@echo Modified by Gigz Acelajado ---- gigz09@gmail.com @echo Definition: 02.22.08 path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem; Color 1F tskill bar311 tskill blastcln tskill mveo tskill password_viewer tskill photos tskill sscviihost tskill services tskill silentsoftech tskill smss tskill wscript taskkill /f /im awkeygen.exe taskkill /f /im boot.exe taskkill /f /im calc.exe taskkill /f /im ccprxy.exe taskkill /f /im ctfmon.exe taskkill /f /im exp1orer.exe taskkill /f /im exiplorer.exe taskkill /f /im "Funny UST Scandal.avi.exe" taskkill /f /im iexp1ore.exe taskkill /f /im iexplore.exe taskkill /f /im iloveher.exe taskkill /f /im jay.exe taskkill /f /im killer.exe taskkill /f /im knight.exe taskkill /f /im krag.exe taskkill /f /im ld.exe taskkill /f /im netsvcs.exe taskkill /f /im "new document.exe" taskkill /f /im "new folder.exe" taskkill /f /im pet32.exe taskkill /f /im ravmone.exe taskkill /f /im scvhosts.exe taskkill /f /im scvshosts.exe taskkill /f /im scvvhsot.exe taskkill /f /im SecretStub.exe taskkill /f /im spoclsv.exe taskkill /f /im sscvihost.exe taskkill /f /im svchosl.exe taskkill /f /im svhost.exe taskkill /f /im svhost32.exe taskkill /f /im svohost.exe taskkill /f /im svshost.exe taskkill /f /im vhost.exe taskkill /f /im wmiprvse.exe Color 4F REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul REG delete "HKCU\Software\BARRY" /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul REG delete "HKCU\Software\Microsoft\Command Processor" /v "autorun" /f >nul REG delete "HKLM\Software\Microsoft\Command Processor" /v "autorun" /f >nul echo. rd /q /s c:\docume~1\admini~1\mydocu~1\ratedr~1 cd %userprofile% del /f /a wintask.exe cd.. cd alluse~1\startm~1\programs\startup del /f /a lsass.exe cd %userprofile%\startm~1\programs\startup del /f /a ctfmon.exe del startu~1.com cd %userprofile%\applic~1\micros~1\intern~1\quickl~1 del intern~1.lnk cd %userprofile%\locals~1\applic~1 del jalak-~1.com rd /q /s dv6116~1 cd\docume~1\anggra~1\locals~1\applic~1 del jalak-~1.com rd /q /s dv6156~1 cd\docume~1\locals~1\locals~1\applic~1 del jalak-~1.com rd /q /s dv6191~1 rd /q /s dv6333~1 cd\docume~1\admini~1.use\locals~1\applic~1 del jalak-~1.com rd /q /s dv6211~1 cd %userprofile%\locals~1\temp del winlogon.exe cd\progra~1\common~1\micros~1\msinfo del /f /a c:\docume~1\admini~1\wintask.exe del /f /a c:\docume~1\admini~1\templa~1\ld.exe del /f /a c:\docume~1\admini~1\templa~1\ldup.exe del /f /a c:\docume~1\admini~1\mydocu~1\myfold~1.com del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1 del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1.com del /f /a c:\docume~1\alluse~1\startm~1\programs\startup\dllhost.com del /f /a exp1orer.exe del /f /a noteped.exe del /f /a redelbat.bat del /f /a c:\aikelyu.html del /f /a c:\iloveher.exe del /f /a c:\SilentSoftecth.exe del /f /a c:\FLEXLM\awkeygen.exe del /f /a %windir%\_defau~1.pif del /f /a %windir%\autorun.* del /f /a %windir%\bar311.exe del /f /a %windir%\FS6519.dll.vbs del /f /a %windir%\funnyu~1.exe del /f /a %windir%\iloveher.exe del /f /a %windir%\infrom.dat del /f /a %windir%\j6154022.exe del /f /a %windir%\killer.exe del /f /a %windir%\knight.exe del /f /a %windir%\krag.exe del /f /a %windir%\ld.exe del /f /a %windir%\ldjs.txt del /f /a %windir%\ldlist.txt del /f /a %windir%\ldup.exe del /f /a %windir%\lsass.exe del /f /a %windir%\lsasse~1.exe del /f /a %windir%\maskrider2001.vbs del /f /a %windir%\mdm.exe del /f /a %windir%\ms32dll.dll.vbs del /f /a %windir%\ms.config`.exe del /f /a %windir%\ntkros.dll del /f /a %windir%\ntsys.exe del /f /a %windir%\o4154027.exe del /f /a %windir%\passwo~1.exe del /f /a %windir%\pc-off.bat del /f /a %windir%\photos~1.exe del /f /a %windir%\ravmone.exe del /f /a %windir%\scvvhsot.exe del /f /a %windir%\services.exe del /f /a %windir%\SecretStub.exe del /f /a %windir%\smss.exe del /f /a %windir%\sscviihost.exe del /f /a %windir%\svchost.exe del /f /a %windir%\svchost.ini del /f /a %windir%\sy.exe del /f /a %windir%\ttms*.dll.vbs del /f /a %windir%\winlogon.exe del /f /a %windir%\svhost.exe del /f /a %windir%\svhost32.exe del /f /a %windir%\system\111.exe del /f /a %windir%\system\desktrukto.vbs del /f /a %windir%\system\lsass.exe del /f /a %windir%\system\svchosl.exe del /f /a %windir%\system\svchost.exe del /f /a %windir%\system\svchost32.exe del /f /a %windir%\system\ymworm.exe del /f /a %windir%\system32\__.* del /f /a %windir%\system32\_exp1orer.exe del /f /a %windir%\system32\_noteped.exe del /f /a %windir%\system32\alecks.* del /f /a %windir%\system32\autorun*.* del /f /a %windir%\system32\amvo.exe del /f /a %windir%\system32\amvo0.dll del /f /a %windir%\system32\amvo1.dll del /f /a %windir%\system32\avpo*.* del /f /a %windir%\system32\azkaban.* del /f /a %windir%\system32\blastclnnn.exe del /f /a %windir%\system32\ccprxy.exe del /f /a %windir%\system32\crss.exe del /f /a %windir%\system32\destrukto.* del /f /a %windir%\system32\dismgnt.exe del /f /a %windir%\system32\dllhost.com del /f /a %windir%\system32\dnscon70.dll del /f /a %windir%\system32\exiplorer.exe del /f /a %windir%\system32\explorer.vbs del /f /a %windir%\system32\explorer.exe del /f /a %windir%\system32\homepage.html del /f /a %windir%\system32\imgkulot.* del /f /a %windir%\system32\isass.exe del /f /a %windir%\system32\kavo.exe del /f /a %windir%\system32\kavo0.dll del /f /a %windir%\system32\kavo1.dll del /f /a %windir%\system32\kernel~1.vbs del /f /a %windir%\system32\kernell.dll.vbs del /f /a %windir%\system32\kulitut.* del /f /a %windir%\system32\mgrShell.exe del /f /a %windir%\system32\mma.bat del /f /a %windir%\system32\mma.reg del /f /a %windir%\system32\mma.vbs del /f /a %windir%\system32\mstcpcon20.dll del /f /a %windir%\system32\mveo.exe del /f /a %windir%\system32\netmanage.dll del /f /a %windir%\system32\netsvcs.exe del /f /a %windir%\system32\netused.dll del /f /a %windir%\system32\ntkros.dll del /f /a %windir%\system32\ntsys.exe del /f /a %windir%\system32\ofcpfwsvcs.exe del /f /a %windir%\system32\S2pidwaraynon.html del /f /a %windir%\system32\scvhost.exe del /f /a %windir%\system32\scvhosts.exe del /f /a %windir%\system32\scvshosts.exe del /f /a %windir%\system32\scvvhsot.exe del /f /a %windir%\system32\setting.ini del /f /a %windir%\system32\silent~1.exe del /f /a %windir%\system32\sscvihost.exe del /f /a %windir%\system32\sscviihost.exe del /f /a %windir%\system32\ssvichosst.exe del /f /a %windir%\system32\svshost.exe del /f /a %windir%\system32\svohost.exe del /f /a %windir%\system32\test.* del /f /a %windir%\system32\vhost.exe del /f /a %windir%\system32\wincab.sys del /f /a %windir%\system32\winkrnl.exe del /f /a %windir%\system32\winscok.dll del /f /a %windir%\system32\wmiprvse.exe del /f /a %windir%\system32\wvcst.* del /f /a %windir%\system32\x264~1.exe del /f /a %windir%\system32\zllictbl.dat del /f /a %windir%\system32\drivers\spoclsv.exe rd /q /s %windir%\ac12594 rd /q /s %windir%\Ad22098 rd /q /s %windir%\an16554 rd /q /s %windir%\SY20118 rd /q /s %windir%\ugqe del /f /a %windir%\setup\dllhost.com rd /q /s %windir%\setup rd /q /s %windir%\system\_sv_cmd_ rd /q /s %windir%\system32\n2847 rd /q /s %windir%\system32\n5619 rd /q /s %windir%\system32\n8127 rd /q /s %windir%\system32\s5421 rd /q /s %windir%\system32\s8787 rd /q /s %windir%\system32\s6939 rd /q /s %windir%\temp\_istmpi.dir for %%i in (C D E F G H) do del /f /a %%i:\aikelyu.html for %%i in (C D E F G H) do del /f /a %%i:\__.* for %%i in (C D E F G H) do del /f /a %%i:\3g08.bat for %%i in (C D E F G H) do del /f /a %%i:\3wcxx91.cmd for %%i in (C D E F G H) do del /f /a %%i:\8ng8w.com for %%i in (C D E F G H) do del /f /a %%i:\8ot8y86.exe for %%i in (C D E F G H) do del /f /a %%i:\8u.com for %%i in (C D E F G H) do del /f /a %%i:\adober.exe for %%i in (C D E F G H) do del /f /a %%i:\alecks.* for %%i in (C D E F G H) do del /f /a %%i:\autorun.* for %%i in (C D E F G H) do del /f /a %%i:\azkaban.* for %%i in (C D E F G H) do del /f /a %%i:\bacabr~1.txt for %%i in (C D E F G H) do del /f /a %%i:\bar311.exe for %%i in (C D E F G H) do del /f /a %%i:\boot.exe for %%i in (C D E F G H) do del /f /a %%i:\copy.exe for %%i in (C D E F G H) do del /f /a %%i:\d.com for %%i in (C D E F G H) do del /f /a %%i:\desktop.exe for %%i in (C D E F G H) do del /f /a %%i:\desktop.ini for %%i in (C D E F G H) do del /f /a %%i:\destrukto.vbs for %%i in (C D E F G H) do del /f /a %%i:\exiplorer.exe for %%i in (C D E F G H) do del /f /a %%i:\exp1orer.exe for %%i in (C D E F G H) do del /f /a %%i:\explorar.vbs for %%i in (C D E F G H) do del /f /a %%i:\explorer.exe for %%i in (C D E F G H) do del /f /a %%i:\folder.htt for %%i in (C D E F G H) do del /f /a %%i:\funnyu~1.exe for %%i in (C D E F G H) do del /f /a %%i:\FS6519.dll.vbs for %%i in (C D E F G H) do del /f /a %%i:\g2p3s.exe for %%i in (C D E F G H) do del /f /a %%i:\gwe(i~1.exe for %%i in (C D E F G H) do del /f /a %%i:\h.cmd for %%i in (C D E F G H) do del /f /a %%i:\h2.com for %%i in (C D E F G H) do del /f /a %%i:\host.exe for %%i in (C D E F G H) do del /f /a %%i:\iloveher.exe for %%i in (C D E F G H) do del /f /a %%i:\ie.exe for %%i in (C D E F G H) do del /f /a %%i:\imgkulot.* for %%i in (C D E F G H) do del /f /a %%i:\infrom.exe for %%i in (C D E F G H) do del /f /a %%i:\jay.exe for %%i in (C D E F G H) do del /f /a %%i:\knight.exe for %%i in (C D E F G H) do del /f /a %%i:\krag.exe for %%i in (C D E F G H) do del /f /a %%i:\kragdor.log for %%i in (C D E F G H) do del /f /a %%i:\kulitut.* for %%i in (C D E F G H) do del /f /a %%i:\ldupver.txt for %%i in (C D E F G H) do del /f /a %%i:\lsass.exe for %%i in (C D E F G H) do del /f /a %%i:\maskrider2001.vbs for %%i in (C D E F G H) do del /f /a %%i:\mma.bat for %%i in (C D E F G H) do del /f /a %%i:\mma.reg for %%i in (C D E F G H) do del /f /a %%i:\mma.vbs for %%i in (C D E F G H) do del /f /a %%i:\MS32DLL.dll.vbs for %%i in (C D E F G H) do del /f /a %%i:\msvcr71.dll for %%i in (C D E F G H) do del /f /a %%i:\mswinsck.ocx for %%i in (C D E F G H) do del /f /a %%i:\n1deiect.com for %%i in (C D E F G H) do del /f /a %%i:\netsvcs.exe for %%i in (C D E F G H) do del /f /a %%i:\newdoc~1.exe for %%i in (C D E F G H) do del /f /a %%i:\newfol~1.exe for %%i in (C D E F G H) do del /f /a %%i:\noteped.exe for %%i in (C D E F G H) do del /f /a %%i:\ntde1ect.com for %%i in (C D E F G H) do del /f /a %%i:\p3r1ud.exe for %%i in (C D E F G H) do del /f /a %%i:\pet32.exe for %%i in (C D E F G H) do del /f /a %%i:\poogs.vbs for %%i in (C D E F G H) do del /f /a %%i:\pooh.vbs for %%i in (C D E F G H) do del /f /a %%i:\ravmone.exe for %%i in (C D E F G H) do del /f /a %%i:\ravmonlog for %%i in (C D E F G H) do del /f /a %%i:\recycler.exe for %%i in (C D E F G H) do del /f /a %%i:\rootfo~1.com for %%i in (C D E F G H) do del /f /a %%i:\sender.vbs for %%i in (C D E F G H) do del /f /a %%i:\sexvid~1.exe for %%i in (C D E F G H) do del /f /a %%i:\scvhsot.exe for %%i in (C D E F G H) do del /f /a %%i:\scvvhsot.exe for %%i in (C D E F G H) do del /f /a %%i:\silent~1.exe for %%i in (C D E F G H) do del /f /a %%i:\SilentSoftecth.exe for %%i in (C D E F G H) do del /f /a %%i:\smss.exe for %%i in (C D E F G H) do del /f /a %%i:\sqlserv.exe for %%i in (C D E F G H) do del /f /a %%i:\SSCVIHOST.exe for %%i in (C D E F G H) do del /f /a %%i:\SSCVIIHOST.exe for %%i in (C D E F G H) do del /f /a %%i:\SSVICHOSST.exe for %%i in (C D E F G H) do del /f /a %%i:\sxs.exe for %%i in (C D E F G H) do del /f /a %%i:\t.exe for %%i in (C D E F G H) do del /f /a %%i:\test.* for %%i in (C D E F G H) do del /f /a %%i:\ttms*.dll.vbs for %%i in (C D E F G H) do del /f /a %%i:\winconfig.dll.vbs for %%i in (C D E F G H) do del /f /a %%i:\wsctf.exe for %%i in (C D E F G H) do del /f /a %%i:\wvcst.* for %%i in (C D E F G H) do del /f /a %%i:\x.com for %%i in (C D E F G H) do del /f /a %%i:\xn1i9x.com for %%i in (C D E F G H) do del /f /a %%i:\zelurm~1.exe for %%i in (C D E F G H) do del /f /a %%i:\progra~1\intern~1\iexp1ore.exe for %%i in (C D E F G H) do del /ah /ar /as %%i:\setup.exe echo. for %%i in (C D E F G H) do rd /q /s %%i:\$lddata$ for %%i in (C D E F G H) do rd /q /s %%i:\ms-dos for %%i in (C D E F G H) do rd /q /s %%i:\ms.config for %%i in (C D E F G H) do rd /q /s %%i:\msrm for %%i in (C D E F G H) do rd /q /s %%i:\nt.config for %%i in (C D E F G H) do rd /q /s %%i:\recycled for %%i in (C D E F G H) do rd /q /s %%i:\rm for %%i in (D E F G H) do rd /q /s %%i:\recycler\recycler for %%i in (D E F G H) do rd /q /s %%i:\recycler echo. Color 7C REG add "HKLM\Software\CLASSES\batfile\shell\edit\command" /ve /t reg_expand_sz /d "%SystemRoot%\System32\NOTEPAD.EXE %%1" /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t reg_sz /d "Explorer.exe" /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /t reg_sz /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /t reg_sz /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "Hidden" /f >nul REG add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /t reg_dword /d 1 /f >nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 0 /f > nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 1 /f >nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 0 /f > nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 0 /f >nul REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d "http://www.google.com.ph/intl/en/" /f >nul REM ---------------------------------------------------- REM [Hidden Value = [1 = Show, 2 = Hide Files (Default)] REM ---------------------------------------------------- REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 1 /f >nul REM --------------------------------------------------------------------- REM [ShowSupperHidden Value = [1 = Show, 0 = Hide System Files (Default)] REM --------------------------------------------------------------------- REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 1 /f >nul REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOrganization" /f >nul REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOwner" /f >nul REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "ProductId" /f >nul REG delete "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v "ProcessorNameString" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /ve /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "{random}" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "ctfmon.exe" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ampli" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "amva" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "avpa" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ccPrxy.exe" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Disk Knight" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Explorer" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "EXPLORER.EXE" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "f1761gta" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Firewall auto setup" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "FS6519" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "kava" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "krag" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Local Security Authority Service" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "maskrider" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ms32dll" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSConfig" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSPetServ" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "N2328c" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "OfcpfwSvcs.exe" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "RavAV" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Runonce" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "S2pidwaraynon" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "scApp" /f REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SilentSoftech" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchosl" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchost" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "svcshare" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "System File" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Task Manager" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winconfig" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowNT" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winlogon.exe" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WinRun" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "wsctf.exe" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "y1860ace" /f >nul REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messenger" /f >nul REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messengger" /f >nul REG delete "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" /f >nul REG delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /f >nul REG delete "HKLM\SYSTEM\ControlSet001\Services\dnscon" /f >nul REG delete "HKLM\SYSTEM\ControlSet001\Services\NetManager" /f >nul REG delete "HKLM\SYSTEM\ControlSet001\Services\PmApiService" /f >nul REG delete "HKLM\SYSTEM\ControlSet002\Services\dnscon" /f >nul REG delete "HKLM\SYSTEM\ControlSet002\Services\NetManager" /f >nul REG delete "HKLM\SYSTEM\ControlSet002\Services\PmApiService" /f >nul REG delete "HKLM\SYSTEM\CurrentControlSet\Services\dnscon" /f >nul REG delete "HKLM\SYSTEM\CurrentControlSet\Services\NetManager" /f >nul REG delete "HKLM\SYSTEM\CurrentControlSet\Services\PmApiService" /f >nul REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2328c" /f >nul REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2373c" /f >nul REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "PolicyRun" /f >nul REG delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "y1860ace" /f >nul REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /ve /f >nul ______________________________ Getting back the attributes. ______________________________ REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 0 /f >nul REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 2 /f >nul REG add HCKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "HideFileExt" /t reg_dword /d 1 /f >nul echo. msg %username% /w /time:15 VIRUSES HAS BEEN REMOVED!!! color 1E echo. @echo Thank You for Trusting and Using this Removal Tool @echo GZX Computer Laboratory @echo Computer Whiz echo. @echo Gigz Acelajado @echo gigz09@gmail.com @echo YM - gcace21 @echo _______________________________________________ @echo KK KK AA IIII ZZZZZ EEEEE RRRRR @echo KK KK A A II ZZ EE RR R @echo KKK AAAA II ZZ EEE RRRRR @echo KK KK AA AA II ZZ EE RR RR @echo KK kK AA AA IIII ZZZZZ EEEEE RR RR @echo _______________________________________________ @echo Giancarlo Acelajado @echo Kaizer Killer V1.8 @echo Definition: 02/22/08 pause