Thanks, looks like this made quite a difference. For some reason Ewido automatically started upon reboot and caught a couple of new Trojans. Not sure what is installing these new ones. Will reboot again after this post and see what happens. Ewido crashed about 80% through first run so the save log from that unfortunately on shows the remaning 20%.
Logfile of HijackThis v1.99.1
Scan saved at 1:05:58 AM, on 6/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe
O4 - Global Startup: rnkk.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1117663274299O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:43:46 AM, 6/2/2005
+ Report-Checksum: 50493D72
+ Date of database: 6/2/2005
+ Version of scan engine: v3.0
+ Duration: 110 min
+ Scanned Files: 97859
+ Speed: 14.76 Files/Second
+ Infected files: 22
+ Removed files: 22
+ Files put in quarantine: 22
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\WINDOWS\sfita.exe -> Trojan.Favadd.o -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\avicap76.exe -> Spyware.UrlSpy -> Cleaned with backup
C:\WINDOWS\system32\BROWSEUI.exe -> Spyware.UrlSpy -> Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\Cache\HelperInstall.exe -> TrojanDropper.Delf.z -> Cleaned with backup
C:\WINDOWS\system32\Cache\installer.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\system32\Cache\ven_d1.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\system32\ciodm334.exe -> Spyware.UrlSpy -> Cleaned with backup
C:\WINDOWS\system32\eliteaak32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\eliteppo32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\gnbshw.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\ivppik.exe -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\WINDOWS\system32\lanml.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\lpqurity.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\wpaaw.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\Temp\HfJPWbag.exe -> Spyware.WebSearch -> Cleaned with backup
C:\WINDOWS\Temp\hgxvqFH1.exe -> Spyware.WebSearch -> Cleaned with backup
C:\WINDOWS\Temp\O1xT8LBC.exe -> Spyware.WebSearch -> Cleaned with backup
C:\WINDOWS\woinstall.exe -> Spyware.EzuLa -> Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
::Report End