# For use with Merijn's Brute Force Uninstaller # available from http://www.merijn.org/ # # Script Name: coolpics.BFU # Author: Pieter Arntz ProcessKill \svchost32.exe|1 ProcessKill \object*.exe|1 ProcessKill \svhost.exe|1 ProcessKill \SVICHOSST.exe|1 ProcessKill \SSCVIHOST.exe|1 ProcessKill \SSCVIIHOST.exe|1 ProcessKill \taskmger.com|1 ProcessKill \systems.com|1 ProcessKill \Fun.exe|1 ProcessKill \dc.exe|1 ProcessKill \SCVHOST.exe|1 ProcessKill %WINDIR%\lsass.exe|1 ProcessKill \taskmger.com|1 ProcessKill \RECYCLER\systems.com|1 ProcessKill %WINDIR%\svchost.exe|1 ProcessKill %WINDIR%\msnmsg.exe|1 ProcessKill \bsyys.scr|1 ProcessKill \Avsgccs.scr|1 ProcessKill \Application Data\lsass.exe|1 ProcessKill \SVICHOOST.exe|1 ProcessKill \Bitch.exe|1 ProcessKill \Liar.exe|1 ProcessKill \Svseehost.exe|1 ProcessKill \rvhost.exe|1 ProcessKill \scvhosts.exe|1 ProcessKill %SYSDIR%\docx.exe|1 ProcessKill %SYSDIR%\dump.exe|1 ProcessKill %SYSDIR%\nod.exe|1 ProcessKill %SYSDIR%\Msmsgs.exe|1 ProcessKill %SYSDIR%\bad*.exe|1 ProcessKill %WINDIR%\dllhost.exe|1 ProcessKill %SYSDIR%\wmiprvse.exe|1 ProcessKill %SYSDIR%\mgrShell.exe|1 ProcessKill \scvshosts.exe|1 ProcessKill %SYSDIR%\neo32.exe|1 ProcessKill \AVG7_CC.exe|1 ProcessKill \taskmmgr.exe|1 ProcessKill %WINDIR%\msmsgs.exe|1 ProcessKill \Application Data\svchost.exe|1 ProcessKill \zPharaoh.exe|1 ProcessKill \svchvst.exe|1 ProcessKill \krag.exe|1 ProcessKill \Sound Utility\Soundmax.exe|1 ProcessKill \MsFirewall.exe|1 ProcessKill \inetin.exe|1 ProcessKill %WINDIR%\taskmng.exe|1 ProcessKill \driver.exe|1 ProcessKill %SYSDIR%\cssrs.exe|1 ProcessKill \Services\svchost.exe|1 ProcessKill tomskype.exe|1 ProcessKillIfMD5Match MSconfig.exe|3614B3A18A10C63A3368425431BB1135|1 ServiceDisable Themes Plug and Play ServiceDisable COMSystemApp ServiceDisable Windows_rejoice ServiceDisable zrpacinr ServiceDisable Security Aconnunts Manager ServiceDisable IIS Admin Service ServiceDisable GrayPigeon_Hacker.com.cn ServiceDisable xycifd ServiceDisable asdcvb ServiceDisable Windows_service_XP FileSetAttributes %SYSDIR%\mfc48.dll|A RegDelValue HKLM\software\microsoft\windows\currentversion\run|Yahoo Messenger RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|EYORE RegDelValue HKLM\software\microsoft\windows\currentversion\run|SVCHOST RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Genuine Logon RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|symanteccsysconf RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userd RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FrameWorkService RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BITCH RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LIAR RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SVSEEHOST RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinSistem RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msword RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dumprep RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TempCom RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ActiveScript32 RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SYS2 RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SYS3 RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SYS4 RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Msmsgs RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PolicyRun RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yahoo! Messengger RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ami.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mirc.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|razor.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rz.scr RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svhost.exe RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TasKmgr RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Messenger RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|krag RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SoundMax RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Personal Firewall RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SilentSoftech RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Task Manager RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DelAutorun RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SVCHOST RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cssrs RegDelValueIfDataContainsText HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run||Services\svchost.exe RegDelValue HKCU\software\microsoft\windows\currentversion\run|Task Manager RegDelValue HKCU\software\microsoft\windows\currentversion\run|Yahoo Messenger RegDelValue HKCU\software\microsoft\windows\currentversion\run|Yahoo Messengger RegDelValue HKCU\software\microsoft\windows\currentversion\run|EYORE RegDelValue HKCU\software\microsoft\windows\currentversion\run|dc2k5 RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Fun RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dc RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|systeminit RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NT_Authority RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|scApp RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kava RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AVG7_CC RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Svchost RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NT_Authority RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Personal Firewall RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Rising Driver RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|avpa RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|amva RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Worms RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ActiveScript32 RegDelValue HKCU\software\microsoft\windows\currentversion\policies\system|DisableTaskMgr RegDelValue HKCU\software\microsoft\windows\currentversion\policies\system|DisableRegistryTools RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableCMD RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden|1 RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden|1 RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideFileExt|0 RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideFileExt|0 RegSetDwordValue HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate|DoNotAllowXPSP2|0 RegSetDwordValue HKCU\software\microsoft\windows\currentversion\policies\explorer|NoRun|0 RegSetDwordValue HKCU\software\microsoft\windows\currentversion\policies\explorer|NoFolderOptions|0 RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer|NoFind|0 RegSetDwordValue HKLM\software\microsoft\windows\currentversion\policies\explorer|NoFolderOptions|0 RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetTaskbar|0 RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-SE.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe|Debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe|debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe|debugger RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe|debugger RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\services RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\Windows_rejoice RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\zrpacinr RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\Security Aconnunts Manager RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\IIS Admin RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\GrayPigeon_Hacker.com.cn RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\Windows_service_XP RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XYCIFD RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASDCVB RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|McaFee virus detect program RegDelValue HKLM\SYSTEM\CurrentControlSet\Control\Lsa|ActiveScript32 RegDelValue HKLM\SOFTWARE\Microsoft\Ole|ActiveScript32 RegSetStringValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit|userinit.exe, RegSetStringValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell|Explorer.exe RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp|Disabled RegDelValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|EYORE RegDeleteKey HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel RegSetStringValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|about:blank RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot|AlternateShell|cmd.exe RegDelValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig RegDelValue HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableSR RegSetStringValue HKCR\Unknown\shell\openas\command||%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares|shared RegDelValue HKLM\SYSTEM\CurrentControlSet\Services\SENS\Parameters|ServiceDll RegDeleteKey HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41073-b2b1-21c1-b5c1-0701f4155588} RegDeleteKey HKCU\Software\Yahoo\pager\View\YMSGR_Launchcast RegDeleteKey HKCU\Software\Yahoo\pager\View\YMSGR_buzz FolderSetAttributes %WINDIR%\system|A FolderSetAttributes %SYSDIR%|A FileSetAttributes %SYSTEMDRIVE%\driver.exe|A FileSetAttributes %SYSDIR%\Restore\SVCHOST.EXE|A FileDeleteIfContainsText %WINDIR%\*.exe|IT University FileDeleteIfContainsText %SYSTEMDRIVE%\*.exe|IT University FileDelete %WINDIR%\system\svchost32.exe FileDelete %WINDIR%\system\svhost.exe FileDelete %WINDIR%\system\Fun.exe FileDelete %WINDIR%\system\lsass.exe FileDelete %WINDIR%\system\dllhost\lsass.exe FileDelete %WINDIR%\Resources\System.scr FileDelete %WINDIR%\Menu Iniciar\Iniciar\bsyys.scr FileDelete %WINDIR%\inf\smss.exe FileDelete %WINDIR%\inf\smss.exe FileDelete %WINDIR%\Tasks\At1.job FileDelete %WINDIR%\system23\aniee.exe FileDelete %WINDIR%\FONTS\379EF.com FileDelete %WINDIR%\Debug\passdb.log FileDelete %WINDIR%\Debug\sysdbg.dll FileDelete %WINDIR%\Debug\sysdeb.ini FileDelete %WINDIR%\dc.exe FileDelete %WINDIR%\SVIQ.EXE FileDelete %WINDIR%\Fun.exe FileDelete %WINDIR%\inf\Other.exe FileDelete %WINDIR%\lsass.exe FileDelete %WINDIR%\SSCVIIHOST.exe FileDelete %WINDIR%\SVICHOSST.exe FileDelete %WINDIR%\ssvichosst.exe FileDelete %WINDIR%\SCVHOST.exe FileDelete %WINDIR%\svchost.exe FileDelete %WINDIR%\img1756.zip FileDelete %WINDIR%\msnmsg.exe FileDelete %WINDIR%\Avsgccs.scr FileDelete %WINDIR%\smss.scr FileDelete %WINDIR%\msnmsnr.scr FileDelete %WINDIR%\SVICHOOST.exe FileDelete %WINDIR%\kb918226.log FileDelete %WINDIR%\hinhem.scr FileDelete %WINDIR%\scvhosts.exe FileDelete %WINDIR%\dllhost.exe FileDelete %WINDIR%\setuprs1.* FileDelete %WINDIR%\scvshosts.exe FileDelete %WINDIR%\msmsgs.exe FileDelete %WINDIR%\SSCVIHOST.exe FileDelete %WINDIR%\hinhem.scr FileDelete %WINDIR%\SCVHSOT.exe FileDelete %WINDIR%\krag.exe FileDelete %WINDIR%\msdos.pif FileDelete %WINDIR%\taskmng.exe FileDelete %WINDIR%\driver.exe FileDelete %WINDIR%\DelAutorun.bat FileDelete %WINDIR%\DelAutorun.ini FileDelete %WINDIR%\shun101.exe FileDelete %SYSDIR%\SCVHOST.exe FileDelete %SYSDIR%\SSCVIHOST.exe FileDelete %SYSDIR%\taskmger.com FileDelete %SYSDIR%\Notepad.scr FileDelete %SYSDIR%\Proposal.scr FileDelete %SYSDIR%\config\WIN.EXE FileDelete %SYSDIR%\WinSit.exe FileDelete %SYSDIR%\SSCVIIHOST.exe FileDelete %SYSDIR%\blastclnnn.exe FileDelete %SYSDIR%\scvhosts.exe FileDelete %SYSDIR%\setting.ini FileDelete %SYSDIR%\skcvhost.exe FileDelete %SYSDIR%\skcvhosthk.dll FileDelete %SYSDIR%\skcvhostr.exe FileDelete %SYSDIR%\ssvichosst.exe FileDelete %SYSDIR%\systeminit.exe FileDelete %SYSDIR%\taskmger.com FileDelete %SYSDIR%\logon.bat FileDelete %SYSDIR%\bsyys.scr FileDelete %SYSDIR%\Sexy Girls.scr FileDelete %SYSDIR%\SVICHOOST.exe FileDelete %SYSDIR%\Bitch.exe FileDelete %SYSDIR%\Liar.exe FileDelete %SYSDIR%\Svseehost.exe FileDelete %SYSDIR%\rvhost.exe FileDelete %SYSDIR%\hanny.exe FileDelete %SYSDIR%\aniee.exe FileDelete %SYSDIR%\docx.exe FileDelete %SYSDIR%\dump.exe FileDelete %SYSDIR%\mfc48.dll FileDelete %SYSDIR%\kernel32.sys FileDelete %SYSDIR%\nod.exe FileDelete %SYSDIR%\bad1.exe FileDelete %SYSDIR%\bad2.exe FileDelete %SYSDIR%\bad3.exe FileDelete %SYSDIR%\Msmsgs.exe FileDelete %SYSDIR%\wmiprvse.exe FileDelete %SYSDIR%\mgrShell.exe FileDelete %SYSDIR%\bclogsvr.ini FileDelete %SYSDIR%\drivers\mssrc.exe FileDelete %SYSDIR%\dtsystra.exe FileDelete %SYSDIR%\syshost.exe FileDelete %SYSDIR%\dlctrl.exe FileDelete %SYSDIR%\winapp.exe FileDelete %SYSDIR%\kavo.exe FileDelete %SYSDIR%\kavo0.dll FileDelete %SYSDIR%\scvshosts.exe FileDelete %SYSDIR%\Neo32.exe FileDelete %SYSDIR%\svhost.exe FileDelete %SYSDIR%\ami.exe FileDelete %SYSDIR%\mhjo.log FileDelete %SYSDIR%\rz.txt FileDelete %SYSDIR%\Intro.avi FileDelete %SYSDIR%\_qq1.exe FileDelete %SYSDIR%\Sexy Girls.scr FileDelete %SYSDIR%\svchvst.exe FileDelete %SYSDIR%\nhatquanglan22.exe FileDelete %SYSDIR%\SCVHSOT.exe FileDelete %SYSDIR%\test3.exe FileDelete %SYSDIR%\MsFirewall.exe FileDelete %SYSDIR%\_inetin.exe FileDelete %SYSDIR%\cssrs.exe FileDelete %SYSDIR%\svchost32.exe FileDelete %SYSDIR%\Ir32_a.exe FileDelete %SYSDIR%\avpo.exe FileDelete %SYSDIR%\avpo0.dll FileDelete %SYSDIR%\wdp.dll FileDelete %SYSDIR%\amvo.exe FileDelete %SYSDIR%\amvo0.dll FileDelete %SYSDIR%\gnsmo.dll FileDelete %SYSDIR%\o2z5b5.dll FileDelete %SYSDIR%\_tomskype.exe FileDelete %SYSDIR%\drivers\td.txt FileDelete %SYSDIR%\drives\etc\td.txt FileDelete %SYSDIR%\drivers\inc\HPsys\HPinfo.sys FileDelete %SYSDIR%\drivers\inc\sysdeb.ini FileDelete %SYSDIR%\Restore\rstrlog.dat FileDelete %SYSDIR%\Restore\razor.exe FileDelete %SYSDIR%\Restore\SVCHOST.EXE FileDelete %SYSDIR%\disdn\mirc.exe FileDelete %ALLUSERSSTARTUP%\MSconfig.exe FileDelete %ALLUSERSSTARTUP%\bsyys.scr FileDelete %ALLUSERSSTARTUP%\Avsgccs.scr FileDelete %ALLUSERSSTARTUP%\svhost.exe FileDelete %ALLUSERSSTARTUP%\AdobeUpdate.exe FileDelete %ALLUSERSSTARTUP%\Office Update.lnk FileDelete %STARTUP%\bsyys.scr FileDelete %STARTUP%\Loadme.pif FileDelete %APPDATA%\lsass.exe FileDelete %APPDATA%\Intrik cinta.exe FileDelete %APPDATA%\Cuckoo\windows2.log FileDelete %APPDATA%\svchost.exe FileDelete %SYSTEMDRIVE%\Documents and Settings\Administrator\Application Data\Kau dan aku.exe FileDelete %SYSTEMDRIVE%\Documents and Settings\Administrator\Local Settings\Cinta membawamu kembali.exe FileDelete %SYSTEMDRIVE%\Documents and Settings\Administrator\Local Settings\Application Data\Di balas dengan dusta.exe FileDelete %SYSTEMDRIVE%\Documents and Settings\Administrator\My Documents\Tercipta untukmu.exe FileDelete %SYSTEMDRIVE%\Documents and Settings\Administrator\My Documents\My Pictures\Cintailah cinta.exe FileDelete %MYDOCUMENTS%\Kau pilih dia.exe FileDelete %MYDOCUMENTS%\My Pictures\Ada apa dengan cinta.exe FileDelete %MYDOCUMENTS%\sex.scr FileDelete %MYDOCUMENTS%\Linkin park.scr FileDelete %SYSTEMDRIVE%\RECYCLER\RECYCLER\autorun.exe FileDelete %SYSTEMDRIVE%\New Folder.exe FileDelete %SYSTEMDRIVE%\AVG 2007.exe FileDelete %SYSTEMDRIVE%\AVG_update_2007.exe FileDelete %SYSTEMDRIVE%\W32.PIGLET II.jpg FileDelete %SYSTEMDRIVE%\Terlalu indah.exe FileDelete %SYSTEMDRIVE%\Tunggul.vbs FileDelete %SYSTEMDRIVE%\autorun.inf.tmp FileDelete %SYSTEMDRIVE%\Desktop.exe FileDelete %SYSTEMDRIVE%\LittleRedRidingHood.rtf FileDelete %SYSTEMDRIVE%\ntdelect.com FileDelete %SYSTEMDRIVE%\ntde1ect.com FileDelete %SYSTEMDRIVE%\Neo32.exe FileDelete %SYSTEMDRIVE%\Dear Ikimo.txt FileDelete %SYSTEMDRIVE%\Flash 10 Setup.exe FileDelete %SYSTEMDRIVE%\Mario.exe FileDelete %SYSTEMDRIVE%\Pacman.exe FileDelete %SYSTEMDRIVE%\razor.inf FileDelete %SYSTEMDRIVE%\rz.scr FileDelete %SYSTEMDRIVE%\chkdisk.exe FileDelete %SYSTEMDRIVE%\qq1.exe FileDelete %SYSTEMDRIVE%\zPharaoh.exe FileDelete %SYSTEMDRIVE%\svchvst.exe FileDelete %SYSTEMDRIVE%\krag.exe FileDelete %SYSTEMDRIVE%\krage.exe FileDelete %SYSTEMDRIVE%\autoply.exe FileDelete %SYSTEMDRIVE%\JetCar.exe FileDelete %SYSTEMDRIVE%\Program Files.exe FileDelete %SYSTEMDRIVE%\Program FilesProgram*.exe FileDelete %SYSTEMDRIVE%\inetin.exe FileDelete %SYSTEMDRIVE%\driver.exe FileDelete %SYSTEMDRIVE%\sample1.exe FileDelete %SYSTEMDRIVE%\io.pif FileDelete %SYSTEMDRIVE%\tomskype.exe FileDelete %SYSTEMDRIVE%\autorun.inf FileDelete %SYSTEMDRIVE%\semo2x.exe FileDelete %PROGRAMFILES%\Grisoft\AVG 7\AVG7_CC.exe FileDelete %PROGRAMFILES%\Network Associates\VirusScan\McaUpdate.exe FileDelete %PROGRAMFILES%\Sound Utility\Soundmax.exe FileDelete %PROGRAMFILES%\XPCode\SexGame.exe FileDelete %PROGRAMFILES%\XPCode\SexGameList.pif FileDelete %PROGRAMFILES%\XPCode\SexScreenSaver.scr FileDelete %PROGRAMFILES%\Common Files\taskmmgr.exe FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\qq1.exe FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\zrpacinr.dll FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\svchvst.exe FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSshare.exe FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\msinfo\inetin.exe FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\zrpacinr.dll FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\zrpacinr.drv FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\zrpacinr.sys FileDelete %PROGRAMFILES%\Common Files\Microsoft Shared\MSInfo\ReDelBat.bat FileDelete %PROGRAMFILES%\Common Files\Services\svchost.exe SystemEmptyRecycleBin OptionUseRecycleBin FileDelete %SYSTEMDRIVE%\autorun.inf FileDelete %WINDIR%\Tasks\At1.job FolderDelete %SYSTEMDRIVE%\Autorun.inf SystemEmptyTempFolder SystemEmptyInternetCache SystemMsgBox If your computer has several drives or partitions \n files called "New Folder.exe" will be present in the \n root directory of all of them. \n Do not forget to delete them. \n Also empty the RECYCLER folder on all drives/partitions. \n Click OK to continue.