Here is a log from HijackThis run after the last Ewido scan.
Whoa, when I try to run HijackThis, it keeps closing, and only works after I change the name to JijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 11:49:19 AM, on 10/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\rasautou.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\libsys32.exe
C:\Download\hijackthis\JijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E865A9E-F7A6-4D68-8862-73F80D57B039}: NameServer = 209.63.0.6 207.173.86.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Here is services.msc list of started services,(m) for manual: Application Layer Gateway Service(m), CA ISafe, Com+ Event System(m), COmputer Browser, Cryptographic Services, DHCP Client, Distributed Link Tracking CLient, DNS CLient, Event Log, Ewido Security Suite, Fast USer Swithcing(m), Help and Support, ICF/ICS, IPSec Services, LEXBCE, Logical Disk Manager, NT Login Service, Network Connections(m), NLA(m), Plug and Play, Portable Media Serial Number, Print Spooler, Protected Storage, Remote Access Connection Manager(m), Remote Access Auto Conection Manager(m), RPC Secondary Logon, Security Accounts Manager, Server, Shell Hardware Detection, SSDP Discovery(m), System Event Notification, System Restore, Task Scheduler, TCP/IP NetBIOS, Telephony(m), Terminal Services(m), Themes, TrueVector, Upload Manager, WebClient, Windows Audio, WIA, WMI, Windows Time, Wireless Zero Cnfiguration, Workstation
----------------
Finally, here are some entries from the ZoneAlarm logfile.
ZoneAlarm Logging Client v5.5.062.004
Windows XP-5.1.2600--SP
type,date,time,source,destination,transport (security)
type,date,time,virus name,file name,mode,e-mail id (antivirus)
type,date,time,source,destination,action,service (IM security)
PE,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:5000,N/A
PE,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services,192.168.2.17:0,N/A
ACCESS,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services was unable to obtain permission for connecting to the Internet (192.168.2.17); access was denied.,N/A,N/A
PE,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services,192.168.2.17:0,N/A
PE,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services,169.254.78.171:0,N/A
ACCESS,2005/09/30,19:43:02 -5:00 GMT,Generic Host Process for Win32 Services was unable to obtain permission for connecting to the Internet (169.254.78.171); access was denied.,N/A,N/A
PE,2005/09/30,19:43:08 -5:00 GMT,taskcntr.exe,0.0.0.0:53,N/A
ACCESS,2005/09/30,19:43:08 -5:00 GMT,taskcntr.exe was unable to obtain permission for connecting to the Internet; access was denied.,N/A,N/A
PE,2005/09/30,19:43:08 -5:00 GMT,taskcntr.exe,0.0.0.0:53,N/A
PE,2005/09/30,19:43:16 -5:00 GMT,taskcntr.exe,0.0.0.0:53,N/A
ACCESS,2005/09/30,19:43:16 -5:00 GMT,taskcntr.exe was unable to obtain permission for connecting to the Internet; access was denied.,N/A,N/A
ACCESS,2005/09/30,19:44:52 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (239.255.255.250:Port 1900).,N/A,N/A
ACCESS,2005/09/30,19:44:52 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (127.0.0.1:Port 3009).,N/A,N/A
ACCESS,2005/09/30,19:44:52 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (255.255.255.255:DHCP).,N/A,N/A
FWROUTE,2005/09/30,19:44:52 -5:00 GMT,67.136.146.26:3010,209.63.0.6:53,UDP
PE,2005/09/30,19:44:54 -5:00 GMT,Generic Host Process for Win32 Services,209.63.0.6:53,N/A
ACCESS,2005/09/30,19:44:56 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from sending data to the Internet (239.255.255.250:Port 1900).,N/A,N/A
ACCESS,2005/09/30,19:44:56 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (192.168.2.17).,N/A,N/A
ACCESS,2005/09/30,19:44:56 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (169.254.78.171).,N/A,N/A
ACCESS,2005/09/30,19:44:56 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (209.63.0.6:DNS).,N/A,N/A
ACCESS,2005/09/30,19:44:58 -5:00 GMT,taskcntr.exe was temporarily blocked from connecting to the Internet (207.173.86.6:DNS).,N/A,N/A
ACCESS,2005/09/30,19:45:02 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (127.0.0.1:Port 3012).,N/A,N/A
ACCESS,2005/09/30,19:45:02 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (127.0.0.1:Port 3013).,N/A,N/A
ACCESS,2005/09/30,19:47:02 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (255.255.255.255:DHCP).,N/A,N/A
FWIN,2005/09/30,19:51:26 -5:00 GMT,67.136.142.46:4751,67.136.146.2:445,TCP (flags:S)
FWIN,2005/09/30,20:00:44 -5:00 GMT,67.104.118.67:1546,67.136.146.2:445,TCP (flags:S)
FWIN,2005/09/30,20:04:34 -5:00 GMT,68.192.226.83:5431,67.136.146.2:1026,UDP
FWIN,2005/09/30,20:04:36 -5:00 GMT,200.115.206.175:1036,67.136.146.2:137,UDP
FWIN,2005/09/30,20:09:30 -5:00 GMT,221.208.208.15:34015,67.136.146.2:1026,UDP
FWOUT,2005/09/30,20:12:26 -5:00 GMT,67.136.146.2:3014,207.173.86.6:53,UDP
PE,2005/09/30,20:12:30 -5:00 GMT,Generic Host Process for Win32 Services,209.63.0.6:53,N/A
ACCESS,2005/09/30,20:12:34 -5:00 GMT,,N/A,N/A
ACCESS,2005/09/30,20:12:34 -5:00 GMT,,N/A,N/A
ACCESS,2005/09/30,20:12:34 -5:00 GMT,,N/A,N/A
ACCESS,2005/09/30,20:12:34 -5:00 GMT,,N/A,N/A
FWIN,2005/09/30,20:13:40 -5:00 GMT,199.181.135.4:12927,67.136.146.2:33436,UDP
FWIN,2005/09/30,20:14:52 -5:00 GMT,67.136.140.147:4209,67.136.146.2:135,TCP (flags:S)
FWIN,2005/09/30,20:17:06 -5:00 GMT,67.136.154.177:2532,67.136.146.2:135,TCP (flags:S)
FWIN,2005/09/30,20:17:22 -5:00 GMT,66.151.125.26:11892,67.136.146.2:33440,UDP
FWIN,2005/09/30,20:21:14 -5:00 GMT,68.195.71.211:18178,67.136.146.2:1026,UDP
FWIN,2005/09/30,20:23:46 -5:00 GMT,67.136.149.168:3366,67.136.146.2:1433,TCP (flags:S)
FWIN,2005/09/30,20:26:46 -5:00 GMT,70.84.34.202:32777,67.136.146.2:1026,UDP
FWIN,2005/09/30,20:27:28 -5:00 GMT,67.81.172.134:4795,67.136.146.2:2745,TCP (flags:S)
FWIN,2005/09/30,20:28:34 -5:00 GMT,219.133.174.214:0,67.136.146.2:0,ICMP (type:8/subtype:0)
PE,2005/09/30,20:28:50 -5:00 GMT,Internet Explorer,127.0.0.1:3254,N/A
FWIN,2005/09/30,20:34:28 -5:00 GMT,12.110.182.136:20085,67.136.146.2:1026,UDP
FWIN,2005/09/30,20:34:52 -5:00 GMT,67.136.150.51:4440,67.136.146.2:1433,TCP (flags:S)
FWIN,2005/09/30,20:37:50 -5:00 GMT,68.191.131.105:16959,67.136.146.2:1026,UDP
FWIN,2005/09/30,20:38:26 -5:00 GMT,67.136.142.46:3168,67.136.146.2:445,TCP (flags:S)
FWIN,2005/09/30,20:43:00 -5:00 GMT,60.18.168.105:4050,67.136.146.2:1434,UDP
FWIN,2005/09/30,20:48:48 -5:00 GMT,70.85.177.90:35682,67.136.146.2:1026,UDP
FWIN,2005/09/30,21:02:24 -5:00 GMT,67.136.149.91:4656,67.136.146.2:445,TCP (flags:S)
FWROUTE,2005/09/30,21:05:58 -5:00 GMT,67.136.146.15:3008,209.63.0.6:53,UDP
PE,2005/10/01,10:16:50 -5:00 GMT,Generic Host Process for Win32 Services,239.255.255.250:1900,N/A
PE,2005/10/01,11:13:02 -5:00 GMT,libsys32.exe,0.0.0.0:53,N/A
PE,2005/10/01,11:13:02 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:5000,N/A
PE,2005/10/01,11:13:02 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:135,N/A
PE,2005/10/01,11:13:02 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:1025,N/A
PE,2005/10/01,11:15:40 -5:00 GMT,Generic Host Process for Win32 Services,0.0.0.0:53,N/A
FWROUTE,2005/10/01,11:15:44 -5:00 GMT,67.136.142.107:4391,67.136.146.9:445,TCP (flags:S)
ACCESS,2005/10/01,11:15:46 -5:00 GMT,libsys32.exe was temporarily blocked from connecting to the Internet (209.63.0.6:DNS).,N/A,N/A
PE,2005/10/01,11:15:50 -5:00 GMT,Generic Host Process for Win32 Services,209.63.0.6:53,N/A
PE,2005/10/01,11:17:10 -5:00 GMT,security suite,209.63.0.6:53,N/A
PE,2005/10/01,11:17:14 -5:00 GMT,Generic Host Process for Win32 Services,209.63.0.6:53,N/A
FWIN,2005/10/01,11:21:06 -5:00 GMT,67.124.190.49:3187,67.136.146.9:445,TCP (flags:S)
FWIN,2005/10/01,11:21:32 -5:00 GMT,87.123.102.58:2358,67.136.146.9:445,TCP (flags:S)
FWIN,2005/10/01,11:29:04 -5:00 GMT,67.136.141.105:4522,67.136.146.9:445,TCP (flags:S)
PE,2005/10/01,11:32:14 -5:00 GMT,Generic Host Process for Win32 Services,209.63.0.6:53,N/A
PE,2005/10/01,11:32:14 -5:00 GMT,libsys32.exe,0.0.0.0:10051,N/A
ACCESS,2005/10/01,11:32:20 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (67.136.146.9).,N/A,N/A
PE,2005/10/01,11:32:26 -5:00 GMT,libsys32.exe,209.63.0.6:53,N/A
FWIN,2005/10/01,11:34:20 -5:00 GMT,67.136.154.250:4118,67.136.146.9:135,TCP (flags:S)
FWIN,2005/10/01,11:42:14 -5:00 GMT,67.136.154.129:2971,67.136.146.9:135,TCP (flags:S)
FWIN,2005/10/01,11:44:16 -5:00 GMT,67.136.151.21:2932,67.136.146.9:445,TCP (flags:S)
FWIN,2005/10/01,11:45:48 -5:00 GMT,66.74.37.51:1028,67.136.146.9:137,UDP
ACCESS,2005/10/01,11:47:44 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (207.173.86.6:DNS).,N/A,N/A
ACCESS,2005/10/01,11:47:44 -5:00 GMT,Generic Host Process for Win32 Services was temporarily blocked from connecting to the Internet (67.136.146.9).,N/A,N/A
PE,2005/10/01,11:47:44 -5:00 GMT,libsys32.exe,0.0.0.0:10051,N/A
PE,2005/10/01,11:47:56 -5:00 GMT,libsys32.exe,207.173.86.6:53,N/A
ACCESS,2005/10/01,11:47:58 -5:00 GMT,libsys32.exe was blocked from connecting to the Internet (207.173.86.6:DNS).,N/A,N/A
FWIN,2005/10/01,11:51:00 -5:00 GMT,61.188.11.108:33651,67.136.146.9:1027,UDP
FWIN,2005/10/01,11:52:22 -5:00 GMT,221.12.161.99:33712,67.136.146.9:1026,UDP
FWIN,2005/10/01,11:52:22 -5:00 GMT,221.12.161.99:33712,67.136.146.9:1027,UDP
FWIN,2005/10/01,12:02:52 -5:00 GMT,67.136.151.21:2581,67.136.146.9:445,TCP (flags:S)