ok so i did all that but the first time i did the scan i forgot to put it in safe mode and didnt realise until it was nearly finished. this is the report from that one:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:01:05 PM, 13/08/2005
+ Report-Checksum: 55E874FC
+ Scan result:
[1936] C:\DOCUME~1\Gail\APPLIC~1\JUMPSH~1\more cast.exe -> TrojanDownloader.Swizzor.bo : Cleaned with backup
[2376] C:\DOCUME~1\Gail\APPLIC~1\JUMPSH~1\more cast.exe -> TrojanDownloader.Swizzor.bo : Error during cleaning
C:\Documents and Settings\Beckles\Cookies\beckles@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\beckles@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Beckles\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\breedle@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Breedle\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\gail@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Gail\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{5E8484D4-FE21-4B43-8C76-A4C41B91A096}\RP38\A0003949.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{5E8484D4-FE21-4B43-8C76-A4C41B91A096}\RP87\A0022719.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{5E8484D4-FE21-4B43-8C76-A4C41B91A096}\RP90\A0023500.exe -> Spyware.Lop : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
::Report End
then i put it in safe mode and did another scan. this is the report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:27:42 AM, 14/08/2005
+ Report-Checksum: F5E491D1
+ Scan result:
C:\Documents and Settings\Beckles\Cookies\beckles@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
::Report End
then i did a hijack this and this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 1:33:25 AM, on 14/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Tech\Wheel Mouse\5.2\MOUSE32A.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sllights.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/O2 - BHO: (no name) - {0542C6B6-F442-9CF6-E105-02926D01DEF1} - C:\DOCUME~1\Gail\APPLIC~1\JUMPSH~1\more cast.exe (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Book Dart] C:\DOCUME~1\Beckles\APPLIC~1\BALMTI~1\Save License Inside.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {CA1811B0-28B5-44AB-8DB3-DC9BEAA77D04} (Yahoo! Photos Easy Upload Tool Class) -
http://us.dl1.yimg.c...ropper1_6au.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.game...aploader_v6.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
hope that helps and i didnt stuff it up by doing it in normal mode first instead of safe mode.