Analysis Date2015-02-01 13:22:01
MD56281670db3dd43b7560bb69b2edfa97c
SHA1f94c95647664e3238c369ae914ebc9acea804745

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: aab22eaba4a31bf17ee8cea35fac541b sha1: cac098b5f19e3a2785eb5394afc4d31d36660d7a size: 8466432
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 673c433015ff7725a8e4b3b9fa99ba14 sha1: edd9965c54b32e2d337cea290dadef56abe01d6a size: 798720
Timestamp2010-10-16 16:10:45
VersionLegalCopyright: ZJU S-Zone
InternalName: USBCleaner
FileVersion: 6.0.0.151
CompanyName: ZJU S-Zone
LegalTrademarks: ZJU S-Zone
Comments: http://www.usbcleaner.cn
ProductName: USBCleaner
ProductVersion: 6.0.0.151
FileDescription: USBCleaner Main Pro
OriginalFilename: USBCleaner.exe
PackerMicrosoft Visual Basic v5.0 - v6.0
PEhash75af446792041d9ef20a1eb62449b632da955217
IMPhashddf7766ab69299595e0a4e2295805159
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetW32/Delf.NRC!tr
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)Dropper.Generic3.SDY.dropper
AVIkarusno_virus
AVK7Error Scanning File
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeGenericR-ARU!6281670DB3DD
AVMicrosoft Security EssentialsError Scanning File
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosMal/VB-ACZ
AVSymantecno_virus
AVTrend MicroPossible_Otorun8
AVVirusBlokAda (vba32)Worm.VBNA

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DFBD16.tmp
Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings
.
.
.
....................................................................................................................................................................................................................................................................................................................................................................................................................................................................3..
.

....
.....
......
@@,<
\\.\
  00
0.0.0.0
00000000
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
  00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
  00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
  00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
  00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
  00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
  00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,09,02,02,00,00,00,00,00,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,09,06,02,00,00,00,00,00,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,09,26,02,00,00,00,00,00,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,0e,00,02,00,00,00,00,00,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,66,00,02,00,00,00,00,00,\
  00,00,00,00,00,00,02,20,00,00,10,00,00,00,00,00,00,66,20,02,00,00,00,00,00,\
  00,00,00,00,00,14,00,00,00,5c,00,43,00,75,00,72,00,72,00,65,00,0c,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,09,02,02,00,00,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,09,06,02,00,00,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,09,26,02,00,00,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,0e,00,02,00,00,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,66,00,02,00,00,00,00,00,\
  00,00,00,00,00,e8,04,48,02,08,52,66,76,00,00,00,00,66,20,02,00,00,00,00,00,\
  00,00,00,00,08,12,b0,01,00,00,00,00,32,13,b0,01,00,00,00,00,5c,14,b0,01,00,\
  00,00,00,00,90,d0,27,00,00,00,00,00,00,00,00,00,00,00,00,00,10,0c,00,00,28,\
  00,00,00,00,c0,04,39,02,00,00,00,00,00,00,00,00,00,00,00,00,b4,0b,00,00,dc,\
00000001
00000002
  00,00,00,08,66,25,01,08,00,00,00,09,00,00,00,00,20,00,00,a8,01,1c,00,18,00,\
  00,00,00,38,0a,39,02,5c,0d,93,7c,00,00,1c,00,91,0e,93,7c,08,06,1c,00,6d,05,\
  00,00,00,86,15,b0,01,24,00,00,00,b0,16,b0,01,10,00,00,00,da,17,b0,01,00,00,\
  00,00,00,ca,00,0c,00,00,00,88,d0,27,00,00,00,00,00,00,00,00,00,10,0c,00,00,\
  00,00,00,e0,1d,48,02,5c,0d,93,7c,00,00,1c,00,91,0e,93,7c,08,06,1c,00,6d,05,\
  00,00,00,eb,06,93,7c,01,00,00,00,58,fd,0e,02,01,00,00,00,00,00,00,00,28,00,\
  00,00,00,eb,06,93,7c,01,00,00,00,a4,fd,e2,02,01,00,00,00,ff,ff,ff,ff,d8,a2,\
00000145
{00000231-1000-0010-8000-00AA006D2EA4}
00000255
  00,00,03,00,00,00,5c,fb,e2,02,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
  00,00,04,19,b0,01,00,00,00,00,26,1a,b0,01,00,00,00,00,50,1b,b0,01,00,00,00,\
00005F8B45FCC9C21000E826000000EBF168000000006AFCFF7508E800000000EBE031D24ABF00000000B900000000E82D00
  00,00,68,d6,28,01,d4,f1,0e,02,00,00,00,00,00,00,00,00,80,5f,34,02,00,00,00,\
  00,00,70,d3,27,00,00,00,1c,00,00,00,00,00,64,01,1c,00,a8,01,1c,00,04,00,00,\
  00,00,8c,fb,0e,02,5c,0d,93,7c,00,00,1c,00,06,00,00,00,02,00,00,00,10,00,00,\
0000C3FF7514FF7510FF750CFF75086800000000E8000000008945FCC331D2BF00000000B900000000E801000000C3E33209
  00,00,dc,fa,e2,02,00,00,00,00,96,15,93,7c,eb,06,93,7c,01,00,00,00,a4,fd,e2,\
  00,02,00,00,00,40,0a,39,02,78,5f,34,02,01,00,00,00,b8,b8,6d,02,c8,01,1c,00,\
  00,02,00,00,00,e8,1d,48,02,a0,01,1c,00,07,00,00,00,60,1d,48,02,58,03,1c,00,\
  00,08,02,00,00,34,fb,e2,02,ac,f6,e2,02,58,fd,e2,02,4c,f9,e2,02,6c,fb,92,7c,\
  00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
  00,2d,00,30,00,32,00,46,00,39,00,46,00,43,00,35,00,31,00,38,00,38,00,34,00,\
  00,2d,00,31,00,31,00,34,00,43,00,36,00,39,00,34,00,36,00,44,00,35,00,35,00,\
  00,2d,00,37,00,38,00,34,00,42,00,43,00,34,00,39,00,45,00,42,00,32,00,32,00,\
  00,2d,00,37,00,38,00,41,00,39,00,31,00,34,00,41,00,42,00,34,00,30,00,34,00,\
  00,2d,00,37,00,43,00,36,00,38,00,33,00,44,00,46,00,43,00,34,00,30,00,42,00,\
  00,2d,00,38,00,38,00,44,00,33,00,33,00,36,00,39,00,39,00,38,00,43,00,46,00,\
  00,2d,00,38,00,46,00,32,00,41,00,44,00,44,00,34,00,46,00,34,00,36,00,33,00,\
  00,2d,00,41,00,39,00,41,00,46,00,46,00,32,00,31,00,39,00,43,00,33,00,36,00,\
  00,2d,00,44,00,32,00,34,00,44,00,35,00,32,00,36,00,37,00,36,00,39,00,36,00,\
  00,2d,00,44,00,32,00,36,00,37,00,46,00,45,00,33,00,45,00,33,00,32,00,41,00,\
  00,2d,00,46,00,30,00,32,00,33,00,36,00,35,00,46,00,41,00,44,00,34,00,39,00,\
\002.exe
\002.exe 
  00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,36,00,46,00,2d,00,32,00,41,00,38,00,30,00,2d,00,34,00,37,00,45,00,36,00,\
  00,38,bc,6d,02,10,04,1c,00,00,00,1c,00,00,00,1c,00,d4,b8,6d,02,60,00,00,00,\
\003.exe
\003.exe 
  00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
  00,43,00,34,00,30,00,42,00,46,00,7d,00,00,00,36,00,38,00,33,00,44,00,46,00,\
  00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
\005.exe
  00,5f,00,7b,00,32,00,35,00,45,00,35,00,31,00,45,00,32,00,32,00,2d,00,37,00,\
  00,5f,00,7b,00,33,00,37,00,34,00,43,00,30,00,35,00,30,00,34,00,2d,00,35,00,\
  00,5f,00,7b,00,34,00,32,00,46,00,33,00,43,00,42,00,42,00,45,00,2d,00,35,00,\
  00,5f,00,7b,00,36,00,43,00,39,00,34,00,32,00,38,00,35,00,41,00,2d,00,37,00,\
  00,5f,00,7b,00,38,00,35,00,46,00,39,00,44,00,38,00,36,00,30,00,2d,00,34,00,\
  00,5f,00,7b,00,38,00,44,00,43,00,30,00,35,00,42,00,34,00,41,00,2d,00,39,00,\
  00,5f,00,7b,00,41,00,38,00,42,00,43,00,36,00,46,00,32,00,33,00,2d,00,35,00,\
  00,5f,00,7b,00,42,00,46,00,42,00,41,00,35,00,32,00,36,00,46,00,2d,00,32,00,\
  00,5f,00,7b,00,43,00,31,00,43,00,34,00,41,00,33,00,31,00,38,00,2d,00,38,00,\
  00,5f,00,7b,00,43,00,36,00,32,00,33,00,43,00,43,00,36,00,32,00,2d,00,38,00,\
  00,5f,00,7b,00,44,00,42,00,37,00,30,00,41,00,37,00,37,00,34,00,2d,00,38,00,\
  00,63,00,70,00,69,00,70,00,00,00,96,15,93,7c,eb,06,93,7c,0e,00,07,80,1c,2a,\
  00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
  00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
  00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
  00,7a,1c,b0,01,00,00,00,00,a4,1d,b0,01,00,00,00,00,c6,1e,b0,01,26,00,00,00,\
  00,80,03,1c,00,20,00,00,00,ab,e9,92,7c,e0,03,1c,00,00,00,00,00,b8,1d,48,02,\
  00,a8,f9,0e,02,fe,a4,56,75,b4,0b,00,00,a0,3c,55,75,b0,f9,0e,02,92,d5,92,7c,\
  00,ac,fc,0e,02,c0,08,39,02,00,00,00,00,54,00,39,02,04,fd,0e,02,6c,fb,92,7c,\
  00,b0,01,00,00,e4,fa,e2,02,ff,ff,ff,ff,e0,fc,e2,02,ab,a5,06,76,f8,f5,73,02,\
  00,c8,f5,73,02,88,04,1c,00,00,00,1c,00,b8,01,1c,00,d8,f5,73,02,78,fc,e2,02,\
  00,e6,1d,fd,7f,05,00,00,00,f8,6a,2c,01,4c,fa,e2,02,a8,f9,e2,02,5c,00,44,00,\
  00,f8,fc,e2,02,84,86,25,00,00,00,00,00,30,2f,45,02,50,fd,e2,02,6c,fb,92,7c,\
  00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
  01,00,00,00,00,8a,0e,b0,01,00,00,00,00,b4,0f,b0,01,00,00,00,00,de,10,b0,01,\
  01,00,00,00,a0,0f,00,00,96,15,93,7c,eb,06,93,7c,00,00,00,00,00,00,00,00,58,\
  01,00,00,00,a4,fd,e2,02,96,15,93,7c,eb,06,93,7c,00,00,00,00,00,00,00,00,58,\
0/16
  02,00,00,00,00,3d,fb,92,7c,80,f9,0e,02,00,00,00,00,00,f9,0e,02,6c,fb,92,7c,\
  02,00,00,c1,00,0a,00,00,00,b8,04,39,02,00,00,00,00,00,00,00,00,b4,0b,00,00,\
  02,00,4c,fd,e2,02,60,9e,27,01,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
  02,04,00,00,00,e5,db,d1,77,dc,fa,e2,02,05,00,00,00,96,15,93,7c,eb,06,93,7c,\
  02,40,00,00,00,00,00,00,00,00,00,00,00,08,00,08,00,b8,3c,55,75,5c,00,44,00,\
  02,b8,44,5a,75,00,00,00,00,b8,bb,6d,02,7c,fb,0e,02,f4,fb,0e,02,0c,00,00,00,\
040904B0
0&'5
  06,76,08,a3,06,76,dc,fa,e2,02,d8,fa,e2,02,00,00,00,00,9c,fa,e2,02,90,01,1c,\
  07,39,02,00,00,1c,00,b8,04,39,02,00,00,00,00,10,fd,0e,02,5c,0d,93,7c,00,00,\
  08,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,00,00,1c,00,00,00,c1,00,00,\
080404B0
\0.txt
0x01xx8p.exe
"%1"
"%1" %*
@="\"%1\" %*"
1.00
1.0.0.1
101316F2;4E007C32;101B7DE4;5FDA7FCB;88EB692C;F356E85F;8020AF56;E6B4E2F5;6FEB1B11;E0ED7663;EE3C1946;80106665;5CCB4BB3;FE285262;314A30FB;C8CF25B5;3DD5B1F2;7515978C;9618502A;93B964C4;343507E3;D569AA52;9F19F62C;B9160D1F;EA87269D;5889F732;D2ECFB77;EA16E638;4A966629;CABA97D3;9F19F62C;E8AA99A;4A966629;112E7B94;
10/16
\1027\App.bat
\1027\App.bat 
\1027\App.exe
\1027\App.exe 
\1027\apprun.inf
\1027\Apprun.inf
\1027\dnt\app.bat
\1027\dnt\App.bat
\1027\dnt\App.bat 
11/16
1/16
12/16
12-25.EXE
131097
13/16
1394
14/16
15/16
  15,93,7c,eb,06,93,7c,a4,fd,e2,02,50,90,39,01,10,00,00,00,04,08,00,00,00,01,\
16/16
\1784769098\avgupdt.exe
\1784769098\lsass.exe
198F0FAF;8FB1BC79;1AA8CDF6;CFDE54AD;6084BCF4;CD6595A9;355858CB;DFE82405;A3A55991;68F630E2;E2C48A75;61A18B35;99D9A148;CC634AC7;455B6EF8;D512E33A;1B64B345;
\1A36CBC8.EXE
\1A36CBC8.EXE 
\1.bat
  1c,00,00,00,88,01,1c,00,a0,0f,00,00,a0,0f,00,00,96,15,93,7c
  1c,00,30,07,39,02,10,00,00,00,00,00,00,00,10,00,00,00,a0,01,1c,00,08,00,00,\
  1c,00,30,2f,45,02,e0,02,00,00,84,86,25,00,0c,00,0e,00,3c,56,55,75,00,00,00,\
  1c,00,54,00,39,02,70,02,00,00,c0,08,39,02,0c,00,0e,00,3c,56,55,75,00,00,00,\
  1c,00,91,0e,93,7c,08,06,1c,00,6d,05,93,7c,30,2f,45,02,00,00,00,00,84,86,25,\
  1c,00,91,0e,93,7c,08,06,1c,00,6d,05,93,7c,54,00,39,02,00,00,00,00,c0,08,39,\
1DD096C2
1.exe
1.exe Virus.Win32.Autorun.im
\1.inf
\1sasrv.dll
\1.txt
\1.txt 
1.vbp
2007
2007-8-16
2010-4-17
_21238
2/16
21A3FAE7
2280
  23,b0,01,00,00,00,00,90,24,b0,01,00,00,00,00,b2,25,b0,01,00,00,00,00,dc,26,\
_2437
2&'5
  28,01,50,9c,f4,02,19,00,02,00,28,fa,0e,02,0c,00,00,00,08,00,08,00,f4,df,00,\
  28,07,39,02,80,5f,34,02,50,02,1c,00,50,bb,6d,02,28,c8,f2,02,c0,9c,f4,02,50,\
  2d,00,39,00,30,00,43,00,35,00,2d,00,37,00,43,00,36,00,38,00,33,00,44,00,46,\
  30,00,34,00,39,00,2d,00,34,00,37,00,46,00,37,00,2d,00,42,00,44,00,30,00,41,\
  30,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  30,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
3/16
  34,00,45,00,38,00,2d,00,34,00,30,00,39,00,38,00,2d,00,38,00,39,00,46,00,38,\
  34,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  34,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
  35,00,38,00,37,00,2d,00,34,00,30,00,43,00,31,00,2d,00,39,00,45,00,31,00,30,\
  35,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  35,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
3578CF22;F6E1D6CB;7198692B;A6FD2933;5BE16310;E7C2ADF2;D06D5E97;BABB78CD;9BA5078E;6BDA2EAB;ED716D78;6E36404;41D3A74E;B57B5F42;1499D34;8FF873A3;F8F75FA0;881DC535;64A2CA86;72464084;
  36,00,33,00,41,00,2d,00,34,00,44,00,35,00,45,00,2d,00,39,00,30,00,34,00,34,\
  36,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  36,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
\360360.exe
360safe
36Osafe
\36Osafe.exe
36Osafe.exe
36Osafe.exe IRC-Worm.Win32.Delf.ai
36Osafe.exe Worm.Win32.Delf.yus
\36Osafe.txt
  37,00,31,00,33,00,2d,00,34,00,42,00,39,00,38,00,2d,00,41,00,34,00,33,00,46,\
  38,00,43,00,32,00,2d,00,34,00,30,00,35,00,32,00,2d,00,42,00,38,00,34,00,44,\
38B80061;30BCE04;48042755;3E6593B9;7036C488;D728DB91;DDFD8C93;D32D3750;B95B47BC;35365829;EEF46465;FF4002BD;158A2CB1;39A8441E;625D81D;2C4CFFC7;239E1A31;EB60AAA8;80697A86;
  39,00,32,00,42,00,2d,00,34,00,36,00,39,00,37,00,2d,00,39,00,46,00,33,00,46,\
3E584EC2;1D138FBB;E8A6E41C;D6AB77BF;4F95E43D;E6883B9B;34C74D6;B41A3EC1;F77CBE4C;B16165FD;BE0622C0;1E649C1A;E0036F4F;4081D283;9646D017;4010C247;4F0BB8B6;47F3914F;4348AEDA;
  41,00,38,00,30,00,2d,00,34,00,37,00,45,00,36,00,2d,00,39,00,30,00,43,00,35,\
4/16
  42,00,31,00,30,00,2d,00,34,00,43,00,38,00,41,00,2d,00,41,00,42,00,35,00,38,\
  42,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  42,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
  43,00,34,00,30,00,42,00,46,00,7d,00,00,00,e2,02,05,00,00,00,e6,1d,fd,7f,96,\
  43,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  43,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
  44,00,31,00,42,00,2d,00,34,00,43,00,44,00,45,00,2d,00,39,00,39,00,35,00,34,\
  44,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  44,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
4&'5
  45,00,44,00,31,00,2d,00,34,00,39,00,38,00,43,00,2d,00,39,00,39,00,39,00,37,\
  45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
  46,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
  46,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
  48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
  48,a1,92,00,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,05,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,06,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,07,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,12,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,13,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,14,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,15,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,16,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,17,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,18,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,19,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,1a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,1b,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
49DEEAB5;297A120D;BB5F6472;B24A8CD6;445BC403;74B3FB9F;B11E8687;6E5EAE33;B216A4D3;3801E643;86C1EAA5;EC355393;4AA636C7;CFE82C09;1E067F00;73B5596;ADD5A0FA;777886A0;90D8BFAC;
4B1EE95A;EACFD0A9;E3D7DF4C;8B47E0A1;8B47E0A1;91268DF;5ACA479A;AC5E16BE;8C75C3F1;C82A50DB;2042FE7A;928DA2DA;95B40CC9;17789BB;9000F9EB;E31EF986;96349C81;A69539A6;ED1A361D;
4CEEA845;561EED9B;7FEE683C;CC93543;DF9CAA68;CC13B0AB;C3375605;8056D3BF;5B05B018;C02901F3;5491340F;55668CFA;9A63202F;501DDEFD;80BF0F8B;728C9D8B;4983357F;15219CAA;
4F249C9D.exe Virus.Win32.Autorun.48344
  50,02,1c,00,00,00,00,00,28,07,39,02,3c,fc,0e,02,46,0f,93,7c,05,00,00,00,28,\
5/16
  54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\
5589E583C4F85731C08945FC8945F8EB0EE80000000083F802742185C07424E830000000837DF800750AE838000000E84D00
5654830C;E313DA67;903BE3CC;375B832;903BE3CC;E62DA31A;5D19C5A7;9510B8CC;E0D2DB14;3ED5B916;5E43ED0;EB429C7C;DC3CD917;EB429C7C;C2B25B6D;B257D946;725EBA63;
  56,75,b4,0b,00,00,a0,3c,55,75,b0,f9,0e,02,06,00,00,00,02,00,00,00,10,00,00,\
5DB9011A;13C8F6A6;F318C270;E4BAE745;9B0D64C6;C7C22A;D09CBED1;71D9CD0E;336A3014;1337F4AB;DD9551DA;9593D4CA;1862D97F;3613B347;8520AE98;22B11330;40186A75;6E6968F9;
5E9FF53;8B3A39FF;FCDD3C9A;58DAD2C;532AEBF4;D487A0C1
5FD53B84
6.00.0147
6.00.0151
6.0.0.147
6.0.0.151
6/16
616A2FEB;792B2C6;A56956A6;C769212B;90630D34;FEE3E835;24E9413A;4778D114;95A0603F;7EC6399B;B8C9E56F;AC3D0E84;CE35ECFD;B43CD9B0;45772050;B13B529F;3746C28A;
617664AA;9930409C;2406F53B;60EA9E2C;2CDC1A61;C0CFBD00;FAD01D1C;7EF90B01;E2F1732E;2D3FE4EC;91E676D5;637F9ADC;3B28CA21;6898A018;AE2EF0C4;BC045DD;22E7C7F0;
  65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
  65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,\
  65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,42,00,46,00,42,00,41,00,35,00,32,\
\6666.com
\6666.com 
68694F69;66884D33;41A10567;72B393C;21A3FAE7;C6AE7E80;7C82EFF7;D26C930D;8473041F;D4583171;84B2962E;8ABEF27;664B1942;FF57A539;367DA4CC;571D9B3B;FCFE5B3C;
  68,d3,27,00,70,81,38,02,e0,03,1c,00,08,66,25,01,e0,03,1c,00,00,00,00,00,20,\
  69,00,64,00,65,00,72,00,00,00,01,00,00,00,e4,fb,0e,02,01,00,00,00,a8,fe,38,\
  69,00,64,00,65,00,72,00,00,00,1a,3e,26,00,00,00,e2,02,6c,b8,80,7c,02,00,00,\
  69,00,64,00,65,00,72,00,00,00,88,01,1c,00,00,00,00,00,10,00,00,00,50,fb,0e,\
  69,00,64,00,65,00,72,00,00,00,c0,1d,48,02,00,00,00,00,08,00,00,00,00,00,00,\
6A5B806A;B57FEA60;35AC178F;69DEDA18;85CC1847;5F9FAA9E;62F2CA5F;F153B5D6;C3768153;7433C203;A912B395;7719093E;EF5BCE61;9143BFFF;6964181B;8A19D622;21825D18;80FFD096;40DF5A43;
\6C4DA25CDD774D5.vbs
\6C4DA25CDD774D5.vbs 
  6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,\
  6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,b0,01,00,00,00,00,60,0d,b0,\
  6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,\
  6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,b0,01,00,00,00,00,60,0d,b0,\
\6to4bt.dll
6to4bt.dll Backdoor.Win32.Drwolf.fi
7/16
  71,fb,92,7c,00,00,00,00,80,f9,0e,02,3d,fb,92,7c,dc,f8,0e,02,2c,f9,0e,02,48,\
  71,fb,92,7c,00,00,00,00,cc,f9,e2,02,3d,fb,92,7c,28,f9,e2,02,78,f9,e2,02,94,\
  71,fb,92,7c,30,2f,45,02,00,00,00,00,84,86,25,00,2c,fd,e2,02
  71,fb,92,7c,54,00,39,02,00,00,00,00,c0,08,39,02,e0,fc,0e,02
'7.2
  75,48,fa,0e,02,00,00,00,00,00,00,c1,00,a0,0f,00,00,96,15,93,7c,eb,06,93,7c,\
_7719
7EZo
8/16
  82,e6,9a,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,43,3e,00,00,00,00,00,\
  82,e6,9a,ec,03,00,00,01,00,00,00,84,f8,0e,02,7c,f8,0e,02,88,f9,0e,02,04,a4,\
  82,e6,9a,ed,03,00,00,01,00,00,00,88,01,1c,00,00,00,1c,00,00,00,c1,00,00,00,\
  82,e6,9a,ed,03,00,00,01,00,00,00,c8,fc,e2,02,3c,0c,00,00,08,00,00,00,1d,00,\
_8855
8E758845
9/16
9368265E-85FE-11d1-8BE3-0000F8754DA1
  93,7c,60,1d,48,02,00,00,00,00,08,00,00,00,00,00,ca,00,09,00,00,00,58,03,1c,\
  93,7c,b8,b8,6d,02,00,00,00,00,08,00,00,00,00,00,c1,00,58,fd,0e,02,c8,01,1c,\
96097A42;52EAB318;8882DE91;DE821D2F;69E6907E;9B0D64C6;7218DBE8;8B3A39FF;5E9FF53;5EAF682;2B418CB0;6AEDB514;F9AC4EB;2B4750F8;C5B2839F;EC6B7E77;E3946350;91A05145;EC16178D;41C468DC;5D9A1E6A;
983103
98A20EAD;364222A;AFD44830;812E53F3;6D830C9B;ED272C86;9BBC575D;200084DE;E0F77D8F;81D91A10;A5F1E7AA;E1D00760;DE7D4B92;9550B408;2E7D7C17;720C6F4F;AA23CD6B;2FEF93E6;CA06022C;F86BB72D;996CF6B8;F0053E98;33FDEA21;55C1FC00;3AFD6F92
{9963387B-212E-4643-B207-82DAEA0E713D}
  9c,f4,02,58,5e,34,02,0c,00,00,00,03,00,00,00,00,00,00,00,a0,01,1c,00,88,01,\
a@	8
A9F98AF8;6E5A301D;224058F9;AE47C939;9BBC575D;42673595;859CF1DA;1354E91D;EA6D88EE;BAEFC30B;9B2749F5;A1D36C01;301E52B3;B16C05FB;8C13022;A420DAEA;EE245634;D3C44C20;
aa\bb.vbs
aa\cc.vbs
\aa.vbs
ABCDEFG
ABF9FC8D
About
about blank
about:blank
\about.exe
\about.exe 
@*\AC:\Documents and Settings\duhui\
ACEExist
\AceExt32.dll
\AceExt32.dll 
ACEFlag
ACEMask
\achi.dll.vbs
achi.dll.vbs
achi.dll.vbs Worm.VBS.Sowel.a
achi.htm
ActivedEXE
\Actxprxy.dll
adamrf
Administrator
\Adobe Gamma  loader.lnk
\Adobe Gamma loader.lnk
Adobe Gamma  loader.lnk
AdobeUpdate.exe
\Adobe Update.lnk
\adsldps.dll
*\AF:\USBcleaner\Weather.vbp
ah.exe
\Akica.exe
\Akica.exe 
\Akica.exe  
alcupd.exe
alcupd.exe Worm.Win32.Autorun.ebr
ALG.bat
\algsrv.exe
\algsrv.exe  
\algsrvs.exe
\algsrvs.exe 
\algsrvs.exe  
\algsrvs.exe   
\algssl.exe
\algssl.exe 
\algssl.exe  
alligt
\alligt.dll
\alligt.dll 
\alligt.exe
\alligt.exe 
alligt.exe
 ALL Rights(c)Reserved 2007
 ALL Rights(c)Reserved 2008
\ALL THE ANTIVIRUS SOFTWARE R SO BAD!.txt
AllUsersProfile
\ALMV.exe
\ALMV.exe 
\ALMV.exe  
"AlternateShell"="cmd.exe"
\AlxRes
A Multistyle Button Control
\ancoknvvnhcai.dll
\ancoknvvnhcai.dll 
\anhao.dll
AntiArp
\AntiArp.exe
AntiArp.exe
AntiArp.exe Worm.Win32.Autorun.29184
AntiRising
AntiRising.exe
AntiRising.exe Trojan-Downloader.Win32.VB.ayt
\Anti-U
AppData
\app.exe
\app.exe 
app.exe
app.exe/service.exe Trojan.VB.ug  
App.exe/service.exe Trojan.VB.ug 
App.exe/service.exe Trojan.VB.ug  
App.exe Worm.BAT.CopyRun.a
App.exe Worm.BAT.CopyRun.a 
"APPInit_Dll
#APPInit_Dll
APPInit_Dll
APPInit.DLL
AppInit_DLLs
apple
\Application Data\
\Application Data\usrinit.exe
Arun
\as.exe
\as.exe 
AssSTH.exe
Atapi
attrib -s -h -r 
Auto
\autochl.exe;
autochl.exe
auto.exe
Auto.exe
auto.exe;MSI.exe;Rsagen.exe;Limit.exe;auto.exe;iexplore.exe;Macromedia_Setup.exe;cmd.exe;uchelp.exe;jun.exe;niu.exe;ibtrun.bat;ibtrun.vbe;setv.exe;msn.exe;uusetup.exe;ppstream.exe;se51.exe;RECYCLER\RECYCLER\autorun.exe;windowstops.exe;Winlog0n.exe;{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs;
auto.exe Trojan.DL.Autorun
auto.exe Worm.Win32.Agent.iot
auto.exe Worm.Win32.Agent.iot 
\Auto.ini
autoply.exe
autoply.exe Worm.P2p.Win32.Malas.f
autorun
autorun.*
Autorun
AutoRun
(AutoRun
$AutoRun
\autorun.bat
\autorun.bat 
autorun.bat
autorun.bat Virus.VBS.Small.a
autorun.bat Virus.VBS.Small.a 
autorun.bat Worm.Delf.cv 
\autorun.bin
autorun.bin
Autorun.dll
Autorun.dll Worm.Win32.Autorun.aq
\autorun.exe
\autorun.exe 
autorun.exe
\Autorun.exe
Autorun.exe
Autorun.exe,mfc48.dll,kernel32.sys
autorun.exe Virus.Autorun.Unknown
'autorun.exe Virus.Win32.Autorun.33395
autorun.exe Virus.Win32.Autorun.33395
Autorun.exe Virus.Win32.AutoRun.bs
autorun.exe Worm.Agent.fw
autorun.exe Worm.Agent.fw 
autorun.exe Worm.Agent.ob 
autorun.exe Worm.Clive.a
autorun.exe Worm.Win32.Agent.h
autorun.exe Worm.Win32.Pabug.f
autorun.exe Worm.Win32.Pabug.f 
\autorun.FCB
autorun.FCB
\autorun.ICO
autorun.ICO
:\autorun.inf
!autorun.inf
.autorun.inf
.autorun.inf 
"autorun.inf
(autorun.inf
*autorun.inf
\autorun.inf
autorun.inf
autorun.inf 
\Autorun.inf
Autorun.inf
AutoRun.inf
\Autorun.inf\BY USBC..\
autorun.inf.tmp
\autorun.ini
\autorun.ini 
autorun.iREG
autorunmvs.exe
autorunmvs.exe Worm.Win32.AutoRun.773657
autorun.pif
autorun.pif Backdoor.Delf.xor 
autorun.pif Backdoor.Delf.xor  
autorun.pif Backdoor.RWX.2005.gy
autorun.pif Backdoor.RWX.2005.gy 
autorun.pif Backdoor.RWX.2005.hn
Autorun.pif Backdoor.Win32.Hupigon.pv
autorun.pif Trojan.Small.jfi
autorun.pif Win32.Hack.Hugezi.al.276444
autorun.pif Win32.Hack.Hugezi.al.276444 
\autorun.rar
\autorun.rar 
\autorun.reg
autorun.reg
\autorun.REG
autorun.REG
\autorun.srm
autorun.srm
\autorun.txt
autorun.txt
\autorun.vbs
\autorun.vbs 
autorun.vbs
autorun.vbs Virus.VBS.Agent.a
AuToRun_Vir_Main
\autorun.wsh
autorun.wsh
autorunx.exe
autorunx.exe Worm.Win32.AutoRun.ddr
\avb.exe
avgupdt.exe Worm.Win32.Tyhops.a
\avi32.dll
\avi32.dll 
\avi32.dll  
avipit
\Avpser.cmd
  b0,01,00,00,00,00,11,00,01,01,c2,01,08,03,01,00,00,00,02,00,00,00,00,00,01,\
  b4,fb,e2,02,00,00,00,00,41,00,00,00,b8,1d,48,02,00,00,1c,00,00,00,ca,00,00,\
B4T1W2
backcolor
BackColor
BackDarkColor
Backdoor.Agent.amb
Backdoor.Agent.hpo
Backdoor.Agent.ibv
Backdoor.Agent.iku
Backdoor.Agent.xox
Backdoor.BlackHole.2005.gf
Backdoor.BlackHole.2006.a
Backdoor.Delf.xbn
Backdoor.Delf.xcb
Backdoor.Delf.xor
Backdoor.Gpigeon.qqz
Backdoor.Gpigeon.sca
Backdoor.Huigezi.evi.zngf
BackDoor.Pigeon.1604
Backdoor.RWX.2005.gy
Backdoor.RWX.2005.hn
Backdoor.Tompai.k
Backdoor.VB.pvn
Backdoor.VB.pvo
Backdoor.Win32.Agent.fpe
Backdoor.Win32.Bifrose.ago
Backdoor.Win32.BlackHole.j
Backdoor.Win32.Drwolf.fi
Backdoor.Win32.Gpigeon2007.cqb
Backdoor.Win32.Gpigeon.dks
Backdoor.Win32.Gpigeon.evc
Backdoor.Win32.Gpigeon.zgt
Backdoor.Win32.Huigezi
Backdoor.Win32.Hupigon.642048
Backdoor.Win32.Hupigon.655360
Backdoor.Win32.Hupigon.691200
Backdoor.Win32.Hupigon.axbr
Backdoor.Win32.Hupigon.bduq
Backdoor.Win32.Hupigon.bsul
Backdoor.Win32.Hupigon.dev
Backdoor.Win32.Hupigon.evc
Backdoor.Win32.Hupigon.exa
Backdoor.Win32.Hupigon.pv
Backdoor.Win32.RWX.hz
Backdoor.Win32.RWX.kz
Backdoor.Win32.ShangXing
Backdoor.Win32.ShangXing.beq
Backdoor.Win32.ShangXing.c
Backdoor.Win32.ShangXing.is
Backdoor.Win32.ShangXing.kd
\BACKINF.TAB
\BACKINF.TAB 
BackLightColor
backstyle
BackStyle
\backup.dll
Backup.exe
Backup.exe Trojan-Spy.Win32.Delf.by
\backup.vbs
badudv
\baidu.htm
\baidu.ico
.bak
\bakfiles\
\bakfiles\*.uda
\bakfiles\uda.a
\bakfiles\uda.a 
\bakfiles\uda.a  
\baqftx.dll
\baqftx.dll 
\baqftx.exe
\baqftx.exe 
\baster.txt
\baster.txt 
.bat
.bat 
.bat  
bat 
Bat 
batFile\Shell\Open\Command
.bat Worm.Win32.Agent.aag
\bb.dll
  bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
  bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
\bbyb.exe
\bbyb.exe 
\bbybs.exe
\bbybs.exe 
BD6A67AF;342C920;706ABC93;DFCB8DB6;5EA2145B;4418DBA;6C05EC95;A3C944EC;C83EF9C2;410F980F;D347D63B;2656A31D;4E007C32;49D8A43A;F52EC679;3570E67C;E08D6F16;
bfdarx
\bfdarx.dll
\bfdarx.dll 
\bfdarx.exe
\bfdarx.exe 
bfdarx.exe
bhtpod
\bhtpod.dll
\bhtpod.dll 
\bhtpod.exe
\bhtpod.exe 
bhtpod.exe
Big5
BIG5
\bigdog.exe
bigdog.exe
bigdog.exe Virus.Win32.Autorun.458723
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
\bittorrent.exe
\bittorrent.exe 
\bittorrent.exe  
bittorrent.exe.log;msvcr71.dll;RavMon.exe;Reper.exe;tel.xls.exe;RavMonE.exe;Rose.exe;sal.xls.exe;desktop.exe;desktop2.exe;
Bittorrent Worm.Snake.a
\blastclnnn.exe
\blastclnnn.exe 
bl.exe
bl.exe Trojan-Downloader.Win32.Agent.etw
\bluec
\bluec 
\bluec  
blue.exe
\BLUE.EXE
\BLUE.EXE 
Blue.exe Win32.Hack.Hugezi.864256
bluesoldier.exe;
.bmp
bmp 
Body
\boot6.exe
boot.exe
Boot.exe Trojan-Downloader.Win32.VB.axe
boot.exe Trojan.Win32.Undef.dqr
boot.exe Virus.Win32.Autorun.46592
boot.exe Worm.Win32.VB.yxy
\boothide.reg
\boot.ini
\boot.ini 
BootIO.exe Trojan.DL.Direct.ge
BootIO.exe Trojan.Spy.Rivak.a
BootIO.exe Trojan.Spy.Rivak.a/Trojan.DL.Direct.ge
\bootrun.reg
\_boot.txt.exe
boot.txt.exe
boot.txt.exe Virus.Win32.Autorun.604160
BorderColor
bovan.exe Worm.Win32.bovan
BoyFine Worm-Script.VBS.Autorun.bc
bqifue
\bqifue.dll
\bqifue.dll 
\bqifue.exe
\bqifue.exe 
bqifue.exe
bryato
\bryato.dll
\bryato.dll 
\bryato.exe
\bryato.exe 
bryato.exe
\bsr.exe
\bsr.exe 
bsr.exe
bsr.exe Win32.Troj.Dropper.se.1019261 
\bt7530.bat
\bt7530.bat 
BUG,
button captions can only be center aligned
buttonstyle
ButtonStyle
but will not appear when the form is running.
(BY UC.
C$0;
\c_10083.nls
\c_10083.nls 
\c_10083.nls  
\c28591.nls
C:\55.reg
C978078B450CF2AF75278D4514508D4510508D450C508D4508508D45FC508D45F85052B800000000508B00FF90A4070000C3
c:\a.bat
C:\a.bat
\cacom.exe
\cacom.exe 
\cacom.exe  
CallWindowProcA
cao.exe
cao.exe Trojan.Win32.Nodef.ihw
capalign
CapAlign
CapStyle
caption
caption	
Caption
CaptionAlign
C:\Autoexe.bat
C:\Autoexe.bat 
C:\Autoexe.bat  
C:\autorun.inf
C:\autorun.inf.tmp
C:\autorun.pif
cback
cBack
cBhover
cBHover
  cc,6b,da,77,9c,0b,00,00,00,00,00,00,b8,f9,0e,02,74,6c,da,77,c0,f9,0e,02,40,\
\ccApps.exe
\ccApps.exe 
C:\cmd.com
C:\config.log
\cc.vbs
CD03F4CA;8AEE9890;686ECE03;1FD2C14;8875BD24;2DF5684C;ACF8CA2F;3BC1FE9D;38A0DA5E;8AEE9890;B8D23842;B5B383DB;F6ABF97F;ED024FF7;EB25BE9A;7BB4639B;2C157610;
\cd1.exe
\cd2.exe
\cd3.exe
C:\DATAEXLOG.EXE
c:\deldll.bat
C:\delifeo2.bat
C:\delifeo3.bat
C:\delifeo4.bat
C:\delifeo.bat
C:\delregme.bat
C:\delSex.bat
C:\delshit.bat
C:\desetup.bat
CDROM
@="CD-ROM Drive"
CDrom.exe Virus.Win32.AutoRun.xj
CEC-ch~1\aapprun.inf
CEC-ch~1\app.bat
CEC-ch~1\app.exe
CEC-ch~1\apprun.inf
ceffnk
C:\Explorer.exe
C:\Explorer.exe 
C:\Explorer.exe  
ceyael
.cfg
cFHover
C:\fix1.bat
C:\Fixasc.reg
c:\fix.bat
C:\fix.bat
C:\Fix.bat
C:\fixme.bat
C:\fixoso2.bat
C:\fixoso.bat
C:\fixreadme.bat
C:\fix.reg
C:\FixSPI.reg
C:\fixwinlogon.bat
cFore
\cftmons.exe
cgradient
cGradient
checkbox
CheckBoxMode
\CheckDisk.exe
\CheckDisk.exe 
\CheckDisk.exe  
CheckedValue
"CheckedValue"=dword:00000001
"CheckedValue"=dword:00000002
chiCkie.exe
chiCkie.exe Trojan.Win32.StartPage.bdv
\ChkDsk.exe
\ChkDsk.exe 
\ChkDsk.exe  
ChkDsk.exe;MVS.exe;MVH.exe;Launchcd.exe;Bittorrent.exe;bittorrent.exe.log;RavMon.exe;Reper.exe;tel.xls.exe;RavMonE.exe;fun.xls.exe;sss.exe;toy.exe;RECYCLER\info.exe;RECYCLER\u.exe;sxs2.exe;copy.exe;host.exe;msinfmgr.exe;
\choster.exe
C:\hosts
C:\hosts.*
C:\ipconfig.log
cisceq
\cisvc.dll
\cjston.dll
\cjston.dll 
\cjston.exe
\cjston.exe 
C:\kill.bat
C:\killit.exe
C:\killme.exe
C:\killme.exe.
C:\killme.exe	
C:\Killme.exe
C:\killmsn.bat
C:\Killmsn.bat
Class
Class = 
Classes\Applications\iexplore.exe\shell\open\command
\classes\java\mfc48.dll
ClassGUID
ClassGUID = 
 Cleaned!
\clear.bat
cleardisk.pif Win32.Hack.Unknown.163840
clfmon.exe
CloseHandle
CLSID\{00000231-1000-0010-8000-00AA006D2EA4}
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open
clsid\{25864158-329E-434B-B24F-3DA6F300D41B}
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
[clsWaitableTimer.Wait]
\cmd.bat
\cmdbs.dll
\cmdbs.dll 
\cmdbs.exe
\cmdbs.exe 
\cmdbs.exe  
\cmd.com
\cmd.com 
cmd.com /c C:\delSex.bat
\cmd.exe
\cmd.exe 
cmd.exe
cmd.EXE
cmd.exe Trojan.DL.MnLess.anq
cmd.exe Trojan.DL.MnLess.anq 
CmdFile\Shell\Open\Command
\cmdsys.sys
\cmdsys.sys 
\cmss.exe
cmss.exe
cn911.exe;RECYCLER.exe;autorun.pif;info.exe;pagefile.exe;msvci.exe;real.exe;UC2006.exe;COMMAND.pif;servet.exe;usbdriver.exe;rising.exe;
cn911.exe Win32.troj.Agent.vb.16967
cn911.exe Win32.troj.Agent.vb.16967 
C:\NeroCheck.exe
C:\NeroCheck.exe 
\cologsver.exe
\cologsver.exe 
Comctl32
\come.exe
come.exe
comfile\shell\open\command
\Com\lsass.exe
\command.com
COMMAND.pif
COMMAND.pif Trojan.DL.Inject.wl
COMMAND.pif Trojan.DL.Inject.wl 
Comm drv
Comments
Common Desktop
\Common Files\
\Common Files\002.exe
\Common Files\AdobeUpdate.exe
\Common Files\cao.exe
\Common Files\fjOs0r.dll
\Common Files\Microsoft Shared\
\Common Files\Microsoft Shared\DAO\AVRSYS.EXE
\Common Files\Microsoft Shared\DAO\AVRSYS.EXE 
\Common Files\Microsoft Shared\DAO\MSN.msn
\Common Files\Microsoft Shared\DAO\MSN.msn 
\Common Files\Microsoft Shared\.exe
\Common Files\Microsoft Shared\.exe 
\Common Files\Microsoft Shared\Macromedia.10.exe
\Common Files\Microsoft Shared\Macromedia.10.exe 
\Common Files\Microsoft Shared\MSInfo\
\Common Files\Microsoft Shared\MSInfo\_Backup.exe
\Common Files\Microsoft Shared\MSInfo\Backup.exe
\Common Files\Microsoft Shared\MSInfo\boot.txt.exe
\Common Files\Microsoft Shared\MSInfo\Config.exe
\Common Files\Microsoft Shared\MSInfo\ctfoon.exe
\Common Files\Microsoft Shared\MSInfo\Delet.bat
\Common Files\Microsoft Shared\MSInfo\.exe
\Common Files\Microsoft Shared\MSInfo\.EXE
\Common Files\Microsoft Shared\MSInfo\fldriver.exe
\Common Files\Microsoft Shared\MSInfo\gk123.exe
\Common Files\Microsoft Shared\MSInfo\jiao0901.exe
\Common Files\Microsoft Shared\MSINFO\Kaspersky.exe
\Common Files\Microsoft Shared\MSINFO\KAV2007.exe
\Common Files\Microsoft Shared\MSInfo\killing.dll
\Common Files\Microsoft Shared\MSInfo\music.exe
\Common Files\Microsoft Shared\MSInfo\Music.EXE
\Common Files\Microsoft Shared\MSInfo\NewTemp.bak
\Common Files\Microsoft Shared\MSInfo\NewTemp.bak 
\Common Files\Microsoft Shared\MSInfo\NewTemp.bkk
\Common Files\Microsoft Shared\MSInfo\NewTemp.bkk 
\Common Files\Microsoft Shared\MSInfo\NewTemp.dll
\Common Files\Microsoft Shared\MSInfo\NewTemp.dll 
\Common Files\Microsoft Shared\MSINFO\NLS.exe
\Common Files\Microsoft Shared\MSInfo\_nvsuc32.exe
\Common Files\Microsoft Shared\MSInfo\Office.exe
\Common Files\Microsoft Shared\MSInfo\paramstr.txt
\Common Files\Microsoft Shared\MSInfo\re061.exe
\Common Files\Microsoft Shared\MSInfo\re51.exe
\Common Files\Microsoft Shared\MSInfo\re51.exe 
\Common Files\Microsoft Shared\MSInfo\re51.exe  
\Common Files\Microsoft Shared\MSINFO\re91.exe
\Common Files\Microsoft Shared\MSINFO\redztk.exe
\Common Files\Microsoft Shared\MSInfo\rejoice0805.exe
\Common Files\Microsoft Shared\MSInfo\rejoice082.exe
\Common Files\Microsoft Shared\MSInfo\rejoice101.exe
\Common Files\Microsoft Shared\MSInfo\rejoice47.exe
\Common Files\Microsoft Shared\MSInfo\Se2009.exe
\Common Files\Microsoft Shared\MSInfo\Server101.exe
\Common Files\Microsoft Shared\MSInfo\Server.exe
\Common Files\Microsoft Shared\MSInfo\Server.exe 
\Common Files\Microsoft Shared\MSInfo\Server.exe  
\Common Files\Microsoft Shared\MSInfo\servieces.exe
\Common Files\Microsoft Shared\MSInfo\setv.exe
\Common Files\Microsoft Shared\MSInfo\setv.exe 
\Common Files\Microsoft Shared\MSInfo\SV00LAS.EXE
\Common Files\Microsoft Shared\MSInfo\svchcst.exe
\Common Files\Microsoft Shared\MSINFO\svchcst.exe
\Common Files\Microsoft Shared\MSInfo\svrhost.exe
\Common Files\Microsoft Shared\MSInfo\sxhnbc.exe
\Common Files\Microsoft Shared\MSInfo\syn0801.exe
\Common Files\Microsoft Shared\MSInfo\system.exe
\Common Files\Microsoft Shared\MSINFO\system.exe
\Common Files\Microsoft Shared\MSInfo\Time.exe
\Common Files\Microsoft Shared\MSInfo\Time.exe 
\Common Files\Microsoft Shared\MSInfo\Time.exe  
\Common Files\Microsoft Shared\MSInfo\uniqq.exe
\Common Files\Microsoft Shared\MSN.msn
\Common Files\Microsoft Shared\MSN.msn 
\Common Files\Microsoft Shared\MsShared.exe
\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE
\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE 
\Common Files\Microsoft Shared\Web Folders\MSOSVEXT.EXE
\Common Files\Microsoft Shared\Web Folders\MSOSVEXT.EXE 
\Common Files\OnlO0r.bak
\Common Files\OnlO0r.dll
\Common Files\OnlO0r.obk
\Common Files\Relive.dll
\Common Files\Relive.dll 
\Common Files\Services\svchost.exe
\Common Files\Services\svchost.exe 
\Common Files\Services\svchost.exe  
\Common Files\system\
\Common Files\System\.exe
\Common Files\System\.exe 
\Common Files\System\wab32res.exe
\Common Files\System\wab32res.exe 
\Common Files\System\wabres.dll
Common Start Menu
Common Startup
ComName
CompanyName
Computer Name:
\Com\smss.exe
\Com\smss.exe 
\Com\smss.exe  
\Com\smss.exe   
\ComSys.dll
\ComSys.dll 
config.exe
\_Config.exe
Config.exe
Config.exe Backdoor.Win32.ShangXing.c
Config.exe;RECYCLED\CEC-ch~1\app.exe;RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE;IGPXE.exe;SysInfo2.Dll;
Config.exe Worm.VB.ane
Config.exe Worm.VB.ane  
\Config\smss.exe
\config\system.exe;
\config\systemprofile\vista.exe
\conrme.exe
\conrme.exe 
\conrme.exe  
\cool.exe
cool.exe
cool.exe Virus.in32.Autorun.30129
\copy.exe
copy.exe
copy.exe(Worm.Small.z)
\copyf.exe
\copyf.exe 
Created by: Juned S. Chhipa
C:\ReD.reg
C:\ReExe.reg
\cross.exe
\crss.exe
\crss.exe 
\crsss.exe
\crsss.exe 
C:\SafeBoot.reg
cscript.exe
Cscript.exe
\cs.exe
\cs.EXE
\cs.EXE 
\CS.exe
\csiss.exe
\csiss.exe 
\csiss.exe  
\csrss.bat
\csrss.bat 
\csrss.bat  
csrss.bat
\csrss.exe
\csrss.exe 
\csrss.exe  
\csrss.vbe
\csrss.vbe 
\csrss.vbe  
csrss.vbe
csrss.vbe Worm.Ouka.2869
\cssrs.exe
cssrs.exe
cssrs.exe Worm.Win32.Autorun.96768
C:\sunny.exe
C:\sunny.exe 
C:\sunny.exe  
C:\sxs2.exe
C:\sxs2.exe 
C:\sxs2.exe  
C:\sxs2.exe   
C:\system32\Rose.exe
C:\system32\Rose.exe 
C:\system32\Rose.exe  
C:\system32\Rose.exe   
C:\Term.bat
\CTFM0N.EXE
\CTFM0N.EXE 
\CTFM0N.EXE  
CTFM0N.EXE
ctfmen
ctfmon
\\ctfmon.exe
\ctfmon.exe
ctfmon.exe
ctfmon.exe Worm.VB.he
\_ctfoon.exe
ctfoon.exe
ctfoon.exe Worm.Win32.AutoRun.dau
C:\TIMPlatform.exe
\c.txt
\C.Txt
\C.TXT
C:\UCBin\
CureFolder.exe
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
CUSTOM
cute ub
C:\windowsWinUpdate.exe
C:\WinSockLSP.reg
cwyumh
cycuvi
\cycuvi.dll
\cycuvi.dll 
\cycuvi.exe
\cycuvi.exe 
cycuvi.exe
C:\zzz.sys
D:\12-25.EXE
  d3,27,00,00,00,1c,00,88,d0,27,00,00,00,00,00,5c,fd,e2,02,5c,0d,93,7c,00,00,\
D50BCECD;F2839155;73464BA6;C00FA221;E2F1732E;C9C2D6D0;3DE64192;2C0B615D;E0D02EC0;75303AE8;6B38F0F9;1F0DD322;E83EBB5A;A10784CF;684EED90;1D89A6A6;9ED1661E;81E8A96F;D7650F0D;
D799DCA1;94E84973;FB2DE64A;1FD58D83;3259A8D6;F8B16939;F9BD0C53;D72576F5;6A033328;54D17FE;B284C70E;1B8E594B;EF59FDB9;2B442E70;D3C44C20;8E758845;5B8ABF1D;EC32C397;A12BB37F;2604A58F;174D97CC;20089E42;AFDBD05C;7FD77038;D7507056;D72576F5;D851C565;12E57C20;E25BF08E;90EF0AF7;
  da,77,38,00,00,00,f4,f9,0e,02,00,00,00,00,19,00,02,00,48,fa,0e,02,b8,8d,55,\
  da,77,b8,3c,55,75,9c,0b,00,00,9c,0b,00,00,88,01,1c,00,9c,0b,00,00,80,f9,0e,\
\daohang.ico
.dat
*.dat
\Data
DATAEXLOG.EXE
\Data\RegSecurity.ini
\date.bin
d:\autorun.inf
D:\autorun.inf
\daxian.exe
\daxian.exe 
daxian.exe
DCEExist
DCEFlag
DCEMask
  dc,fa,e2,02,88,01,1c,00,00,00,ca,00,96,15,93,7c,96,15,93,7c
ddacpl
\Death0.dll
\Death0.dll 
\Death.dll
\Death.dll 
\Death.exe
\Death.exe 
Death.exe
death.exe Trojan.DL.Delf.xtk 
death.exe Trojan.DL.Delf.xtk  
\Death.SiShen
\Death.SiShen 
\Death.SiShenl 
Debug 
\Debug\autorun.inf
\Debug\explorer.vbs
\Debug\explorer.vbs 
\Debug\findu.bat
debugger
Debugger
DeBugger
\DeBugger=
"DeBugger"="notepad.exe"
\Debug\RECYCLER.exe
\Debug\RECYCLER.exe 
\Debug\Rexplorer.vbs 
default.exe Worm.Win32.Autorun.jry
"DefaultValue"=dword:00000002
\DefragFs.exe
\DefragFs.exe 
\deijd.exe
deijd.exe
del 
del %0
DelAutorun
\delautorun.bat
delautorun.bat
delautorun.bat Worm.Win32.Autorun.204800
\del.bat
Delete
DeleteFile
\Deleteme.bat
DeleteValue
del /f 
del /f C:\fix.bat
del /f /q 
dep 
depjhq
Desktop
\desktop2.exe
\desktop2.exe 
\desktop2.exe  
\Desktop.dat
\desktop.exe
\desktop.exe 
\desktop.exe  
desktop.ini
desktop  Trojan.VB.vta/vtb
\DESTORY_
DetectReboot
DeviceDesc
DeviceDesc = 
DF9179D1;7A08A200;60CC9990;112E7B94;7BEFE0B8;B5B383DB;72B393C;6DE38F3A;4B9ECB18;9CCEB173;8AEE9890;7E1FF01A;BB9482BF;D86D4857;AA8C0B9D;35EE14C2;D288CA54;
\\DirectX\abc.bat
\DirectX\abc.bat
\DirectX\bbb.reg
\DirectX\DirectX.exe
\DirectX\DirectX.exe 
DisableCMD
DisableRegedit
DisableRegistryTools
DisableTaskMgr
\Discovery.exe
Discovery.exe
Discovery.exe;DJ.exe;'.vbs;USB2.0.exe;information.vbs;Thumbs.lnk;cool.exe;nvsuc32.exe;Transfer Sebvice.exe;SSDPDiscovv.exe;Down(5).exe;jiao0901.exe;soleboy.exe;sxs3.exe;ctfoon.exe;eva.vbs;autorunx.exe;SoLa\sola.bat;SoLa\sleep.exe;smserv.exe;gk123.exe;Extensionsk.exe;npwmsdrm.exe,rejoice082.exe;ms071528.exe;MSDOS.bat;mmNiu.exe;Switbhing Co.exe;Xiaohao.com;SiZhu.exe
Discovery.exe;DJ.exe;'.vbs;USB2.0.exe;information.vbs;Thumbs.lnk;cool.exe;nvsuc32.exe;Transfer Sebvice.exe;SSDPDiscovv.exe;Down(5).exe;jiao0901.exe;soleboy.exe;sxs3.exe;ctfoon.exe;eva.vbs;autorunx.exe;SoLa\sola.bat;SoLa\sleep.exe;SoLa\Tasks.xxx;SoLa\
Discovery.exe Virus.Win32.Autorun.113152
disk
@="DiskDrive"
\disk.ico
DisplayAsDefault
Display drv
"DisplayString"="
"DisplayString"="NTDS"
"DisplayString"="Tcpip"
\_DJ.exe
\DJ.exe
DJ.exe
DJ.exe Virus.Win32.Autorun.609280
.dll
*.dll
\.dll
\.dll 
DLL 
\dllcache\1028\svchost.exe
\dllcache\1028\svchost.exe 
\dllcache\cmd.com
\dllcache\cmd.exe
\dllcache\command.com
\dllcache\explorer.exe
\dllcache\explorer.exe 
\dllcache\log.exe;
\dllcache\msaro.exe
\dllcache\msconfig.exe
\dllcache\msgsvc.dll
\dllcache\regedit.exe
\dllcache\rund1132.exe
\dllcache\rund1132.exe 
\dllcache\scardsvr.exe
\dllcache\scardsvr.exe 
\dllcache\scardsvr.exe  
\dllcache\sol.EXe
\dllcache\sol.EXE
\dllcache\sol.EXE 
\dllcache\sol.EXE  
\dllcache\spoolsv.exe
\dllcache\svchost.exe
\dllcache\svchost.exe 
\dllcache\taskmgr.exe
\dllcache\wuauclt.exe
\dllcache\zipexr.dll
\dllcache\zipexr.dll 
\dllcache\zipexr.dll  
\dllGetUserTemp.reg
\dllh0st.exe
\dllh0st.exe 
\DLLH0ST.exe
\dllhost.exe
\dllhost.exe 
\DLLHOST.EXE
\DLLHOST.EXE 
DLLHOST.exe Worm.Vb.afj 
DLLHOST.exe Worm.VB.afj  
\DLLMDI.EXE
DLLMDI.EXE
DllName
\dll.reg
DllRegisterServer
DllUnregisterServer
\DLMVD.exe
\DLMVD.exe 
\DLMVD.exe  
\DLMVP.exe
\DLMVP.exe 
\DLMVP.exe  
\DLMVT.exe
\DLMVT.exe 
\DLMVT.exe  
\DLMVX.exe
\DLMVX.exe 
\DLMVX.exe  
d:\mie.com
d:\mie.com 
D:\mie.com
d:\mplay.com
d:\mplay.com 
d:\mplay.pif
d:\mplay.pif 
D:\msinfmgr.exe
D:\NP.vbs
D:\NP.vbs 
\dnscon70.dll
\dnscon70.dll 
.doc
\DocProp1.dll
\DocProp1.dll 
\doc.reg
doc.reg
\Documents and Settings\Administrator\WINDOWS\system\winsystem.exe
\Documents and Settings\Administrator\WINDOWS\system\winsystem.exe 
do.exe
DOOR
**door*.dll
DOS-Win16
DOS-Win32
down(4).exe
\Down(4).exe
Down(4).exe
Down(4).exe Win32.Troj.DownX.87552
\Down(5).exe
Down(5).exe
Down(5).exe Virus.Win32.AutoRun.ain
\down.GetUserTemp 
\down.GetUserTemp  
\Downloaded Program Files\CxUSBKey.exe
\Downloaded Program Files\CxUSBKey.exe 
\Downloaded Program Files\ZipExt32.dll
\Downloaded Program Files\ZipExt32.dll 
\down.tm
\down.tmp
\dream.exe
D:\Recyc1ed\desktop.ini
\Driveinfo.exe
\Driveinfo.exe 
Driveinfo.exe Win32.Troj.Small.20480
Driveinfo.exe Worm.Small.ab
Driveinfo.exe Worm.Small.ab  
\Driveinfo.log
DriveLetter
Driver
@="Driver"
Driver = 
\driver.exe
driver.exe
driver.exe Virus.Win32.Autorun.36864
driver.exe Worm.Agent.81920
@="Driver Group"
\drivers\60{.exe
\drivers\60{.exe 
\drivers\adamrf.exe
\drivers\adamrf.exe 
\drivers\avipit.exe
\drivers\avipit.exe 
\drivers\badudv.exe
\drivers\badudv.exe 
\drivers\ceffnk.com
\drivers\ceffnk.com 
\drivers\ceyael.exe
\drivers\ceyael.exe 
\drivers\cisceq.exe
\drivers\cisceq.exe 
\drivers\conime.exe
\drivers\conime.exe 
\drivers\cwyumh.exe
\drivers\cwyumh.exe 
\drivers\ddacpl.exe
\drivers\ddacpl.exe 
\drivers\DefragFs.exe
\drivers\depjhq.exe
\drivers\depjhq.exe 
\drivers\edopmq.exe
\drivers\edopmq.exe 
\drivers\efkixf.exe
\drivers\efkixf.exe 
\drivers\ekgopb.exe
\drivers\ekgopb.exe 
\drivers\etc\hosts
\drivers\etc\hosts.*
\drivers\etc\Hosts
\drivers\etc\Hosts.*
\drivers\etc\MaxBSLoad.exe
\drivers\etc\networks.exe
\drivers\ftextv.exe
\drivers\ftextv.exe 
\drivers\fubcwj.exe
\drivers\fubcwj.exe 
\drivers\hcmvoa.exe
\drivers\hcmvoa.exe 
\drivers\inc\HPsys\
\drivers\inc\sysdeb.ini
\drivers\IsDrv118.sys
\drivers\IsDrv118.sys 
\drivers\IsDrv120.sys
\drivers\IsDrv120.sys 
\drivers\jaovqh.com
\drivers\jaovqh.com 
\drivers\jmxxxh.exe
\drivers\jmxxxh.exe 
\drivers\jtagsc.exe
\drivers\jtagsc.exe 
\drivers\jwbnlb.exe
\drivers\jwbnlb.exe 
\drivers\kauupl.com
\drivers\kauupl.com 
\drivers\khjias.com
\drivers\khjias.com 
\drivers\mpnxyl.exe
\drivers\mpnxyl.exe 
\drivers\msinfklg.sys
\drivers\msinfomgr.sys
\drivers\nkruls.exe
\drivers\nkruls.exe 
\drivers\nvhcnd.com
\drivers\nvhcnd.com 
\Drivers\nvmini.sys
\drivers\nxjpry.com
\drivers\nxjpry.com 
\drivers\oipmpx.exe
\drivers\oipmpx.exe 
\drivers\oqbvsw.exe
\drivers\oqbvsw.exe 
\drivers\oreans32.sys
\drivers\pipkab.exe
\drivers\pipkab.exe 
\drivers\pnvifj.exe
\drivers\pnvifj.exe 
\drivers\q7.exe
\drivers\q7.exe 
\drivers\qhbodv.exe
\drivers\qhbodv.exe 
\drivers\qnjtyl.com
\drivers\qnjtyl.com 
\drivers\qnusnj.exe
\drivers\qnusnj.exe 
\drivers\qpoenl.com
\drivers\qpoenl.com 
\drivers\rbgofc.com
\drivers\rbgofc.com 
\drivers\rurply.exe
\drivers\rurply.exe 
\drivers\sjymie.exe
\drivers\sjymie.exe 
\drivers\stfwol.exe
\drivers\stfwol.exe 
\drivers\suchost.exe
\drivers\svchosL.exe
\drivers\svchost.exe
\drivers\svchost.exe 
\drivers\System Process
\drivers\System Process 
\drivers\tcmebr.exe
\drivers\tcmebr.exe 
\drivers\tekkdv.exe
\drivers\tekkdv.exe 
\drivers\ujrpjk.exe
\drivers\ujrpjk.exe 
\drivers\uoeoxa.exe
\drivers\uoeoxa.exe 
\drivers\vwuqaa.exe
\drivers\vwuqaa.exe 
\drivers\xflwkm.com
\drivers\xflwkm.com 
Drives
Dropper.Agent
Dropper.Agent.fwp
Dropper.Agent..fwp
Dropper.Gpigeon.fc
Dropper.rar.a
Dropper.VB.acd
\dsbl.inf.inf
D:\set_.exe;E:\run.exe;F:\1.exe;G:\hello.exe;H:\logo.exe;i:\test.exe;J:\Test.Mp3.exe
D:\stNP.vbs
D:\stNP.vbs 
D:\systemfile.com
D:\systemfile.com 
D:\systemfile.com  
D:\systemfile.com   
duplicate
\duplicate.exe
duplicate.exe
\dx6vcl.dll
\dxdiag.com
\dxdiag.com 
\dyjplqb.dll
\dyjplqb.exe
  e0,03,1c,00,05,00,00,00,68,d3,27,00,88,fc,e2,02,46,0f,93,7c,06,00,00,00,68,\
  e2,02,35,ce,80,7c,c8,2c,1c,00,4c,fa,e2,02,00,00,00,00,4c,fa,e2,02,05,00,00,\
\E_4\eAPI.fne
\E_4\eAPI.fne 
\E_4\krnln.fnr
\E_4\krnln.fnr 
E_4\krnln.fnr 
\E_4\shell.fne
\E_4\shell.fne 
E5107AD9;4CCC85AB;77B78AA2;46038CE5;516D0C8F;77B78AA2;2F0CBCD6;55A6B376;A5197959;E6FD1FA2;97D891C7;840D00F1;D5715FE6;7EA39D64;4A117C02;FB3917F8;5F89F56D;7B5B91BF;
EAD8D6B;A2E93F80;A6F37A8D;FC6FBAD7;4BA8F534;D6680A1F;FFB17333;6BCC72B9;AC83A171;CA9D53F5;572E5F05;778CE575;9143BFFF;ADA86970;B7BFE726;5F495B96;47E0DA5;126BDBF5;DFEA1AFB;
EbMode
@echo off
edopmq
eepjpcgm.exe
eepjpcgm.exe Trojan.Autorun.unknown
efkixf
ekgopb
EKS.exe
enabled
Enabled
"Enabled"=dword:00000001
eouvic
\eouvic.dll
\eouvic.dll 
\eouvic.exe
\eouvic.exe 
eouvic.exe
eoymry
\eoymry.dll
\eoymry.dll 
\eoymry.dll  
\eoymry.exe
\eoymry.exe 
\eoymry.exe  
eoymry.exe
\epoolsv.exe
\epoolsv.exe 
\epoolsv.exe  
\epson.exe
\epson.exe 
\epson.exe  
Err in OptionToggle: 
Error
eval("e"&"xec"&"ute
eva.vbs
eva.vbs Virus.VBS.AutoRun.ak
\EXButton.ocx
\EXButton.ocx 
.exe
.exe;
.exe'
*.exe
\_.exe
\.exe
\.exe 
\_.EXE
.exe -a
.exe;BootIO.exe;RECYCLER\autorun.exe;printer.exe;Recycled.exe;winsystem.exe;database.exe;
.exe;BootIO.exe;RECYCLER\autorun.exe;printer.exe;Recycled.exe;winsystem.exe;database.exe;she.exe;oso.exe;
.exe;Config.exe;KPE.exe;EKS.exe;wmplayer.exe;RECYCLED\CEC-ch~1\app.exe;RECYCLED\CEC-ch~1\app.bat;RECYCLED\CEC-ch~1\apprun.inf;
ExecQuery
ExecutablePath
execute
.exe;EXPL0RER.EXE;NLS.exe;System~1\com1.{21ec2020-3aea-1069-a2dd-08002b30309d}\ntldr.pif;
.exe;explorer.exe;system.exe;pagefile.pif;fun.xls.exe;sss.exe;
exefile\DefaultIcon
exefile\shell\open\command
.exe;Flash.10.Setup.exe;Scanner.exe;
.exe;Flash.10.Setup.exe;Scanner.exe;auto.exe;MSI.exe;Rsagen.exe;Limit.exe;auto.exe;iexplore.exe;Macromedia_Setup.exe;cmd.exe;uchelp.exe;jun.exe;niu.exe;ibtrun.bat;ibtrun.vbe;setv.exe;msn.exe;uusetup.exe;ppstream.exe;se51.exe;RECYCLER\RECYCLER\autorun.exe;windowstops.exe;Winlog0n.exe;{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs;
.exe;Flash.10.Setup.exe;Scanner.exe;Flash Jokes.exe;Love Calculator.exe;pegefile.pif;SysInfo2.Dll;vbs.reg;doc.reg;cmd.exe;uchelp.exe;auto.exe;jun.exe;niu.exe;ibtrun.bat;ibtrun.vbe;setv.exe;msn.exe;uusetup.exe;
.exe Heur.Trojan.Generic
.exe -k 
.exe;netdde .exe;snown.exe;wbsinstalls.exe;
.exe;netdde .exe;snown.exe;wbsinstalls.exe;Recycled\cleardisk.pif;Recycled\disk.ico;syn0801.exe;Hook.exe;taipingtianguo.exe;ntdelect.com;nx.exe;Down(4).exe;
.exe;Recycler\auto.exe;scvhost.exe;{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs;
.exe;RUNAUT~1\autorun.pif;rundll.exe;handydriver.exe;sky.exe;
.exe;RUNAUT~1\autorun.pif;rundll.exe;handydriver.exe;sky.exe;ZtPyServ.exe;ntvdm.exe;soversie.exe;kangen.exe;tool.exe;pfw.pif;sexie.exe;mp3.exe;u.bat;sys.exe;ghost.pif;flashplay.dll;Fatter.exe;RECYCLER\S-1-5-21-796845957-2139871995-839522115-500.exe;
.exe;savage.exe;
ExeString
.exe;svchost.com;Svervices.exe;Time.exe;MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe;re51.exe;Jack.vbs;Main.vbs;`.vbs;autorun.bat;Updata.exe;Yss.exe;syslogn.exe;ie7.exe;io.pif;note.exe;server.exe;Hide.exe;Vmnet.exe;system.pif;Recycle.exe;
.exe;totti;yanghuan1218
.exe Trojan.Autorun.Unknown
.exe Trojan.Autorun.Unknown 
.exe Virus.Win32.AutoRun.208896
.exe Virus.Win32.Autorun.Unknown
.exe Win32.BMW.l
.exe;winlogon.exe;shell.exe;sysauto.exe;KPE.exe;EKS.exe;wmplayer.exe;pegefile.pif;
.exe Worm.Agent.uf
.exe Worm.Agent.uf 
.exe Worm.Agent.VB
.exe Worm.Agent.we
.exe Worm.Agent.we 
.exe Worm.Win32.Agent.uv
.exe Worm.Win32.AutoRun.470528
.exe Worm.Win32.Autorun.duw
\exiplorer.exe
\exiplorer.exe 
exiplorer.exe
exiplorer.exe Virus.Win32.AutoRun.m
\exloroe.com
exloroe.com
\Exp1orer.exe
\Exp1orer.exe 
Exp1orer.exe
\ExpBin\Explorer.exe
\EXPL0RER.EXE
EXPL0RER.EXE Virus.Win32.Autorun.21504
 EXPL0RER.EXE Worm.Floder.a
EXPLOER
EXPLORE.EXE Virus.Win32.Autorun.31178
explorer
Explorer
\explorer.com
\explorer.com 
\explorer.dll
\explorer.dll 
explorer.dll Trojan.DL.Agent.bff
 \explorer.exe
\explorer_.exe
\explorer.exe
\explorer.exe 
\explorer.exe  
explorer_.exe
explorer.exe
)Explorer.exe
*Explorer.exe
\Explorer.exe
\Explorer.exe 
Explorer.exe
\EXPLORER.EXE
\EXPLORER.EXE 
\EXPLORER.EXE  
\EXPLORER.EXE   
EXPLORER.EXE
explorer.exe http://bbs.usbcleaner.cn
explorer.exe http://bbs.usbcleaner.cn/forumdisplay.php?fid=17
Explorer.exe "http://up.usbcleaner.cn"
explorer.exe http://www.baidu.com/s?wd=USBCleaner
explorer.exe http://www.usbcleaner.net/download.htm
Explorer.exe /select,"
Explorer.exe Trojan.PSW.Sdboy
explorer.exe Trojan.Win32.VBCode.p
explorer.exe Win32.PSWTroj.Wow.dg.73728
explorer.exe Worm.Win32.AutoRun.dcp
explorer.exe Worm.Win32.Downloader.fj
explorer_.exe Worm.Win32.FakeFolder.36864
Explorer http://blog.sina.com.cn/rainsoul
Explorer http://usbcleaner.taobao.com/
Explorer http://www.cncrk.com
Explorer Http://www.iu365.Net
Explorer http://www.PCHome.net
Explorer http://www.usbcleaner.cn
Explorer http://www.usbcleaner.net
\Explorer.sm1
\Exporer.exe
Exporer.exe
\Exprer.exe
Exprer.exe
Exprer.exe Worm.Win32.AutoRun.459264
\Extensionsk.exe
Extensionsk.exe
Extensionsk.exe IRC-Worm.Win32.Delf.bd
Extensionsv
_extentx
_extenty
  f0,1f,b0,01,00,00,00,00,1a,21,b0,01,00,00,00,00,44,22,b0,01,00,00,00,00,6e,\
F31B7C43
  f9,0e,02,18,ee,92,7c,78,fb,92,7c,ff,ff,ff,ff,71,fb,92,7c,18,6a,da,77,51,6a,\
  f9,e2,02,18,ee,92,7c,78,fb,92,7c,4c,fa,e2,02,c8,2c,1c,00,05,00,00,00,80,f9,\
 faizal 
\faizal.js
faizal.js
faizal.js Worm.Script.JS.Autorun.b
\faster.txt
\faster.txt 
\fat.exe
\fat.exe 
Fatter..
\fatter.exe
\fatter.exe 
Fatter.exe
Fatter.exe;syssetup.exe;boot.exe;svchost.exe;[
fatter.exe Virus.BAT.Sosiska.a
$Fatter.exe Virus.BAT.Sosiska.a
Fatter..\Fatter.txt
\fatter.inf
\fatterlove.inf
\Favorites\
  fc,0e,02,07,89,57,75,00,00,00,00,50,9c,f4,02,00,00,00,00,b2,8a,57,75,5e,6b,\
  fc,0e,02,10,04,1c,00,b4,0b,00,00,08,00,00,00,03,00,00,00,c0,04,39,02,10,04,\
  fd,e2,02,88,04,1c,00,10,0c,00,00,04,00,00,00,03,00,00,00,90,d0,27,00,88,04,\
FF815AD3;101B7DE4;AB8ECD69;C8C1AF3B;5E25C;5DC8AF8C;E2BAA660;5F9AB724;A4ED34B;2D5B136E;474A3FB7;13246EEC;D68228EB;2C4CFFC7;FE6E1D34;B9388377;B446D40C;95F3F82C;8B820972;B876CCE5;
fgkljp
\fgkljp.dll
\fgkljp.dll 
\fgkljp.exe
\fgkljp.exe 
fgkljp.exe
Fibre
\file32.exe
\file32.exe 
FileDescription
\FileKan.exe
\FileKan.exe 
FileVersion
FirstWriteTime
FirstWriteTime = 
fix.exe
fixsysinfo
\Flash.10.exe
\Flash.10.exe 
Flash.10.Setup.exe Trojan.Win32.VB.xaf
\Flash_8_Player.exe
\Flash_8_Player.exe 
\flashplay.dll
\flashplay.dll 
flashplay.dll
\_fldriver.exe
fldriver.exe
fldriver.exe Worm.Win32.Autorun.657920
@="Floppy disk drive"
\fly.exe
\fly.exe 
fmvluab.exe
fname
Focus
Folder
FolderCure
\foldercure.exe
\FolderCure.exe
\foldercure.exe -a
foldercure.exe -a
\FolderCure.exe -a
\FolderCure.exe -u
\folder.exe
\folder.exe 
\folder.exe  
folder.exe;ie.exe;setup.pif;readme.exe;Iexplores.exe;sxs.exe;ALMV.exe;Recycler\UExecute.exe;RECYCLER\RECYCLER\autorun.exe;
folder.htt
folderopen.exe Worm.Win32.AutoRun.lre
font
Font
\Fonts\00-1A-4D-F5-B0-ED\system\wdfmgr.exe
\Fonts\6c134b70170b5471b1b24acfca116ee8\system\clfmon.exe
\Fonts\HIDESELF...
\Fonts\HIDESELF...\
\Fonts\HIDESELF...\Function.dll
\Fonts\HIDESELF...\sola.bat
\Fonts\HIDESELF...\solasetup
\Fonts\NoTasks
\Fonts\PrstService.jpg
\Fonts\Regedit.reg
\Fonts\sola.bat
\Fonts\solasetup\
\Fonts\solasetup\sleep.exe
\Fonts\solasetup\SOLA.BAT
\Fonts\solasetup\Tasks.xxx
\Fonts\SVCHOst.exe
\Fonts\syn00-1A-4D-F5-B0-ED\system\smss.exe
\Fonts\system\ati2evxx.exe
\fooool.exe
\fooool.exe 
\fooool.exe  
fooool.exe;
fooool.exe Trojan.DL.Agent.ckl
ForeColor
\forget.dll
\format32.exe
 /f /q
FriendlyName
\FS6519.dll.vbs
FS6519.dll.vbs Virus.VBS.Autorun.3678
@="FSFilter System Recovery"
ftextv
fubcwj
\fuckdata2000.log 
Fuck.exe Worm.Win32.AutoRun.ld
\Full House
\Full House\FullHouse.jpg
function:exe
function.exe
Fun.exe(Dc.exe) Worm.Win32.Autorun.exx
\funny!.reg
fun.xls.exe
fun.xls.exe(SysFile.exe) Worm.Floder.a
fun.xls.exe Trojan.DL.VB.exn
fun.xls.exe Trojan.VB.wgt
game.exe
\game.EXE
\game.EXE 
game.exe;serivces.exe;RECYCLER\RECYCLER.exe;S-1-5-21-1214440339.exe;App.exe;service.exe;bsr.exe;autorun.vbs;DLLH0ST.exe;Windows.exe;Recycled\Driveinfo.exe;cn911.exe;RECYCLER.exe;autorun.pif;
game.exe Win32/Aris
game.exe Win32/Aris  
game.exe Win32.Virut.a
game.exe Win32.Virut.a 
GetCommandLineA
GetFileType
GetOwner
GetUserTemp 
gfosdg
\gfosdg.dll
\gfosdg.dll 
\gfosdg.exe
\gfosdg.exe 
gfosdg.exe
\gg.exe
gg.exe
gg.exe Virus.Win32.AutoRun.ia
GHO.exe
GHO.exe Trojan-Downloader.Win32.Agent.csc
GHOSTBAK.exe Worm.Win32.Agent.ui
ghost.bat
:\ghost.exe
ghost.exe,conime.exe Trojan.DL.Agent.blr
ghost.exe Trojan.DL.Agent.blr
Ghost.pif
ghost.pif Trojan.DL.Agent.npt 
ghost.pif Trojan.DL.Agent.npt  
ghost.pif Trojan.Mnless.ltu
ghost.pif Trojan.Mnless.ltu 
ghost.pif Trojan.Mnless.ltu  
.gif
\_gk123.exe
gk123.exe
gk123.exe Worm.Win32.AutoRun.669184
Goback.exe
Goback.exe Worm.Win32.Autorun.135168
GOOD
\goodgirl.jpg
goodgirl.jpg
\google.dll
\google.dll 
\go.vir
Gradient
gvkfbrq.exe
(&H)
h4ck3v1l
\h4ck3v1l.vbs
h4ck3v1l.vbs
h4ck3v1l.vbs Worm.Script.VBS.Autorun.ai
Hack.Exploit.Win32.MS08-067.gt
Hacktool.SVKP
HandPointer
HappyDay.exe
happyday.exe;Limit.exe;stNP.vbs;NP.vbs;csrss.bat;csrss.vbe;.MS32DLL.dll.vbs;RECYCLER\Lcass.exe;.exe;sysauto.exe;winlogon.exe;Config.exe;
HappyDay.exe Virus.Win32.AutoRun.o
HappyDay.exe Virus.Win32.AutoRun.o 
\h.bmp
HBService32
hcmvoa
{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs
\{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs
\{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs 
{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs Worm.VBS.Dotop2.a
{HCQ9D-TVCWX-X9QRG-J4B2Y-GR2TT-CM3HY-26VYW-6JRYC-X66GX-JVY2D}.vbs Worm.VBS.Dotop2.a 
@="Hdc"
HeaderDarkColor
HeaderLightColor
heevlg
\heevlg.dll
\heevlg.dll 
\heevlg.exe
\heevlg.exe 
heevlg.exe
\Help\
\help\autorun.inf
\Help\autorun.inf
\help\FB9940FB8100.dll
\Help\FB9940FB8100.dll
\Help\FB9940FB8100.dll 
\help\FB9940FB8100.exe
\Help\FB9940FB8100.exe
\Help\FB9940FB8100.exe 
\Help\fb.dll
"HelpID"="shell.hlp#51104"
"HelpID"="shell.hlp#51105"
"HelpID"="shell.hlp#51131"
\Help\schedl.exe
Heur.Trojan.Generic
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
hh.exe 
\hh.exe %1
HHKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
HIDClass
Hidden
Hide.exe
Hide.exe Virus.Win32.Autorun.Unknown
Hide.exe Virus.Win32.Autorun.Unknown 
\hinhem.scr
\hinhem.scr 
hitpop
HKCC
\hkcmd.pat
HKCR
HKCU
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title
HKCU\Software\Microsoft\Windows\CurrentVersion\explorer\advanced\NoFolderOptions
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKCU\Software\Microsoft\Windows\Currentversion\Run\B-A-I-D-U-C-O-M
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BSserver
HKcu\Software\Microsoft\Windows\Currentversion\Run\IEXPLORE.EXE
HKCU\Software\Microsoft\Windows\Currentversion\Run\load
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSN Setup
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MsServer
HKcu\Software\Microsoft\Windows\Currentversion\Run\SVCH0ST.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT\Applications\notepod.exe\shell\open\command\
HKEY_CLASSES_ROOT\CLSID\{989D2FEB-5411-4565-8988-1DD2C5263377}
HKEY_CLASSES_ROOT\comfile\DefaultIcon\
HKEY_CLASSES_ROOT\Directory\shell\explore\command
HKEY_CLASSES_ROOT\Directory\shell\open\command
HKEY_CLASSES_ROOT\dl1_auto_file
HKEY_CLASSES_ROOT\.dlll
HKEY_CLASSES_ROOT\dlll_Auto_File
HKEY_CLASSES_ROOT\.doc\
HKEY_CLASSES_ROOT\Drive\shell\explore\command
HKEY_CLASSES_ROOT\Drive\shell\open\command
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
[HKEY_CLASSES_ROOT\inffile\shell\open\command]
[HKEY_CLASSES_ROOT\inifile\shell\open\command]
HKEY_CLASSES_ROOT\inifile\shell\open\command\
HKEY_CLASSES_ROOT\.pat
HKEY_CLASSES_ROOT\patfile
HKEY_CLASSES_ROOT\Test
HKEY_CLASSES_ROOT\.txt\
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
HKEY_CLASSES_ROOT\txtfile\shell\open\command
HKEY_CLASSES_ROOT\txtfile\shell\open\command\
HKEY_CLASSES_ROOT\.vbs\
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications
HKEY_CURRENT_USER\Software\ Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\Application
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\noclose
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\nosetTaskBar
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\AudioMan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ctfmon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\format
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\soundman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\sun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\wm
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Death.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoymry
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run\explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GKWebTool
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\imscmig
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MaxBSLoad
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run\MsServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msvci.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mswindws
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ntcheck
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cmpnt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\killmsn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\Usbcleaner
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Recycled.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rising Driver
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sunny
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sxs2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run\system.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\systems
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\System Service
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systrsy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Taskmonitor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\tava
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows MSN
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Winstary
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run\wsctf.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yudtpl
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\windows\System32\wshext.dll,-4802
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
HKEY_CURRENT_USER\Software\Usbcleaner
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Doom
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\gshost
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\sgstudent
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ShitMaker
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\tgsd
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vbsfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Info\InstallDir
HKEY_LOCAL_MACHINE\SOFTWARE\Jiangmin\InstallPath
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\InstalledProducts\Kaspersky Anti-Virus Personal\folder
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\SetupFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Kingsoft\AntiVirus\ProgramPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{72905694-4471-12d2-AF31-10C04FA53202}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\Autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06926B30-226E-4f8c-8EE3-579CD96573DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant
HKEY_LOCAL_MACHINE\Software\Microsoft\LiXueJiang
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe\Path
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UnCheckedValue
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects\{989D2FEB-5411-4565-8988-1DD2C5263377}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\anhao
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\dream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\inetinfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\McaFee virus detect program.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\melove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\PRIVATE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\sbl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Shebe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\sucka
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\temp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\aa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asghjj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutoRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Barsaka
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bigdog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmpnt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crsss
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\ctfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cycuvi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DsNiu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Exp1orer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fatter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fmvluab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FS6519
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\game
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\#HIT#^(W-H-Y)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\Hook
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\IMJPMIG8.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inetsrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\initial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KaV3000XP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\kava
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krsant
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Macromedia 8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft? Windows Command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\microsupdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\MicrSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mppds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS32DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswindws
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\networks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NoooH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NOTEPAD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OfcpfwSvcs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omwmstj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cmdbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\fix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msccrt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ronney
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wsttrs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qq
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QQKAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R6J3O3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\Realshade
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\rising
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\Rising Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rsagen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run a DLL as an App
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\Service Host Manager Windwos w32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\cacom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoundMam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soundmix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SP00.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCH0ST.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchsot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVOHOST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\system
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\System Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systrsy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TBMonEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TempCom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upxdnf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\USBDRIVE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vbe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vmnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\W32SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowNT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wininit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjview32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wnvfrq
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\worknote1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xfjbys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xtqwyf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe\Debugger
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\info.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\info.exe\Debugger
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapi.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\se51.exe\Debugger
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sexIE.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundmix.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundmix.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sunny.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs2.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysos.exe\Debugger
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syssafe.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Systemm.exe\Debugger
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windowstops.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winnetwork.exe\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MicroCSC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msinflogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Scryptnat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon\userinit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\rising\Rav\installpath
HKEY_LOCAL_MACHINE\SOFTWARE\Thumbs
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ie7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"HKeyRoot"=dword:80000001
HKEY_USERS
HKIM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKLM
HKLM\Software\Classes\Inffile\Shell\Open\Command\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UnCheckedValue
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\hx-1
HKLM\Software\Microsoft\Windows\Currentversion\Run\
HKLM\Software\Microsoft\Windows\Currentversion\Run\60{
HKLM\Software\Microsoft\Windows\Currentversion\Run\6C4DA25CDD774D5
HKLM\Software\Microsoft\Windows\Currentversion\Run\adamrf
HKLM\Software\Microsoft\Windows\Currentversion\Run\Akica
HKLM\Software\Microsoft\Windows\Currentversion\Run\alligt
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ALMV
HKLM\Software\Microsoft\Windows\Currentversion\Run\apple
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ASocksrv
HKLM\Software\Microsoft\Windows\Currentversion\Run\autorundemo
HKLM\Software\Microsoft\Windows\Currentversion\Run\avipit
HKLM\Software\Microsoft\Windows\Currentversion\Run\B4T1W2
HKLM\Software\Microsoft\Windows\Currentversion\Run\badudv
HKLM\Software\Microsoft\Windows\Currentversion\Run\bfdarx
HKLM\Software\Microsoft\Windows\Currentversion\Run\bhtpod
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Bittorrent
HKLM\Software\Microsoft\Windows\Currentversion\Run\bqifue
HKLM\Software\Microsoft\Windows\Currentversion\Run\bryato
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccApps
HKLM\Software\Microsoft\Windows\Currentversion\Run\ceffnk
HKLM\Software\Microsoft\Windows\Currentversion\Run\ceyael
HKLM\Software\Microsoft\Windows\Currentversion\Run\cisceq
HKLM\Software\Microsoft\Windows\Currentversion\Run\Cn911
HKLM\Software\Microsoft\Windows\Currentversion\Run\ctfmon
HKLM\Software\Microsoft\Windows\Currentversion\Run\cwyumh
HKLM\Software\Microsoft\Windows\Currentversion\Run\ddacpl
HKLM\Software\Microsoft\Windows\Currentversion\Run\depjhq
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dll
HKLM\Software\Microsoft\Windows\Currentversion\Run\edopmq
HKLM\Software\Microsoft\Windows\Currentversion\Run\efkixf
HKLM\Software\Microsoft\Windows\Currentversion\Run\ekgopb
HKLM\Software\Microsoft\Windows\Currentversion\Run\eouvic
HKLM\Software\Microsoft\Windows\Currentversion\Run\fgkljp
HKLM\Software\Microsoft\Windows\Currentversion\Run\file32
HKLM\Software\Microsoft\Windows\Currentversion\Run\FolderRaper
HKLM\Software\Microsoft\Windows\Currentversion\Run\ftextv
HKLM\Software\Microsoft\Windows\Currentversion\Run\fubcwj
HKLM\Software\Microsoft\Windows\Currentversion\Run\gfosdg
HKLM\Software\Microsoft\Windows\Currentversion\Run\gvkfbrq
HKLM\Software\Microsoft\Windows\Currentversion\Run\hcmvoa
HKLM\Software\Microsoft\Windows\Currentversion\Run\heevlg
HKLM\Software\Microsoft\Windows\Currentversion\Run\hpxger
HKLM\Software\Microsoft\Windows\Currentversion\Run\hsiwij
HKLM\Software\Microsoft\Windows\Currentversion\Run\ie
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2
HKLM\Software\Microsoft\Windows\Currentversion\Run\inetsrv
HKLM\Software\Microsoft\Windows\Currentversion\Run\ixunfp
HKLM\Software\Microsoft\Windows\Currentversion\Run\jaovqh
HKLM\Software\Microsoft\Windows\Currentversion\Run\jhkdil
HKLM\Software\Microsoft\Windows\Currentversion\Run\jitpjr
HKLM\Software\Microsoft\Windows\Currentversion\Run\jmxxxh
HKLM\Software\Microsoft\Windows\Currentversion\Run\jrwnam
HKLM\Software\Microsoft\Windows\Currentversion\Run\jtagsc
HKLM\Software\Microsoft\Windows\Currentversion\Run\jusodl
HKLM\Software\Microsoft\Windows\Currentversion\Run\jwbnlb
HKLM\Software\Microsoft\Windows\Currentversion\Run\kabuwj
HKLM\Software\Microsoft\Windows\Currentversion\Run\kauupl
HKLM\Software\Microsoft\Windows\Currentversion\Run\KaV3000XP
HKLM\Software\Microsoft\Windows\Currentversion\Run\khjias
HKLM\Software\Microsoft\Windows\Currentversion\Run\kqekaj
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LaunchCD
HKLM\Software\Microsoft\Windows\Currentversion\Run\lawxrx
HKLM\Software\Microsoft\Windows\Currentversion\Run\lhched
HKLM\Software\Microsoft\Windows\Currentversion\Run\loadinfo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LoadService
HKLM\Software\Microsoft\Windows\Currentversion\Run\mdngfh
HKLM\Software\Microsoft\Windows\Currentversion\Run\mem32
HKLM\Software\Microsoft\Windows\Currentversion\Run\Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mmc
HKLM\Software\Microsoft\Windows\Currentversion\Run\mmlucj
HKLM\Software\Microsoft\Windows\Currentversion\Run\mpnxyl
HKLM\Software\Microsoft\Windows\Currentversion\Run\mqhaym
HKLM\Software\Microsoft\Windows\Currentversion\Run\mrkctl
HKLM\Software\Microsoft\Windows\Currentversion\Run\naxcehy
HKLM\Software\Microsoft\Windows\Currentversion\Run\nkruls
HKLM\Software\Microsoft\Windows\Currentversion\Run\nrauax
HKLM\Software\Microsoft\Windows\Currentversion\Run\nvhcnd
HKLM\Software\Microsoft\Windows\Currentversion\Run\nxdlld
HKLM\Software\Microsoft\Windows\Currentversion\Run\nxjpry
HKLM\Software\Microsoft\Windows\Currentversion\Run\ODBCJET
HKLM\Software\Microsoft\Windows\Currentversion\Run\oglknl
HKLM\Software\Microsoft\Windows\Currentversion\Run\oipmpx
HKLM\Software\Microsoft\Windows\Currentversion\Run\oqbvsw
HKLM\Software\Microsoft\Windows\Currentversion\Run\pipkab
HKLM\Software\Microsoft\Windows\Currentversion\Run\pnikpp
HKLM\Software\Microsoft\Windows\Currentversion\Run\pnvifj
HKLM\Software\Microsoft\Windows\Currentversion\Run\pyxvly
HKLM\Software\Microsoft\Windows\Currentversion\Run\q7
HKLM\Software\Microsoft\Windows\Currentversion\Run\qhbodv
HKLM\Software\Microsoft\Windows\Currentversion\Run\qmmnxr
HKLM\Software\Microsoft\Windows\Currentversion\Run\qmymfw
HKLM\Software\Microsoft\Windows\Currentversion\Run\qnusnj
HKLM\Software\Microsoft\Windows\Currentversion\Run\qpoenl
HKLM\Software\Microsoft\Windows\Currentversion\Run\qvkwjh
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RavAV
HKLM\Software\Microsoft\Windows\Currentversion\Run\RavMont
HKLM\Software\Microsoft\Windows\Currentversion\Run\rbgofc
HKLM\Software\Microsoft\Windows\Currentversion\Run\rfore
HKLM\Software\Microsoft\Windows\Currentversion\Run\Rundll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\runreper
HKLM\Software\Microsoft\Windows\Currentversion\Run\rurply
HKLM\Software\Microsoft\Windows\Currentversion\Run\sbfyrn
HKLM\Software\Microsoft\Windows\Currentversion\Run\scApp
HKLM\Software\Microsoft\Windows\Currentversion\RunServices\Rencom
HKLM\Software\Microsoft\Windows\Currentversion\Run\sjymie
HKLM\Software\Microsoft\Windows\Currentversion\Run\stfwol
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost
HKLM\Software\Microsoft\Windows\Currentversion\Run\SysReBuild
HKLM\Software\Microsoft\Windows\Currentversion\Run\System Boot Check
HKLM\Software\Microsoft\Windows\Currentversion\Run\tcmebr
HKLM\Software\Microsoft\Windows\Currentversion\Run\tekkdv
HKLM\Software\Microsoft\Windows\Currentversion\Run\TempCom
HKLM\Software\Microsoft\Windows\Currentversion\Run\teuyen
HKLM\Software\Microsoft\Windows\Currentversion\Run\tfidma
HKLM\Software\Microsoft\Windows\Currentversion\Run\tgejsy
HKLM\Software\Microsoft\Windows\Currentversion\Run\tubdpn
HKLM\Software\Microsoft\Windows\Currentversion\Run\ucexxq
HKLM\Software\Microsoft\Windows\Currentversion\Run\ujrpjk
HKLM\Software\Microsoft\Windows\Currentversion\Run\uoeoxa
HKLM\Software\Microsoft\Windows\Currentversion\Run\uqmpyu
HKLM\Software\Microsoft\Windows\Currentversion\Run\Userinit
HKLM\Software\Microsoft\Windows\Currentversion\Run\vbe
HKLM\Software\Microsoft\Windows\Currentversion\Run\vhynyt
HKLM\Software\Microsoft\Windows\Currentversion\Run\vksrwh
HKLM\Software\Microsoft\Windows\Currentversion\Run\vvmjrh
HKLM\Software\Microsoft\Windows\Currentversion\Run\vwuqaa
HKLM\Software\Microsoft\Windows\Currentversion\Run\wdfmgr32
HKLM\Software\Microsoft\Windows\Currentversion\Run\winlogon
HKLM\Software\Microsoft\Windows\Currentversion\Run\winsystem
HKLM\Software\Microsoft\Windows\Currentversion\Run\wlovif
HKLM\Software\Microsoft\Windows\Currentversion\Run\wmplayer
HKLM\Software\Microsoft\Windows\Currentversion\Run\word
HKLM\Software\Microsoft\Windows\Currentversion\Run\xflwkm
HKLM\Software\Microsoft\Windows\Currentversion\Run\xinmyp
HKLM\Software\Microsoft\Windows\Currentversion\Run\yaqsul
HKLM\Software\Microsoft\Windows\Currentversion\Run\ydggot
HKLM\Software\Microsoft\Windows\Currentversion\Run\ytynaf
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
HKLM\Software\Microsoft\Windows nt\Currentversion\Winlogon\userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\Start
HomePage
\Hook.exe
Hook.exe
Hook.exe Virus.Win32.AutoRun.le
\HookProc.dll
\host.exe
host.exe
\hosts.*
 Hosts 
Hosts 
HOSTS
hpxger
\hpxger.dll
\hpxger.dll 
\hpxger.exe
\hpxger.exe 
hpxger.exe
hsiwij
\hsiwij.dll
\hsiwij.dll 
\hsiwij.exe
\hsiwij.exe 
hsiwij.exe
\@$##.htm
.htm.exe
htt 
http://up.usbcleaner.cn
http://www.bydou.com
http://www.cncrk.com
:http://www.cncrk.comO
: http://www.cncrk.comQ
Http://www.iu365.Net       Http://www.uuu365.Cn
http://www.usbcleaner.cn
Http://www.usbcleaner.cn 
http://www.usbcleaner.cn/newer3.htm
http://www.usbcleaner.cn/newer4.htm
@="Human Interface Devices"
\hwbfbp.dll
\hwbfbp.dll 
\hwbfbp.exe
\hwbfbp.exe 
hwnd
\hx1.bat
\HXGGGG
\HXGGGG 
\HXGGGG  
\ibtrun.bat
\ibtrun.bat 
ibtrun.bat
\ibtrun.vbe
\ibtrun.vbe 
ibtrun.vbe
ibtrun.vbe Worm.Antiu.a
ibtrun.vbe Worm.Antiu.a 
\iconhandle.dll
\ie7.exe
\ie7.exe 
\ie7.exe  
ie7.exe
ie7.exe Virus.Win32.Autorun.hw
ie7.exe Virus.Win32.Autorun.hw 
ie.exe Trojan.Agent.xty
\ie.ini
\ie.ini 
\ies.dll
\ies.dll 
\IE.vbs
\IE.vbs 
\iexploer.exe
\iexploer.exe 
\iexploer.exe  
\iexplore.exe
\iexplore.exe 
\iexplore.exe  
iexplore.exe
\IEXPLORE.exe
\IEXPLORE.exe 
IEXPLORE.exe
\IEXPLORE.EXE
Iexplore.exe Backdoor.Tompai.k
iexplore.exe Trojan.DL.Adload.alx
iexplore.exe Trojan-Downloader.Win32.Agent.bsc
iexplore.exe Worm.Win32.AutoRun.ddc
IEXPLORER
\iexplorer.exe
iexplorer.exe
\IEXPLORER.EXE
\IEXPLORER.EXE 
\IEXPLORERS.exe
IEXPLORERS.exe Worm.Win32.FakeFolder.250651
Iexplores.exe
\igfxtray.pat
IGPXE.exe
IGPXE.exe Trojan.DL.VB.etz
IGPXE.exe Trojan.DL.VB.etz 
\Ilass.exe
Image
\ime\do.exe
\ime\do.exe 
\ime\ime.exe
\ime\ime.sys
\ime\ime.sys 
\ime\IME.sys
\ime\MSWINSCK.DEP
\ime\MSWINSCK.DEP 
\ime\MSWINSCK.oca
\ime\MSWINSCK.OCX
\ime\MSWINSCK.OCX 
\ime\mswsock.dll
\ime\STDOLE2.TLB
\ime\svchost.exe
\ime\svchost.exe 
\ime\Thumbs.db
\ime\Thumbs.db 
\ime\Thumbs.dll
\ime\Thumbs.dll 
\ime\Thumbs.sys
\ime\Thumbs.sys 
\ime\Uninstall.exe
\ime\VB6.OLB
ImgAlign
ImgSize
IMJPMG
IMJPMIG8.2
{impersonationLevel=impersonate}!\\
\imscmig.exe
IM-Worm.Win32.Sohanad.t
in.com Win32.Troj.Autorun.ic.22528
\inetinfo.exe
inetsock.exe
\inetsrv.exe
\inetsrv.exe 
*.inf
\inf\chiCkie.exe
infFile\shell\open\command
Info 
info.exe
info.exe(Trojan.Agent.zfe)
info.exe Trojan.VB.wpd
INFO.exe Trojan.VB.wpd
INFO.exe Worm.VB.agj 
information.vbs
information.vbs Worm.VBS.Autorun.o
\inf\svchost.exe
\inf\svchost.exe 
\inf.tem
.ini
\`.ini
\'.ini
ini 
Ini 
INI 
Ini_File
iniFile\shell\open\command
\init.exe
\inituser.exe
inituser.exe
inituser.exe Trojan.Win32.Delf.afx
Install
Installable
\_intermat.exe
\intermat.exe
intermat.exe
intermat.exe Virus.Win32.Autorun.392864
InternalName
\interneter.exe
 Internet Explorer 
\Internet Explorer\
\Internet Explorer\Connection Wizard\SVCHOST.EXE
\Internet Explorer\Connection Wizard\SVCHOST.EXE 
\Internet Explorer.exe
\Internet Explorer.exe 
\Internet Explorer\explorer.exe
\Internet Explorer\HiJack.bak
\Internet Explorer\HiJack.bak 
\Internet Explorer\HiJack.dll
\Internet Explorer\HiJack.dll 
\Internet Explorer\IEKey.dll
\Internet Explorer\IEKey.dll 
\Internet Explorer\IEKey.dll  
\Internet Explorer\iexp1ore.exe
\Internet Explorer\iexp1ore.exe 
\Internet Explorer\iexp1ore.exe  
\Internet Explorer\iexplore.exe
\Internet Explorer\IJL105.DLL
\Internet Explorer.lnk
\Internet Explorer.lnk 
\Internet Explorer.lnk"
\Internet Explorer.lnkk
\Internet Explorer.lnk & Su1
\Internet Explorer\loadie.EXE
\Internet Explorer\loadie.EXE 
\Internet Explorer\LSASS.EXE
\Internet Explorer\msapi.dll
\Internet Explorer\msapi.dll 
\Internet Explorer\msapi.exe
\Internet Explorer\msapi.exe 
\Internet Explorer\msapi.exe  
\Internet Explorer\msvcrt.bak
\Internet Explorer\msvcrt.bak 
\Internet Explorer\msvcrt.dll
\Internet Explorer\msvcrt.dll 
\Internet Explorer\NewTemp.bak
\Internet Explorer\OnlO0r.bak
\Internet Explorer\OnlO0r.dll
\Internet Explorer\Plugins\BinNice.bak
\Internet Explorer\Plugins\BinNice.bak 
\Internet Explorer\Plugins\BinNice.dll
\Internet Explorer\Plugins\BinNice.dll 
\Internet Explorer\plugins\NewTemp.bak
\Internet Explorer\plugins\NewTemp.bak 
\Internet Explorer\plugins\NewTemp.dll
\Internet Explorer\plugins\NewTemp.dll 
\Internet Explorer\Plugins\System64110.sys
\Internet Explorer\Plugins\System64.jmp
\Internet Explorer\Plugins\System64.jmp 
\Internet Explorer\Plugins\System64.Jmp
\Internet Explorer\Plugins\System64.sys
\Internet Explorer\Plugins\System64.sys 
\Internet Explorer\Plugins\System64.sys  
\Internet Explorer\Plugins\System64.tao
\Internet Explorer\Plugins\System64.tao 
\Internet Explorer\plugins\SysWin64.Jmp
\Internet Explorer\plugins\SysWin64.Jmp 
\Internet Explorer\plugins\SysWin64.Sys
\Internet Explorer\plugins\SysWin64.Sys 
\Internet Explorer\plugins\SysWin64.Tao
\Internet Explorer\Plugins\SysWin7z.Jmp
\Internet Explorer\PLUGINS\Sy_Win7k.Jmp
\Internet Explorer\plugins\WinSys64.Sys
\Internet Explorer\plugins\WinSys64.Tao
\Internet Explorer\Plugins\WinSys8z.Sys
\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
\Internet Explorer\romdrivers.bak
\Internet Explorer\romdrivers.bak 
\Internet Explorer\romdrivers.bkk
\Internet Explorer\romdrivers.dll
\Internet Explorer\romdrivers.dll 
\Internet Explorer\SERVICES.EXE
\Internet Explorer\SERVICES.EXEE
\Internet\spool.exe
\Internet\svhist.exe
\Internet\taskmg.exe
int(rnd*24000+40960)
intt
IO.pif
IO.pif Heur.Trojan.Generic
IO.pif Heur.Trojan.Generic 
\IPv6.dll
IRC-Worm.Win32.Delf.ai
IRC-Worm.Win32.Delf.asl
IRC-Worm.Win32.Delf.bd
\isass.exe
\isass.exe 
\_ISGetUserTempI.DIR\autorun.inf
\_ISGetUserTempI.DIR\mmc32.exe
\_ISGetUserTempI.DIR\mmc32.exe 
\_ISGetUserTempI.DIR\template.tmp
IsReady
ixunfp
\ixunfp.dll
\ixunfp.dll 
\ixunfp.exe
\ixunfp.exe 
ixunfp.exe
\j3ewro.exe
Jack.vbs VBS.Autorun.a
Jack.vbs VBS.Autorun.a 
\JambanMu.com
\JambanMu.com 
\java\classes\java.dll
\javasc.exe
javasc.exe Worm.Win32.FakeFolder/MyWinter
jcbutton
JCButton
jcbutton1
jccatch.bho
\jccatch.dll
\jdsfdutj.dat
\jdsfdutj.dat 
jhkdil
\jhkdil.dll
\jhkdil.dll 
\jhkdil.exe
\jhkdil.exe 
jhkdil.exe
\jhvjln.dll
\jhvjln.dll 
\jhvjln.dll  
\jhvjln.exe
\jhvjln.exe 
\jhvjln.exe  
jhvjln.exe
\_jiao0901.exe
jiao0901.exe
jiao0901.exe Backdoor.Win32.Hupigon.axbr
jitpjr
\jitpjr.dll
\jitpjr.dll 
\jitpjr.exe
\jitpjr.exe 
jitpjr.exe
jjjj
jmxxxh
job 
Job_File
.jpe
.jpeg
.jpg
jrwnam
\jrwnam.dll
\jrwnam.dll 
\jrwnam.exe
\jrwnam.exe 
jrwnam.exe
jtagsc
\jun.exe
\jun.exe 
jun.exe
jun.exe Trojan.Clicker.Agent.bji
jun.exe Trojan.Clicker.Agent.bji 
jusodl
\jusodl.dll
\jusodl.dll 
\jusodl.exe
\jusodl.exe 
jusodl.exe
\jvmlts.dll
\jvmlts.dll 
\jvmlts.dll  
\jvmlts.exe
\jvmlts.exe 
\jvmlts.exe  
jvsoft
\jvxnypf.exe
\jvxnypf.exe 
jvxnypf.exe Trojan.Dwonloader 
jwbnlb
\jwedsfdo0.dll
\jwedsfdo1.dll
jwgkvsq.vmx Hack.Exploit.Win32.MS08-067.gt
\jxoirv.dll
\jxoirv.dll 
\jxoirv.exe
\jxoirv.exe 
kabuwj
\kabuwj.dll
\kabuwj.dll 
\kabuwj.exe
\kabuwj.exe 
kabuwj.exe
\kangen.doc
kangen.exe
kangen.exe Trojan.Kangen.a
kangen.exe Trojan.Kangen.a 
\kao.reg
\karffilt.ini
\_Kaspersky.exe
Kaspersky.exe
Kaspersky.exe Virus.Win32.Autorun.630784
kauupl
\_KAV2007.exe
KAV2007.exe
KAV2007.exe Virus.Win32.Autorun.656384
KaV3000XP
\kav32.dll
\kav32.dll 
\kav32.dll  
\KAV32.dll
\KAV.exe
\KAV.exe 
KAV.exe
\kavo0.dll
\kavo1.dll
\kavo.exe
KB915865.exe Trojan.Mnless.krf
KB915865.exe Trojan.Mnless.krf 
\kbdoxhelp.dll
kernel32
\kernel32.sys
kernel32.sys
kerneldrive.exe
kerneldrive.exe Worm.Win32.VB.fw
\kernel.exe
\kernel.exe 
KernelFaultCheck
\kernlx.dll
\kernlx.dll 
\kernlx.exe
\kernlx.exe 
@="Keyboard"
Keyboard drv
KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
khjias
\KIE.dll
\KIE.dll 
\kiks.txt
\KillAll.bat
KillAutoPlus.exe -a
--killit.exe 
--killme.exe 
-Killme.exe
\Kill.vbs
\Kill.vbs 
\Killvirusex.vbs
\_kingbox.exe
\kingbox.exe
kingbox.exe
kingbox.exe Backdoor.Win32.Gpigeon2007.cqb
\kndncso.exe
\kndncso.exe 
KPE.exe
KPE.exe Trojan.DL.VB.nua
kqekaj
\kqekaj.dll
\kqekaj.dll 
\kqekaj.exe
\kqekaj.exe 
kqekaj.exe
krsant
\krvymcc.exe
krvymcc.exe
Language drv
lanlan
\lanlan.exe
lanlan.exe
\lap.exe;
lassup.exe
LastWriteTime
LastWriteTime = 
LaunchCD
\LaunchCD.exe
\LaunchCD.exe 
\LaunchCD.exe  
launchcd.exe;autorun.inf;chkdsk.exe;checkdisk.exe;WinWord.exe;Launchcd.ico;*.doc.exe;*.txt.exe;MVS.exe;MVH.exe;bittorrent.exe;
\LaunchCD.Ico
\LaunchCD.ICO
\LaunchCD.ICO 
\LaunchCD.ICO  
LaunchCD Trojan.VB.vwp
LaunchCD Trojan.VB.vwp 
lawxrx
\lawxrx.dll
\lawxrx.dll 
\lawxrx.exe
\lawxrx.exe 
lawxrx.exe
\Lcass.dll
\Lcass.dll 
\Lcass.exe
\Lcass.exe 
Lcass.exe Win32.Hack.vb.520192
lcg.exe
lcg.exe Virus.Win32.Autorun.177408
LegalCopyright
LegalNoticeCaption
LegalNoticeText
LegalTrademarks
lhched
\lhched.dll
\lhched.dll 
\lhched.exe
\lhched.exe 
lhched.exe
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
\lidb2.mdb
\lidb2.mdb 
\lidb2.mdb  
Limit.exe
Limit.exe Win32.Troj.Autorun.bz.557056
\LinkInfo.dll
\Listsas.txt
\Listsas.txt 
.lnk
.lnk 
.lnk  
*.lnk
\`.lnk
lnk 
Lnk 
load
Load
loadinfo
Local
\Local Settings\startup.exe
LocationInformation
LockHover
log 
Log 
Log Generated On:
\logmy.txt
\logo.ini
love.exe
love.exe Worm.Win32.Autorun.24576
lover.exe;lcg.exe;rejoice101.exe;Recyclecl\EXPLORE.EXE;ntldr.exe;patty.exe;SysWin32.exe;mm.exe;ntdeIect.com;desktop.dll;qq.vbe;qq.bat;TNT.exe;Thumbs.exe;intermat.exe;SDGames.exe;Recycleds.url;
lover.exe Virus.Win32.Autorun.43344
\lovesbl.dll
\low.exe
\low.exe 
\lsass.exe
\lsass.exe 
\lsass.exe  
lsass.exe
\lsass.vbs
\lsass.vbs 
\lsess.exe
\lsess.exe 
\lsess.exe  
lv_ClassID
lv_Obj
lv_OptCount
lv_TimerID
Mac Address:
MACHINE\SYSTEM\CurrentControlSet\Enum\USB
MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Macromedia_Setup.exe
Macromedia_Setup.exe Worm.Win32.VB.ib
Macromedia_Setup.exe Worm.Win32.VB.ib 
mailto:nick429@126.com?subject=
\Main.txt
\Main.txt 
\Main.vbe
\Main.vbe 
\Main.vbs
Main.vbs
Main.vbs Virus.VBS.Agent.f
Main.vbs Virus.VBS.Agent.f 
\maki.exe
\maki.exe 
\maki.exe  
\mapserver.exe
\mapserver.exe 
\mapserver.exe  
mapserver.exe
MaskColor
\MaxBSLoad.exe
Maximum can NOT be smaller than minimum !
\mcdsrv16_
\mcdsrv32_
MDIChild
\MDM.EXe
\MDM.EXE
\MDM.EXE 
\MDM.EXE  
MDM.EXE
mdngfh
\mdngfh.dll
\mdngfh.dll 
\mdngfh.exe
\mdngfh.exe 
mdngfh.exe
\Media\AUTORUN.INF
MediaCenter.exe
MeetingNote\Sysnote.exe;MeetingNote\lidb2.mdb;MeetingNote\
\meex.com
\meex.com 
\meex.exe
\meex.exe 
\mem32.exe
\mem32.exe 
memory allocation failed!
\MFC42.DLL
\MFC42.DLL\
\mfc48.dll
\MFCN4213e.DLL
Mfg = 
\Mgrshell.exe
\Mgrshell.exe 
\mianhou.exe
mianhou.exe Virus.Win32.Autorun.168032
mIcon
MICROSOF-E24CE4
Microsoft
Microsoft Autorun....
Microsoft csrss
Microsoft Internet Explorer
\Microsoft\Internet Explorer\Quick Launch\
\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
Microsoft service
Microsoft Service
Microsoft system
: Microsoft Visual Basic6.09Email: nick429@126.com  QQ:45189066 MSN: nick429@live.com
Microsoft? Windows Command
MicrSoft
micrsoft.exe
\MicrSoft.exe
MicrSoft.exe Worm.Win32.AvKiller.ca
mie.com Trojan-Spy.Win32.Agent.pn
mie.com Trojan-Spy.Win32.Agent.pn 
MingLiU
Minimum can NOT be biger than maximum !
Minimum can NOT be smaller then 0 !
\minuet.mid
mmc32.exe Trojan.Autorun.unknown
mmc32.exe Trojan.Autorun.unknown 
\mmc.exe
\mmc.EXE 
\mmc.EXE  
\mmc.EXE   
mm.exe
mm.exe Virus.Win32.Win32.183808
:MMicrosoft Visual Basic6.08Email:nick429@126.com  QQ:45189066 MSN: nick429@live.com
mmlucj
\mmlucj.dll
\mmlucj.dll 
\mmlucj.exe
\mmlucj.exe 
mmlucj.exe
mmNiu
\mmNiu.exe
mmNiu.exe Worm.Win32.AutoRun.dcx
mode
Mode
Modem
\mon1.vbs
\mon2.vbs
\mon3.vbs
\mon4.vbs
MON.EXE
Mourn_Operator1`1.exe
Mourn_Operator1`1.exe Worm.Win32.AutoRun.djf
Mourn_Operator.exe
Mourn_Operator.exe Virus.Win32.Autorun.65536
@="Mouse"
Mouse drv
MouseIcon
MousePointer
\Movie Maker\
\moviemk.exe
\mp3.exe
\mp3.exe 
mp3.exe
MP3.exe
mp3.exe Worm.Novar
mp3.exe Worm.Novar 
MP3.exe Worm.Win32.CoolMp3.a
mplay.pif/mplay.com Trojan.Clicker.PopHot.Gen
mplay.pif/mplay.com Trojan.Clicker.PopHot.Gen 
mpnxyl
mPointer
\mppds.dll
\mppds.dll 
\mppds.exe
\mppds.exe 
\mppds.exe  
mqhaym
\mqhaym.dll
\mqhaym.dll 
\mqhaym.exe
\mqhaym.exe 
mqhaym.exe
mrkctl
\mrkctl.dll
\mrkctl.dll 
\mrkctl.exe
\mrkctl.exe 
mrkctl.exe
\_ms071528.exe
\ms071528.exe
ms071528.exe
ms071528.exe Backdoor.Win32.RWX.hz
MS32DLL
.MS32DLL.dll.exe..VBs
\.MS32DLL.dll.exe..VBs
.MS32DLL.dll.exe..VBs Worm.Script.VBS.Autorun.a
.MS32DLL.dll.vbs
\.MS32DLL.dll.vbs
\.MS32DLL.dll.vbs 
.MS32DLL.dll.vbs Worm.VBS.Sasan.d
.MS32DLL.dll.vbs Worm.VBS.Sasan.d 
.MS32DLL.dll.vbs Worm.VBS.Sasan.d  
\msaro.exe
\mscandc.ini
\mscb.exe
\msccrt.dll
\msccrt.dll 
\msccrt.dll  
\msccrt.exe
\msccrt.exe 
\msccrt.exe  
\_mscmig.exe
\msconfig.com
\msconfig.com 
\MSCONFIG.exe
\MSCONFIG.exe 
\msddslasd.exe
\msddslasd.exe 
\msddslasd.exe  
MSDOS.bat
MSDOS.bat Worm.Win32.Otwycal.g
MSDSOD.pif
MSDSOD.pif Worm.Win32.Autorun.eis
\msdtr.exe
\msdumprep.exe
msdumprep.exe Virus.Win32.Autorun.Unknown
\msfir80.exe
\msfir80.exe  
\msfun80.exe
\msfun80.exe 
\msfun80.exe  
\msfun80.exe   
msfun80.exe
\msgsvc.dll
\msgv.dll
mshta
\Mshtml.dll
MSI.exe Worm.Fonito.a.16852
\msime80.exe
\msime80.exe 
msime80.exe
msime80.exe 
\msime82.exe
\msime82.exe 
\msime82.exe  
\msime82.exe   
msime82.exe
\msinfdll.dll
msinfdll.dll
msinfmgr
\msinfmgr.exe
msinfmgr.exe
msinfmgr.exe(Trojan.Spy.Agent.akn)
msinfmgr.exe(Trojan.Spy.Agent.akn) 
\msinfo.exe
\mslogon.exe
\mslogon.exe 
\mslogon.exe  
\mslogon.exe   
MSLS.PIf
\msnet.exe
\msnet.exe 
\msnet.exe  
\msn.exe
\msn.exe 
msn.exe
msn.exe Worm.Win32.Agent.ikm
MSNPHOTO
\MsnPhotoKiller.exe
\msnserv.exe
\msnserv.exe 
MSRS.EXE
MSRS.EXE Worm.Win32.AutoRun.lkl
MsServer
MsShared.exe
\mssql.exe
\ms_start.exe
ms_start.exe
\mstcpcon20.dll
\mstcpcon20.dll 
\mstsc32.exe
\mstsc32.exe 
MS-User
\msv1_1.dll
\msv1_1.dll 
\msvci.exe
\msvci.exe 
msvci.exe
msvci.exe,Recycled.exe Trojan.PSW.Sboy.f
msvci.exe,Recycled.exe Trojan.PSW.Sboy.f 
\MSWINSCK.OCX
mt0.cmd Trojan-GameThief.Win32.Magania.agvs
\mui\svchost.exe
\_music.exe
music.exe
\_Music.EXE
music.exe Virus.Win32.Autorun.Unknown
\MuTemp.exe
MuTemp.exe
\MVH.exe
\MVH.exe 
\MVH.exe  
MVS Dropper.VB.acd
\MVS.exe
\MVS.exe 
\MVS.exe  
\MYDL.DLL
\MYDL.DLL 
\My Documents\My Music\New Song.LAGU
\My Documents\My Music\New Video.VIDZ
\My Documents\My Music\New Video.VIDZ 
\My Documents\My Pictures\Aweks.pikz
\My Documents\My Pictures\Seram.pikz
\My Documents\My Pictures\Seram.pikz 
\My Documents\My Secret.fold
\My Documents\My Secret.fold 
\MYEX.exe
\MYEX.exe 
\myself.exe
\myself.exe 
\MYTX.exe
\MYTX.exe 
\mywebhit.ini
\mywebhit.ini.tmp
\mywinsys.ini
\mywinsys.ini 
\MZP.*
\N0TEPAD.exe
\N0TEPAD.EXE
\N0TEPAD.EXE 
\N0TEPAD.EXE  
name
\nar.vbs
nar.vbs
nar.vbs Worm.Script.VBS.7474
\nasm.exe
\NeroCheck.exe
\NeroCheck.exe 
NeroCheck.exe Backdoor.Win32.Bifrose.ago
NeroCheck.exe Backdoor.Win32.Bifrose.ago 
@="Net"
@="NetClient"
\netdde .exe
netdde .exe
\NetDebug.exe
\NetDebug.exe 
\NetDebug.exe  
\NetDebug.exe   
\net.exe
\net.exe 
\net.exe  
\netmanage.dll
\netmanage.dll 
\NetMeeting\
\NetMeeting\inetsock.exe
\NetMeeting\lassup.exe
\NetMeeting\notpost.exe
\netmgr.dll
\netmgr.dll 
@="NetService"
\netshare.cmd
net stop AeLookupSvcs
net stop Distributed Link Tracking Client logger
net stop dnscon
net stop kkdc
net stop  microsoft basicnet service
net stop NetManager
net stop SCardSvr
net stop Services Management
net stop setv
net stop Sipps
net stop taskmgr
net stop Windows accecc
net stop Windows_tops520
net stop WinHelp
net stop  WinHelp
net stop WinMgct
net stop wuauserv
@="NetTrans"
\netused.dll
\netused.dll 
Network drv
\newdev.exe
New Folder
"Next_Catalog_Entry_ID"=dword:00000408
"Next_Catalog_Entry_ID"=dword:0000041c
\ngeoppw.exe
ngeoppw.exe
\ngpycxm.exe
\ngpycxm.exe 
Nick 
nick429@126.com
nick429@126.com 
: Nick @ Zhejiang University 
:Nick @Zhejiang University 
niu.exe
niu.exe Worm.Win32.Small.w
niu.exe Worm.Win32.Small.w 
nkruls
 (NLA) 
\_NLS.exe
NLS.exe
NLS.exe Virus.Win32.Autorun.296844
NNSS
nobrowseroption
NoDriveTypeAutoRun
NoFolderOptions
\norun.reg
\notaped.exe
\notaped.exe 
\notaped.exe  
notaped.exe
 not-a-virus
not-a-virus
note.exe Virus.Win32.Autorun.hx
note.exe Virus.Win32.Autorun.hx 
notepad.exe
\NOTEPAD.EXE
\NOTEPAD.EXE 
\notepad.exe %1
notepad.exe %1
\notepod.exe
Nothing Found
notpost.exe
NoViewContextMenu
\npkpdb.dll
\npkpdb.dll 
NP.vbs
\_npwmsdrm.exe
\npwmsdrm.exe
npwmsdrm.exe
npwmsdrm.exe Backdoor.Win32.Hupigon.bsul
\Nskhelper2.sys
\Nskhelper2.syse
Ntcheck
ntdelect.com
ntdelect.com Virus.Win32.AutoRun.so
\ntldr_.exe
ntldr_.exe
ntldr.exe
Ntldr.exe
'ntldr.exe Virus.Win32.Autorun.18494
ntldr.exe Virus.Win32.Autorun.28000
ntldr.exe Worm.Win32.Autorun.18912
ntldr.exe Worm.Win32.AutoRun.del
Ntldr.exe Worm.Win32.AutoRun.dos
ntldr.pif Virus.Win32.Autorun.66560
ntsd -d
ntsd.exe -d
\Ntsvc.ocx
ntvdm.exe
ntvdm.exe Worm.VB.aig
ntvdm.exe Worm.VB.aig,
ntvdm.exe Worm.VB.aih
ntvdm.exe Worm.VB.aih,
NT-Win32
"Num_Catalog_Entries"=dword:00000003
"Num_Catalog_Entries"=dword:0000000f
"Num_Catalog_Entries"=dword:00000011
NvCpl
\NvCpl64.dll
nvdll32
nvhcnd
\nvsrc.exe
nvsrc.exe
\nvsuc32.exe
nvsuc32.exe
nvsuc32.exe Backdoor.Win32.Hupigon.bduq
\nvsvc.exe
nvsvc.exe
\NVUNINST.EXE
NVUNINST.EXE
nxdlld
\nxdlld.dll
\nxdlld.dll 
\nxdlld.exe
\nxdlld.exe 
nxdlld.exe
NX.exe
nx.exe Virus.Win32.AutoRun.sw
nxjpry
|O|a|
OCA 
OCX 
\odbcasvc.exe
\odbcasvc.exe 
\odbcasvc.exe  
\ODBCJET.exe
\ODBCJET.exe 
\oeminfo.ini
\oemlogo.bmp
\OfcpfwSvcs.exe
\OfcpfwSvcs.exe 
\_Office.exe
Office.exe
Office.exe Backdoor.Win32.ShangXing.kd
\Office Start.exe
Office Start.exe
oglknl
\oglknl.dll
\oglknl.dll 
\oglknl.exe
\oglknl.exe 
oglknl.exe
OISbmpfile
OISgiffile
OISjpegfile
\ok.ini
OLB 
\Oleaut32.dll
omwmstj.exe Trojan.Crypt.NSAnti.Gen
 on file 
o#o_o
open
Open
\open10.dll
\open10.dll 
\open11.dll
\open11.dll 
OpenHomePage
oqbvsw
Orientations
OriginalFilename
OS/2-16 PM-16
OS/2-16 PM-32
\oso.exe
oso.exe
OSO.exe
oso.exe Trojan.PSW.QQpass.38126 
oso.exe Trojan.PSW.QQpass.38126  
oso.exe Trojan.PSW.QQPass.38136 
oso.exe Trojan.PSW.QQPass.38136  
oso.exe Trojan.PSW.QQpass.38143 
oso.exe Trojan.PSW.QQpass.38143  
oso.exe Trojan.PSW.QQpass.38144 
oso.exe Trojan.PSW.QQpass.38144  
oso.exe Trojan.PSW.QQpass.38382 
oso.exe Trojan.PSW.QQpass.38382  
oso.exe Trojan.PSW.QQpass.38506 
oso.exe Trojan.PSW.QQpass.38506  
oso.exe Trojan.PSW.QQpass.38528 
oso.exe Trojan.PSW.QQpass.38528  
oso.exe Trojan.PSW.QQPass.38528 
oso.exe Trojan.PSW.QQPass.38528  
oso.exe Trojan.PSW.QQpass.48436 
oso.exe Trojan.PSW.QQpass.48436  
oso.exe Trojan.PSW.QQpass.48437 
oso.exe Trojan.PSW.QQpass.48437  
oso.exe Trojan.PSW.QQPass.52851 
oso.exe Trojan.PSW.QQPass.52851  
oso.exe Trojan.PSW.QQPass.53362 
oso.exe Trojan.PSW.QQPass.53362  
oso.exe Trojan.PSW.QQPass.96879 
oso.exe Trojan.PSW.QQPass.96879  
oso.exe Trojan.PSW.QQPass.96895 
oso.exe Trojan.PSW.QQPass.96895  
oso.exe Trojan.PSW.QQPass.96896 
oso.exe Trojan.PSW.QQPass.96896  
oso.exe Trojan.PSW.QQPass.96899 
oso.exe Trojan.PSW.QQPass.96899  
oso.exe Trojan.PSW.QQpass.rmb 
oso.exe Trojan.PSW.QQpass.rmb  
oso.exe Trojan.PWS.QQPass.rlx 
oso.exe Trojan.PWS.QQPass.rlx  
oso.exe Worm.Pabug.31974 
oso.exe Worm.Pabug.31974  
oso.exe Worm.Pabug.31975 
oso.exe Worm.Pabug.31975  
oso.exe Worm.Pabug.31977 
oso.exe Worm.Pabug.31977  
oso.exe Worm.Pabug.31979 
oso.exe Worm.Pabug.31979  
oso.exe Worm.Pabug.38136 
oso.exe Worm.Pabug.38136  
oso.exe Worm.Pabug.38372 
oso.exe Worm.Pabug.38372  
oso.exe Worm.Pabug.38378 
oso.exe Worm.Pabug.38378  
oso.exe Worm.Pabug.38384 
oso.exe Worm.Pabug.38384  
oso.exe Worm.Pabug.38522 
oso.exe Worm.Pabug.38522  
oso.exe Worm.Pabug.38523 
oso.exe Worm.Pabug.38523  
oso.exe Worm.Pabug.38525 
oso.exe Worm.Pabug.38525  
oso.exe Worm.Pabug.38528 
oso.exe Worm.Pabug.38528  
oso.exe Worm.Pabug.38530
oso.exe Worm.Pabug.38530  
oso.exe Worm.Pabug.38536 
oso.exe Worm.Pabug.38536  
oso.exe Worm.Pabug.48419 
oso.exe Worm.Pabug.48419  
oso.exe Worm.Pabug.52851 
oso.exe Worm.Pabug.52851  
oso.exe Worm.Pabug.69246 
oso.exe Worm.Pabug.69246  
oso.exe Worm.Pabug.70771 
oso.exe Worm.Pabug.70771  
oso.exe Worm.Pabug.96878 
oso.exe Worm.Pabug.96878  
oso.exe worm.pabug.ck  
oso.exe Worm.Pabug.ck 
\OSR.EXE
OSR.EXE
OSR.EXE Worm.Win32.Autorun.fah
OutLook
P2P-Worm.Win32.Agent.am
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
pagefile.exe
pagefile.exe Trojan.DL.Adload.alx
pagefile.exe Trojan.DL.Adload.alx 
pagefile.pif
pagefile.pif  Worm.diskgen.b
pagefile.pif Worm.Win32.AutoRun.dck
\paramstr.txt
\parffilt.ini
Patched 
Path
patty.exe
Patty.exe Virus.Win32.Autorun.119004
PBSCustomeColor1
PBSCustomeColor2
PbWzdmngmt1
PbWzdmngmt2
PbWzdmngmt3
\PCHEALTH\HELPCTR\Binaries\msconfig.com
\PCHEALTH\HELPCTR\Binaries\msconfig.com 
\pchealth\helpctr\binaries\msconfig.exe
\pchealth\helpctr\binaries\msconfig.exe 
\pchealth\helpctr\binaries\msconfig.exe, 
@="PCMCIA Adapters"
.pdf
pegefile.pif
pegefile.pif Trojan.PSW.Win32.Agent.mk 
PendingFileRenameOperations
\perefic.ini
\PFW.exe
\PFW.exe 
PFW.pif Worm.Agent.ky
PFW.pif Worm.Agent.ky 
Pick
\Pick
\Pick\
picture
Picture
PictureAlign
picturedown
PictureDown
PictureHover
picturemouseon
PictureMouseOn
\pictures.exe
Pictures.exe Worm.Win32.AutoRun.djt
pictureSize
PictureSize
\.pif
.pif;readme.doc.exe;game.exe;serivces.exe;RECYCLER\RECYCLER.exe;S-1-5-21-1214440339.exe;App.exe;
].pif;servtie.exe;naxcehy.exe;Blue.exe;exiplorer.exe;serveter.exe;omwmstj.exe;
].pif;servtie.exe;naxcehy.exe;BLUE.EXE;exiplorer.exe;serveter.exe;serveter.exe;omwmstj.exe;HappyDay.exe;Recyclcd\Driveinfo.exe;Recyclcd\Driveinfo.sdc;stNp.vbs;csrss.vbe;RECYCLER\Lcass.exe;.MS32DLL.dll.vbs;.exe;
.pif;win.exe;readme.doc.exe;
\ping.com
\ping.com 
pipkab
\pkeusvq.exe
\pkeusvq.exe 
\plmmsbl.dll
\PluginCNLOG.dll
\Plx.exe
Plx.exe
Plx.exe Trojan.Win32.Delf.chw
pnikpp
\pnikpp.dll
\pnikpp.dll 
\pnikpp.exe
\pnikpp.exe 
pnikpp.exe
pnvifj
\pojet.exe
\pojet.exe 
\ppstream.exe
\ppstream.exe 
ppstream.exe
ppstream.exe Worm.Win32.VB.e
PreRel
PreRel 
Printer drv
Printer.exe
Printer.exe Trojan.VB.wio
Private 
\prncfg.vbs
\prodkpec.ini
ProductName
ProductVersion
Programfiles
ProgramFiles
Programs
ProgressBar1
ProgressLook
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
\PrstService.dll
\PrstService.exe
PrstService.exe
\Purger.exe
Purger.exe
Purger.exe Trojan.Win32.VB.xju
\qcbhoa.dll
\qcbhoa.dll 
\qcbhoa.exe
\qcbhoa.exe 
QDAutoUpdate.exe Trojan-Downloader.Win32.Delf.azm
qhbodv
\qmgr.dll
qmmnxr
\qmmnxr.dll
\qmmnxr.dll 
\qmmnxr.exe
\qmmnxr.exe 
qmmnxr.exe
qmymfw
\qmymfw.dll
\qmymfw.dll 
\qmymfw.exe
\qmymfw.exe 
qmymfw.exe
qnjtyl
qnusnj
qpoenl
\qq.bat
qq.bat
\qq.exe
\qq.exe 
\qq.exe  
\QQ.exe
\QQ.exe 
qq.exe Virus.Win32.AutoRun.ia
\QQhx.dat
\QQhx.dat 
\QQhx.dat  
\QQHX.dat
\QQHX.dat 
\QQHX.Dat
\QQHX.DAT
\QQHX.DAT 
QQKAV
\QQUpdate.exe
\QQUpdate.exe 
\qq.vbe
qq.vbe
qq.vbe Worm.Script.BAT.Agent.c
qvkwjh
\qvkwjh.dll
\qvkwjh.dll 
\qvkwjh.exe
\qvkwjh.exe 
qvkwjh.exe
RAID
.RAR
.RAR;smserv.exe;gk123.exe;Extensionsk.exe;npwmsdrm.exe,rejoice082.exe;ms071528.exe;MSDOS.bat;mmNiu.exe;Switbhing Co.exe;Xiaohao.com;SiZhu.exe
Raster Font
\ravfree.exe
\ravmod.exe
\ravmod.exe 
\ravmod.exe  
Rav*Mon
\RavMonE.exe
\RavMonE.exe 
\RavMonE.exe  
\RavMonE.exe   
RavMonE Worm.Snake.a
Ravmon.exe
RavMon.exe Trojan.Agent.afz
\Ravmonlog.*
RavMon Trojan.Agent.ync
rbgofc
\RCS.exe
\RCS.exe 
\RCS.exe  
rd /s /q D:\Recyc1ed
\_re061.exe
re061.exe
re061.exe Backdoor.Win32.ShangXing.kd
\_re51.exe
\_re51.exe 
re51.exe Backdoor.Win32.Hupigon.exa
\_re91.exe
re91.exe
re91.exe Virus.Win32.Autorun.634368
readme.doc.exe
readme.doc.exe Trojan.Peed.Gen 
readme.doc.exe Trojan.Peed.Gen  
readme.doc.exe  Win32/VB.NIZ 
readme.doc.exe  Win32/VB.NIZ  
Readme.exe Win32.Troj.Pcrob.ft.77312
readme.htm.exe
\Readme.txt
\ReadMe.txt
readme.txt.exe
\ReadMe.txt.exe
readme.txt.exe Trojan.Delf.rsd
ReadMe.txt.exe Virus.Win32.Autorun.37344
real
\real.exe
\real.exe 
Real.exe
real.exe Worm.VB.acr
real.exe Worm.VB.acr 
\_RealPlayeg.exe
\RealPlayeg.exe
RealPlayeg.exe
RealPlayeg.exe Worm.Win32.AutoRun.636416
\realsched.exe
\realsched.pat
\realshade.exe
 Recovered
\Recyc.exe
\Recyc.exe 
RECYCIER\system.exe;info.exe;pagefile.exe;Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.EXE;msvci.exe;real.exe;COMMAND.pif;UC2006.exe;servet.exe;usbdriver.exe;rising.exe;SVCH0ST.EXE;SWCHOST.EXE;
Recyclcd
Recyclcd\Driveinfo.exe;Recyclcd\Driveinfo.sdc;Recyclcd\voinfo.dll;QDAutoUpdate.exe;sbl.exe;sb.exe;ah.exe;GHO.exe;up.vbe.exe;Windows.scr;daxian.exe;SFF.exe;sysboot.scr;inituser.exe;Internet\
recycle.{645FF040-5081-101B-9F08-00AA002F954E}\GHOSTBAK.exe
Recyclecl\EXPLORE.EXE
\Recycled.{645FF040-5081-101B-9F08-00AA002F954E}\winlog.EXE
Recycled\cleardisk.pif
Recycled\cleardisk.pif;Recycled\disk.ico;syn0801.exe;Hook.exe;taipingtianguo.exe;ntdelect.com;nx.exe;Down(4).exe;services.exe;driver.exe;goodgirl.jpg;Recycled\Autorun.dll;Recycled\xzb\#HIT#^^^(W-H-Y).log;Recycled\xzb\Autorun.inf;
Recycled\cleardisk.pif;Recycled\disk.ico;syn0801.exe;Hook.exe;taipingtianguo.exe;ntdelect.com;nx.exe;Down(4).exe;services.exe;driver.exe;goodgirl.jpg;Recycled\Autorun.dll;xzb\#HIT#^^^(W-H-Y).log;xzb\Autorun.inf;Recycled\xzb\#HIT#^^^(W-H-Y).log;Recycled\xzb\Autorun.inf;
Recycled\disk.ico
\Recycled.exe
\Recycled.exe 
Recycled.exe
Recycled.exe Dropper.Agent
Recycled.exe Worm.Win32.Agent.uz
\Recycled\Recycled\ctfmon.exe
\Recycled\Recycled\ctfmon.exe 
\Recycled\Recycled\ctfmon.exe  
Recycleds.url
\Recycled\xzb
Recycle.exe
Recycle.exe Trojan-Dropper.Win32.VB.rj
RECYCLER
RECYCLER\
Recycler\auto.exe
RECYCLER\Boot.exe
RECYCLER.exe
Recycler.exe Backdoor.Delf.xbn 
Recycler.exe Backdoor.Delf.xbn  
Recycler.exe Backdoor.Delf.xcb 
Recycler.exe Backdoor.Delf.xcb  
RECYCLER.exe Trojan.DL.VBS.Small.w 
RECYCLER.exe Trojan.DL.VBS.Small.w  
RECYCLER.exe Trojan-Spy.Win32.VB.mn
RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE;IGPXE.exe;shell.exe;auto.exe;Rsagen.exe;MSI.exe;
RECYCLER\S-1-5-21-796845957-2139871995-839522115-500.exe
RECYCLERS-1-6-21-1257894210-1075856346-012573477-2315\folderopen.exe
Recycler\uchelp.exe
Recycler\USBplice.exe
\_redztk.exe
redztk.exe
redztk.exe Virus.Win32.Autorun.316928
\.reg
reg 
Reg 
Regdelete
REG_DWORD
\regedit32.com
regedit32.com
\regedit.com
\regedit.com 
\regedit.exe
\regedit.exe 
\regedit.exe, 
regedit.exe 
regedit.exe "%1"
regedit.exe /s C:\fix.reg
regedit.exe /s C:\FixSPI.reg
regedit.exe /s C:\SafeBoot.reg
regedit /s C:\55.reg
regedit /s C:\Fixasc.reg
regedit /s C:\ReD.reg
regedit /s C:\ReExe.reg
regedit /s C:\WinSockLSP.reg
\regedit.vbs
\regedit.vbs 
reg.exe import C:\fix.reg
REG_EXPAND_SZ
regfile\shell\open\command
regFile\Shell\Open\Command
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
RegRead
regsvr32
REG_SZ
Regwrite
\_rejoice0805.exe
rejoice0805.exe
rejoice0805.exe Worm.Win32.Autorun.676864
\_rejoice082.exe
rejoice082.exe
rejoice082.exe Backdoor.Win32.Hupigon.dev
\_rejoice101.exe
\rejoice101.exe
rejoice101.exe
rejoice101.exe Backdoor.Win32.Hupigon.655360
rejoice101.exe Virus.Win32.Autorun.279990
\_rejoice47.exe
rejoice47.exe
rejoice47.exe Backdoor.Win32.ShangXing
\_rejoice91.exe
\rejoice91.exe
rejoice91.exe
rejoice91.exe Virus.Win32.Autorun.663552
\Remember.dll
Remote
REMOVABLE
REM UC
\Rencom.exe
\Rencom.exe 
reper.exe
Reper Worm.Repka.y
\resouese444.dll
\rfpot.exe
\rfpot.exe 
rfpot.exe Worm.Agent.VB
\rfpot.mp3
\rfpot.sys
\rfpot.sys 
\RGetUserTemp.bat
\RGetUserTemp.log
\RGetUserTemp.scr
\RGetUserTemp.scr 
\RGetUserTemp.scr  
\rgqqgy.dll
\rgqqgy.exe
\rhm32.exe
\rhm32.exe 
rhm32.exe Trojan.Autoruner.Unknown
\Riched32.dll
Riched32.dll
\ridiap
RiKAV
rising
rising.exe
rising.exe Trojan.DL.Mnless.hr 
\ronney.dll
\ronney.dll 
\ronney.dll  
\ronney.exe
\ronney.exe 
\ronney.exe  
Root
\root\cimv2
\root\default:StdRegProv
Rootkit
RooTkit
ROOTKIT
Rootless
rose.exe
Rose.EXE
Rose.exe;sal.xls.exe;desktop.exe;desktop2.exe;ie.exe;setup.pif;readme.exe;Iexplores.exe;sxs.exe;Recycler\UExecute.exe;RECYCLER\RECYCLER\autorun.exe;MeetingNote\Sysnote.exe;explorer.exe;system.exe;pagefile.pif;
ROSE Worm.VB.hy
RoundedValue
\Rsagen.exe
\Rsagen.exe 
Rsagen.exe
Rsagen.exe Trojan.Agent.Autorun
\rs.bat
\rs.bat 
\rsvp.exe
RSVS.PIF
\Rtemp.bat
RUNAUT~1
RUNAUT~1\autorun.pif
RUNAUT~1\autorun.pif;rundll.exe;handydriver.exe;sky.exe;ZtPyServ.exe;ntvdm.exe;soversie.exe;kangen.exe;tool.exe;pfw.pif;sexie.exe;mp3.exe;u.bat;sys.exe;ghost.pif;flashplay.dll;Fatter.exe;RECYCLER\S-1-5-21-796845957-2139871995-839522115-500.exe;
\rund32.exe
\rund32.exe 
\rund32.exe  
Rundll
\rundll16.exe
\rundll16.exe 
rundll32
\rundll32.exe
\rundll32.exe 
rundll32.exe Worm.Agent.49152
\rundll.exe
\rundll.exe 
rundll.exe
\Rundll.exe
\Rundll.exe 
Rundll.exe
Rundll.exe Win32.Iuhzu.a
rundll.exe Worm.VB.ahp
rundll.exe Worm.VB.ahp 
\run.reg
runreper
rurply
\RxpMoN.exe
S-1-5-21-1214440339.exe
S-1-5-21-1214440339.exe Worm.Win32.Agent.w
S-1-5-21-1214440339.exe Worm.Win32.Agent.w 
safe
sal.xls.EXE
sal.xls.exe Trojan.VB.vvu
\SAM.dat
\SAM.dat 
\samsun.exe
\samsun.exe 
\samsun.exe  
\sarvices.exe
\sarvices.exe 
\sarvices.exe  
\saslogww.txt
savage.exe Virus.Win32.AutoRun.fy
\save.sos
sb.exe
sb.exe Virus.Win32.AutoRun.mk
sbfyrn
\sbfyrn.dll
\sbfyrn.dll 
\sbfyrn.exe
\sbfyrn.exe 
sbfyrn.exe
sbl.exe
sbl.exe Backdoor.Agent.xox
\sbl.inf.inf
ScaleMode
\ScApp.exe
\ScApp.exe 
\scardsvr.exe
\scardsvr.exe 
\scardsvr.exe  
\SCARDSVR.EXE
\SCARDSVR.EXE 
SCARDSVR.EXE
schedl
schedl.exe
schedl.exe Trojan.Win32.VB.zvj
\schotrs.ini
SCMTool
.scr
scress.reg
\scrie
\scrie16_
Scripting.FileSystemObject
Scroll
\scrss.exe
\scrss.exe 
\scrsys
\scrsys16_
\Scryptnat.dll
Scsi
@="SCSIAdapter"
\scvhost.exe
\scvhost.exe 
scvhost.exe
scvhost.exe;Recycler\auto.exe;
scvhost.exe Worm.Win32.Agent.imy
scvhost.exe Worm.Win32.Agent.imy 
\scvhost.ini
\scvhost\svchost.exe
\scvhost\svchost.exe 
\scvhost\svchost.exe  
\scvhsot.exe
\scvhsot.exe 
\scvhsot.exe  
\scvhsot.exe   
scvhsot.exe
\sdafdf.exe
\SDGames.exe
SDGames.exe
SDGames.exe(
SDGames.exe Virus.Win32.Autorun.59282
\sdpsrv.dll
\_Se2009.exe
Se2009.exe
Se2009.exe Backdoor.Win32.ShangXing.beq
\_Se51.exe
\_Se51.exe 
\Se51.exe
\Se51.exe 
\Se51.exe  
Se51.exe Backdoor.Win32.Gpigeon.evc
\seacon.exe
seacon.exe
seacon.exe;MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe;RECYCLER\S-1-5-21-796845957-2139871995-839522115-500.exe;
SeBackupPrivilege
SeDebugPrivilege
Select * from Win32_Process
Select * from Win32_Process Where Name = '
Select * from Win32_Process Where Name = '1A36CBC8.EXE'
Select * from Win32_Process Where Name = '60{.exe'
Select * from Win32_Process Where Name = '6666.com'
Select * from Win32_Process Where Name = 'adamrf.exe'
Select * from Win32_Process Where Name = 'algsrv.exe'
Select * from Win32_Process Where Name = 'algsrvs.exe'
Select * from Win32_Process Where Name = 'algssl.exe'
Select * from Win32_Process Where Name = 'alligt.exe'
Select * from Win32_Process Where Name = 'ALMV.exe'
Select * from Win32_Process Where Name = 'app.exe'
Select * from Win32_Process Where Name = 'App.exe'
Select * from Win32_Process Where Name = 'as.exe'
Select * from Win32_Process Where Name = 'ati2evxx.exe'
Select * from Win32_Process Where Name = 'autorun.exe'
Select * from Win32_Process Where Name = 'avipit.exe'
Select * from Win32_Process Where Name = 'avrsys.exe'
Select * from Win32_Process Where Name = 'badudv.exe'
Select * from Win32_Process Where Name = 'baqftx.exe'
Select * from Win32_Process Where Name = 'bbyb.exe'
Select * from Win32_Process Where Name = 'bbybs.exe'
Select * from Win32_Process Where Name = 'bfdarx.exe'
Select * from Win32_Process Where Name = 'bhtpod.exe'
Select * from Win32_Process Where Name = 'bigdog.exe'
Select * from Win32_Process Where Name = 'Bingo.exe'
Select * from Win32_Process Where Name = 'bittorrent.exe'
Select * from Win32_Process Where Name = 'bl.exe'
Select * from Win32_Process Where Name = 'Blue.exe'
Select * from Win32_Process Where Name = 'bqifue.exe'
Select * from Win32_Process Where Name = 'bryato.exe'
Select * from Win32_Process Where Name = 'bsr.exe'
Select * from Win32_Process Where Name = 'cacom.exe'
Select * from Win32_Process Where Name = 'calc.exe'
Select * from Win32_Process Where Name = 'ccApps.exe'
Select * from Win32_Process Where Name = 'cd1.exe'
Select * from Win32_Process Where Name = 'cd2.exe'
Select * from Win32_Process Where Name = 'cd3.exe'
Select * from Win32_Process Where Name = 'cdrom.exe'
Select * from Win32_Process Where Name = 'ceffnk.com'
Select * from Win32_Process Where Name = 'ceyael.exe'
Select * from Win32_Process Where Name = 'CHKDSK.exe'
Select * from Win32_Process Where Name = 'choster.exe'
Select * from Win32_Process Where Name = 'cisceq.exe'
Select * from Win32_Process Where Name = 'cjston.exe'
Select * from Win32_Process Where Name = 'cmdbs.exe'
Select * from Win32_Process Where Name = 'cmd.exe'
Select * from Win32_Process Where Name = cmd.exe'
Select * from Win32_Process Where Name = 'Cmd.exe'
Select * from Win32_Process Where Name = 'Cn911.exe'
Select * from Win32_Process Where Name = 'cologsver.exe'
Select * from Win32_Process Where Name = 'Config.exe'
Select * from Win32_Process Where Name = 'conime.exe'
Select * from Win32_Process Where Name = 'conrme.exe'
Select * from Win32_Process Where Name = 'copyf.exe'
Select * from Win32_Process Where Name = 'cross.exe'
Select * from Win32_Process Where Name = 'crss.exe'
Select * from Win32_Process Where Name = 'crsss.exe'
Select * from Win32_Process Where Name = 'cs.exe'
Select * from Win32_Process Where Name = 'cs.EXE'
Select * from Win32_Process Where Name = 'csiss.exe'
Select * from Win32_Process Where Name = 'csrss.exe
Select * from Win32_Process Where Name = 'ctfmon.exe'
Select * from Win32_Process Where Name = 'cwyumh.exe'
Select * from Win32_Process Where Name = 'cycuvi.exe'
Select * from Win32_Process Where Name = 'database.exe'
Select * from Win32_Process Where Name = 'ddacpl.exe'
Select * from Win32_Process Where Name = 'death.exe'
Select * from Win32_Process Where Name = 'DefragFs.exe'
Select * from Win32_Process Where Name = 'depjhq.exe'
Select * from Win32_Process Where Name = 'desktop2.exe'
Select * from Win32_Process Where Name = 'desktop.exe'
Select * from Win32_Process Where Name = 'DirectX.exe'
Select * from Win32_Process Where Name = 'Discovery.exe'
Select * from Win32_Process Where Name = 'DLLH0ST.exe'
Select * from Win32_Process Where Name = 'DLLHOST.EXE'
Select * from Win32_Process Where Name = 'do.exe'
Select * from Win32_Process Where Name = 'dream.exe'
Select * from Win32_Process Where Name = 'Driveinfo.exe'
Select * from Win32_Process Where Name = 'driver.exe'
Select * from Win32_Process Where Name = '_drom.exe'
Select * from Win32_Process Where Name = 'edopmq.exe'
Select * from Win32_Process Where Name = 'efkixf.exe'
Select * from Win32_Process Where Name = 'ekgopb.exe'
Select * from Win32_Process Where Name = 'eouvic.exe'
Select * from Win32_Process Where Name = 'eoymry.exe'
Select * from Win32_Process Where Name = 'epoolsv.exe'
Select * from Win32_Process Where Name = 'epson.exe'
Select * from Win32_Process Where Name = '.exe'
Select * from Win32_Process Where Name ='exiplorer.exe '
Select * from Win32_Process Where Name = 'Exp1orer.exe'
Select * from Win32_Process Where Name = 'explorer.com'
Select * from Win32_Process Where Name = 'explorer.exe'
Select * from Win32_Process Where Name = 'Explorer.exe'
Select * from Win32_Process Where Name = 'EXPLORER.EXE'
Select * from Win32_Process Where Name = 'faster.txt'
Select * from Win32_Process Where Name = 'fat.exe'
Select * from Win32_Process Where Name = 'fatter.exe'
Select * from Win32_Process Where Name = 'fgkljp.exe'
Select * from Win32_Process Where Name = 'file32.exe'
Select * from Win32_Process Where Name = 'FileKan.exe'
Select * from Win32_Process Where Name = 'Flash.10.exe'
Select * from Win32_Process Where Name = 'Flash Player.exe'
Select * from Win32_Process Where Name = 'fly.exe'
Select * from Win32_Process Where Name = 'fooool.exe'
Select * from Win32_Process Where Name = 'format32.exe'
Select * from Win32_Process Where Name = 'ftextv.exe'
Select * from Win32_Process Where Name = 'fubcwj.exe'
Select * from Win32_Process Where Name = 'game.EXE'
Select * from Win32_Process Where Name = 'GetSystemPath.exe'
Select * from Win32_Process Where Name = 'gfosdg.exe'
Select * from Win32_Process Where Name = 'ghjji.exe'
Select * from Win32_Process Where Name = 'ghost.exe'
Select * from Win32_Process Where Name = 'gz.exe'
Select * from Win32_Process Where Name = 'handydriver.exe'
Select * from Win32_Process Where Name = 'HappyDay.exe'
Select * from Win32_Process Where Name = 'hcmvoa.exe'
Select * from Win32_Process Where Name = 'heevlg.exe'
Select * from Win32_Process Where Name = 'hook.exe'
Select * from Win32_Process Where Name = 'hpxger.exe'
Select * from Win32_Process Where Name = 'hsiwij.exe'
Select * from Win32_Process Where Name = 'hwbfbp.exe'
Select * from Win32_Process Where Name = 'ie7.exe'
Select * from Win32_Process Where Name = 'ie.exe'
Select * from Win32_Process Where Name = 'iexp1ore.exe'
Select * from Win32_Process Where Name = 'iexplore.exe'
Select * from Win32_Process Where Name = iexplore.exe'
Select * from Win32_Process Where Name = 'IEXPLORE.exe'
Select * from Win32_Process Where Name = 'IEXPLORE.EXE'
Select * from Win32_Process Where Name = 'IEXPLORER.EXE'
Select * from Win32_Process Where Name = 'Ilass.exe'
Select * from Win32_Process Where Name = 'ime.exe'
Select * from Win32_Process Where Name = 'inetinfo.exe'
Select * from Win32_Process Where Name = 'inetsrv.exe'
Select * from Win32_Process Where Name = 'info.exe'
Select * from Win32_Process Where Name = 'inituser.exe'
Select * from Win32_Process Where Name = 'Internet Explorer.exe'
Select * from Win32_Process Where Name = 'ixunfp.exe'
Select * from Win32_Process Where Name = 'jaovqh.com'
Select * from Win32_Process Where Name = 'jhkdil.exe'
Select * from Win32_Process Where Name = 'jhvjln.exe'
Select * from Win32_Process Where Name = 'jitpjr.exe'
Select * from Win32_Process Where Name = 'jmxxxh.exe'
Select * from Win32_Process Where Name = 'jrwnam.exe'
Select * from Win32_Process Where Name = 'jtagsc.exe'
Select * from Win32_Process Where Name = 'jun.exe'
Select * from Win32_Process Where Name = 'jusodl.exe'
Select * from Win32_Process Where Name = 'jvmlts.exe'
Select * from Win32_Process Where Name = 'jvxnypf.exe'
Select * from Win32_Process Where Name = 'jwbnlb.exe'
Select * from Win32_Process Where Name = 'jxoirv.exe'
Select * from Win32_Process Where Name = 'kabuwj.exe'
Select * from Win32_Process Where Name = 'kangen.exe'
Select * from Win32_Process Where Name = 'kauupl.com'
Select * from Win32_Process Where Name = 'KAV2007.exe'
Select * from Win32_Process Where Name = 'KAV.EXE'
Select * from Win32_Process Where Name = 'kavo.exe'
Select * from Win32_Process Where Name = 'kerneldrive.exe'
Select * from Win32_Process Where Name = 'kernel.exe'
Select * from Win32_Process Where Name = 'kernlx.exe'
Select * from Win32_Process Where Name = 'khjias.com'
Select * from Win32_Process Where Name = 'kndncso.exe'
Select * from Win32_Process Where Name = 'kqekaj.exe'
Select * from Win32_Process Where Name = 'launchCD.exe'
Select * from Win32_Process Where Name = 'lawxrx.exe'
Select * from Win32_Process Where Name = 'Lcass.exe'
Select * from Win32_Process Where Name = 'lcg.exe'
Select * from Win32_Process Where Name = 'lhched.exe'
Select * from Win32_Process Where Name = 'limit.exe'
Select * from Win32_Process Where Name = 'loadie.EXE'
Select * from Win32_Process Where Name = 'loadms.exe'
Select * from Win32_Process Where Name = 'loadmsnt.exe'
Select * from Win32_Process Where Name = 'lover.exe'
Select * from Win32_Process Where Name = 'lsess.exe'
Select * from Win32_Process Where Name = 'Macromedia.10.exe'
Select * from Win32_Process Where Name = 'mainsv.exe'
Select * from Win32_Process Where Name = 'mapserver.exe'
Select * from Win32_Process Where Name = 'MaxBSLoad.exe'
Select * from Win32_Process Where Name = 'maxthon.exe'
Select * from Win32_Process Where Name = 'Maxthon.exe'
Select * from Win32_Process Where Name = 'MDM.exe'
Select * from Win32_Process Where Name = 'mdngfh.exe'
Select * from Win32_Process Where Name = 'meex.com'
Select * from Win32_Process Where Name = 'mem32.exe'
Select * from Win32_Process Where Name = 'Mgrshell.exe'
Select * from Win32_Process Where Name = 'mianhou.exe'
Select * from Win32_Process Where Name = 'mmc32.exe'
Select * from Win32_Process Where Name = 'mmc.exe'
Select * from Win32_Process Where Name = 'mm.exe'
Select * from Win32_Process Where Name = 'mmlucj.exe'
Select * from Win32_Process Where Name = 'mp3.exe'
Select * from Win32_Process Where Name = 'mpnxyl.exe'
Select * from Win32_Process Where Name = 'mppds.exe'
Select * from Win32_Process Where Name = 'mqhaym.exe'
Select * from Win32_Process Where Name = 'mrkctl.exe'
Select * from Win32_Process Where Name = 'msapi.exe'
Select * from Win32_Process Where Name = 'msaro.exe'
Select * from Win32_Process Where Name = 'msccrt.exe'
Select * from Win32_Process Where Name = '_mscmig.exe'
Select * from Win32_Process Where Name = 'msconfig.com'
Select * from Win32_Process Where Name = 'MSCONFIG.exe'
Select * from Win32_Process Where Name = 'msddslasd.exe'
Select * from Win32_Process Where Name = 'msdtr.exe'
Select * from Win32_Process Where Name = 'msdumprep.exe'
Select * from Win32_Process Where Name = 'msfir80.exe'
Select * from Win32_Process Where Name = 'msfun80.exe'
Select * from Win32_Process Where Name = 'msime80.exe'
Select * from Win32_Process Where Name = 'msime82.exe'
Select * from Win32_Process Where Name = 'msinfo.exe'
Select * from Win32_Process Where Name = 'mslogon.exe'
Select * from Win32_Process Where Name = 'msnet.exe'
Select * from Win32_Process Where Name = 'MSN.msn'
Select * from Win32_Process Where Name = 'msnserv.exe'
Select * from Win32_Process Where Name = 'MSOSV.EXE'
Select * from Win32_Process Where Name = 'MSOSVEXT.EXE'
Select * from Win32_Process Where Name = 'mspaint.exe'
Select * from Win32_Process Where Name = 'msvci.exe'
Select * from Win32_Process Where Name = 'MVH.exe'
Select * from Win32_Process Where Name = 'MVS.exe'
Select * from Win32_Process Where Name = 'MYEX.exe'
Select * from Win32_Process Where Name = 'MYTX.exe'
Select * from Win32_Process Where Name = 'NeroCheck.exe'
Select * from Win32_Process Where Name = 'netdde .exe'
Select * from Win32_Process Where Name = 'NetDebug.exe'
Select * from Win32_Process Where Name = 'networks.exe'
Select * from Win32_Process Where Name = 'ngpycxm.exe'
Select * from Win32_Process Where Name = 'nkruls.exe'
Select * from Win32_Process Where Name = 'notaped.exe'
Select * from Win32_Process Where Name = 'NOTEPAD.EXE'
Select * from Win32_Process Where Name = 'notepod.exe'
Select * from Win32_Process Where Name = 'npkpdb.dll'
Select * from Win32_Process Where Name = 'ntdllf.exe'
Select * from Win32_Process Where Name = 'ntdllfnt.exe'
Select * from Win32_Process Where Name = 'ntldr.exe'
Select * from Win32_Process Where Name = 'ntldr.pif'
Select * from Win32_Process Where Name = 'nvhcnd.com'
Select * from Win32_Process Where Name = 'nxdlld.exe'
Select * from Win32_Process Where Name = 'nx.exe'
Select * from Win32_Process Where Name = 'nxjpry.com'
Select * from Win32_Process Where Name = 'ODBCJET.exe'
Select * from Win32_Process Where Name = 'OfcpfwSvcs.exe'
Select * from Win32_Process Where Name = 'oglknl.exe'
Select * from Win32_Process Where Name = 'oipmpx.exe'
Select * from Win32_Process Where Name = 'oqbvsw.exe'
Select * from Win32_Process Where Name = 'pagefile.exe'
Select * from Win32_Process Where Name = 'patty.exe'
Select * from Win32_Process Where Name = 'PFW.exe'
Select * from Win32_Process Where Name = 'PFW.pif'
Select * from Win32_Process Where Name = 'ping.exe'
Select * from Win32_Process Where Name = 'pipkab.exe'
Select * from Win32_Process Where Name = 'pkeusvq.exe'
Select * from Win32_Process Where Name = 'pnikpp.exe'
Select * from Win32_Process Where Name = 'pnvifj.exe'
Select * from Win32_Process Where Name = 'ppstream.exe'
Select * from Win32_Process Where Name = 'q7.exe'
Select * from Win32_Process Where Name = 'qcbhoa.exe'
Select * from Win32_Process Where Name = 'qhbodv.exe'
Select * from Win32_Process Where Name = 'qmmnxr.exe'
Select * from Win32_Process Where Name = 'qmymfw.exe'
Select * from Win32_Process Where Name = 'qnjtyl.com'
Select * from Win32_Process Where Name = 'qnusnj.exe'
Select * from Win32_Process Where Name = 'qpoenl.com'
Select * from Win32_Process Where Name = 'qq.exe'
Select * from Win32_Process Where Name = 'QQ.exe'
Select * from Win32_Process Where Name = 'qqupdate.exe'
Select * from Win32_Process Where Name = 'QQUpdate.exe'
Select * from Win32_Process Where Name = 'qvkwjh.exe'
Select * from Win32_Process Where Name = 'ravmod.exe'
Select * from Win32_Process Where Name = 'RavMonE.exe'
Select * from Win32_Process Where Name = 'rbgofc.com'
Select * from Win32_Process Where Name = 'RCS.exe'
Select * from Win32_Process Where Name = 'real.exe'
Select * from Win32_Process Where Name = 'realsched.exe'
Select * from Win32_Process Where Name = 'realshade.exe'
Select * from Win32_Process Where Name = Recyc.exe'
Select * from Win32_Process Where Name = 'Recycled.exe'
Select * from Win32_Process Where Name = 'regedit.com'
Select * from Win32_Process Where Name = 'Rencom.exe'
Select * from Win32_Process Where Name = 'reper.exe'
Select * from Win32_Process Where Name = 'rfpot.exe'
Select * from Win32_Process Where Name = 'rgqqgy.exe'
Select * from Win32_Process Where Name = 'rhm32.exe'
Select * from Win32_Process Where Name = 'ronney.exe'
Select * from Win32_Process Where Name = 'Rose.exe'
Select * from Win32_Process Where Name = 'Rsagen.exe'
Select * from Win32_Process Where Name = 'rsvp.exe'
Select * from Win32_Process Where Name = 'rund1132.exe'
Select * from Win32_Process Where Name = 'rund32.exe'
Select * from Win32_Process Where Name = 'rundll16.exe'
Select * from Win32_Process Where Name = 'rundll32.exe'
Select * from Win32_Process Where Name = 'rundll.exe'
Select * from Win32_Process Where Name = 'rurply.exe'
Select * from Win32_Process Where Name = 'RxpMoN.exe'
Select * from Win32_Process Where Name = 'S-1-5-21-1214440339.exe'
Select * from Win32_Process Where Name = 'sarvices.exe'
Select * from Win32_Process Where Name = 'sbfyrn.exe'
Select * from Win32_Process Where Name = 'ScApp.exe'
Select * from Win32_Process Where Name = 'scardsvr.exe'
Select * from Win32_Process Where Name = 'scvhost.exe'
Select * from Win32_Process Where Name = 'scvhsot.exe'
Select * from Win32_Process Where Name = 'SDGames.exe'
Select * from Win32_Process Where Name = 'Se51.exe'
Select * from Win32_Process Where Name = 'seacon.exe'
Select * from Win32_Process Where Name = 'serivces.exe'
Select * from Win32_Process Where Name = 'SERIVCES.EXE'
Select * from Win32_Process Where Name = 'Server.exe'
Select * from Win32_Process Where Name ='serveter.exe '
Select * from Win32_Process Where Name = 'servet.exe'
Select * from Win32_Process Where Name = 'service.exe'
Select * from Win32_Process Where Name = 'services.exe
Select * from Win32_Process Where Name = 'services.exe'
Select * from Win32_Process Where Name = 'servieces.exe'
Select * from Win32_Process Where Name = 'servtie.exe'
Select * from Win32_Process Where Name = 'setup.exe'
Select * from Win32_Process Where Name = 'setup.pif'
Select * from Win32_Process Where Name = 'setuprs1.pif'
Select * from Win32_Process Where Name = '_setv.exe'
Select * from Win32_Process Where Name = 'sevchost.exe'
Select * from Win32_Process Where Name = 'severe.exe'
Select * from Win32_Process Where Name = 'ShuiNiu.exe'
Select * from Win32_Process Where Name = 'siss.exe'
Select * from Win32_Process Where Name = 'sjymie.exe'
Select * from Win32_Process Where Name = 'slpoov.exe'
Select * from Win32_Process Where Name = 'smartdrv.exe'
Select * from Win32_Process Where Name = 'smss.exe'
Select * from Win32_Process Where Name = 'snow.exe'
Select * from Win32_Process Where Name = 'snowfall.exe'
Select * from Win32_Process Where Name = 'snownClean.exe'
Select * from Win32_Process Where Name = 'SocksA.exe'
Select * from Win32_Process Where Name = 'sol.exe'
Select * from Win32_Process Where Name = 'sos.exe'
Select * from Win32_Process Where Name = 'SOUNDMAN.EXE'
Select * from Win32_Process Where Name = 'SOUNDMANS.EXE'
Select * from Win32_Process Where Name = 'soundmix.exe'
Select * from Win32_Process Where Name = 'soundmno.exe'
Select * from Win32_Process Where Name = 'soversie.exe'
Select * from Win32_Process Where Name = 'SP00.exe'
Select * from Win32_Process Where Name = 'sploov.exe'
Select * from Win32_Process Where Name = 'spool.exe'
Select * from Win32_Process Where Name = 'spoolsv.exe'
Select * from Win32_Process Where Name = 'stfwol.exe'
Select * from Win32_Process Where Name = 'SVCH0ST.exe'
Select * from Win32_Process Where Name = 'SVCH0ST.EXE'
Select * from Win32_Process Where Name = 'svchcst.exe'
Select * from Win32_Process Where Name = 'svfhost.exe'
Select * from Win32_Process Where Name = svhist.exe'
Select * from Win32_Process Where Name = 'svohost.exe'
Select * from Win32_Process Where Name = 'svohst.exe'
Select * from Win32_Process Where Name = 'SVSH0ST.EXE'
Select * from Win32_Process Where Name = 'SWCHOST.EXE'
Select * from Win32_Process Where Name = 'sxs2.exe'
Select * from Win32_Process Where Name = 'sxs.exe'
Select * from Win32_Process Where Name = 'sycacom.exe'
Select * from Win32_Process Where Name = 'SYSANALYSIS.EXE'
Select * from Win32_Process Where Name = 'sysclient.exe'
Select * from Win32_Process Where Name = 'sys.exe'
Select * from Win32_Process Where Name = 'syshost.exe'
Select * from Win32_Process Where Name = 'sysload2.exe'
Select * from Win32_Process Where Name = 'syslogn.exe'
Select * from Win32_Process Where Name = 'Sysnote.exe'
Select * from Win32_Process Where Name = 'sysos.exe'
Select * from Win32_Process Where Name = 'SYSREBUILD.EXE'
Select * from Win32_Process Where Name = 'SysSafe.exe'
Select * from Win32_Process Where Name = 'syssetup.exe'
Select * from Win32_Process Where Name = 'system32.exe'
Select * from Win32_Process Where Name = 'system.exe'
Select * from Win32_Process Where Name = 'systeminit.exe'
Select * from Win32_Process Where Name = 'systemnt.exe'
Select * from Win32_Process Where Name = 'System.pif'
Select * from Win32_Process Where Name = 'System Process'
Select * from Win32_Process Where Name = 'Systom.exe'
Select * from Win32_Process Where Name = 'taipingtianguo.exe'
Select * from Win32_Process Where Name = 'taipingtianguov1.1.exe'
Select * from Win32_Process Where Name = 'taskmg.exe'
Select * from Win32_Process Where Name = 'taskmgr.exe'
Select * from Win32_Process Where Name = 'taskmonitor.exe'
Select * from Win32_Process Where Name = 'tavo.exe'
Select * from Win32_Process Where Name = 'tcmebr.exe'
Select * from Win32_Process Where Name = 'tekkdv.exe'
Select * from Win32_Process Where Name = 'tel.xls.exe'
Select * from Win32_Process Where Name = 'temp1.exe'
Select * from Win32_Process Where Name = 'temp2.exe'
Select * from Win32_Process Where Name = 'teuyen.exe'
Select * from Win32_Process Where Name = 'tfidma.exe'
Select * from Win32_Process Where Name = '_tfmon.exe'
Select * from Win32_Process Where Name = 'tgejsy.exe'
Select * from Win32_Process Where Name = 'Thumbs.exe'
Select * from Win32_Process Where Name = 'TIMPlatform.exe'
Select * from Win32_Process Where Name = 'tlntsvr.exe'
Select * from Win32_Process Where Name = 'TNT.exe'
Select * from Win32_Process Where Name = 'tubdpn.exe'
Select * from Win32_Process Where Name = 'TxHMoU.Exe'
Select * from Win32_Process Where Name = 'TxoMoU.Exe'
Select * from Win32_Process Where Name = 'ucexxq.exe'
Select * from Win32_Process Where Name = 'ujrpjk.exe'
Select * from Win32_Process Where Name = 'uoeoxa.exe'
Select * from Win32_Process Where Name = 'upxdnf.exe'
Select * from Win32_Process Where Name = 'uqmpyu.exe'
Select * from Win32_Process Where Name = 'url.exe'
Select * from Win32_Process Where Name = 'USBCopyer.exe'
Select * from Win32_Process Where Name = 'USBSaver_xzb.exe'
Select * from Win32_Process Where Name = 'vhynyt.exe'
Select * from Win32_Process Where Name = 'viewer.exe'
Select * from Win32_Process Where Name = 'vista.exe'
Select * from Win32_Process Where Name = 'vjpetb.exe'
Select * from Win32_Process Where Name = 'vksrwh.exe'
Select * from Win32_Process Where Name = 'vm1.exe'
Select * from Win32_Process Where Name = 'vmiprwse.exe'
Select * from Win32_Process Where Name = 'vvmjrh.exe'
Select * from Win32_Process Where Name = 'vwuqaa.exe'
Select * from Win32_Process Where Name = 'w32sys.exe'
Select * from Win32_Process Where Name = 'wab32res.exe'
Select * from Win32_Process Where Name = 'wauclt.exe'
Select * from Win32_Process Where Name = 'wausvc.exe'
Select * from Win32_Process Where Name = 'wdfmgr32.exe'
Select * from Win32_Process Where Name = 'wfgfui.exe'
Select * from Win32_Process Where Name = 'WHHIT.exe'
Select * from Win32_Process Where Name = 'windowstops.exe'
Select * from Win32_Process Where Name = 'windowsWinUpdate.exe'
Select * from Win32_Process Where Name = 'winform.exe'
Select * from Win32_Process Where Name = 'winhlep.exe'
Select * from Win32_Process Where Name = 'wininfo.exe'
Select * from Win32_Process Where Name = 'wininit.exe'
Select * from Win32_Process Where Name = 'WINL0GON.exe'
Select * from Win32_Process Where Name = 'Winlog0n.exe'
Select * from Win32_Process Where Name = 'winlogon.exe'
Select * from Win32_Process Where Name = 'WinMgCt.exe'
Select * from Win32_Process Where Name = 'WinPact.exe'
Select * from Win32_Process Where Name = 'WinRAR.exe'
Select * from Win32_Process Where Name = 'WinStar.dlll'
Select * from Win32_Process Where Name = 'winsystem.exe'
Select * from Win32_Process Where Name = 'WINWORD.EXE'
Select * from Win32_Process Where Name = 'wjview32.com'
Select * from Win32_Process Where Name = 'wmplayer.exe'
Select * from Win32_Process Where Name = 'wnipsvr.exe'
Select * from Win32_Process Where Name = 'wnipsvsr.exe'
Select * from Win32_Process Where Name = 'wscript.exe'
Select * from Win32_Process Where Name = 'wsctf.exe'
Select * from Win32_Process Where Name = 'Wservers.exe'
Select * from Win32_Process Where Name = 'wsttrs.exe'
Select * from Win32_Process Where Name = 'wuauclt.exe'
Select * from Win32_Process Where Name = 'wuauserv.exe'
Select * from Win32_Process Where Name = 'wvhsjq.exe'
Select * from Win32_Process Where Name = 'xcopy.exe'
Select * from Win32_Process Where Name = 'xflwkm.com'
Select * from Win32_Process Where Name = 'xinmyp.exe'
Select * from Win32_Process Where Name = 'xp.exe'
Select * from Win32_Process Where Name = 'xsnsvc.exe'
Select * from Win32_Process Where Name = 'ydggot.exe'
Select * from Win32_Process Where Name = 'yjplqb.exe'
Select * from Win32_Process Where Name = 'Yss.exe'
Select * from Win32_Process Where Name = 'ytynaf.exe'
Select * from Win32_Process Where Name = 'yudtpl.exe'
Select * from Win32_Process Where Name = 'ZtPyServ.exe'
Select * from Win32_Service Where Name = '
Select * from Win32_Service Where Name = 'AeLookupSvcs'
Select * from Win32_Service Where Name = 'Automatic Update'
Select * from Win32_Service Where Name = 'AVP
Select * from Win32_Service Where Name = 'ClipB00K'
Select * from Win32_Service Where Name = 'COMSystemApp'
Select * from Win32_Service Where Name = 'Cryptographic Serviscx'
Select * from Win32_Service Where Name = 'DCOM Pserver'
Select * from Win32_Service Where Name = 'Distributed Link Tracking Client logger'
Select * from Win32_Service Where Name = 'dnscon'
Select * from Win32_Service Where Name = 'E685C5D0'
Select * from Win32_Service Where Name = 'Hello Download'
Select * from Win32_Service Where Name = 'Hello Ketty'
Select * from Win32_Service Where Name = 'Intelligent Transfer Service'
Select * from Win32_Service Where Name = 'Interface Device Access'
Select * from Win32_Service Where Name = 'kkdc'
Select * from Win32_Service Where Name = 'Logical  Manager'
Select * from Win32_Service Where Name = 'MDC'
Select * from Win32_Service Where Name = 'Media Serial Number Service'
Select * from Win32_Service Where Name = 'Medie Sariel Number Service'
Select * from Win32_Service Where Name = 'Medie Sariel Number Services'
Select * from Win32_Service Where Name = 'Messenger'
Select * from Win32_Service Where Name = 'Messenger Services'
Select * from Win32_Service Where Name = 'microsoft basicnet service'
Select * from Win32_Service Where Name = 'MicrSoft.com'
Select * from Win32_Service Where Name = 'MS0COM+F'
Select * from Win32_Service Where Name = 'msinfmgr'
Select * from Win32_Service Where Name = 'NetManager'
Select * from Win32_Service Where Name = 'netpass'
Select * from Win32_Service Where Name = 'NetworkDDE'
Select * from Win32_Service Where Name = 'Network Location'
Select * from Win32_Service Where Name = 'NTSvc'
Select * from Win32_Service Where Name = 'nvsuc32'
Select * from Win32_Service Where Name = 'NVSvc31'
Select * from Win32_Service Where Name = 'odbcasvc'
Select * from Win32_Service Where Name = 'PnP plug 0n Service'
Select * from Win32_Service Where Name = 'Rpcsc'
Select * from Win32_Service Where Name = 'RSVP'
Select * from Win32_Service Where Name = 'Security Accounts Manages'
Select * from Win32_Service Where Name = 'Sernd'
Select * from Win32_Service Where Name = 'Serscer'
Select * from Win32_Service Where Name = 'Services Management'
Select * from Win32_Service Where Name = 'setv'
Select * from Win32_Service Where Name = 'Sipps'
Select * from Win32_Service Where Name = 'SmartUp Application'
Select * from Win32_Service Where Name = 'System'
Select * from Win32_Service Where Name = 'system starmize'
Select * from Win32_Service Where Name = 'taskmgr'
Select * from Win32_Service Where Name = 'Tontauto'
Select * from Win32_Service Where Name = 'Transfer Service'
Select * from Win32_Service Where Name = 'TrkNetsSvcs'
Select * from Win32_Service Where Name = 'Visual  WsEB'
Select * from Win32_Service Where Name = 'Windows
Select * from Win32_Service Where Name = 'WINDOWS'
Select * from Win32_Service Where Name = 'Windows accecc'
Select * from Win32_Service Where Name = 'WindowsDown'
Select * from Win32_Service Where Name = 'Windows Driver'
Select * from Win32_Service Where Name = 'Windows Firewall'
Select * from Win32_Service Where Name = 'Windows Networks'
Select * from Win32_Service Where Name = 'Windows_re'
Select * from Win32_Service Where Name = 'Windows_redztk'
Select * from Win32_Service Where Name = 'Windows_rejoice'
Select * from Win32_Service Where Name = 'Windows_rejoice2007'
Select * from Win32_Service Where Name = 'Windows_rejoice2007_101'
Select * from Win32_Service Where Name = 'Windows_rejoice2007_51'
Select * from Win32_Service Where Name = 'Windows_rejoice2008_401'
Select * from Win32_Service Where Name = 'Windows_rejoicehnbc'
Select * from Win32_Service Where Name = 'Windows_service'
Select * from Win32_Service Where Name = 'Windows Service'
Select * from Win32_Service Where Name = 'Windows_SV00LAS'
Select * from Win32_Service Where Name = 'Windows_Systen32'
Select * from Win32_Service Where Name = 'Windows_tops520'
Select * from Win32_Service Where Name = 'Windows Tracking'
Select * from Win32_Service Where Name = 'windows_xp_sp3'
Select * from Win32_Service Where Name = 'WinHelp'
Select * from Win32_Service Where Name = 'WinMgCt'
Select * from Win32_Service Where Name = 'WinNetwork'
Select * from Win32_Service Where Name = 'WinPurger'
Select * from Win32_Service Where Name = 'Work Servers'
Select * from Win32_Service Where Name = 'wuauserv'
Select * from Win32_Service Where Name = 'WXPS'
Select * from Win32_Service Where Name = 'xud042'
Select .ico Or .cur Files Only
SeRestorePrivilege
"Serial_Access_Num"=dword:00000004
"Serial_Access_Num"=dword:00000008
"Serial_Access_Num"=dword:0000000e
serinit.exe,
\serivces.exe
\serivces.exe 
\_Server101.exe
Server101.exe
Server101.exe Worm.Win32.AutoRun.edp
\server.exe
\server.exe 
server.exe
\_Server.exe
\_Server.exe 
\Server.exe
\Server.exe 
server.exe Backdoor.Win32.Huigezi
\serverhelp.dll
\serverhelp.dll 
\servers.ini
\servers.ini 
\serveter.exe
\serveter.exe 
serveter.exe Trojan.DL.Multi.wig
\servet.exe
\servet.exe 
\servet.exe  
servet.exe Trojan.DL.Delf.ygk
servet.exe Trojan.DL.Delf.ygk 
Service
@="Service"
Service = 
ServiceDll
\service.exe
\service.exe 
service.exe
service.exe;bsr.exe;dllh0st.exe;windows.exe;folder.htt;desktop.ini;Recycled\Driveinfo.exe;Recycled\Driveinfo.sdc;Recycled\voinfo.dll;
\services.exe
\services.exe 
\services.exe  
services.exe
services.exe Backdoor.Agent.amb  
services.exe;driver.exe;Recycled\Autorun.dll;Recycled\xzb\#HIT#^^^(W-H-Y).log;xzb\#HIT#^^^(W-H-Y).log;xzb\Autorun.inf;sos.exe;snow.exe;msdumprep.exe;MicrSoft.exe;bl.exe;in.com;Music.exe;Win.vbe;Win.bat;Recycled\rundll32.exe;SP00.exe;rejoice91.exe;svchst.exe;driver.exe;smss.exe;uniqq.exe;
services.exe Trojan-Spy.Win32.Jiospy.c 
services.exe Trojan-Spy.Win32.Jiospy.c  
services.exe Win32.Hack.Agent.44620 
services.exe Win32.Hack.Agent.44620  
\_servieces.exe
\servtie.exe
\servtie.exe 
servtie.exe Trojan.Dwonloader 
\session.exe
\session.exe 
\session.exe  
\session.exe   
SetExpandedStringValue
\setup.exe
\setup.exe 
setup.exe
setup.exe,
setup.exe Win32.Joke.Rob.a.370688
setup.exe Win32.Joke.Rob.a.370688 
setup.exe Worm.Small.r.10469
setup.exe Worm.Small.r.10469 
setup.exe Worm.Small.r.16896 
setup.exe Worm.VB.akr
setup.exe Worm.VB.akr  
SetUp.pif
setup.pif Trojan.DL.Sbwy.g
setup.pif Trojan.DL.Sbwy.g 
setup.pif Trojan.DL.Small.plm
SetUp.pif Trojan-Downloader.Win32.Agent.awc
setup.pif Worm.Kendy.a
setup.pif Worm.Kendy.a 
\setuprs1.pif
\setuprs1.pif 
\setuprs1.pif  
\_setv.exe
\_setv.exe 
setv.exe
setv.exe Win32.Hack.Hugezi.738816
setv.exe Win32.Hack.Hugezi.738816 
SetWindowLongA
\sevchost.exe
\sevchost.exe 
\sevchost.exe  
\severe.exe
\severe.exe 
severe.exe
\sevlog.log
\s.exe
\s.exe 
s.exe
s.EXE
s.exe Worm.Win32.Baby2008.j
SexGame.exe
SexIE.exe Trojan.Mnless.kol
SFF.exe
\SFlower.dll
Shape
\Shdocvw.dll
\she.exe
she.exe
she.exe;win.exe;oso.exe;
Shell
shell32.dll
\Shell32.dll
shell.exe
shellexecute
shell.exe Trojan.Autorun.Unknown
\shellext\svchost.exe
-ShellHwDetection
,ShellHwDetection
shell\open\command
shell\open\Command
shellrun
shell\verb1\command
ShowFocusRect
ShowSuperHidden
\ShuiNiu.exe
ShuiNiu.exe Virus.Win32.Autorun.23155
\siss.exe
\siss.exe 
\siss.exe  
Six.exe Worm.Win32.FlyStudio.c
SiZhu
\SiZhu.exe
SiZhu.exe
SiZhu.exe Trojan.DL.Win32.Mnless.ane
sjymie
*.sk
sky.exe virus.Win32.VB.cm
sky.exe virus.Win32.VB.cm  
sleep 1000
\sleep.exe
sleep.exe
\sleep.vbe
\sleep.vbe 
\slpoov.exe
\smartdrv.exe
\smartdrv.exe 
Smartdrv.exe
\smfelf.dll
\smserv.exe
smserv.exe
smserv.exe Trojan-Downloader.Win32.VB.cfs
\smss.dll
\smss.dll 
\smss.exe
smss.exe
smss.exe Worm.Win32.VB.yww
\smsss.exe
\smsss.exe 
\Snav\Snav.dll
snow.exe
snow.exe Virus.Win32.AutoRun.wv
\snowfall.exe
\snownClean.exe
snown.exe
snown.exe Trojan.Win32.Agent.bpm
\snss.exe
snss.exe
snss.exe Worm.Win32.Mobler.g
\SocksA.exe
\SocksA.exe  
\SocksA.exe   
Soft
SOFTWARE
SOFTWARE\Classes\batfile\shell\open\command
SOFTWARE\Classes\chm.file\shell\open\command
SOFTWARE\Classes\cmdfile\shell\open\command
SOFTWARE\Classes\hlpfile\shell\open\command
SOFTWARE\Classes\inffile\shell\open\command
SOFTWARE\Classes\inifile\shell\open\command
SOFTWARE\Classes\regfile\shell\open\command
SOFTWARE\Classes\txtfile\shell\open\command
SOFTWARE\Microsoft\Active Setup\Installed Components
Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
SOFTWARE\Microsoft\Active Setup\Installed Components\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}
SOFTWARE\Microsoft\Command Processor
SOFTWARE\Microsoft\DsNiu
Software\Microsoft\Internet Explorer\Main
Software\Microsoft\Internet Explorer\MenuExt\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\explore
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25864158-329E-434B-B24F-3DA6F300D41B}
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RUN
Software\Microsoft\Windows\CurrentVersion\Policies\system
Software\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\Currentversion\Run
Software\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SiZhu.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows NT\CurrentVersion\Windows
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxnet
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msinflogon
Software\Policies\Microsoft\Internet Explorer\ControlPanel
SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
SOFTWARE\Tencent\QQ
Software\Usbcleaner
Software\VB and VBA Program Settings\ShitMaker\Info
SoLa\
SOLA.Bat(
Sola.bat Worm.Script.BAT.Agent.e
\SolaCleaner.exe
\SolaCleaner.exee
Sola(Devourer)
sola\Function.dll
SoLa\sleep.exe
sola\sola.bat
SoLa\sola.bat
SoLa\Tasks.xxx
\sola.vbs
\SOLA.VBS
soleboy
\soleboy.exe
soleboy.exe
soleboy.exe Worm.Win32.AutoRun.ddw
\soleboy.txt
\sol.exe
\sol.exe 
\sol.EXE
sos.exe
sos.exe;snow.exe;system32.dll;msdumprep.exe;MicrSoft.exe;bl.exe;in.com;Music.exe;Win.vbe;Win.bat;Recycled\rundll32.exe;SP00.exe;rejoice91.exe;svchst.exe;driver.exe;smss.exe;uniqq.exe;
sos.exe Virus.Win32.Autorun.27929
Sound drv
SoundMam
\SOUNDMAN.EXE
\SOUNDMANS.EXE
SoundMax
\soundmix.exe
\soundmix.exe 
\soundmix.exe  
SoundsMan
\soversie.exe
\soversie.exe 
soversie.exe BackDoor.Pigeon.1604
soversie.exe BackDoor.Pigeon.1604 
\SP00.exe
Special 
\sploov.exe
\sploov.exe 
\sploov.exe.lnk
\spoollist.txt
\spoolsv.exe
spoolsv.exe
\sr1000r.dll
\sr1000r.dll 
SSDPDiscovb
\SSDPDiscovv.exe
SSDPDiscovv.exe
SSDPDiscovv.exe IRC-Worm.Win32.Delf.as
SSDPDiscovv.exe IRC-Worm.Win32.Delf.asl
\sserver.exe
sserver.exe
sss.exe
sss.exe Trojan.DL.Multi.wf
\sssurl.dll
\SSVICHOSST.exe
SSVICHOSST.exe
SSVICHOSST.exe IM-Worm.Win32.Sohanad.t
@="Standard floppy disk controller"
Start Menu
\Start Menu\Flash Games.exe
\Start Menu\Flash Games.exe 
\Start Menu\Programs\Startup\(Empty).empty
\Start Menu\Programs\Startup\(Empty).empty 
Start Page
start reg.exe import C:\fix.reg
start reg import C:\fix.reg
Startup
\startup.bat
startup.bat
startup.bat Worm.Win32.VB.de
startup.exe
\startup.pif
\startup.pif 
stfwol
stNP.vbs
stNP.vbs Worm.VBS.Agent.c
StopService
"StoresServiceClassInfo"=dword:00000000
StringFileInfo
strreverse
style
Style
suchost.exe
\sucka.dll
sunny.exe Trojan.DL.Sunni.a
SuperHidden
"SupportedNameSpace"=dword:0000000c
"SupportedNameSpace"=dword:0000000f
"SupportedNameSpace"=dword:00000020
Suspcious
\_SV00LAS.EXE
SV00LAS.EXE
SV00LAS.EXE Backdoor.Win32.RWX.kz
\s.vbe
s.vbe
svch0st
\svch0st.exe
svch0st.exe
\SVCH0ST.exe
\SVCH0ST.exe 
\SVCH0ST.EXe
\SVCH0ST.EXE
\SVCH0ST.EXE 
SVCH0ST.EXE Backdoor.Agent.ibv 
SVCH0ST.exe Trojan.vb.vuy 
SVCH0ST.exe Trojan.vb.vuy  
SVCH0ST.EXE;windowsupdate.log;RECYCIER\system.exe;SWCHOST.EXE;
svch0st.exe Worm.Win32.AutoRun.djk
\_svchcst.exe
\svchcst.exe
svchcst.exe
svchcst.exe Backdoor.Win32.ShangXing.c
SVCH.exe Virus.Win32.Autorun.192571
\svchos1.exe
\svchos2.exe
svchosi
\svchosi.exe
svchosi.exe;360360.exe;zhuruqi.exe;svchos1.exe;svchos2.exe
svchosL.exe
svchost
svchost.bat
\svchost.com
svchost.com
svchost.com Win32.Troj.QQPass.ls.36864
SVCHOST.com Worm.Win32.Agent.imo
SVCHOST.com Worm.Win32.Agent.imo 
\svchost.dat
\svchost.dat 
\svchost.exe
\svchost.exe 
\svchost.exe  
svchost.exe
\SVCHOST.EXE
\SVCHOST.EXE 
\SVCHOST.EXE  
svchost.exe Trojan.Autoruner.Unknown
svchost.exe Trojan.DL.Win32.Agent.ec
svchost.exe Virus.Win32.Autorun.UnKnown
svchost.exe Worm.VB.ny
svchost.exe Worm.VB.ny 
\SVCHOST.INI
\_svchst.exe
\svchst.exe
svchst.exe
svchst.exe Virus.Win32.Autorun.611840
\Svervices.exe
\Svervices.exe 
\Svervices.exe  
Svervices.exe Trojan.DL.Inject.acb
\svfhost.exe
svfhost.exe
svfhost.exe P2P-Worm.Win32.Agent.am
\SVIQ.EXE
\SVKP.sys
SVKP.SYS,
SVOHOST
\svohost.exe
\svohost.exe 
\svohost.exe  
\SVOHOST.exe
SVOHOST.exe
\svohst.exe
\svohst.exe 
\_svrhost.exe
svrhost.exe
svrhost.exe Backdoor.Win32.Gpigeon.dks
\SVSH0ST.EXE
\SVSH0ST.EXE 
\SWCHOST.exe
\SWCHOST.exe 
\SWCHOST.EXE
SWCHOST.EXE
SWCHOST.exe Virus.Win32.VB.dn 
SWCHOST.exe Virus.Win32.VB.dn  
Switbhing Co
\Switbhing Co.exe
Switbhing Co.exe
Switbhing Co.exe Trojan-Downloader.Win32.Delf.ffr
\_sxhnbc.exe
sxhnbc.exe
sxhnbc.exe Backdoor.Win32.Hupigon.691200
\_SxingDel.bat
sxqphika.exe Worm.Win32.AvKiller.bpv
sxs2
sxs2.exe Worm.DLTank.a
sxs2.exe(Worm.Pabug.bz)
sxs2(Trojan.DL.Pabug.a)
sxs3.exe Worm.Win32.AutoRun.dbg
SXS(cjston.exe) Win32.troj.pwsqq.ge.39979
sxs(eoymry.exe) Trojan.PSW.QQRobber.afb
\sxs.exe
\sxs.exe 
sxs.exe
SXS.exe Backdoor.BlackHole.2005.gf 
SXS.exe Backdoor.BlackHole.2005.gf  
sxs.exe Backdoor.BlackHole.2006.a
Sxs.exe Backdoor.Win32.BlackHole.j
Sxs.exe Backdoor.Win32.BlackHole.j 
sxs.exe she.exe Trojan.PSW.QQRobber.Gen,
sxs.exe she.exeTrojan.PSW.QQRobber.Gen
sxs.exe Trojan.PSW.QQPass.37725
sxs.exe Trojan.PSW.QQPass.rdw
sxs.exe Trojan.PSW.QQPass.rdw  
sxs.exe Trojan.PSW.QQPass.rff 
sxs.exe Trojan.PSW.QQPass.rff  
sxs.exe Virus.Win32.Autorun.37584
sxs.exe Worm.Agent.vkb.vttm
sxs.exe Worm.Pabug.ao 
sxs.exe Worm.Pabug.ao  
SXS.exe Worm.Pabug.bb
SXS.exe Worm.Pabug.bb 
SXS(hwbfbp.exe) Trojan.PSW.QQpass.qrh
sxs(jhvjln.exe) Trojan.PSW.QQPass.rdw
sxs(jvmlts.exe) Worm.pabug.ao
SXS(jxoirv.exe) Win32.troj.pwsqq.ge.39979
SXS(wvhsjq.exe) worm.pabug.az
sxs(yudtpl.exe) worm.pabug.bd
\sycacom.exe
\sycacom.exe 
\sycacom.exe  
\symdebugs.exe
\_syn0801.exe
\_syn0801.exe 
syn0801.exe
syn0801.exe Backdoor.Win32.Hupigon.evc
*.sys
sys 
\SysAdsnwt.dll
Sysauto.exe
Sysauto.exe Trojan.PSW.QQPass.GetUserTemp
Sysauto.exe Trojan.PSW.QQPass.tmp
sysboot.scr
sysboot.scr Virus.Win32.AutoRun.qg
\syscaches.exe
\syscaches.exe 
syscaches.exe
\_syscheck.exe
\syscheck.exe
syscheck.exe
syscheck.exe Worm.Win32.AutoRun.437305
\sysclient.exe
\sysclient.exe 
\sysclient.exe  
\SYSCONFIG.EXE
\SYSCONFIG.EXE 
SYSCONFIG.EXE
\SysControl.cfg
\sys.exe
\sys.exe 
\sys.exe  
sys.exe
sys.exe Trojan.Agent.h 
sys.exe Virus.Win32.AutoRun.fe
sys.exe Virus.Win32.AutoRun.fe 
SysFile.exe
\syshost.exe
\syshost.exe 
SysInfo2.Dll
\sysinfo.dll
sysinfo.dll
\SysInfo.Dll
\sysinfo.dlt
sysinfo.dlt
\SysInfo.reg
\sysload2.exe
\sysload2.exe 
\syslogn.exe
\syslogn.exe 
\syslogn.exe  
syslogn.exe
\Sysnote.exe
\Sysnote.exe 
\Sysnote.exe  
Sysnote.exe Trojan.Sysnote.a
\sysos.exe
\sysos.exe 
\sysos.exe  
\syspro.txt
\SysReBuild.exe
\SysReBuild.exe 
\SysSafe.exe
\SysSafe.exe 
\SysSafe.exe  
SysSafe.exe
SysSafe.exe Worm.VB.ahq
SysSafe.exe Worm.VB.ahq 
SysSafe.exe Worm.Win32.Agent.acf
\syssetup.exe
\syssetup.exe 
syssetup.exe
syssetup.exe;boot.exe;svchost.exe;[
syssetup.exe Worm.VB.alg 
\SysSun1\Ghook.dll
\SysSun1\Ghook.dll 
\SysSun1\Ghook.dll  
\SysSun1\svchost.exe
\SysSun1\svchost.exe 
\SysSun1\svchost.exe  
system
System
@="System"
\system2009.exe
system2009.exe
system2009.exe Worm.Win32.AutoRun.dmk
\system\2.bat
\System32
SYSTEM32
\_System32.dat
\System32.dat
System32.dat
\System32\database.exe
System32.dat Backdoor.Win32.Hupigon.642048
\system32.dll
system32.dll
\system32.exe
\system32.exe 
\system32\Rose.exe
\System32\WinInet.ocx
\system\autorun.inf
\system\AUTORUN.INF
\system\conime.exe
\system\conime.exe 
\system\conime.exe  
SYSTEM\CurrentControlSet\Control\Session Manager
SYSTEM\CurrentControlSet\Enum\USB
SYSTEM\CurrentControlSet\Enum\USB\
SYSTEM\CurrentControlSet\Enum\USBSTOR
SYSTEM\CurrentControlSet\Enum\USBSTOR\
SYSTEM\CurrentControlSet\Services
SYSTEM\CurrentControlSet\Services\4LLI
SYSTEM\CurrentControlSet\Services\6to4
SYSTEM\CurrentControlSet\Services\Alertrer
SYSTEM\CurrentControlSet\Services\BITS\Parameters
SYSTEM\CurrentControlSet\Services\CiSvc
SYSTEM\CurrentControlSet\Services\coco
SYSTEM\CurrentControlSet\Services\CSNetManagerXp
SYSTEM\CurrentControlSet\Services\Messenger Services
SYSTEM\CurrentControlSet\Services\Microsoft Office
SYSTEM\CurrentControlSet\Services\NetService
SYSTEM\CurrentControlSet\Services\Prstgressep
SYSTEM\CurrentControlSet\Services\QQ2007I
SYSTEM\CurrentControlSet\Services\Secondary Logons
SYSTEM\CurrentControlSet\Services\security
SYSTEM\CurrentControlSet\Services\svrhost
SYSTEM\CurrentControlSet\Services\ttplay
SYSTEM\CurrentControlSet\Services\Windows_kingboxe
SYSTEM\CurrentControlSet\Services\Windows_rejoice2008_40105
SYSTEM\CurrentControlSet\Services\Windows_rejoice2009
SYSTEM\CurrentControlSet\Services\Windows_rejoice47
SYSTEM\CurrentControlSet\Services\Windows_svchost
SYSTEM\CurrentControlSet\Services\Windows_XP
SYSTEM\CurrentControlSet\Services\WMPCenter
\systemdate.ini
\systemdate.ini 
\systemdate.ini  
\systemdate.ini   
system.dll
system.dll Trojan.Win32.KillAV.auc
systemdrive
SystemDrive
System drv
\_system.exe
\system.exe
\system.exe 
\system.exe  
\system.exe   
system.exe
\System.exe
System.exe
system.exe Backdoor.VB.pvo
system.exe Dropper.Gpigeon.fc
system.exe Virus.Win32.Autorun.526336
system.exe Virus.Win32.Autorun.606720
System.exe Worm.Win32.Autorun.16384
system.exe Worm.win32.Autorun.32768
\system\explorer.exe
\system\explorer.exe 
\system\Explorer.exe
\system\Flash Player.exe
\system\Flash Player.exe 
\systeminit.exe
\systeminit.exe 
\system\loadms.exe
\system\loadms.exe 
\system\loadms.exe  
\system\loadmsnt.exe
\system\loadmsnt.exe 
\system\loadmsnt.exe  
\system.log
\system\mainsv.exe
\system\mainsv.exe 
\system\mainsv.exe  
\Systemm.exe
\Systemm.exe 
\Systemm.exe  
\system\msdumprep.exe
\system\MSMOUSE.DLL
\system\MSMOUSE.DLL 
\system\MSWINSCK.OCX
\system\ntdllf.exe
\system\ntdllf.exe 
\system\ntdllf.exe  
\system\ntdllfnt.exe
\system\ntdllfnt.exe 
\system\ntdllfnt.exe  
\systemnt.exe
system.pif
System.pif Virus.Bat.Autorun.g
system.reg
%SystemRoot%\system32\NOTEPAD.EXE %1
%SystemRoot%\System32\NOTEPAD.EXE %1
%SystemRoot%\System32\shell32.dll,2
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
%SystemRoot%\system32\winhlp32.exe %1
%SystemRoot%\System32\winhlp32.exe %1
%SystemRoot%\system32\WScript.exe "%1" %*
\system\S-1-5-21-1214440339.exe
\system\S-1-5-21-1214440339.exe 
\system\services.exe
\system\services.exe 
\system\SERVICES.EXE
\system\soundmno.exe
\system\svchost.exe
\system\svchost.exe 
\system\svchost.exe  
\system\svchost.exe   
\system\_sv_CMD_\_U_.exe
\system\_sv_CMD_\_U_.exe 
\system\_sv_CMD_\_U_.exe  
\system\_sv_CMD_\U.exe
\system\_sv_CMD_\U.exe 
\system\_sv_CMD_\U.exe  
\system\SYSANALYSIS.EXE
\system\SYSTEM32.vxd
\system\SYSTEM32.vxd 
\system\SYSTEM32.vxd  
\system\SYSTEM32.vxd   
\system\system.pif
system.vbs
system.vbs Trojan.Script.VBS.UnDef.e
\Systom.exe
systray.exe
\sysurl.dll
SysWin32.exe
SysWin32.exe Virus.Win32.Autorun.69296
\Syswm7\Ghook.dll
\Syswm7\Ghook.dll 
\Syswm7\Ghook.dll  
\Syswm7\svchost.exe
\Syswm7\svchost.exe 
\Syswm7\svchost.exe  
\Syswm7\Syswm7\Ghook.dll
\syurl.dll
\SYwtc.exe
{TAB}
+{TAB}
Tahoma
\taipingtianguo.exe
taipingtianguo.exe
taipingtianguo.exe Virus.Win32.Autorun.Unknown
\taipingtianguov1.1.exe
taipingtianguov1.1.exe;seacon.exe;QDAutoUpdate.exe;sbl.exe;sb.exe;ah.exe;GHO.exe;up.vbe.exe;Windows.scr;daxian.exe;SFF.exe;sysboot.scr;inituser.exe;Internet\
taipingtianguov1.1.exe Virus.Autorun.cs
\taipingtime_flag.txt
\taipingtime.txt
taisha.vbe
\Taskeep.vbs
\taskmgr.exe
\taskmgr.exe 
taskmgr.exe
\Taskmgr.exe
\taskmgr.vbs
\taskmonitor.exe
\Tasks\
\Tasks\0x01xx8p.exe
\Tasks\At1.job
\Tasks\At1.Job
\Tasks\At1.JOB
\Tasks\csrss.exe
\Tasks\GetSystemPath.exe
\Tasks\hackshen.vbs
\Tasks\logtracker.job
\Tasks\My App.job
\Tasks\osa9.exe
\Tasks\sa.dat
\Tasks\spoolsv.exe
\Tasks\SysFile.brk
\Tasks\Tasks.job
\Tasks\wsock32.dll
\tavo0.dll
\tavo0.dll & su3
\tavo.exe
'tavo.exe Virus.Win32.Autorun.111604
tavo.exe Virus.Win32.Autorun.111604
TBMExe
TBMonEx
tcmebr
tekkdv
TELMET
\TELMET.EXE
TELMET.EXE
tel.xls.exe
tel.xls.exe Trojan.VB.vtj
tel.xls.exe Worm.VB.lv
tem 
\$temp$
Temp
\temp1.exe
\temp1.exe 
\temp1.exe  
\temp2.exe
\temp2.exe 
\temp2.exe  
\temp3.exe 
TempCom
\Temp\delay.vbs
\Templates\system.vbs
\tenbatsu.vbs
\Tencent\qqupdate.exe
Terminate
\test.dll
\TestDll.dll
test.exe
test.exe Virus.Win32.Autorun.21697
\test.log
\test.scr
teuyen
\teuyen.dll
\teuyen.dll 
\teuyen.exe
\teuyen.exe 
teuyen.exe
text
Text
TextAlignment
TextColor
texteffect
TextEffect
texteffectcolor
TextEffectColor
textfont
TextFont
TextForeColor
\text.log
"Text"="@shell32.dll,-30499"
"Text"="@shell32.dll,-30500"
"Text"="@shell32.dll,-30501"
textstyle
TextStyle
tfidma
\tfidma.dll
\tfidma.dll 
\tfidma.exe
\tfidma.exe 
tfidma.exe
\_tfmon.exe
tgejsy
\tgejsy.dll
\tgejsy.dll 
\tgejsy.exe
\tgejsy.exe 
tgejsy.exe
thank_you
The focus rectangle may appear on default buttons ONLY while in design mode, 
theme
Theme
The Module doesn't exist!
\THERE R SO MANY VIRUSES EYERY DAY!.txt
This property is not applicable for command button modes.
Thumbs.dn
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\MSVBVM60.DLL
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\STDOLE2.TLB
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.EXE
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.sys
Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\VB6.OLB
Thumbs.dn\desktop.ini
Thumbs.dn Trojan.Agent.akp 
Thumbs.dn Trojan.Agent.akp  
Thumbs.exe
Thumbs.exe Virus.Win32.Autorun.114688
Thumbs.lnk
Thumbs.lnk Backdoor.Win32.Agent.fpe
Thumbs.lnk,GetPic
\TIANLAI.dll
Time
TimeCorrect
\_time.exe
\_time.exe 
\_Time.exe
Time.exe Backdoor.Huigezi.evi.zngf
Timer
\TIMPlatform.exe
\TIMPlatform.exe 
TLB 
\tl.sys
\*.tmp
TnT.exe
TNT.exe Virus.Win32.Autorun.13312
TOMLKHGFEl
tool.exe Trojan.DL.Infect.uu 
tool.exe Trojan.DL.Infect.uu  
tool.exe Trojan.DL.Infect.VV
tool.exe Trojan.DL.Infect.VV 
tool.exe Trojan.Hider.ve
tool.exe Trojan.Hider.ve 
toy.exe(
toy.exe;copy.exe;host.exe;temp1.exe;temp2.exe;RECYCLER\info.exe;RECYCLER\u.exe;sxs2.exe;msinfmgr.exe;wsctf.exe;
TrackMouseEvent
_TrackMouseEvent
\Transfer Sebvice.exe
Transfer Sebvice.exe
Transfer Sebvice.exe Worm.Win32.Delf.el
Translation
Trojan.Agent.afz
Trojan.Agent.akp
Trojan.Agent.Autorun
Trojan.Agent.h
Trojan.Agent.xkt
Trojan.Agent.xty
Trojan.Autoruner.Unknown
Trojan.Autorun.unknown
Trojan.Autorun.Unknown
Trojan.BAT.Autorun.a
Trojan.Clicker.Agent.bji
Trojan.Clicker.PopHot.Gen
Trojan.Crypt.NSAnti.Gen
Trojan.Delf.rsd
Trojan.Delf.rur
Trojan.Delf.rur 
) Trojan.DL.adload
Trojan.DL.adload
Trojan.DL.Adload.alx
Trojan.DL.Agent.bff
Trojan.DL.Agent.blr
Trojan.DL.Agent.ckl
) Trojan.DL.Agent.dao
Trojan.DL.Agent.dao
Trojan.DL.Agent.npt
Trojan.DL.Autorun
Trojan.DL.Aytorun
Trojan.DL.Delf.xtk
Trojan.DL.Delf.ygk
Trojan.DL.Direct.ge
Trojan.DL.Infect.uu
Trojan.DL.Infect.uu 
Trojan.DL.Infect.VV
Trojan.DL.Inject.acb
Trojan.DL.Inject.wl
Trojan.DL.Inject.yw
Trojan.DL.MnLess.anq
Trojan.DL.Mnless.hr
Trojan.DL.Multi.wf
Trojan.DL.Multi.wig
Trojan.DL.Pabug.a
Trojan.DL.Sbwy.g
Trojan.DL.Small.plm
Trojan.DL.Sunni.a
Trojan.DL.Tiny.hkw
Trojan.DL.VB.etz
Trojan.DL.VB.exn
Trojan.DL.VB.ncb
Trojan.DL.VB.nua
Trojan.DL.VBS.Small.w
Trojan.DL.Win32.Agent.ec
Trojan.DL.Win32.Mnless.ane
Trojan.downloader
Trojan.Downloader
Trojan-Downloader.Win32.Agent.awc
Trojan-Downloader.Win32.Agent.bsc
Trojan-Downloader.Win32.Agent.csc
Trojan-Downloader.Win32.Agent.etw
Trojan-Downloader.Win32.Delf.azm
Trojan-Downloader.Win32.Delf.ffr
Trojan-Downloader.Win32.Small.eor 
Trojan-Downloader.Win32.VB.axe
Trojan-Downloader.Win32.VB.ayt
Trojan-Downloader.Win32.VB.cfs
Trojan-Dropper.Ms-User.gen
Trojan-Dropper.Win32.VB.rj
Trojan-Dropper.Win32.VBS.p
Trojan.Dwonloader
Trojan.exe.Autorun.a
Trojan-GameThief.Win32.Magania.agvs
Trojan.Graypigeon
Trojan.Hider.ve
Trojan.ini.Autorun.a
Trojan.Kangen.a
Trojan.Mnless
Trojan.Mnless.gen
Trojan.Mnless.gen 
Trojan.Mnless.kol
Trojan.Mnless.krf
Trojan.Mnless.ltu
Trojan.Peed.Gen
Trojan.PSW
Trojan.PSW.OnlineGames
Trojan.PSW.QQPass.37725
Trojan.PSW.QQpass.38126
Trojan.PSW.QQPass.38136
Trojan.PSW.QQpass.38143
Trojan.PSW.QQpass.38144
Trojan.PSW.QQpass.38382
Trojan.PSW.QQpass.38506
Trojan.PSW.QQpass.38528
Trojan.PSW.QQPass.38528
Trojan.PSW.QQpass.48436
Trojan.PSW.QQpass.48437
Trojan.PSW.QQPass.52851
Trojan.PSW.QQPass.53362
Trojan.PSW.QQPass.96879
Trojan.PSW.QQPass.96895
Trojan.PSW.QQPass.96896
Trojan.PSW.QQPass.96899
Trojan.PSW.QQpass.qrh
Trojan.PSW.QQPass.rdr
Trojan.PSW.QQPass.rdw
Trojan.PSW.QQPass.rff 
Trojan.PSW.QQpass.rmb
Trojan.PSW.QQPass.tmp
Trojan.PSW.QQRobber.afb
Trojan.PSW.QQRobber.Gen
Trojan.PSW.Sboy.f
Trojan.PSW.Sdboy
Trojan.PSW.Win32.Agent.mk
Trojan-PSW.Win32.OnLineGames
Trojan-PSW.Win32.OnLineGames.dor
Trojan.PSW.Win32.OnlineGames.gen
Trojan.PWS.QQPass.rlx
Trojan.QQMSG.MsgSender.hn
Trojan.Script.VBS.UnDef.e
Trojan.Small.jfi
Trojan.Spy.Agent.akn
Trojan.Spy.Rivak.a
Trojan-Spy.Win32.Agent.pn
Trojan-Spy.Win32.Delf.by
Trojan-Spy.Win32.Delf.uy
Trojan-Spy.Win32.Jiospy.c
Trojan-Spy.Win32.VB.mn
Trojan.Sysnote.a
Trojan.VB.ug
Trojan.VB.vta
Trojan.VB.vtb
Trojan.VB.vtj
Trojan.vb.vuy
Trojan.VB.vvu
Trojan.VB.vwp
Trojan.VB.wgt
Trojan.VB.wio
Trojan.VB.wpd
Trojan.Win32.Agent.ai
Trojan.Win32.Agent.bpm
Trojan.Win32.Agent.hrt
Trojan.Win32.Delf.afx
Trojan.Win32.Delf.amk
Trojan.Win32.KillAV.auc
Trojan.Win32.Nodef.blu
Trojan.Win32.Nodef.ihw
Trojan.Win32.StartPage.bdv
Trojan.Win32.Undef.dqr
Trojan.Win32.Vaklik.sh
Trojan.Win32.VBCode.p
Trojan.Win32.VB.xaf
Trojan.Win32.VB.xju
Trojan.Win32.VB.zvj
Troj/Autorun.Gen
Troj.Dropper.se.1019261
TrueType Font
\TTPlayer\TTPlayer.exe
\TTPlayer\TTPlayer.exe 
\TTPlayer\TTPlayer.exe  
tubdpn
\tubdpn.dll
\tubdpn.dll 
\tubdpn.exe
\tubdpn.exe 
tubdpn.exe
\twain.dll
\TxHMoU.Exe
\TxoMoU.Exe
.txt
txt 
Txt 
TXT 
txtfile
txtfile\shell\open\command
.txt;iexplore.exe;Macromedia_Setup.exe;ppstream.exe;se51.exe;thanks;RECYCLER\RECYCLER\autorun.exe;
Type
"Type"="group"
"Type"="radio"
U11D ProgressBar
\u.bat
\u.bat 
\u.bat  
u.bat
UCBin
_UCBinFile.bin
UCBinPath
\.uce
ucexxq
\ucexxq.dll
\ucexxq.dll 
\ucexxq.exe
\ucexxq.exe 
ucexxq.exe
uchelp.exe Backdoor.Agent.iku
uchelp.exe Backdoor.Agent.iku 
\UCStore.exe
UCStore.exe is lost!
\uctools.dll
|UCVirBin|
#UCVirBinEnd
\uda-
\uda.a
\uda.a 
\uda.a  
uda.a
\uda.exe
\uda.exe 
\ufdata2000.log
\uha.exe
\uha.exe 
\uhere-01.txt
\uishere-01.txt
\uishere-1.txt
ujrpjk
ul.dll;og.dll;og.edt;spec.fne;RegEx.fne;internet.fne;eAPI.fne;shell.fne;krnln.fnr;dp1.fne;com.run
UnCheckedValue
\uninstall information\
\Uninstall Information\ghjji.exe
\Uninstall Information\ghjji.exe 
\_uniqq.exe
uniqq.exe
uniqq.exe Virus.Win32.Autorun.666112
@="Universal Serial Bus controllers"
Unknown
Unknown 
UnNeeded_Exe
UnNeeded_File
UnNeeded_Rar
UnNeeded_Reg
UnWanted/Lnkfile
un.xls.exe
uoeoxa
Updata.exe Virus.Win32.AutoRun.l
Updata.exe Virus.Win32.AutoRun.l 
UPDATE
update.exe
\Update.exe
\Update.ini
UpHostName
\up.vbe.exe
up.vbe.exe
\upxdnf.dll
\upxdnf.dll 
\upxdnf.exe
\upxdnf.exe 
uqmpyu
\uqmpyu.dll
\uqmpyu.dll 
\uqmpyu.exe
\uqmpyu.exe 
uqmpyu.exe
.url
\url.exe
\url.exe 
\url.exe  
\Urlmon.dll
\urlmon.gjj
.url;ShuiNiu.exe;KAV2007.exe;mianhou.exe;FS6519.dll.vbs;re91.exe;redztk.exe;Mourn_Operator.exe;
 USB
'USB
	USB
USB2.0.exe
USB2.0.exe Trojan.Win32.Delf.amk
'USB2.0.exe Virus.Win32.Autorun.331776
USB2.0.exe Virus.Win32.Autorun.331776
\USB2.exe
\USB2.exe 
\USB2.exe  
usbcleaner
Usbcleaner
,Usbcleaner
USBcleaner
USBCleaner
,USBCleaner
:USBCleaner
USBCLEANER
USBCleaner.exe
USBCLeaner.exe
USBCleaner Main Pro
\USBcleaner\sysinfo\
USBCopyer.exe
USBCopyer.exe Virus.Win32.Autorun.Unknown
USBDeviceInfo.log
USBDeviceInfo.Log
USB Device Information
USB Disk Information
\USBDRIVE.dll
\USBDRIVE.dll 
usb_driver.com Trojan.Win32.Nodef.blu
usb_driver.com;wlupdate.exe
usbdriver.exe Worm.VB.ajg
usbdriver.exe Worm.VB.ajg scardsvr.exe
-USBEjector
-USBEjector	
\USBEjector.exe
USBEjetor is Missing!
USB Mass Storage Device
usbmon
usbmon.exe
USBplice
\USBplice.exe
USBplice.exe
USBplice.exe Worm.Win32.AutoRun.bdf
USBSTOR
useinit
\useinit.exe
useinit.exe
useinit.exe Worm.Win32.Autorun.jot
UseMaskColor
UseMaskCOlor
user32
User32
userinit
\userinit.exe
\userinit.exe,
userinit.exe
userinit.exe,
Userinit.exe,
Username
UserProfile
usrinit.exe
\UTF-8.nls
\UTF-8.nls 
\UTF-8.nls  
uusetup.exe
uusetup.exe Trojan.Win32.Agent.hrt
\u.vbe
\u.vbe 
\u.vbe  
u.vbe
U.vbe Worm.Ouka.2869
U.vbe Worm.Ouka.2869 
V1.0
V1.1
V2.0
value
Value
Value can NOT be higher than Maximum !
Value can NOT be smaller than minimum !
"ValueName"="Hidden"
VarFileInfo
vba5
vba6
\`.vbe
\`.vbe 
\.vbe
\'.vbe
vbe 
*.VBE
`.vbe Virus.Autorun.VBs
`.vbs
.vbs
'.vbs
\`.vbs
\.vbs
.VBS
VBS.Autorun.a
'VBS.Autorun_fansofmicropoint
VBS.Autorun_fansofmicropoint
VBScript Script File
VBSFile
\vbs.reg
vbs.reg
'.vbs Virus.Autorun.KingOfVbs
.vbs Virus.VBS.Autorun.8.0
.vbs Worm.Win32.AutoRun.r
Vector Font
\verclsid.dat
"Version"=dword:00000000
vhynyt
\vhynyt.dll
\vhynyt.dll 
\vhynyt.exe
\vhynyt.exe 
vhynyt.exe
\viewer.exe
viewer.exe
\Viewer.EXE
\Viewer.EXE 
\Viewer.EXE  
Virus.Autorun.cs
Virus.Autorun.KingOfVbs
Virus.Autorun.Unknown
Virus.Autorun.VBs
Virus.Autorun.VBS
) Virus.BAT.Agent.ac
Virus.BAT.Agent.ac
Virus.Bat.Autorun.g
Virus.BAT.Sosiska.a
Virus.VBS.Agent.a
Virus.VBS.Agent.f
Virus.VBS.Autorun.3678
Virus.VBS.Autorun.65536
Virus.VBS.Autorun.8.0
Virus.VBS.AutoRun.ak
Virus.VBS.AutoRun.del
Virus.VBS.Small.a
Virus.Win32.Autorun.111604
Virus.Win32.Autorun.113152
Virus.Win32.Autorun.114688
Virus.Win32.Autorun.119004
Virus.Win32.Autorun.13312
Virus.Win32.Autorun.168032
Virus.Win32.Autorun.177408
Virus.Win32.Autorun.192571
Virus.Win32.AutoRun.208896
Virus.Win32.Autorun.21504
Virus.Win32.Autorun.21697
Virus.Win32.Autorun.23155
Virus.Win32.Autorun.27929
Virus.Win32.Autorun.279990
Virus.Win32.Autorun.28000
Virus.Win32.Autorun.296844
Virus.Win32.Autorun.30129
Virus.Win32.Autorun.31178
Virus.Win32.Autorun.316928
Virus.Win32.Autorun.331776
Virus.Win32.Autorun.33395
Virus.Win32.Autorun.36864
Virus.Win32.Autorun.37584
Virus.Win32.Autorun.392864
Virus.Win32.Autorun.43344
Virus.Win32.Autorun.458723
Virus.Win32.Autorun.46592
Virus.Win32.Autorun.48344
Virus.Win32.Autorun.51200
Virus.Win32.Autorun.526336
Virus.Win32.Autorun.59282
Virus.Win32.Autorun.604160
Virus.Win32.Autorun.606720
Virus.Win32.Autorun.609280
Virus.Win32.Autorun.611840
Virus.Win32.Autorun.630784
Virus.Win32.Autorun.634368
Virus.Win32.Autorun.65536
Virus.Win32.Autorun.656384
Virus.Win32.Autorun.663552
Virus.Win32.Autorun.66560
Virus.Win32.Autorun.666112
Virus.Win32.Autorun.69296
Virus.Win32.AutoRun.ain
Virus.Win32.AutoRun.bs
Virus.Win32.AutoRun.fe
Virus.Win32.AutoRun.fy
Virus.Win32.Autorun.hw
Virus.Win32.Autorun.hx
Virus.Win32.AutoRun.ia
Virus.Win32.Autorun.im
Virus.Win32.AutoRun.l
Virus.Win32.AutoRun.le
Virus.Win32.AutoRun.m
Virus.Win32.AutoRun.mk
Virus.Win32.AutoRun.o
Virus.Win32.AutoRun.qg
Virus.Win32.AutoRun.so
Virus.Win32.AutoRun.sw
Virus.Win32.Autorun.unknown
Virus.Win32.Autorun.Unknown
Virus.Win32.AutoRun.wv
Virus.Win32.AutoRun.xj
Virus.Win32.AutoRun.yo
Virus.Win32.VB.cm
Virus.Win32.VB.dn
Virus.Win32.Win32.183808
\vista.exe
_vity Solutio
\vjpetb.dll
\vjpetb.dll 
\vjpetb.exe
\vjpetb.exe 
vjpetb.exe
vksrwh
\vksrwh.dll
\vksrwh.dll 
\vksrwh.exe
\vksrwh.exe 
vksrwh.exe
\vmiprwse.exe
\vmiprwse.exe 
\vmiprwse.exe  
vmnat.exe
\vmnat.EXE
\vmnet.exe
\Vmnet.EXE
\Vmnet.EXE 
\Vmnet.EXE  
Vmnet.exe Virus.Win32.Autorun.im
VMware NAT Service
\vod_cach.exe
vod_cach.exe
vod_cach.exe Worm.Win32.Autorun.36864
@="Volume"
\VPSM0.dll
\VPSM.dll
VS_VERSION_INFO
\vv.dll
vvmjrh
\vvmjrh.dll
\vvmjrh.dll 
\vvmjrh.exe
\vvmjrh.exe 
vvmjrh.exe
v$vov
vwuqaa
w1017
\W1017.EXe
\W1017.EXE
W1017.EXE
W1017.EXE Worm.Win32.Baby2008.t
\w32sys.exe
\w32sys.exe 
\wauc11.exe
wauc11.exe
\WAUC11.EXE
'wauclt.exe Virus.Win32.Autorun.51200
wauclt.exe Virus.Win32.Autorun.51200
\wausvc.exe
\wausvc.exe 
\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof
\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
\wbem\Logs\mofcomp.log
\wbem\msaro.exe
wdfmgr32
\wdfmgr32.exe
\wdfmgr32.exe 
wdfmgr32.exe
wdfmgr.exe
\Web\sys.exe
\Web\sys.exe 
weiai
\weiai.exe
weiai.exe
weiai.exe Worm.Win32.Autorun.evf
\wfgfui.dll
\wfgfui.dll 
\wfgfui.exe
\wfgfui.exe 
wfgfui.exe
wfgfui.exe Trojan.PSW.QQPass.rdr
When button images are aligned top/bottom center, 
\wim.com
Win32/Aris
Win32.AvKiller.ca
Win32.BMW.l
Win32.Hack.Agent.44620
Win32.Hack.Hugezi.738816
Win32.Hack.Hugezi.864256
Win32.Hack.Hugezi.al.276444
Win32.Hack.Hugezi.cz
Win32.Hack.Unknown.163840
Win32.Hack.vb.520192
Win32.Iuhzu.a
Win32.Joke.Rob.a.370688
Win32.PSWTroj.Wow.dg.73728
Win32.troj.Agent.vb.16967
Win32.Troj.Autorun.bz.557056
Win32.Troj.Autorun.ic.22528
Win32.Troj.DownX.8755
Win32.Troj.DownX.87552
Win32.Troj.Dropper.se.1019261
Win32.Troj.Dropper.se.111756
Win32.Troj.Pcrob.ft.77312
Win32.troj.pwsqq.ge.39979
Win32.Troj.QQPass.ls.36864
Win32.Troj.Small.20480
Win32/VB.NIZ
Win32.Virut.a
\win.bat
win.bat
\winboot.ini
\windata.exe
\windata.exe 
\windata.exe  
Windows
: Windows 2000/NT/XP/2003
\Windows AutoUpdate.lnk
Windowsavp
windows.exe
windows.exe Worm.Mail.Ghost
windows.exe Worm.Mail.Ghost  
windows.exe Worm.Mail.Silly.i
windows.exe Worm.Mail.Silly.i  
\Windows Live\Installer\wlupdate.exe
Windows Live Update
\Windows Media Player\MediaCenter.exe
\Windows Media Player\update.exe
\Windows Media Player\wmpnetwk.exe
windowsmp
\windowsmp.exe
windowsmp.exe;init.exe
Windows Registry Editor Version 5.00
Windows_rejoice
Windows.scr Virus.Win32.Autorun.Unknown
WindowsSystem
\_windowstops.exe
\_windowstops.exe 
\windowstops.exe
\windowstops.exe 
\windowstops.exe  
windowstops.exe Backdoor.Win32.Gpigeon.zgt
windowstops.exe;SVCHOST.com;
\windowsupdata.log
\Windows Update.lnk
\windowsupdate.log
\windowsupdate.log 
\windowsupdete.log
Windows.url
Windows XP
Window Title
\Win.exe
Win.exe
\winform.dll
\winform.dll 
\winform.exe
\winform.exe 
\winform.exe  
\winGetSystemPath_
\winhlep.exe
\winhlep.exe 
\wininfo.exe
\wininfo.exe 
wininfo.exe
\wininit.exe
\wininit.exe 
\WINL0GON.exe
\WINL0GON.exe 
\winlog
\winlog.*
\Winlog0n.exe
\Winlog0n.exe 
Winlog0n.exe
Winlog0n.exe;New Folder.exe;Svervices.exe;Time.exe;re51.exe;Jack.vbs;Main.vbs;`.vbs;`.vbe;autorun.bat;autorun.reg;Updata.exe;Yss.exe;syslogn.exe;ie7.exe;io.pif;note.exe;server.exe;Hide.exe;Vmnet.exe;up.vbe;system.pif;Recycle.exe;taipingtianguov1.1.exe;
Winlog0n.exe;New Folder.exe;Svervices.exe;Time.exe;re51.exe;Jack.vbs;Main.vbs;`.vbs;`.vbe;autorun.bat;autorun.reg;Updata.exe;Yss.exe;syslogn.exe;ie7.exe;io.pif;note.exe;server.exe;Hide.exe;Vmnet.exe;up.vbe;system.pif;Recycle.exe;taipingtianguov1.1.exe;seacon.exe;MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe;RECYCLER\S-1-5-21-796845957-2139871995-839522115-500.exe;
Winlog0n.exe Trojan.Autorun.Unknown
Winlog0n.exe Trojan.Autorun.Unknown 
\winlog.EXE
winlog.EXE Worm.Win32.Autorun.69632
WinLogon
\winlogon.exe
\winlogon.exe 
winlogon.exe
winlogon.exe Trojan.Win32.Agent.ai
\winlog.txt
\WinMgct.exe
\WinMgct.exe 
\WinMgct.exe  
\WinMgCt.exe
WinMgCt.exe Worm.Agent.fk
WinMgCt.exe Worm.Micogo.a
winmgmts:
winmgmts:{impersonationLevel=impersonate}!\\
winmgmts:\\.\root\cimv2
\WinNetwork.exe
\WinNetwork.exe 
\WinPact.exe
Winrar
\Winrar
\WinRAR\winrar.exe
\WinRAR\winrar.exe 
\WinRAR\winrar.exe  
\winscok.dll
\winscok.dll 
\winscok.dll  
\winself.dll
\winsms.exe
winsms.exe
WinSock Lsp
"WinSock_Registry_Version"="2.0"
\winsp.vbs
\WinStar.dlll
\WinStar.dlll 
\WINSTART.BAT
\winsys16_
\winsys.ini
\winsys.ini 
\winsystem.exe
\winsystem.exe 
winsystem.exe Worm/Licum.b
\win.vbe
win.vbe
Win.vbe Worm.Ouka.2869
\Winweb.exe
Winweb.exe AdWare.Win32.Agent.cmd
\WinWord.exe
\WinWord.exe 
\WinWord.exe  
\WINWORD.EXE
\WINWORD.EXE 
\winxp.bmp
Wireless Communication Devices
\wjview32.com
\wjview32.com 
\wmplayer.exe
\wmplayer.exe 
wmplayer.exe
wmplayer.exe Trojan.DL.VB.ncb
wmpnetwk.exe
\wmsfeu.dll
\wnipsvsr.exe
\wnipsvsr.exe 
wokaye.exe Worm.Agent.lx
\word.com
word.com
Word.Document.8
\word.lnk
\work.exe
Worm.Agent.49152
Worm.Agent.81920
)  Worm.Agent.av
Worm.Agent.av
Worm.Agent.fk
Worm.Agent.fw
Worm.Agent.ky
Worm.Agent.lx
Worm.Agent.ob
Worm.Agent.uf
Worm.Agent.VB
Worm.Agent.vkb.vttm
Worm.Agent.we
Worm.Antiu.a
Worm.BAT.CopyRun.a
Worm.Clive.a
Worm.Delf.cv
Worm.diskgen
Worm.diskgen.b
Worm.DLTank.a
Worm.Floder.a
Worm.Fonito.a.16852
Worm.Kendy.a
Worm/Licum.b
Worm.Mail.Ghost
Worm.Mail.Silly.i
Worm.Micogo.a
Worm.Novar
Worm.Ouka.2869
Worm.P2p.Win32.Malas.f
Worm.Pabug.31974
Worm.Pabug.31975
Worm.Pabug.31977
Worm.Pabug.31979
Worm.Pabug.38136
Worm.Pabug.38372
Worm.Pabug.38378
Worm.Pabug.38384
Worm.Pabug.38522
Worm.Pabug.38523
Worm.Pabug.38525
Worm.Pabug.38528
Worm.Pabug.38530
Worm.Pabug.38536
Worm.Pabug.48419
Worm.Pabug.52851
Worm.Pabug.69246
Worm.Pabug.70771
Worm.Pabug.96878
Worm.pabug.ao
Worm.Pabug.ao
worm.pabug.az
Worm.Pabug.bb
worm.pabug.bd
Worm.Pabug.bz
Worm.Pabug.ck
Worm.pabug.gen
Worm.Repka.y
Worm.Script.BAT.Agent
Worm.Script.BAT.Agent.c
Worm.Script.BAT.Agent.e
Worm.Script.JS.Autorun.b
Worm.Script.VBS.7474
Worm.Script.VBS.Autorun.a
Worm.Script.VBS.Autorun.ai
Worm-Script.VBS.Autorun.bc
Worm.Small.ab
Worm.Small.r.10469
Worm.Small.r.16896
Worm.Small.z
Worm.Snake.a
Worm.vb.28672
Worm.VB.acr
Worm.VB.afj
Worm.VB.agj
Worm.VB.ahp
Worm.VB.ahq
 Worm.VB.aig
Worm.VB.aig
Worm.VB.aig 
Worm.VB.aih
Worm.VB.ajg
Worm.VB.akr
Worm.VB.alg
Worm.VB.als
Worm.VB.ane
Worm.VB.he
Worm.VB.hy
Worm.vb.kt.9216
Worm.VB.lv
Worm.VB.ny
Worm.VBS.Agent.b
Worm.VBS.Agent.c
Worm.VBS.Autorun.o
Worm.VBS.Dotop2.a
Worm/VBS.GEN
Worm.VBS.Sasan.d
Worm.VBS.Sowel.a
Worm.Win32.Agent
Worm.Win32.Agent.aag
Worm.Win32.Agent.acf
Worm.Win32.Agent.h
Worm.Win32.Agent.ikm
Worm.Win32.Agent.imo
Worm.Win32.Agent.imy
Worm.Win32.Agent.iot
Worm.Win32.Agent.ui
Worm.Win32.Agent.uv
Worm.Win32.Agent.uz
Worm.Win32.Agent.w
Worm.Win32.Autorun.135168
Worm.Win32.Autorun.16384
Worm.Win32.Autorun.18912
Worm.Win32.Autorun.204800
Worm.Win32.Autorun.24576
Worm.Win32.Autorun.29184
Worm.Win32.Autorun.36864
Worm.Win32.AutoRun.437305
Worm.Win32.AutoRun.459264
Worm.Win32.AutoRun.470528
Worm.Win32.AutoRun.636416
Worm.Win32.Autorun.657920
Worm.Win32.AutoRun.669184
Worm.Win32.Autorun.676864
Worm.Win32.AutoRun.773657
Worm.Win32.Autorun.96768
Worm.Win32.Autorun.aq
Worm.Win32.AutoRun.bdf
Worm.Win32.AutoRun.dau
Worm.Win32.AutoRun.dbg
Worm.Win32.AutoRun.dck
Worm.Win32.AutoRun.dcp
Worm.Win32.AutoRun.dcx
Worm.Win32.AutoRun.ddc
Worm.Win32.AutoRun.ddr
Worm.Win32.AutoRun.ddw
Worm.Win32.AutoRun.del
Worm.Win32.AutoRun.djf
Worm.Win32.AutoRun.djk
Worm.Win32.AutoRun.dmk
Worm.Win32.AutoRun.dnb
Worm.Win32.AutoRun.dos
Worm.Win32.Autorun.duw
Worm.Win32.Autorun.ebr
Worm.Win32.AutoRun.edp
Worm.Win32.Autorun.eis
Worm.Win32.Autorun.evf
Worm.Win32.Autorun.fah
Worm.Win32.Autorun.jot
Worm.Win32.Autorun.jry
Worm.Win32.AutoRun.ld
Worm.Win32.AutoRun.lkl
Worm.Win32.AutoRun.lre Worm.Win32.AutoRun.lre
Worm.Win32.AutoRun.r
Worm.Win32.AutoRun.yx
Worm.Win32.Baby2008.j
Worm.Win32.Baby2008.t
Worm.Win32.CoolMp3.a
Worm.Win32.Delf.bc
Worm.Win32.Delf.el
Worm.Win32.Delf.yus
Worm.Win32.Downloader.fj
Worm.Win32.FakeFolder.36864
Worm.Win32.FlyStudio.c
Worm.Win32.Mobler.g
Worm.Win32.Otwycal.g
Worm.Win32.Pabug.f
Worm.Win32.Small.w
Worm.Win32.VB.de
Worm.Win32.VB.e
Worm.Win32.VB.fw
Worm.Win32.VB.ib
Worm.Win32.VB.yxy
\writU.cmd
\writU.cmd 
\ws2_32.dll
\ws2_32.dll\
ws2_32.dll
ws2_32.dll\
wscript
wscript.exe
Wscript.exe
wscript.shell
WScript.Shell
\wsctf.exe
\wsctf.exe 
\wsctf.exe  
\wsctf.exe   
wsctf.exe;fooool.exe;
\Wservers.exe
\Wservers.exe 
Wservers.exe Trojan.DL.Inject.yw
\Wsm_32\Bingo.exe
\Wsm_32\Bingo.exe 
\Wsm_32\HookDriver.sys
\Wsm_32\HookDriver.sys 
\Wsm_32\MonClient.dll
\Wsm_32\MonClient.dll 
\Wsm_32\sporder.dll
\Wsm_32\sporder.dll 
\Wsm_32\Support.dll
\Wsm_32\Support.dll 
\wsttrs.dll
\wsttrs.dll 
\wsttrs.exe
\wsttrs.exe 
\wsttrs.exe  
\wuauc1t.exe
wuauc1t.exe
\wuauclt.exe
\wuauclt.exe 
wuauclt.exe
\wuauserv.exe
\wuauserv.exe 
\wuauserv.exe  
\wvhsjq.dll
\wvhsjq.dll 
\wvhsjq.exe
\wvhsjq.exe 
\www.msmm.cn
www.usbcleaner.net
\wwwzw.ini
wzkSP.exe(
\xcopy.exe
\xcopy.exe 
\xcopy.exe  
xflwkm
'xiao
Xiaohao.com
Xiaohao.com Worm.Win32.AutoRun.dnb
\xiaoxiao_sls.sls
\xiaoxiao_sls.sls & su2
xinmyp
\xinmyp.dll
\xinmyp.dll 
\xinmyp.exe
\xinmyp.exe 
xinmyp.exe
\XPCode\SexGame.exe
\XPCode\SexGameList.pif
\XPCode\SexScreenSaver.scr
XPContainer
Xp_ProgressBar1
\xsnsvc.exe
\xsnsvc.exe 
\xsnsvc.exe  
\xzb
\xzb\autorun.inf
\xzb\Autorun.inf
\xzb\#HIT#^^^(W-H-Y).log
xzb\#HIT#^^^(W-H-Y).log;xzb\Autorun.inf;sos.exe;snow.exe;system32.dll;msdumprep.exe;MicrSoft.exe;bl.exe;in.com;Music.exe;Win.vbe;Win.bat;Recycled\rundll32.exe;SP00.exe;rejoice91.exe;svchst.exe;driver.exe;smss.exe;uniqq.exe;
\xzb\USBCopyer.exe
\xzb\USBSaver_xzb.exe
\xzb\WHHIT.exe
Yahoo Messengger
yaqsul
ydggot
\ydggot.dll
\ydggot.dll 
\ydggot.exe
\ydggot.exe 
ydggot.exe
Year(Now) & -& Right(0& Month(Now), 2) & -& Day(Now) + .sk;Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.EXE;Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat;Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\*.*;
^yeyty
\yjplqb.dll
\yjplqb.dll 
\yjplqb.exe
\yjplqb.exe 
ylaua.cmd
\yoos.b
\Yss.exe
\Yss.exe 
Yss.exe
Yss.exe Worm.vb.28672
ytynaf
\ytynaf.dll
\ytynaf.dll 
\ytynaf.exe
\ytynaf.exe 
ytynaf.exe
\yudtpl.dll
\yudtpl.dll 
\yudtpl.dll  
\yudtpl.exe
\yudtpl.exe 
\yudtpl.exe  
\zap.a
\_zhanshen.exe
\zhanshen.exe
\zhuruqi.exe
ZJU S-Zone
\ZtPyServ.exe
\ZtPyServ.exe 
ZtPyServ.exe;ntvdm.exe;soversie.exe;kangen.exe;tool.exe;sexie.exe;mp3.exe;pfw.pif;u.vbe;sys.exe;ghost.pif;flashplay.dll;Fatter..\Fatter.txt;
ZtPyServ.exe Worm.Win32.Delf.bc 
ZtPyServ.exe Worm.Win32.Delf.bc  
```___
```______
```_________
```_____________________
~~~~~~
~~~~~~~
~~~~~~~~~
<>>>>><
========
|||___
      
     %%%%%%%%%$,,,,+(+++++,
     %%%%%%%%%%%,$,,,%
    %%% 
    %%%%%%%%%%%
   %%%???
 !"#$%
 !"#$%&
___```
______
______```
_________
_________```
____________
____________```
_______________
__________________
_____________________
________________________
___________________________
______________________________
______}}}
;<=>?@
!!!"""%%%+++///:::
'((^###
"+,:;<=>[]|
(<	-<	&;
(((((((((/
(&&**&
{{{|||
{{{|||~~~
}}}______
}}}}}}
@	,/^`
$%&'()*+,-./
*	*	*	
\\\[[[
&&&	##$
#(((((@
#$%&'()*+,-./
###)))***...+++---:::
---000111
000-#/4444@N
<<<000555
/01234
0123456789:;<
0123456789:;<=
0d)PFD
0QTw7DFc267C*++ 
0R,g0Wlx
0s%t'u#v"w$
&&&'''+++111111///333666:::
***111222
---111...444333444999>>>;;;>>>AAABBB
///111444555:::;;;>>>CCCCCCFFFCCCHHHLLLOOOuuu
%%%*********///111555666
---&&&***'''***111999
#+./112
1.4ia]a
%%$%,165555556=(9<<<<<<;;<=>>>>>?
1.7f7;S.
1CL)(\e
)1()))#GJ<
1h( #CCCCCCC =
2{2{2{
'''///...---222222666888===<<<
>>>---222222666<<<??????EEEDDDfff
222222999777999???===AAACCCGGGJJJJJJNNNMMMRRRlll
===+++222333333777<<<CCCAAADDDKKKOOO
222666;;;<<<@@@===BBBAAAEEEKKKGGGOOORRRQQQTTTXXXhhh
>>>---///222777<<<999???BBBCCCCCCGGGIIIGGGvvv
|"|&|*|.|2|6|:|>|B|
<2t)<,tW<+t\<
3&>1W^^#
333333
?333333
///333444555:::<<<999<<<@@@@@@BBBHHHHHH|||
343-3	3
]';(')`+\3,4.5/
3{7K			K	KKK	EEEEEEEEEEEEE@\a
 $ 3 8 = H M R z 
3Ff}aZ
3q3j3O3H3*3
3RcceWWWWWf
3(soooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooou4*
4444444
???444444:::777999;;;CCC???EEEHHHFFFHHHNNNOOOqqq
444"""!!!AAA
444nHHH
455w###
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
555000888777@@@???CCC
.........---555444999;;;888??????
555555
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
5$7*70767<7
5PPPPP+
5*wqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqy7.Mvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv|8/
5z5j4^4
5zj(	w
///666444<<<<<<>>>AAAFFFHHHOOO
666666y6
666:::>>>===BBBDDDFFFEEEHHHPPPPPPSSSSSSVVVYYYYYY\\\ddd
666R!  
=6/Euka
) 6FD8R;,.
6jnlnun
:_6R Rd
 (6S,f
!-!6!w%N%8)
6ZX_^]
7									
7_6RB}bk
7_6R*Rd
!!!$$$(((+++777
7777777777777777777777777777777777777777777777777777777777777777777777777777
77777`CPOPaaaaYeT[[[[w
777q___O
 ._77_:`a
'7GWgw
7Ocg3=Y
7PPPPP+
%%%%$8
8+,+222228822////>/
888+++,,,......111222555;;;>>>
89:;<=>?
?8|!B'
8D7EDS+TUVXX
8"'dOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOb"(83..........................................................................3
&8D	v-
94uYLTTx=
&97t	*
.97t .9
9999999999999;y
999:::<<<;;;AAAEEECCCDDDFFFJJJLLLLLLSSSQQQSSSWWWWWWggg
9 *\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
&9D+uG&
&9D'w!
&9D)w%@&
&9D+w	
)9IYiy
&9L9s	&
;9LMGlM
;9LMGlMLabel9
9s\TGs
=>><@A
??????????????????????????????????????????????????????????????????????????A
A9/SME;
|||__________________aaa
______aaa
aaa______
"""AAA
aaa555<<<999@@@CCC@@@FFFCCCHHHMMMLLLNNNOOOVVVSSSVVVggg
~~~aaaaaadddeeeiiijjjiiijjjlllqqqtttxxxvvv{{{|||
???AAADDD
AAAHHHJJJLLLLLLPPPRRRSSSRRRVVVXXX___\\\``````ddddddiiijjjooonnntttsssxxxuuu{{{zzz
aaa___www
aaaXXX]]]\\\\\\bbbccceeeffffffhhhkkkmmmooossswwwzzz|||zzz~~~
a````````````````````````````````````````````````````````````````````````````b$
 ;!<"=#>$?%@&A'B(C)D*
]^_`abcde
ABCDEFGH
=>?@ABCDEFGHI
`abcdefghij
>?@ABCDEFGHIJK
&Abort
adaJa+a
addToListView
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
AdjustTokenPrivileges
advapi32
advapi32.dll
Alignment of the button image in relation to the caption and/or button.
A<@@@@@LLLLLLLNM
_allmul
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
AllowedEffects
Allows or prevents a focus rectangle from being displayed. In design mode, this may always be displayed for button set as Default.
 ALL Rights(c)Reserved 2008
All viruses have been deleted,Please restart to run USBCleaner 2.0 in Windows Mode!
A&;L)r
a l t 
And this programme can only be run under in DOS Mode! Update on 2006-12-24 Happy X'mas"
And this programme can only be run under in DOS Mode! Update on 2006-12-29 Happy New Year!
An*|I4
Any Suggestion or advice,Please refer to:
Appearance
;Appearance
Applicable to only check box or option button modes: True or False
ApplyBtn
Arguments
 at address 
aTEhI?4
attrib -h -s -r c:\Windows\java\classes\java.dllx
attrib -h -s -r c:\Windows\system32\drivres\msinfklg.sys
attrib -h -s -r c:\Windows\system32\drivres\msinfomgr.sys
attrib -h -s -r c:\Windows\system32\kernel32.sys
attrib -h -s -r c:\Windows\system32\mfc48.dll
attrib -h -s -r c:\Windows\system32\msinfdll.dll
attrib -h -s -r c:\Windows\system32\msinfmgr.exeN
attrib -h -s -r c:\Winnt\java\classes\java.dll
attrib -h -s -r c:\Winnt\system32\drivres\msinfklg.sys
attrib -h -s -r c:\Winnt\system32\drivres\msinfomgr.sys
attrib -h -s -r c:\Winnt\system32\kernel32.sysr
attrib -h -s -r c:\Winnt\system32\mfc48.dll
attrib -h -s -r c:\Winnt\system32\msinfdll.dllf
attrib -h -s -r c:\Winnt\system32\msinfmgr.exe
attrib -h -s -r D:\autorun.inf
attrib -h -s -r D:\msinfmgr.exe
aX[(WA
:::::::::{{{B
B>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>]
(b1//////////////////////////////////////////////////////////////////////////1SBDk0KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK0R!DQKJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJKN!%
B:4.kvj]
B4PhPwb
b7h,gX[
BackColor
BackDarkColor
BackImg
BackLightColor
Bad file mode
Bad file name
Bad file name or number
Bad record length
Bad record number
___bbb
______bbb
____________bbb
________________________bbb
__________________bbb{{{
}}}______bbb
bbb______
bbb____________
bbb_______________
bbb________________________
;;;BBBAAAGGGGGGJJJMMMMMMNNNNNNUUUXXX[[[]]][[[aaa```bbbeeejjjiiiiiilllmmmsssuuusssxxxzzz|||
}}}}BBBBBBB
;;;BBBCCC
???BBBCCC
_________bbbcccccc______rrr
___bbbffffffmmmnnnlllrrrwwwvvvvvvzzz~~~
bbb___nnn
bbbppp
|||bbbrrr
bbb_____________________rrr
bbb_________uuu
bBefore
b}bfb%b
bbtnBack
bDelay
Behavior
;Behavior
bEnabled
b,g0Wlx
@b	gMQ
bHandled
BitBlt
blFORM1   
blFORM1   n
bluemet
BorderColor
BottomLeftColour
BottomRightColour
*Break*
B;s)/Gs
btnBack
btnCancel
btnCleanAll
btnCleanSel
BtnEject
btnFix
btnLog
btnOther
BtnPick
btnPlu
btnScan
BtnScan
btnUpdate
btnUpload
BTPh\Cd
B&;T,v
Button
Button back color. See also ResetDefaultColors
ButtonShape
ButtonStyle
bValue
+>>/>>>>>>>>>?bwdcdddrrrrrrrr|ooooooov
Bytes free
<<<c&&&
C1hhh1)")
{c^\[\^^_aabddeghijklmnnpqqrttuwwx8EF99I
CallWindowProcA
Cancel
CancelWaitableTimer
Can ensure the hover colors match the caption and back colors. Click for more options.
- cannot open file
- cannot read file
Can't create AutoRedraw image
Can't load or unload this object
Can't show non-modal form when modal form is displayed
Can't unload controls created at design time
Caption
CaptionAlign
CaptionStyle
Cb%wJP
______ccc
____________ccc
ccc___
ccc______
ccc__________________```
===>>>CCC
ccc___bbbeeejjjiiioooppprrrttttttxxxwww|||~~~
 C#CCCC 
!cccccc?f\\\\\\\\ij
>>>===CCCDDDBBBCCCFFFKKKJJJLLLTTTRRRRRRVVVYYY___]]]```iii
___ccceeeiiiiiinnnmmm
cccsssmmmmmm
cccsssrrrhhh
ccc!xxx
_C_FILE_INFO=
ChangeEnable
   ChChhCLLhhh1h
CheckAfterPush
CheckBoxMode
cHeyP{
ChkFile
chkShow
Ch;RJ;
cHs=]Hs>
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
ck8^>f:y
ck8^!j
_ck8^_jhV-N
ck8^xS}
ck8^xS	
ck(Wkb
ck(W/T
ck(W_U
&Close	Alt+F4
&Close	Ctrl+F4
CloseHandle
CloseServiceHandle
clsWaitableTimer
Color of button background when mouse is hovering over it. Affects the HoverLockColors property.
Color of button caption's text when mouse is hovering over it. Affects the HoverLockColors property.
columnText
CombineRgn
Comctl32
Command1
Command1;
Command2
Command2G
Command3
Command3Q
Command button, check box or option button mode
Communication-buffer overflow
comUpdate
Control array element does not exist
- control-BREAK encountered
ControlService
CopyFileA
CopyImage
CopyRect
CoTaskMemFree
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
cRdWdfd
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateEllipticRgn
CreateFileA
CreateFontIndirectA
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRemoteThread
CreateRoundRectRgn
CreateSolidBrush
CreateToolhelp32Snapshot
CreateWaitableTimerA
cShellLink
C=:	TIF
C:\windows\java\classes\java.dll
C:\windows\system32\drivers\msinfklg.sys
C:\windows\system32\drivers\msinfomgr.sys
C:\windows\system32\kernel32.sys
C:\windows\system32\mfc48.dll
C:\windows\system32\msinfdll.dll2
C:\windows\system32\msinfmgr.exeV
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL\3
C:\WINDOWS\system32\stdole2.tlb
C:\winnt\java\classes\java.dll
C:\winnt\system32\drivers\msinfklg.sys|
C:\winnt\system32\drivers\msinfomgr.sys;	
C:\winnt\system32\kernel32.sys
C:\winnt\system32\mfc48.dll
C:\winnt\system32\msinfdll.dll0
C:\winnt\system32\msinfmgr.exeR
{*{/{C{y{
c:y	g!q*g
CYI&"z
c:y`O	g
>>>>>>>>>>>>>?D
D$0QPV
&;D3r:&
D$4QPV
D$4RPV
d5>&@QAN
&;D5rl&
D+&9D/t%&
D+&9D)w
`.data
DataFormat
D:\autorun.inf
`d+-b._H
DblClick
dcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccceV 
%@DCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDA-
D,&+D2
~~~ddd
______ddd
ddd______
ddd__________________
??????DDD
DDDDDDDDDDDDDD>
dddfff
dddhhh
dddiii
ddd______ooo
______ddd______sssuuu______
ddd___uuu
D'&;D)v
DD{y"x
^%(,+,,$`DEEEEEF29TJJJJJKKKKL>>>>>>N@
DefaultCursors
DEFGHIJ
d>e/fsQ
}d^ekklnnopqrsttv
del %0
del %0@echo off
del %0reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 /f
del %0reg delete HKEY_CURRENT_USER\Software\Usbcleaner /f
del %0reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25864158-329E-434B-B24F-3DA6F300D30A}" /f
DelayDrawing
DeleteDC
DeleteFileA
DeleteObject
Description
Designed for:Microsoft Windows 2000/NT/XP/2003/Vista/7
Designed for:Windows 2000/NT/XP/2003/Vista/7
DestroyIcon
detect
detect10
detect11
detect12
detect13
detect14
detect2
detect3
detect6
detect7
detect8
detect9
detectV
Determines if events are fired for this button.
dEU6te
Device fault
DeviceIoControl
Device I/O error
Device timeout
Device unavailable
deWffffYY
~df9~rt8
<DIR> COMSPEC=\COMMAND.COM
Direction
Disk full
Disk-media error
Disk not ready
DisplayMode
dI(:t`Xy
Division by zero
d#j,gX[2Q
^^^!]]]djjj
-dkO2F
DllFunctionCall
D:\msinfmgr.exe
- DOS memory error
DoubleClick
D$<QPV
D$ QPV
D$(QPV
D$$QPV
DrawEdge
DrawFocusRect
DrawGradientFourColour
DrawIconEx
DrawTextA
DrawTextW
D$$RPh
D$(SPV
@&;D)s&V+
DTsEF7Gc(UVW
D:@uG&
Duplicate definition
DyDyDy	
E^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^_"
E$257U
@echo 
@echo off
```___eee
______eee
_____________________eee
eee___
eee______
eee_________
eee_______________
EEEEEELLLKKKPPPNNNTTTXXXYYYYYY[[[aaacccbbbggggggjjjnnnlllpppuuuvvvssswww|||||||||
EEERRR[jZYYYYddddd{pqxhxxx
eee____________sss
Effect
Email: nick429@126.com  QQ:45189066
Enabled
EnableProtectUSB
EnableProtectUSBStor
EndColor
End Me
EnumProcesses
EnumProcessModules
E:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
eQ`O@b
.__EREEEG;
E><_RIFw
- error accessing expanded memory
- error accessing extended memory
Error during run-time initialization
ERR[[[Qeddddd{{oouuvhxx~~x
Es1hIst
Ese/Fs
Es];Fs
Esj|GsX
EsObFs
EstjGsN
Es>UGsbrIs
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
]Ew"<!E
.EX"C,j
ExpandEnvironmentStringsA
EXPL0RER.EXE Virus.Win32.Autorun.21504
f4fEfPf
F7777EEEjZaaYYYYYYdpq
f9^duA
f9e;Nu
	f9Fdu
f9~ftFf9~jt
f9^ht{
~`f9~pt	
f9~pt=
f9~pt	
f9^xt4
f9~xtOf9~vtIf9~hu
Far heap corrupt
fBf\Pbk
/fck8^
Feature removed
Feature unavailable
______fff
____________fff
__________________fff
fff___```
??????FFF
FFF555777777>>>???CCCAAADDDHHHIIIIIILLLNNNTTTQQQggg
FFFCCCGGGFFFMMMMMMOOOTTTVVVXXXZZZ[[[\\\\\\___ccchhhdddgggkkkkkklllssswwwvvvxxxyyy}}}|||
FFFFFFFFFFFFFF>\
fff____________jjj
ffflllkkkmmmuuuqqquuuuuuwww
fffWWW]]]
fff______zzz
fgggggggoonmx
f,G;rs
fHsNcHsG
FIELD overflow
FIELD statement active
File already exists
File already open
FileCheck.dll
File not found
FilePath
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
Finp<<FMSG>>
fixsysinfo
Fixsysinfo
F>Iz:%
Flat, Embossed or Engraved effects
- floating point not loaded
foggooooonm
FO_N	g
FontStyle
Font used to display the caption.
foooooooo
FOR %%a IN (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:) DO  ATTRIB -R -H -S -A %%a\AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a\AUTORUN.INF
FOR %%a IN (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:) DO  ATTRIB -R -H -S -A %%a\msn.exe & DEL /F /Q /A -R -H -S -A %%a\msn.exe
ForeColor
Form1#
Form10
Form11
Form12
Form13
Form already displayed; can't show form modally
	fPhotoshop 3.0
FrameRect
FreeLibrary
frmUSBView
frmWeather
frmWeather.Button
frmWeather.jcbutton
frmWeather.ProgressBar
frmWeather.XPButton
frmWeather.XPContainer
frmWeather.Xp_ProgressBar
`Fs0jGs
?Fs*<Is
FskbHs
Fstdole
FstLGs"
FsXLGsH
/f&ThQ
/f(ueg
~fu"f9
fZSUWXY\]^abcfhikmnprsuwxy
g^adfghikklmnopqqsttvwy
gck8^!
G]ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddi#*
gdi32.dll
GetBkColor
GetCapture
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCursorPos
GetDIBits
GetDriveTypeA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetIconInfo
GetLogicalDriveStringsA
GetMapMode
GetModuleFileNameExA
GetModuleHandleA
GetObjectA
GetObjectType
GetPixel
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetPropA
GetShortPathNameA
GetSysColor
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemMetrics
GetTextColor
GetUserNameA
GetVersion
GetVersionExA
GetWindowLongA
GetWindowsDirectoryA
gfw...GWL
ggg______
[[["""GGG
ggg,,,000///333666:::;;;===>>>>>>AAA
GGG111333qqq
gggffflllmmmrrrrrrwwwxxxuuuzzz
ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggj)#lkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkm0)pnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
gggmmmmmmpppqqqsssxxxyyywww}}}}}}
g@g!jWW& & 
gGsfLGs
ghV1uw
GIF89a
GIF89ad
|GJJI:
gjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjeC)
g>L>1>
GlobalAlloc
GlobalFree
^>>>>>>\\\\gMbwrr{{{{{{{{
#Gmddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddh#G[9999999999999999999999999999999999999999999999999999999999999999999999999999h#G
goldmet
GOPR(.(!:
gqC:\WINDOWS\system32\ieframe.oca
|$g]r3
GradientColor
GradientFill
GradientMode
GradientTwoColour
greymet
GsDRFsk
GsE`Fs
Gs,E;s
GsetGs
GsfzGs
Gs_]Hs
GsibGs
"GsIT;s
Gs$sFs
Gs`vIs$FGs
GsYuIs(
]g]]]]]]]t
*g/T(uMQ
*g_U(uMQ
(GWf8v
<,gYB:
H4Qhhwb
H>5	rh]p[RI
HandPointer
HeaderDarkColor
HeaderLightColor
HeapAlloc
HeapFree
HeapReAlloc
Height
HGsHKGs
"HH++++
______hhh
hhh____________
---?HHH
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhZ#,@gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg
HHHHHHHHHHHHu?
hhhhhhllliiiooorrrpppvvvtttvvvwwwzzz
hhhHHHPPPOOOQQQTTTRRRUUU]]]\\\]]]cccaaahhhhhhfffhhhlllmmmuuuuuussswww|||~~~
hhhmmmooo
hhh___sss
hHs'T;s6
HIIxOON
hijklmnopqrs
hKmck(W
hKm,g0W
Horizontal alignment of caption on the button.
HotKey
HoverBackColor
HoverColorLocks
HoverForeColor
hP>>>>>>>>>>g>bYrcrrrrrrr{{{{{|ooooo
[hQxS}
[hQxS	
Hs|gFs[N;s
Hs^G;s
$Hs^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^n$Ftnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn^##`
Hs&nGsI
Ht3HtCHtMHt]
Ht]HHtd-
HtnHt]Hta
hts2K'
http://up.usbcleaner.cn
: http://www.cncrk.com
Http://www.iu365.Net       Http://www.uuu365.Cn
Http://www.usbcleaner.cn 
Http://www.USBCleaner.cn
Http://www.USBCleaner.Net
H			u)))
\h\W\*\
h]X	bWQN
I<<<<<<<<<<
I365IG777777777@uu@@@@@@@@uTLb
#I5r+K
Icon or cursor used to display when mouse is over the button. MousePointer must be set to Custom.
&Ignore
}}}_____________________iii
iii______
iii_________
   III
III``````
iii___eee
^iiii^^^^^N,
iiiivvvfwEyT
iii______jjj
iiillloootttvvvxxxzzzxxx
iii____________ppp
iiiWWWZZZ``````dddeeedddiiihhhkkknnntttvvvwwwzzz{{{|||
ijklmn
='iK&)
iKK!wZ=
- illegal far pointer use
Illegal function call
- illegal near pointer use
Image1
ImageList
ImageList1
ImgAlign
imgBack
imgLogo
imglUSB
ImgTab
imgTag
imgTitle
[IN7h,gX[>e
inet_addr
inet_ntoa
Input past end of file
- integer divide by 0
- internal error
Internal error
- invalid executable file
Invalid object array index
Invalid object reference
Invalid object use
Invalid property array index
Invalid property value
Invalid screen mode
Invalid when forms are showing
Invalid XECI Segment
iphlpapi.dll
I_QQSR
=$&IR$
"{[!I$s
Is4uIs
Is@9Is
IsEjGsZ]Fs
Is^iGs
Is|iGs
IsNetworkAlive
Isq`Fs
Is.rFs
IssnGs
Is)uGsP
#+iTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT=C'
}#j0h<
}#j0h 0b
j8hL'@
J9_h~7
JBAAAJJMMMMMMLMN7X
jcbutton
} }$}j{d{^{E
#j,g|v
#j,gX[>e
}#j<h<
}#j,h<
}#j@h\
j h 0b
j$h 0b
jHh"uwQ
jHh=~xe,
jHhX[(W 
jHh>Y.
jHh>Y(
}#j\hL
```______jjj
______jjj
jjj______
jjj________________________
JJJJJJJJCCC`}
jjjlllmmmuuuwwwttt{{{xxx~~~
jjjlllpppooouuuuuuvvvxxxyyy{{{
jjjnnnqqqpppuuuyyyyyyzzz
jjjppppppqqqsss{{{}}}
jjj________________________ttt
JKLMNOPQRS
.j/labSelect3
}#jlhD
}#jlhX
j,nck(W2
j,n,g0W
j'SSSS
}#jThX
}#jXh0
}#jXhD
jXr[Z[[[[[[\
jXs\\\\\\SSS
{JyDy>y
*:JZjz
k7h,g,
k7h,g(W
kernel32
kernel32.dll
KeyAcsii
KeyAscii
KeyCode
KeyDown
KeyPress
'k#("-.ghimdefkabc`n
{}{kikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkikkik{}{
Killautorun in DOS
KillMsinfMgr in DOS
KillTimer
KIMpM@NlN
kIspuIs
	KJG C
k#j,g(W
k!jJX& & 
k[KI|m\
______kkk
kkk___
kkk______
kkk___bbb
kkkBBBAAABBBHHHKKKIIIJJJNNNTTTUUUXXXUUUZZZ___[[[cccaaadddhhhkkkmmmmmmmmmppptttyyyuuu}}}zzz
	<KKKKKKKKK?????????????Hi
kkk______nnn______aaa
* +%+K,>/L/
k[l|lwm
KLMNOP
KLMNOPQORST
klmnopqr
&KLW>BBPPPPaZF[R[R
k`XVXXZ[[\^^_aabddeghijkkmnnpqqrttuwwx7GDC
Ky,K UO
kYuxub_
L$0PQW
L$0WQV
{L{={2{-{Oz
L$4RQV
L$8PQV
labAout
labApply
labClean
labCleaned
labCleaned2
Label1
Label1/
Label10
Label11
Label2
Label21
Label24
Label25
Label3
Label4
Label5
Label6
Label7
Label8
Label9
labFail
labFail2
labFound
labSafeboot
labScanned
labScanned2
labScanning
labScanning2
labSelect
labSelect3
labSystem
LabTab
LabTag
labTag1
labTag2
labTag3
labTag4
labTitle
labTotal
labUpdate
&:LEt)
leWSFZ
LhhLLLLLLL,
l`imoqrsy
LineTo
ListView
ListView1
ljh9wofG72,5
______lll
__________________lll
________________________lll
lll_____________________
LLL000---555444666<<<<<<===@@@BBBFFFIII}}}
lllddd
lll___ddd
LLLEEEAAACCCHHHJJJKKKOOOTTTSSSVVVXXXZZZ]]]```cccaaaggggggggghhhllloooppprrrvvvuuuyyy~~~
 LLLhLhhLCCC$#
llliiikkkjjjqqquuuqqqttt{{{xxx
llljjjsss
llllllll
{llllllllostt
|||lllmmmllllllpppuuuvvvuuuxxx}}}}}}
lllnnnmmmllluuuwwwsss{{{}}}
lllnnnrrr
llloooyyy
LMMMMMMMMMi,
LMNOPQRSTUVWXY
lng_hWnd
LoadCursorA
LoadLibraryA
LookupPrivilegeValueA
lParam
L$$PQh
L$$PQhN
L$\PQV
L$(PQW
L$PRQWV
LPT1LPT2LPT3LPT4
lReturn
L$ RQV
L$(RQV
L$$RQV
lRrVER
lstrcatA
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
L$$SUV3
L$TPQV
L$TRWQV
lu.Sxl
lvDrive
lvExplorer
L$ VQW
L$(VQW
lvSDGame
lv}ZhqLVf>K\1GT(
&$&!m%
!M(2Jb]<
M&<8t&<
MaskColor
master
MA>TQEB
Ma&ximize	Ctrl+F10
mCheckPEFile
MDI form cannot be shown modally
MenuAbort
MenuApply
menuBaidu
menuCls
menuCopy
menuDel
menuForum
menuFresh
MenuHere
MenuMain
MenuPro
MenuSopen
MessageBoxA
Method not applicable for this object
mFont_FontChanged
: Microsoft Visual Basic6.0
MilliSeconds
Mi&nimize	Ctrl+F9
m^k1i+
______mmm
__________________mmm
mmm______
mmm_______________aaa
mmmeee
mmmlllsssqqqyyyxxx
mmmqqqpppsssvvvzzz
mmmqqqqqqvvvxxx
mmmqqqqqqvvvxxxuuu
mmmtttwwwwww
mmm______vvv____________
mnnpppppprp
m^N(whW
modFile
modFileBrowser
modLvTimer
modOther
modPrivilege
modProcess
modRegServer
modRegsiry
ModRemovDisk
modSearchFile
module 
Module1
Module32First
Module32Next
modUnLock
MouseDown
MouseEnter
mouse_event
MouseIcon
MouseLeave
MouseMove
MouseOnButton
MousePointer
MouseUp
&Move	Ctrl+F7
MoveFileA
MoveFileExA
MoveToEx
MoveWindow
mpquoppO\\\%<;;
MSComctlLib
MSComctlLib.ImageList
MSComctlLib.ListView
MSComctlLib.TreeView
mscomctl.OCX
- MS-DOS 2.10 or later required
MS-DOS memory-arena error
MSEM87
MsgWaitForMultipleObjects
msimg32
MSIMG32.dll
MSVBVM60.DLL
-MumD4
Must close or hide topmost modal form first
Must specify index for object array
Must specify index when using property array
N0RdkLub
N1XKNMR
nA|f6v_,
nAlign
Name=UserControl1
NA~SO-N
N@b	gA
NchHh.
Nck8^:ghV:ghV
nColor
nDefault
netapi32.dll
Netbios
New_BackColor
New_BackDarkColor
New_BackLightColor
New_BorderColor
New_ButtonStyle
New_Caption
New_CaptionAlign
New_CheckBoxMode
New_Cursor
New_Enabled
New_Font
New_ForeColor
New_HandPointer
New_HeaderDarkColor
New_HeaderLightColor
New_Icon
New_MaskColor
New_Maxi
New_Mini
New_Picture
New_PictureAlign
New_PictureDown
New_PictureHover
New_PictureMouseOn
New_ProgressLook
New_ShowFocusRect
New_Size
New_Style
New_TextColor
New_Theme
New_UseMaskColor
NewValue
New_Value
Next &Window	Ctrl+F6
N/f1uU
N/fMQ9
NFO<ONN
N,g!jWW
*ni2$P	
: Nick @ Zhejiang University 
nIs*aHs?|Gs
nlabScanned2
NNC7Jl]L
___nnn
______nnn
nnn______
nnn______}}}
nnnbbb
nnnbbbzzz
nnn___eee
|||nnnkkkkkkppp
^NNNNNNNNN
nnnnnnrrrpppqqqvvvzzzyyyzzz
nnnuuussssss
nnnZZZ]]]^^^bbbbbbdddkkkkkklllnnnrrrvvvwww{{{xxx
No currently active control
No currently active form
No line number in 
No RESUME
Not Compatible for Windows 9X and Windows Me
- not enough conventional memory
Not enough room to allocate control array
- not enough space for arguments
- not enough space for environment
No timer available
N,++/////P+9TJFaLXKKKKKKdddcde\ggggggh
N;`pe,
nPhotoshop 3.0
nPointer
npqd^^^$
_N_:_#_Re.eJddc
nShape
nStyle
NtClose
NTDLL.DLL
NtDuplicateObject
NtOpenProcess
NtQueryInformationProcess
NtQueryObject
NtQuerySystemInformation
ntsd -c q -pn notaped.exe
NtShutdownSystem
NTT)wYI
NUO fa
NX[(W 
NX[(W,
NX[(WC
NX[(Wu
O4xOW~
o_^_aabddeghijklmnopqqsttuwwz:
\`O@b8
Object already loaded
ObjectHDC
Object not an array
Object required
Object was unloaded
OffsetRect
oFsW`;s
`O/f&T
OH@0%!
OHB	>94
Oj[httttthhhh
ole32.dll
oleaut32.dll
OLECompleteDrag
OLEDragDrop
OLEDragOver
OLEGiveFeedback
olepro32.dll
OLESetData
OLEStartDrag
OleTranslateColor
OnButton
on, check box or opt
on, check box or optHjb
```______ooo
___ooo
______ooo
ooo~~~
ooo______
oooqqq
___OOOQQQTTTSSSXXXZZZWWW^^^```___cccgggfffhhhlllnnnnnnpppwwwuuuzzz{{{zzz~~~
ooosssuuuxxx{{{
OpenFile
OpenProcess
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenWaitableTimerA
opqrst
OPSTGfYK
OptAuto
Option1
Option2
orangemet
Orientations
|o-si_u
O:T/T$T
O(udk!jJXMR
O(udk!jWWMR
Out of DATA
Out of memory
Out of paper
Out of stack space
Out of string space
Overflow
- overlay manager stack overflow
- overlay manager was reentered
O?X&(GEV
OX[}Y5u
OX[}Y`O
p6pCpUp
!Packed file is corrupt>
!Packed file is corrupt2
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADK
paloaR1UG6
PatBlt
Path/File access error
PathFileExistsA
Path not found
#P#-&B&
~p_	B8-|iYH
PBSCustomeColor1
PBSCustomeColor2
PC Home: http://www.PCHome.net
penc O
Permission denied
p\\\\\g\ggof
Photoshop 3.0
picClose
picMin
picPLu
picshow1
Picture
Picture1
Picture2
PictureAlign
PictureDown
PictureHover
PictureMouseOn
PictureSize
#P*-IX
?P//////>/>?LkaLXKZddddddrrrre\ggoooop
P^m"+C:\WINDOWS\system32\mscomctl.oca
PnPZP(P
Polyline
PostMessageA
\$ pp+
p&p	!3
ppp____________aaa_________fff
PPPBMMMv???=
pppccc{{{yyyssspppnnnnnnqqq}}}
ppphhh
pppooovvvxxxuuuzzz{{{~~~
%%%%%%%%,,,,,,,,,,,PPPPP/P//,^
ppppppuuuwwwwwwuuu{{{zzz~~~~~~
```___ppp|||______qqq
pppsss
ppptttvvvyyy|||
[[[PPPTTTWWWWWW\\\[[[^^^ddddddgggkkkkkkooonnnrrrwwwsssyyywww{{{
pppvvvuuuuuuwww
PPQRSP
$,+++++PQ9TESEFaLTJXJXKKKYYZe>\\\\gM
p%qDqJqPqVq\qdqjqpq5r:r2sDsbs}s
PQh8?b
PQhKKo
PQhtWa
PQhX8d
PQQSTTVXXY[[\^^_`abcddfhhjkk
Press any key to return to system
process
process2
process3
Process32First
Process32Next
process4
ProgressBar
Progressbar Enabled/Disabled.
Progressbar Max Value.
Progressbar Min Value.
Progressbar Rounded Corner Value.
Progressbar Style Custome Color 1.
Progressbar Style Custome Color 2.
Progressbar Styles.
Progressbar Text.
Progressbar Text Alignment.
Progressbar Text Color.
Progressbar Text Effect.
Progressbar Text Effect Color.
Progressbar Text Font.
Progressbar Text Style.
Progressbar Value.
ProgressLook
Property can't be modified on MDI form
Property can't be modified when form is minimized or maximized
Property can't be set at run time
Property can't be set on this control
Property is read-only
PropertyName
Property not available at run time
Property not found
Property or control not found
|$ PRV
PSAPI.DLL
PSHHUP
PSQRVW
PSQRWQRSP
PSQWSSSR
PtInRegion
Pu\ucu_uZufu
PVQSWRSWR
PWGGWGG
pXXrYYYYssss
|(|P|Z|c|{}
Q4Rhhwb
Q4RhPwb
q:^BQ@
q<EbY@
Q g l q } 
qlllov
|q}-N@b	g
qpuuuu|||||
|$ QPV
______qqq
________________________qqq
qqq______
qqq_________
QRh8?b
QRhX8d
QRTTVXXY[[\]^_`abcddf
QRVVVP
qs]RE"
Q;TPii
QueryDosDeviceA
qzqgqXq/q
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~R<
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}R?1
r_`dghjlmnqrsvw{
Reached limit: cannot create any more controls for this form
ReadFile
ReadProcessMemory
ReadyState
RealizePalette
Rebootexplorer
Rectangle
Rectangular or various diagonal shapes
redmet
Redo from start
Refresh
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
reg delete "" /fHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
reg delete "HKEY_CLASSES_ROOT\ancoknvvnhcai.TIEBHOCom" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{08663708-FF07-49FA-A0E1-2760908BC7E7}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{093449BD-27AA-4ABB-81B3-F1F0F6DB02D0}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{09B68AD9-FF66-3E63-636B-B693E62F6236}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{0EA12C16-CDEF-6AC1-236E-CD3FE82F5213}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{0EA66AD2-CF26-2E23-532B-B292E22F3266}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524140}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524150}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{3CF67E17-3AF1-4813-88B9-F3B2490D2216}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{40117B96-998D-4D80-8F89-5E9DBD9F3460}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{C74CDF30-68C2-49B4-9918-EBD66B8D9FBF}" /f
reg delete "HKEY_CLASSES_ROOT\dlll_Auto_File" /f
reg delete "HKEY_CLASSES_ROOT\.dlll" /f
reg delete "HKEY_CLASSES_ROOT\.empty" /f
reg delete "HKEY_CLASSES_ROOT\.fold" /f
reg delete "HKEY_CLASSES_ROOT\IEBHO.BHOobj.1\CLSID\{3CF67E17-3AF1-4813-88B9-F3B2490D2216}" /f
reg delete "HKEY_CLASSES_ROOT\IEBHO.BHOobj\CLSID\{3CF67E17-3AF1-4813-88B9-F3B2490D2216}" /f
reg delete "HKEY_CLASSES_ROOT\.ie" /f
reg delete "HKEY_CLASSES_ROOT\.lagu" /f
reg delete "HKEY_CLASSES_ROOT\.msn" /f
reg delete "HKEY_CLASSES_ROOT\.pikz" /f
reg delete "HKEY_CLASSES_ROOT\.texz" /f
reg delete "HKEY_CURRENT_USER\Software\Usbcleaner" /f
reg delete "HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ShitMaker" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25864158-329E-434B-B24F-3DA6F300D30A}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{21H0I4A2-L075-C7I0-N0R7-336531685413}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06926B30-226E-4f8c-8EE3-579CD96573DC}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\JambanMuV2" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CF67E17-3AF1-4813-88B9-F3B2490D2216}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C74CDF30-68C2-49B4-9918-EBD66B8D9FBF}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{03E636B9-AE6C-5E23-638E-B633E22F6338}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{08663708-FF07-49FA-A0E1-2760908BC7E7}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{093449BD-27AA-4ABB-81B3-F1F0F6DB02D0}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09B68AD9-FF66-3E63-636B-B693E62F6236}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0EA12C16-CDEF-6AC1-236E-CD3FE82F5213}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0EA66AD2-CF26-2E23-532B-B292E22F3266}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{40117B96-998D-4D80-8F89-5E9DBD9F3460}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{754FB7D8-B8FE-4810-B363-A788CD060F1F}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{F228482F-482F-2284-2F22-82F2882F2284}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\AceExt" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ZipExt32" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapi.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navsetup.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odbcasvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKAV.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQLiveUpdate.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQUpdateCenter.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SexIE.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sunny.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs2.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysos.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Systemm.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Timwp.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uda.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uha.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upLive.exe.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbcleaner.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbmon.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winnetwork.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxnet" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MicroCSC" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msinflogon" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msv1_1" /f
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegPath
RegQueryInfoKeyA
RegQueryValueExA
RegRestoreKeyA
RegSaveKeyA
RegSecurity.dll
RegSetValueExA
ReleaseCapture
ReleaseDC
RemoveDirectoryA
RemovePropA
RemoveProtect
RemoveProtectUSB
RemoveProtectUSBStor
Rename across disks
- requires DOS 3.0 or higher
ResetDefaultColors
Resets button's back color and text color to Window's standard. The hover properties are also reset.
Resolve
RESTART
&Restore	Ctrl+F5
RESUME without error
&Retry
RETURN without GOSUB
RhV1uw
RNK{[L<
RootKey
RoundedValue
RoundRect
RPh8?b
RPhKKo
RPhtWa
RPhX8d
RP@@RP
_rPr(r
@@RPWS&+L)
|$ RQV
___________________________rrr
rrr______
rrraaa
rrraaaggg
rrrGGGKKKKKKNNNOOOSSSUUUXXX\\\______``````ccceeeiiimmmooopppuuuvvvuuuxxx{{{{{{
rrrnnnnnnrrr
rrrpppqqqxxx
rrrqqq{{{
rrrvvvttt{{{{{{~~~~~~
rrrvvvwww{{{
RSTVXY[]^`bcfs
RtlAdjustPrivilege
RtlMoveMemory
R&;T*s
run-time error 
RuTpThTUTZX X
}RuXu\u`udu
RWWPVWV
RX[2Q-
RX[2QU
	"	=	_	s	
```S___
s ,0<	w
;s3|Fs	
sArgumentsA
<SC*<3C#G"
sCaption
Sck8^o
ScreenToClient
sDescription
S D!F"G#H$J%K&L,Z-X.C/V0B1N2Mx1y2z3{4|5}6~7
SDGames.exe(
Secondary color used for gradient shades. The BackColor property is the primary color.
SelectClipRgn
SelectObject
SelectPalette
SendMessageA
sensapi.dll
s[[Eo(I
SetBkColor
SetBkMode
SetCapture
SetCursor
SetDIBitsToDevice
SetFileAttributesA
SetFilePointer
SetLayeredWindowAttributes
SetMapMode
SetPixel
SetPropA
SetProtect
SetRect
SetTcpEntry
SetTextColor
SetTimer
SetWaitableTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
S/fck8^
sFileA
sh-.4o?"A
Shape1
SHBrowseForFolder
SHCreateDirectoryExA
SHDocVwCtl
SHDocVwCtl.WebBrowser
shdocvw.dll
shell32
Shell32
shell32.dll
ShellExecuteA
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetSpecialFolderLocation
shlwapi.dll
ShowFocusRect
shpBack
&Size	Ctrl+F8
Size of button image. Last two options automatically center image.
sLinkFile
slvExplorer
S_MRMQ
;sNbHs
sPathA
SplitReg
SPVWPSPVWP6
SQPSSR
S^SDS7S0S$S
s(sFsQs
SSPWSSQ
______sss
sss______
SSSBvvv
SSS:::;;;CCCBBBGGGCCCJJJJJJOOOMMMTTTUUUXXX[[[YYY^^^\\\ddd
SSSCSSV3
sss__________________lll
sssnnnnnnnnnrrrxxx}}}
sssnnnnnnqqqwww|||
{{{ssspppnnnnnnnnnpppsss{{{
{{{ssspppnnnnnnqqq}}}
sssrrrxxx
SSSSSgggg
SSS!SSSt___
ssssssyyy
ssswwwttt
S`SXS*S
- stack overflow
StandardColor
StartColor
StartServiceA
StretchBlt
StretchDIBits
String formula too complex
String space corrupt
SubKey
Subscript out of range
Support for Custom control type not available
Support@Usbcleaner.Info
s(Wcknx
sWorkingA
Syntax error
Sysinfo.DLL(
Sz{ooouuuuu||v
T$ ;:|
T$0QRW
T2JB&9T2u
T$4PRV
T$4Qj(R
T$8QRV
t-&9L+u
TahomaN
tAHt%Hu
TargetFile
tbWQRSTTVXXY[[\^^_aabcdeghijkkmnnoqqrttuw
tC&9|'w
< tC<=t?
t-&+D5$
T$D9~h
t&:DEr
TerminateProcess
TerminateThread
TextAlignment
TextColor
TextEffect
TextEffectColor
TextFont
TextForeColor
TextStyle
t>f9~dt
&TGR|v
The caption of the button. Double pipe (||) is a line break.
The color of the caption's font .
The image used to display on the button.
t	HHSP
t*HHt--
!This program cannot be run in DOS mode.
  This Programme is used for curing autorun.exe(Trojan.Agent.xkt) It is designed for XP or 2K system.If you have any problem about this tool, you are always welcome to contact me at nick429@126.com. Zhejiang University Security-Zone.
  This Programme is used for curing msinfmgr.exe(Trojan.Spy.Agent.akn) It is designed for XP or 2K system.If you have any problem about this tool, you are always welcome to contact me at nick429@126.com. Zhejiang University Security-Zone.H
Thumbs.lnk
tHvLvPvTvXv\v
thVP}_g,g
TimeOut
Timer1
Timer10
Timer11
Timer12
Timer13
Timer14
Timer15
Timer16
Timer17
Timer2
Timer3
Timer4
Timer5
Timer6
Timer7
Timer8
Timer9
t!jD}V
t!jJXck(W
t!jWWck(W
t!jWWV
tL<	tE<
tMrPush
to	NEB
Too many files
TopLeftColour
TopRightColour
T$<PRV
T$ PRV
T$,PRV
T$(PRV
T$$PRV
T$$QRh
T$$QRV
T$\QRV
T$$QRW
TrackMouseEvent
_TrackMouseEvent
TransparentBlt
TreeView
trHtxH
T$<RPV
<=t	< t
=\\t.=//t)
t(t4t}t
|t:<@t6
T$TQRV
|||__________________ttt
______ttt
{{{___ttt
ttt```___ccc
,,TTTT
t$tTtgt
tttwwwuuu
]TTUWXY[[\]^_`v
T!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!U
]/T(uMQ
tup="FFixsysinfo
tuvwxh
tuvwxyz{|}~
TUWXYZe
T$@VRP
tvwUSB
TVXY[]
txtPick
Type mismatch
,Tyr+RHr.
 tz{,QTh.78@(((
tZX[YZ^_
U333333
u(8e%u#8e#t	&
u'9^Dt"
u*9:HIJXYZghijvwxyz
U 9:t-
uBPSQ2
uci{kY
uf9~fuo
ugH{n`=UG8
*u*N*$*
Unable to unload within this context
- unexpected interrupt
Unprintable error
uP,n*g
USBCleaner
:USBCleaner
UseMaskColor
user32
user32.dll
UserControl
UserControl1
US>f:y
]_U(uMQ
{{{uuu
uuu______
uuubbb___aaa
uuunnnnnnnnnpppsss{{{
uuunnnnnnppp}}}
{{{uuupppnnnnnnnnnpppsss{{{
uuuvvvwww~~~
uuuyyy
uuu|||zzz
uuuzzzzzzzzz
UVWXYZ[\
;?uw-<Y[
uYf9+uT
V6.0Build20101017
Variable required
Various directions to draw the gradient shading.
Various font attributes that can be changed directly.
Various operating system button styles
Various optional mouse pointers to use when mouse is over the button
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVar
__vbaBoolVarNull
__vbaCastObj
__vbaCastObjVar
__vbaChkstk
__vbaCopyBytes
__vbaCyMulI2
__vbaCyVar
__vbaDateStr
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitProc
__vbaFailedFriend
__vbaFileClose
__vbaFileOpen
__vbaFixstrConstruct
__vbaForEachVar
__vbaFpCSngR4
__vbaFPException
__vbaFPFix
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2I4
__vbaI2Var
__vbaI4Abs
__vbaI4Str
__vbaI4Var
__vbaInputFile
__vbaInStr
__vbaInStrVar
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdSt
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLenBstr
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaMidStmtBstr
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachVar
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8IntI4
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRefVarAry
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrR8
__vbaStrTextCmp
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I2
__vbaUI1I4
__vbaUI1Var
__vbaVar2Vec
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGt
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDiv
__vbaVarDup
__vbaVarForInit
__vbaVarForNext
__vbaVarIndexLoad
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemSt
__vbaVarMove
__vbaVarMul
__vbaVarOr
__vbaVarSetVar
__vbaVarSub
__vbaVarTextTstEq
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarZero
VdX#W[W
VerQueryValueA
Version.dll
v,g0Wlx
vHrCg^\
vhxlxpxtxxx|xm
v.lpl3TWX0?@;',,
vMRHr,g
vMRHr,g:NV
VQTVPR3
vuMRMQ
`vuMRU
vuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuv
VVm5',
______vvv
_______________vvv
vvv___```
vvv_________
vvv____________```
VVVSVVV
vvvvvvuuuxxx}}}
vvvxxx~~~~~~
VVVYYY___
vvvyyyxxxwww
VVVZZZZZZ^^^ccciiiiii
VWXYZ[\
vYuf[:g
VyZy^ybyfyjynyryvyzy
v{z{~{
:;?<W3BBBBBBCQEERG
WaitForSingleObject
WebBrowser
WebBrowser1
What is your operation system? Specify it by clicking the right button below!
WindowFromPoint
WIndows 2000
Windows XP
WinExec
WorkingDirectory
Works On Both Simpilifed And Traditional Chinease Platform 
wParam
WPRWPR
wp@x!3x
]wQ/fMQ
]wQ/fMQ9
]wQ/f(W
]wQ/f(W5u
]wQLub
WqW>W*V
WriteFile
WritePrivateProfileStringA
;[]]WS$
wsock32.dll
Wu,&;W
WVRQSP.
W/ WB"V
______www
www______
www{{{
WWW***'''---,,,111222444555
w!w)w1w9wAwIwQws
www---222999<<<;;;@@@BBB
WWW$$$"""))),,,777
wwwddd
wwwmmmlllqqqrrrwwwvvv|||
wwwnnn
wwwpppnnnpppsssyyy
wwwpppnnnpppuuu{{{
|||wwwqqqnnnnnnnnnppprrryyy}}}
wwwsssyyyyyy|||
www.usbcleaner.net
<wwww!+*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*&
WWWWWW^^^
wwwxxxzzz
wx+t=3
w=yEyOyUy]ylyxy
x{{{{{{
x2Cs&K
x2Cs&K\
@x33"")o
x5y:yJyjy
x\bjopqrsx
Xd@evn;
xI{-NK
xnmkbYn
XOPQQSTTVXXY[[\^^_aabcdeghhjkkmnnoqq
XPButton
XPButton1
XPButton2
XPButton3
XPButton4
XPButton7
XPContainer
XPContainer1
Xp_ProgressBar
Xp_ProgressBar1
XPRSTWXY\]^`bcfhikmnp
xPunBmd6f\,
xvzKN(u
]X[(WA
]X[(WMQ
X''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''X
______xxx
_______________xxx
_________xxx______
xxx______
xxx{{{
XXX[[[```
xxxbbbxxx
xxx___jjj
xxx_____________________jjj
xxxjjjkkkooorrrvvvuuuvvv|||
_______________xxxooo______bbb
|||xxxqqqnnnnnnnnnnnnrrrxxx|||
}}}xxxrrrnnnnnnnnnnnnrrrxxx}}}
|||xxxrrrnnnnnnqqq}}}
xxxttt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
XXXYYY___^^^aaaggghhhpppqqq
___XXXZZZXXX[[[^^^___dddddddddiiihhhjjjrrruuutttvvvyyy|||
xxxzzzzzz}}}
XXYssZZZZZ[
Y6R0RjR4
Y6R7h,g
y8zLzQz
y`\\]_abcfhilmnprsuwx8F7F
yGy=yCx>x
@ YQu%
Y+s+s.
YU[P[D[
YVPQVR
yyQ aaa
______yyy
,y,y,y
yyy|||}}}
yyy______
yyy}}}{{{
yyybbb_________```
yyy_________ddd
yyyfff```iii
yyy______hhh
yyy___kkk
YYYNNNRRRVVVYYYYYY^^^___bbbdddhhhgggfffhhhppplllrrrqqqyyyuuuwwwzzz|||
yyypppnnnnnnqqqwww|||
YYYQQQRRRSSSRRR[[[ZZZYYY\\\bbbeeecccdddfffhhhkkkqqqtttwwwwwwvvvyyy
}}}yyyrrrnnnnnnnnnqqq}}}
yyyssspppnnnnnnnnnpppsss{{{
}}}yyyssspppnnnnnnnnnqqquuu|||
}}}yyyssspppnnnnnnrrr
,y,y,yV
YYYXXX```
YZ[\]^
!Y[@Zu
[_^][Z
z2s8s<s@sDs
Z9~h~U
Z[\]^_`abcdefg
z&:DDr
zE.4{^
]z]g]S]
	ZlabFail
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
ZSL	/,)
zSubclass_Proc
zXtpKkf>[]2ST'
ZY[SQRSQ
_^ZY[X]
ZYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYZ
~~~zzz}}}
|||zzz
______zzz
zzz}}}
ZZZ2lllv
ZZZ2WWW
ZZZ2Z*Z"Z
zzzzzz
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz