The most common branches to look at into include HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE.
When the virus includes a specific name like blaster.worm or 32heur numerous., you will find processes followed by such name extensions also the weird names. http://Www.rise.Sc-comic.com/doku.php?id=hai_emoval_-_select_f_om_nine_methods
