropertySheetHandlers\

HKLM\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Software\Classes\Folder\shellex\DragDropHandlers\
HKLM\Software\Classes\Folder\shellex\ExtShellFolderViews\
HKLM\Software\Classes\Folder\shellex\PropertySheetHandlers\
All
33. HKLM\Software\Wow6432Node\Classes\*\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\*\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Directory\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Software\Wow6432Node\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\DragDropHandlers\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\ExtShellFolderViews\
HKLM\Software\Wow6432Node\Classes\Folder\shellex\PropertySheetHandlers\
x64
34. HKLM\Software\Classes\PROTOCOLS\Filter\ All
35. HKLM\Software\Classes\PROTOCOLS\Handler\ All
36. HKLM\Software\Microsoft\Active Setup\Installed Components\ All
37. HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\ x64(7)
38. HKLM\Software\Microsoft\Command Processor\AutoRun NT4+
39. HKLM\Software\Wow6432Node\Microsoft\Command Processor\AutoRun x64
40. HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ All
41. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\ x64
42. HKLM\Software\Microsoft\Internet Explorer\Extensions\ All
43. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\ x64
44. HKLM\Software\Microsoft\Internet Explorer\Toolbar\ All
45. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ x64
46. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ WVa+
47. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ WVa+
48. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\ WVa+
49. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ WXP+
50. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ All
51. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ x64
52. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ WVa+
53. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ x64
54. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ All
55. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ x64
56. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ All
57. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ x64
58. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ All
59. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ x64
60. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\ WVa+
61. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
62. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
63. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
64. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
65. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ All
66. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
67. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ x64
68. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
69. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
70. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ All
71. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
72. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
73. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ W9x
74. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ W9x
75. HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ All
76. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ x64
77. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
78. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ x64
79. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
80. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\ W2K (6)
81. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug\ NTx
82. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ NTx
83. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ x64
84. HKLM\Software\Microsoft\Windows NT\CurrentVersion\InitFileMapping\ NT4+
85. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs NT4+
86. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs x64
87. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib WVa+
88. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
NT4+
89. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\ W2K+
90. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\ x64
91. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ W2K/WXP
92. HKLM\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
93. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
W2K+
94. HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension Wn7
95. HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath NT4+
96. HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters W2K+
97. HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\System\CurrentControlSet\Control\Lsa\Security Packages
NT4+
98. HKLM\System\CurrentControlSet\Control\Print\Monitors\ All
99. HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell
W2K+
100. HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders All
101. HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
NT4+
102. HKLM\System\CurrentControlSet\Control\WOW\cmdline
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
NTx
103. HKLM\System\CurrentControlSet\Services\ NT4+
104. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
All
105. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\
x64
106. %WINDIR%\WIN.INI [windows] load=, run= W9x
107. %WINDIR%\SYSTEM.INI [boot] shell=, scrnsave.exe= W9x
108. %WINDIR%\WINSTART.BAT W9x (2)
109. [Local Fixed Disk]\AUTORUN.INF open=, shellexecute= All (3)
110. [Local Fixed Disk]\[Any Folder with “S” Attribute]\DESKTOP.INI [.ShellClassInfo] CLSID= / UICLSID= All (1)
111. %WINDIR%\All Users\Start Menu\Programs\Startup\ W9x
112. %WINDIR%\Start Menu\Programs\Startup\ W9x
113. %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ NTx
114. %USERPROFILE%\Start Menu\Programs\Startup\ NTx
115. %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
116. %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
117. %USERPROFILE%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini WVa+
118. %WINDIR%\Tasks\ W9x/NTx
119. %WINDIR%\System32\Tasks\ WVa+

Hijack Points

These registry keys and files can be used to redirect the desktop, network and Internet Explorer:

 Item CheckedO/S
1. HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\ W9x/NTx
2. HKCU\Software\Microsoft\Internet Explorer\Main\ All (4)
3. HKCU\Software\Microsoft\Internet Explorer\SearchURL\ All (4)
4. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ All
5. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState W9x/NTx
6. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ All
7. HKCU\Software\Policies\Microsoft\Internet Explorer\ All
8. HKCU\Software\Policies\Microsoft\Windows\ All
9. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ W2K+
10. HKLM\Software\Microsoft\Internet Explorer\Main\ All (4)
11. HKLM\Software\Microsoft\Internet Explorer\Search\ All (4)
12. HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ All
13. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ All
14. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ All
15. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ All
16. HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ WXP+
17. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath NT4+
18. %WINDIR%\HOSTS
%WINDIR%\System32\drivers\etc\HOSTS
W9x
NT4+
19. %WINDIR%\INF\IERESET.INF Note 5
 
W9x: Windows 95, Windows 98 (Standard Edition), Windows 98 SE (Second Edition), and Windows Me (Millennium Edition)
NTx: Windows NT 4.0, Windows 2000, and Windows XP
NT4+: Windows NT 4.0, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10
W2K+: Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10
WXP: Windows XP and Windows Server 2003
WXP+: Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10
WVa+: Windows Vista, Windows 7, Windows 8 and Windows 10
Wn7: Windows 7, Windows 8 and Windows 10
x64: Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10 64-bit only
(1): launch point checked by answering “No” at the script’s first message box and “Yes” at the message box that follows it or with the “-supp” or “-all” command line parameters
(2): excluding Windows Me
(3): excluding Windows Me, Windows XP SP2/SP3, Windows Vista, Windows 7, and Windows 8
(4): not checked by Silent Runners – reset by IERESET.INF (except Windows Vista, Windows 7, Windows 8 and Windows 10)
(5): Internet Explorer 5.01, 5.5 & 6.0 only
(6): only active if UtilMan service running
(7): excluding Windows XP x64


Last Updated: 17 June 2017
Copyright 2017 by Andrew Aronoff