WORM_SILLY.SAB

To identify and delete the malware/grayware file:

1. Insert your Windows Installation CD in your CD-rom.
2. Press the restart button of your computer.
3. When prompted, press any key to boot from the CD.
4. When prompted on the Main Menu, type r to enter the recovery console.
   (Note: On Windows 2000, after pressing r, type c to choose the Recovery Console in the repair options screen.)
5. When prompted, type your administrator password to log on.
6. Once logged in, type the drive that contains Windows in the command prompt that appears, then press Enter.
7. Type the drive that contains Windows, then press Enter.
8. Type the following, then press Enter:
   del {malware/grayware path and file name}
9. Repeat the above procedure for all files detected earlier.
10. Type exit to restart the system normally.

To delete registry keys this malware/grayware created:

1. Open Registry Editor. To do this, click Start>Run, type regedit in the text box provided, then press Enter.
2. In the left panel of the Registry Editor window, double-click the following:
   HKEY_CLASSES_ROOT>CLSID
3. Still in the left panel, locate and delete the key:
   {F986CC17-37C0-4585-15F2161F0584}
4. In the left panel of the Registry Editor window, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Desktop>NameSpace
5. Still in the left panel, locate and delete the key:
   {F986CC17-37C0-4585-15F2161F0584}
6. In the left panel of the Registry Editor window, double-click the following:
   HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer
7. Still in the left panel, locate and delete the key:
   HideDesktopIcons
8. Close Registry Editor.

To delete the registry value this malware created:

1. Open Registry Editor. To do this, click Start>Run, type regedit in the text box provided, then press Enter.
2. In the left panel of the Registry Editor window, double-click the following:
   HKEY_CLASSES_ROOT>exefile
3. In the right panel, locate and delete the entry:
   NeverShowExt = 1
4. In the left panel of the Registry Editor window, double-click the following:
   HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Associations
5. In the right panel, locate and delete the entry:
   ModRiskFileTypes = .exe
6. In the left panel of the Registry Editor window, double-click the following:
   HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Control>StorageDevicePolicies
7. In the right panel, locate and delete the entry:
   WriteProtect = 0
8. In the left panel of the Registry Editor window, double-click the following:
   HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360rpt.exe
9. In the right panel, locate and delete the entry:
   Debugger = ntsd -d
10. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360Safe.exe
11. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
12. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360safebox.exe
13. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
14. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360sd.exe
15. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
16. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360sdrun.exe
17. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
18. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>360tray.exe
19. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
20. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>799d.exe
21. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
22. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>adam.exe
23. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
24. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AgentSvr.exe
25. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
26. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AntiU.exe
27. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
28. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AoYun.exe
29. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
30. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>appdllman.exe
31. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
32. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AppSvc32.exe
33. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
34. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ArSwp.exe
35. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
36. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ArSwp2.exe
37. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
38. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ArSwp3.exe
39. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
40. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AST.exe
41. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
42. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>atpup.exe
43. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
44. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>auto.exe
45. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
46. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AutoRun.exe
47. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
48. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>autoruns.exe
49. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
50. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>av.exe
51. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
52. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AvastU3.exe
53. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
54. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>avconsol.exe
55. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
56. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>avgrssvc.exe
57. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
58. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AvMonitor.exe
59. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
60. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>avp.com
61. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
62. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>avp.exe
63. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
64. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>AvU3Launcher.exe
65. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
66. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>CCenter.exe
67. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
68. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ccSvcHst.exe
69. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
70. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>cross.exe
71. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
72. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Discovery.exe
73. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
74. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>DSMain.exe
75. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
76. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>EGHOST.exe
77. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
78. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>FileDsty.exe
79. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
80. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>filmst.exe
81. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
82. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>FTCleanerShell.exe
83. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
84. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>FYFireWall.exe
85. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
86. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ghost.exe
87. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
88. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>guangd.exe
89. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
90. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>HijackThis.exe
91. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
92. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>IceSword.exe
93. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
94. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>iparmo.exe
95. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
96. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Iparmor.exe
97. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
98. In the left panel of the Registry Editor window, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>irsetup.exe
99. In the right panel, locate and delete the entry:
    Debugger = ntsd -d
100. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>isPwdSvc.exe
101. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
102. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>jisu.exe
103. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
104. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kabaload.exe
105. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
106. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KaScrScn.SCR
107. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
108. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KASMain.exe
109. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
110. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KASTask.exe
111. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
112. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KAV32.exe
113. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
114. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KAVDX.exe
115. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
116. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KAVPF.exe
117. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
118. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KAVPFW.exe
119. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
120. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KAVSetup.exe
121. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
122. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kavstart.exe
123. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
124. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kernelwind32.exe
125. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
126. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KISLnchr.exe
127. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
128. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kissvc.exe
129. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
130. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KMailMon.exe
131. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
132. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KMFilter.exe
133. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
134. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>knsd.exe
135. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
136. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>knsdave.exe
137. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
138. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>knsdtray.exe
139. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
140. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KPFW32.exe
141. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
142. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KPFW32X.exe
143. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
144. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KPfwSvc.exe
145. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
146. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KRegEx.exe
147. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
148. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KRepair.com
149. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
150. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KsLoader.exe
151. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
152. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KSWebShield.exe
153. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
154. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVCenter.kxp
155. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
156. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KvDetect.exe
157. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
158. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KvfwMcl.exe
159. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
160. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVMonXP.kxp
161. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
162. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVMonXP_1.kxp
163. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
164. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kvol.exe
165. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
166. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kvolself.exe
167. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
168. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KvReport.kxp
169. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
170. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVScan.kxp
171. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
172. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVSrvXP.exe
173. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
174. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KVStub.kxp
175. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
176. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kvupload.exe
177. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
178. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kvwsc.exe
179. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
180. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KvXP.kxp
181. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
182. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KvXP_1.kxp
183. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
184. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KWatch.exe
185. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
186. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KWatch9x.exe
187. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
188. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KWatchX.exe
189. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
190. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KWSMain.exe
191. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
192. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>kwstray.exe
193. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
194. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>KWSUpd.exe
195. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
196. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>loaddll.exe
197. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
198. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>logogo.exe
199. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
200. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>MagicSet.exe
201. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
202. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>mcconsol.exe
203. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
204. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>mmqczj.exe
205. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
206. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>mmsk.exe
207. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
208. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Navapsvc.exe
209. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
210. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Navapw32.exe
211. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
212. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>NAVSetup.exe
213. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
214. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>niu.exe
215. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
216. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>nod32.exe
217. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
218. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>nod32krn.exe
219. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
220. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>nod32kui.exe
221. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
222. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>NPFMntor.exe
223. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
224. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>pagefile.exe
225. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
226. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>pagefile.pif
227. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
228. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>pfserver.exe
229. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
230. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>PFW.exe
231. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
232. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>PFWLiveUpdate.exe
233. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
234. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>qheart.exe
235. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
236. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QHSET.exe
237. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
238. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQDoctor.exe
239. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
240. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQDoctorMain.exe
241. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
242. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQDoctorRtp.exe
243. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
244. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQKav.exe
245. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
246. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQPCMgr.exe
247. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
248. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQPCRTP.exe
249. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
250. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQPCSmashFile.exe
251. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
252. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQPCTray.exe
253. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
254. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>QQSC.exe
255. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
256. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>qsetup.exe
257. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
258. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Ras.exe
259. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
260. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Rav.exe
261. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
262. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ravcopy.exe
263. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
264. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RavMon.exe
265. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
266. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RavMonD.exe
267. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
268. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RavStub.exe
269. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
270. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RavTask.exe
271. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
272. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RegClean.exe
273. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
274. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rfwcfg.exe
275. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
276. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rfwmain.exe
277. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
278. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rfwProxy.exe
279. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
280. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rfwsrv.exe
281. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
282. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RsAgent.exe
283. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
284. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Rsaupd.exe
285. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
286. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rsnetsvr.exe
287. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
288. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>RsTray.exe
289. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
290. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>rstrui.exe
291. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
292. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>runiep.exe
293. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
294. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>safeboxTray.exe
295. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
296. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>safelive.exe
297. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
298. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>scan32.exe
299. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
300. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ScanFrm.exe
301. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
302. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>ScanU3.exe
303. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
304. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SDGames.exe
305. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
306. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SelfUpdate.exe
307. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
308. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>servet.exe
309. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
310. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>shcfg32.exe
311. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
312. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SmartUp.exe
313. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
314. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>sos.exe
315. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
316. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SREng.EXE
317. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
318. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SREngPS.EXE
319. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
320. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>stormii.exe
321. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
322. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>sxgame.exe
323. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
324. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>symlcsvc.exe
325. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
326. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>SysSafe.exe
327. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
328. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>tmp.exe
329. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
330. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>TNT.Exe
331. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
332. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>TrojanDetector.exe
333. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
334. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Trojanwall.exe
335. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
336. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>TrojDie.kxp
337. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
338. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>TxoMoU.Exe
339. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
340. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UFO.exe
341. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
342. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UIHost.exe
343. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
344. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UmxAgent.exe
345. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
346. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UmxAttachment.exe
347. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
348. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UmxCfg.exe
349. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
350. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UmxFwHlp.exe
351. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
352. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UmxPol.exe
353. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
354. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>upiea.exe
355. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
356. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>UpLive.exe
357. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
358. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>USBCleaner.exe
359. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
360. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>vsstat.exe
361. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
362. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>wbapp.exe
363. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
364. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>webscanx.exe
365. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
366. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>WoptiClean.exe
367. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
368. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>Wsyscheck.exe
369. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
370. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>XDelBox.exe
371. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
372. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>XP.exe
373. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
374. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>zhudongfangyu.exe
375. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
376. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>zjb.exe
377. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
378. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>zxsweep.exe
379. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
380. In the left panel of the Registry Editor window, double-click the following:
     HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Image File Execution Options>~.exe
381. In the right panel, locate and delete the entry:
     Debugger = ntsd -d
382. Close Registry Editor.

To restore the registry value this malware/grayware modified:

1. Open Registry Editor. Click Start>Run, type REGEDIT in the text box provided, and then press Enter.
2. In the left panel, double-click the following:
   HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advanced
3. In the right panel, locate the registry value:
   ShowSuperHidden = 0
4. Right-click on the value name and choose Modify. Change the value data of this entry to:
   ShowSuperHidden = 1
5. Close Registry Editor.

To delete malware/grayware folders:

1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type:
   
   %System%\nvpcecwxym
   %System%\keegtwmfug
   %System Root%\VSPS
3. In the Look In drop-down list, select My Computer, then press Enter.
4. Once located, select the folder then press SHIFT+DELETE to permanently delete the folder.
5. Repeat the said steps for all folders listed.

To delete malware/grayware component files:

1. Search for the following files:
   
   %System Root%\asvgnmhubw.gif
   %System Root%\bwhhvrtraa.bmp
   %System Root%\moxhpmxuhj.doc
   %System Root%\pipbkpaddf.jpg
   %System Root%\wovpmukple.txt
   %Favorites%\&çÍ·×ÍøÖ·µ¼º½&.url
   %System Root%\Documents and Settings\All Users\Desktop\Intennet Exploner.lnk
   %System Root%\Documents and Settings\All Users\Desktop\¸Ä±äÄãµÄÒ»Éú.url
   %System Root%\Documents and Settings\All Users\Desktop\Ãâ·ÑµçÓ°C.url
   %System Root%\Documents and Settings\All Users\Desktop\ÌÔ±¦¹ºÎïA.url
   
   Note: To do a search for the following files, right-click Start then click Search... or Find..., depending on the version of Windows you are running. For each file to be deleted, type its file name in the Named input box. In the Look In drop-down list, select My Computer, then press Enter.
2. Once located, select the file then press SHIFT+DELETE to permanently delete the file.
3. Repeat the said steps for all files listed.