– Scheduled Tasks -------------------------------------------------------------
2008-05-18 22:09:00 282 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-16 17:15:00 424 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job
2008-04-28 17:00:00 276 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-03-19 10:32:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-28 23:09:36 404 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-01-09 18:00:07 350 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2005-10-28 11:58:00 284 --a------ C:\WINDOWS\Tasks\Connexion facile à Internet.job
– Files created between 2008-04-24 and 2008-05-24 -----------------------------
2008-05-24 12:22:15 0 d-------- C:\WINDOWS\LastGood
2008-05-24 12:22:12 0 d-------- C:\Program Files\Secunia
2008-05-24 04:15:14 0 d-------- C:\Program Files\IObit
2008-05-24 03:44:44 0 d-------- C:\Program Files\Trend Micro
2008-05-23 20:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-23 20:56:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-23 20:56:47 0 d-------- C:\Documents and Settings\Steve Paper\Application Data\SUPERAntiSpyware.com
2008-05-19 12:52:42 1577 --ahs---- C:\WINDOWS\system32\RYbbcMoq.ini2
2008-05-19 00:23:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter’s Productions; Bugs!>
– Find3M Report ---------------------------------------------------------------
2008-05-24 13:36:16 0 d-------- C:\Program Files\Java
2008-05-24 13:32:48 0 d-------- C:\Program Files\Uniblue
2008-05-24 13:32:26 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-24 12:52:42 0 d-------- C:\Program Files\QuickTime
2008-05-24 04:26:55 0 d-------- C:\Documents and Settings\Steve Paper\Application Data\Uniblue
2008-05-22 10:34:25 0 d-------- C:\Program Files\Fichiers communs
2008-05-21 21:02:19 0 d-------- C:\Program Files\uTorrent
2008-05-21 21:01:57 0 d-------- C:\Documents and Settings\Steve Paper\Application Data\uTorrent
2008-05-20 17:20:27 0 d-------- C:\Program Files\PCPitstop
2008-04-18 21:33:02 0 d-------- C:\Documents and Settings\Steve Paper\Application Data\dvdcss
2008-04-10 12:58:30 448340 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-10 12:58:30 64894 --a------ C:\WINDOWS\system32\perfc00C.dat
– Registry Dump ---------------------------------------------------------------
Note empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}”= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-11-27 16:14 266240]
[-HKEY_CLASSES_ROOT\CLSID{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-17 02:11]
“Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [2005-02-17 14:01]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-15 19:19]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-03-28 23:37]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe”
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-02-02 08:11]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-05-13 12:43]
“eabconfg.cpl”=“C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe” [2004-12-03 16:24]
“hpWirelessAssistant”=“C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2005-04-11 18:21]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-02-02 08:12]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-03-22 21:05]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-15 19:19]
C:\Documents and Settings\Steve Paper\Mes documents\Menu D‚marrer\Programmes\D‚marrage
Secunia PSI (RC2).lnk - C:\Program Files\Secunia\PSI (RC2)\psi.exe [2008-05-21 10:36:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“LinkResolveIgnoreLinkInfo”=0 (0x0)
“NoResolveSearch”=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“LinkResolveIgnoreLinkInfo”=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Authentication Packages”= msv1_0 C:\WINDOWS\system32\qoMcbbYR
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkR31.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dlS63.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipW54.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqW63.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mtB17.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muC41.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwE64.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ryG74.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime
“LSBWatcher”=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
Newly Created Service - PSI
What’s the difference between Deckard’s System Scanner and HijackThis ? It’s more deep, I can tell, but it looks like if it is working with HijackThis…