View Single Post

Hey it's me · 03-17-2008, 10:08 PM

This report was too long for one posting. so....

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"avast!"="C:\\PROGRA~1\\Avast4\\ALWILS~1\\ashDisp. exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.ex e"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.ex e"
"SigmatelSysTrayApp"="stsystra.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\sy stem32\WBEM;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SonicCentral REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"

Non-Default IFEO Debugger:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appsvc32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmonitor.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccenter.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\discovery.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filedsty.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ftcleanershell.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmor.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ispwdsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kascrscn.scr
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kasmain.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kastask.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavdx.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpfw.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsetup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kislnchr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmfilter.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32x.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\krepair.com
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ksloader.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvcenter.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfwmcl.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp_1.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvreport.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvsrvxp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvstub.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch9x.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatchx.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsetup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qhset.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmond.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravstub.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtask.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regclean.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsagent.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsaupd.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdgames.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shuiniu.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syssafe.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\systom.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tnt.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojandetector.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojanwall.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\txomou.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufo.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uihost.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxagent.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxattachment.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxcfg.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxfwhlp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxpol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uplive.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe

Non-Default Installed Components:

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

03-17-2008, 10:08 PM	#8 (permalink)
Hey it's me Bronze Member Join Date: Jan 2008 Location: NY, NY Posts: 93	the rest of the SDFix report This report was too long for one posting. so.... Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run] "avast!"="C:\\PROGRA~1\\Avast4\\ALWILS~1\\ashDisp. exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.ex e" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.ex e" "SigmatelSysTrayApp"="stsystra.exe" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS] "Installed"="1" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 4 DISABLED SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatic Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\sy stem32\WBEM;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\ windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP SonicCentral REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\ CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SAFEBOOT_OPTION REG_SZ MINIMAL SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appsvc32.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmonitor.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccenter.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\discovery.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filedsty.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ftcleanershell.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmor.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ispwdsvc.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kascrscn.scr Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kasmain.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kastask.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavdx.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpfw.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsetup.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kislnchr.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmfilter.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32x.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\krepair.com Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ksloader.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvcenter.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfwmcl.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp_1.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvreport.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvsrvxp.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvstub.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch9x.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatchx.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsetup.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qhset.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmond.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravstub.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtask.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regclean.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsagent.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsaupd.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdgames.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shuiniu.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartup.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syssafe.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\systom.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tnt.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojandetector.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojanwall.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\txomou.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufo.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uihost.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxagent.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxattachment.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxcfg.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxfwhlp.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxpol.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uplive.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe Debugger REG_SZ C:\WINDOWS\system32\Flower.exe Non-Default Installed Components: Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice <NO NAME> REG_SZ Service File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished!*