Thread: filost & oldgame Hijaking
View Single Post
Old 02-27-2005, 11:55 AM   #1 (permalink)
hedd_jones
Registered User
 
Join Date: Feb 2005
Posts: 2
OS: xp home


filost & oldgame Hijaking
I keep getting a new window opening with filost and old games appearing in the window.

Just done a Hijack this scan, the result is this:-

<?xml version = "1.0"?>
<Session START = "27 Feb 05 18:43:48" END = "27 Feb 05 18:43:48">
<Information Version = "4.10" DatabaseVersion = "64" DataBaseDate = "24 February 2005"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 1"/>
<Information WorkingDirectory = "C:\Program Files\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "ctfmon.exe" Data = "C:\WINDOWS\System32\ctfmon.exe"/>
<Information Value = "MSMSGS" Data = ""C:\Program Files\Messenger\msmsgs.exe" /background"/>
<Information Value = "Sonic RecordNow!" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = ""/>
<Information Value = "NoJITSetup" Data = ""/>
<Information Value = "Disable Script Debugger" Data = "yes"/>
<Information Value = "Show_ChannelBand" Data = "No"/>
<Information Value = "Anchor Underline" Data = "yes"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Display Inline Images" Data = "yes"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\System32\blank.htm"/>
<Information Value = "Save_Session_History_On_Exit" Data = "no"/>
<Information Value = "Show_FullURL" Data = "no"/>
<Information Value = "Show_StatusBar" Data = "yes"/>
<Information Value = "Show_ToolBar" Data = "yes"/>
<Information Value = "Show_URLinStatusBar" Data = "yes"/>
<Information Value = "Show_URLToolBar" Data = "yes"/>
<Information Value = "Start Page" Data = "http://www.google.co.uk/"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information Value = "Search Page" Data = ""/>
<Information Value = "Window Title" Data = "Packard Bell"/>
<Information Value = "Search Bar" Data = "http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH"/>
<Information Value = "Use Custom Search URL" Data = ""/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Window_Placement" Data = ","/>
<Information Value = "Error Dlg Displayed On Every Error" Data = "no"/>
<Information Value = "Error Dlg Details Pane Open" Data = "no"/>
<Information Value = "AddToFavoritesExpanded" Data = ""/>
<Information Value = "Use FormSuggest" Data = "no"/>
<Information Value = "NotifyDownloadComplete" Data = "yes"/>
<Information Value = "Save Directory" Data = "C:\Hedd\"/>
<Information Value = "Expand Alt Text" Data = "no"/>
<Information Value = "Move System Caret" Data = "no"/>
<Information Value = "NscSingleExpand" Data = ""/>
<Information Value = "NoWebJITSetup" Data = ""/>
<Information Value = "Page_Transitions" Data = ""/>
<Information Value = "FavIntelliMenus" Data = "no"/>
<Information Value = "Enable Browser Extensions" Data = "yes"/>
<Information Value = "UseThemes" Data = ""/>
<Information Value = "Force Offscreen Composition" Data = ""/>
<Information Value = "AllowWindowReuse" Data = ""/>
<Information Value = "Friendly http errors" Data = "yes"/>
<Information Value = "ShowGoButton" Data = "yes"/>
<Information Value = "SmoothScroll" Data = ""/>
<Information Value = "Enable AutoImageResize" Data = "yes"/>
<Information Value = "Enable_MyPics_Hoverbar" Data = "yes"/>
<Information Value = "Play_Animations" Data = "yes"/>
<Information Value = "Play_Background_Sounds" Data = "yes"/>
<Information Value = "Display Inline Videos" Data = "yes"/>
<Information Value = "Show image placeholders" Data = ""/>
<Information Value = "Print_Background" Data = "no"/>
<Information Value = "AutoSearch" Data = ""/>
<Information Value = "LastCheckedHi" Data = "… Å"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "file://C:\APPS\IE\offline\uk.htm"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Search Page" Data = ""/>
<Information Value = "Enable_Disk_Cache" Data = "yes"/>
<Information Value = "Cache_Percent_of_Disk" Data = "
"/>
<Information Value = "Delete_Temp_Files_On_Exit" Data = "yes"/>
<Information Value = "Local Page" Data = "%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Use_Async_DNS" Data = "yes"/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.google.co.uk/"/>
<Information Value = "Wizard_Version" Data = "6.00.2800.1106"/>
<Information Value = "FullScreen" Data = "no"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "Apoint" Data = "C:\Program Files\Apoint2K\Apoint.exe"/>
<Information Value = "NECMFK" Data = "C:\Program Files\necmfk\necmfk.exe"/>
<Information Value = "Smapp" Data = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"/>
<Information Value = "ATIModeChange" Data = "Ati2mdxx.exe"/>
<Information Value = "ATIPTA" Data = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"/>
<Information Value = "AGRSMMSG" Data = "AGRSMMSG.exe"/>
<Information Value = "RealTray" Data = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER"/>
<Information Value = "AOL Spyware Protection" Data = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe""/>
<Information Value = "ccApp" Data = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe""/>
<Information Value = "URLLSTCK.exe" Data = "C:\Program Files\Norton Internet Security\UrlLstCk.exe"/>
<Information Value = "REGSHAVE" Data = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN"/>
<Information Value = "EPSON Stylus C46 Series" Data = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46""/>
<Information Value = "SunJavaUpdateSched" Data = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"/>
<Information Value = "Symantec NetDriver Monitor" Data = "C:\PROGRA~1\SYMNET~1\SNDMon.exe"/>
<Information Value = "SSC_UserPrompt" Data = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"/>
<Information Value = "KernelFaultCheck" Data = "%systemroot%\system32\dumprep 0 -k"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet001\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "$"/>
<Information Value = "Serial_Access_Num" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet003\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "$"/>
<Information Value = "Serial_Access_Num" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information Value = "DeviceNotSelectedTimeout" Data = "15"/>
<Information Value = "GDIProcessHandleQuota" Data = "'"/>
<Information Value = "Spooler" Data = "yes"/>
<Information Value = "swapdisk" Data = ""/>
<Information Value = "TransmissionRetryTimeout" Data = "90"/>
<Information Value = "USERProcessHandleQuota" Data = "'"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "DebugOptions" Data = "2048"/>
<Information Value = "Documents" Data = ""/>
<Information Value = "DosPrint" Data = "no"/>
<Information Value = "load" Data = ""/>
<Information Value = "NetMessage" Data = "no"/>
<Information Value = "NullPort" Data = "None"/>
<Information Value = "Programs" Data = "com exe bat pif cmd"/>
<Information Value = "Device" Data = "EPSON Stylus C46 Series,winspool,Ne00:"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Scanning TIME = "27 Feb 05 18:43:48">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "e3df4a0252d287c44606ee55355e1623"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "b2b6ba905d0e3f8a32a0eb3b4051807b"/>
<PROCESS NAME = "C:\WINDOWS\System32\Ati2evxx.exe" MD5 = "94627116f20d1f1350d2d14470043a60"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "a82b28bfc2e4455fe43022a498c0ef0a"/>
<PROCESS NAME = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" MD5 = "e761fc4a1e6cfecdae543452d3b1d0f1"/>
<PROCESS NAME = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" MD5 = "997bf60bef992c61c3014ef5c56d93ea"/>
<PROCESS NAME = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" MD5 = "04c97539e8555d7cd5b7cea7e75804f7"/>
<PROCESS NAME = "C:\Program Files\Apoint2K\Apoint.exe" MD5 = "59acf24b5cd10dc1af661d8d8fbf8ea4"/>
<PROCESS NAME = "C:\Program Files\necmfk\necmfk.exe" MD5 = "db9b36d5daf2bb1c85d179f81c114d89"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" MD5 = "00ec08331def75c56a62dbbfd3be47f5"/>
<PROCESS NAME = "C:\Program Files\Apoint2K\Apntex.exe" MD5 = "cca1b81492b40890e44b2b20a780ee1f"/>
<PROCESS NAME = "C:\Program Files\Apoint2K\HidFind.exe" MD5 = "053a8f4958541cbcd0c5eec1fa796ba6"/>
<PROCESS NAME = "C:\WINDOWS\AGRSMMSG.exe" MD5 = "88de365f132a59ea016c7800a515e67d"/>
<PROCESS NAME = "C:\Program Files\Real\RealPlayer\RealPlay.exe" MD5 = "849d97fe4cc09cfc2772d10f641e1baf"/>
<PROCESS NAME = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" MD5 = "1ff1298e77c4a4ba6702b3c84bd78b71"/>
<PROCESS NAME = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" MD5 = "22755776eccc7165ac109c381782a957"/>
<PROCESS NAME = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" MD5 = "b3f49526347a82f8939881804c56aa94"/>
<PROCESS NAME = "C:\WINDOWS\System32\ctfmon.exe" MD5 = "414de7cf9d3f19c3ea902f1bb38ec116"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "1e455b08870d4ac3bb6ab5968603e8af"/>
<PROCESS NAME = "C:\Program Files\FinePixViewer\QuickDCF.exe" MD5 = "9f2e8c6f27292ded3f8d206d784c36f6"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "9b4155ba58192d4073082b8fc5d42612"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "497aead5ecef9512f6b364977a5308ee"/>
<PROCESS NAME = "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" MD5 = "ef74eebb2d3ddc9f71c6d3cc8c7889c6"/>
<PROCESS NAME = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" MD5 = "94542982737bb8bc684d6193eb9b39a4"/>
<PROCESS NAME = "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" MD5 = "106188ee7fce8c769defec27c1edb67c"/>
<PROCESS NAME = "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" MD5 = "bfba4ed75bcdf0f5681a6749d8f27fc7"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" MD5 = "3978f082274f723ad5a0a8058c2417dd"/>
<PROCESS NAME = "C:\WINDOWS\System32\wuauclt.exe" MD5 = "a3763ce319d9eb3ec2ac04901f293b9d"/>
<PROCESS NAME = "C:\Program Files\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<FILE PATH = "AdClick-AC C:\WINDOWS\System32\vbsys2.dll"/>
<ScanningRegKeys>
</SW>
<SW NAME = "OrbitExplorer">
<REGKEYFOUND NAME = "TYPELIB\{205ff72e-ca67-11d5-99dd-444553540000}"/>
<REGKEY NAME = "OrbitExplorer TYPELIB\{205ff72e-ca67-11d5-99dd-444553540000}"/>
</SW>
<SW NAME = "WildTangent">
<REGKEYFOUND NAME = "install.install"/>
<REGKEY NAME = "WildTangent install.install"/>
</SW>
<SW NAME = "WildTangent">
<REGKEYFOUND NAME = "install.install.1"/>
<REGKEY NAME = "WildTangent install.install.1"/>
</SW>
<SW NAME = "WildTangent">
<REGKEYFOUND NAME = "TYPELIB\{205ff72e-ca67-11d5-99dd-444553540000}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\microsoft\internet explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}"/>
<REGKEY NAME = "Alexa software\microsoft\internet explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}"/>
</SW>
<SW NAME = "AdClick-AC">
<REGKEYFOUND NAME = "CLSID\{54645654-2225-4455-44A1-9F4543D34545}"/>
<REGKEY NAME = "AdClick-AC CLSID\{54645654-2225-4455-44A1-9F4543D34545}"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "AdClick-AC">
<REGVALUE VALUE = "AdClick-AC SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2:@:{54645654-2225-4455-44A1-9F4543D34545}"/>
<REGVALUEFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2:@:{54645654-2225-4455-44A1-9F4543D34545}"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Tracking Cookie C:\Documents and Settings\Jones\Cookies\jones@atdmt[2].txt"/>
<FILE PATH = "C:\Documents and Settings\Jones\Cookies\jones@atdmt[2].txt"/>
<FILE PATH = "Tracking Cookie C:\Documents and Settings\Jones\Cookies\jones@casalemedia[1].txt"/>
<FILE PATH = "C:\Documents and Settings\Jones\Cookies\jones@casalemedia[1].txt"/>
<FILE PATH = "Tracking Cookie C:\Documents and Settings\Jones\Cookies\jones@fastclick[1].txt"/>
<FILE PATH = "C:\Documents and Settings\Jones\Cookies\jones@fastclick[1].txt"/>
<FILE PATH = "Tracking Cookie C:\Documents and Settings\Jones\Cookies\jones@tribalfusion[1].txt"/>
<FILE PATH = "C:\Documents and Settings\Jones\Cookies\jones@tribalfusion[1].txt"/>
</Scanning>


Can anyone help with my problems??

Thanks in advance
hedd_jones is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here