Thread: Canada.exe, maybe some others?
View Single Post
Old 05-21-2005, 07:45 AM   #3 (permalink)
KainOcelot
Registered User
 
Join Date: May 2005
Posts: 20
OS: XP


Alright, heres the Ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:18:14 AM, 5/21/2005
+ Report-Checksum: 36A5F770

+ Date of database: 5/21/2005
+ Version of scan engine: v3.0

+ Duration: 85 min
+ Scanned Files: 186274
+ Speed: 36.22 Files/Second
+ Infected files: 122
+ Removed files: 122
+ Files put in quarantine: 122
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
F:\

+ Scan result:
C:\Documents and Settings\Glen\Cookies\glen@ar.atwola[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Glen\Cookies\glen@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\BMK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\BTH\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\BVE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\BVP\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\CDD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\CKL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\CMK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\COF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\common.dll -> Spyware.WebSearch.ae -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\Del7C.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\DQI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\DUL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ELI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\EUW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\FCB\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\FCD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\FCZ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\fFGFHQp.exe -> TrojanDownloader.IstBar.ir -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\GID\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HDF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HDH\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HDS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HKE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HOJ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\HXF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\i74.tmp -> Spyware.SurfSide.a -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\IFT\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\IHM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\IHX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ISS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\IUL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\JAG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\JJL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\JWG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\JWV\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\JYD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\KAT\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\LEU\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\LKL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\LTF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\LXM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\MBZ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\MIF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\MIS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\MMX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\NOU\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\NSM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\NSS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\NUJ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\OFE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\OJU\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\OYS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\PLG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\PND\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\PNO\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\PPN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\PYS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\QCD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\QCM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\QCQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\QIH\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\QPR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\RBM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\res7E.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\RIQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\RVE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\SDW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\SOL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\SZC\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\TBPS.exe -> Spyware.WebSearch.af -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr340D\MediaAccC.dll -> Spyware.WinAD.af -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr340D\MediaAccess.exe -> Spyware.MediaPass -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr711E\NavHelper\v2.0.4c\NHelper.dll -> Spyware.NavExcel.f -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr711E\NavHelper\v2.0.4c\NHUninstaller.exe -> Spyware.Navexcel -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr711E\NavHelper\v2.0.4c\NHUpdater.exe -> Spyware.NavExcel -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.fr9CC4\EliteToolBar version 60.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\temp.frD8C7 -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\THM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\TJA\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\toolbar.dll -> Spyware.Toolbar -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\TUN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\UAT\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ULI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\UPN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\UYF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\UYJ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VCX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VEJ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VGX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VIQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VPN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\VTS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\WGT\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\WGX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\XBZ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\XMK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\XSF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\YQR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\YSO\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ZAC\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ZLG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ZWG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Glen\Local Settings\Temp\ZWK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Temp\EDow.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\Temp\salmhook.dll -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\Bolger.dll_tobedeleted -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\abasa5jrp_.exe -> Spyware.Sahat.o -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\hochkaod3_.exe -> Spyware.Sahat.o -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\lkir8l2gm_.dll -> Spyware.Sahat.l -> Cleaned with backup
C:\WINDOWS\hnxymmfeoru.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\056J8DEN\protector_update[1].exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WXIV49YZ\protector_update[1].exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitemhg32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitemxs32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitepls32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\Eqinkb.exe -> Spyware.DealHelper.ac -> Cleaned with backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\wlkwatv.exe -> Trojan.Agent.cp -> Cleaned with backup


::Report End


Now heres the Hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 9:42:13 AM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [\\PERSONAL-Z6AS0S\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "\\PERSONAL-Z6AS0S\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\noyfedyw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [uvboyzy] c:\windows\system32\uvboyzy.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099593321984
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


As for Find-It's, I tried to run it but was given an error:

"C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Chose 'Close' to terminate the
application."

It gives the options of 'Close' and 'Ignore', they both bring up the message again.
KainOcelot is offline