the second snippet contains some garbage comments, i have seen them many times... they can increase the suspiciousness of the whole file, but the main point is to detect the autoruns regardless their comments... unforunately the format of autorun.inf may be quite variable (conficker e.g. used unicode autoruns padded with lots of binary garbage - these files didn't look like text).. there's also a situation, when someone uses autorun.inf to run autorun.exe (that's pretty common on cd/dvd, but may be fishy on hard drives) - then you're not able to simply judge that's something bad... our priority is to detect the autorunned binaries - when they're cleaned up, then the autorun.inf is sterile..