Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MALWARE ON MY COMPUTER[CLOSED]

Started by jmwaweru , Apr 11 2005 05:46 AM

  • This topic is locked This topic is locked

#1
jmwaweru
Posted 11 April 2005 - 05:46 AM

jmwaweru

    New Member

  • Member
  • Pip
  • 2 posts
HI Geeks to Go!

I have recently registed with this forum. I think I have malware on my computer. I downloaded Xoftspy and scanned my computer. It seems I may have been hacked!! surrender.gif

Kindly assist

John

<?xml version = "1.0"?>
<Session START = "07 Apr 05 17:27:00" END = "07 Apr 05 17:43:57">
<Information Version = "4.10" DatabaseVersion = "72" DataBaseDate = "31 March 2005"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 2"/>
<Information WorkingDirectory = "C:\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "CTFMON.EXE" Data = "C:\WINDOWS\system32\ctfmon.exe"/>
<Information Value = "MSMSGS" Data = ""C:\Program Files\Messenger\msmsgs.exe" /background"/>
<Information Value = "IncrediMail" Data = "C:\Program Files\IncrediMail\bin\IncMail.exe /c"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = ""/>
<Information Value = "NoJITSetup" Data = ""/>
<Information Value = "Disable Script Debugger" Data = "yes"/>
<Information Value = "Show_ChannelBand" Data = "No"/>
<Information Value = "Anchor Underline" Data = "yes"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Display Inline Images" Data = "yes"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\system32\blank.htm"/>
<Information Value = "Save_Session_History_On_Exit" Data = "no"/>
<Information Value = "Show_FullURL" Data = "no"/>
<Information Value = "Show_StatusBar" Data = "yes"/>
<Information Value = "Show_ToolBar" Data = "yes"/>
<Information Value = "Show_URLinStatusBar" Data = "yes"/>
<Information Value = "Show_URLToolBar" Data = "yes"/>
<Information Value = "Start Page" Data = "http://www.ymmss.org/"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "SmoothScroll" Data = ""/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Window_Placement" Data = ","/>
<Information Value = "Use Search Asst" Data = "no"/>
<Information Value = "Error Dlg Displayed On Every Error" Data = "no"/>
<Information Value = "Search Bar" Data = ""/>
<Information Value = "Enable Browser Extensions" Data = "yes"/>
<Information Value = "Use FormSuggest" Data = "yes"/>
<Information Value = "Save Directory" Data = "C:\Documents and Settings\My Internet\My Documents\JDD Publishing\YMMSS\"/>
<Information Value = "NotifyDownloadComplete" Data = "no"/>
<Information Value = "AddToFavoritesExpanded" Data = ""/>
<Information Value = "Use Custom Search URL" Data = ""/>
<Information Value = "ShowedCheckBrowser" Data = "Yes"/>
<Information Value = "Check_Associations" Data = "no"/>
<Information Value = "Expand Alt Text" Data = "no"/>
<Information Value = "Move System Caret" Data = "no"/>
<Information Value = "NscSingleExpand" Data = ""/>
<Information Value = "NoWebJITSetup" Data = ""/>
<Information Value = "Page_Transitions" Data = ""/>
<Information Value = "FavIntelliMenus" Data = "no"/>
<Information Value = "UseThemes" Data = ""/>
<Information Value = "Force Offscreen Composition" Data = ""/>
<Information Value = "AllowWindowReuse" Data = ""/>
<Information Value = "Friendly http errors" Data = "yes"/>
<Information Value = "ShowGoButton" Data = "yes"/>
<Information Value = "Enable AutoImageResize" Data = "yes"/>
<Information Value = "Enable_MyPics_Hoverbar" Data = "yes"/>
<Information Value = "Play_Animations" Data = "yes"/>
<Information Value = "Play_Background_Sounds" Data = "yes"/>
<Information Value = "Display Inline Videos" Data = "yes"/>
<Information Value = "Show image placeholders" Data = ""/>
<Information Value = "Print_Background" Data = "no"/>
<Information Value = "AutoSearch" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://www.microsoft...6&ar=msnhome"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "Enable_Disk_Cache" Data = "yes"/>
<Information Value = "Cache_Percent_of_Disk" Data = "
"/>
<Information Value = "Delete_Temp_Files_On_Exit" Data = "yes"/>
<Information Value = "Local Page" Data = "%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Use_Async_DNS" Data = "yes"/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.ymmss.org/"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.0.2600.0000"/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Check_Associations" Data = "no"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://www.google.com/ie"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn...srchcust.htm"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "AGRSMMSG" Data = "AGRSMMSG.exe"/>
<Information Value = "SynTPLpr" Data = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"/>
<Information Value = "SynTPEnh" Data = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"/>
<Information Value = "ATIPTA" Data = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"/>
<Information Value = "PRONoMgr.exe" Data = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"/>
<Information Value = "Cpqset" Data = "C:\Program Files\HPQ\Default Settings\cpqset.exe"/>
<Information Value = "RoxioEngineUtility" Data = ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe""/>
<Information Value = "RoxioDragToDisc" Data = ""C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe""/>
<Information Value = "F-Secure Manager" Data = ""C:\Program Files\F-Secure\Common\FSM32.EXE" /splash"/>
<Information Value = "New.net Startup" Data = "rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s"/>
<Information Value = "OSS" Data = "c:\windows\system32\rk.exe -boot"/>
<Information Value = "HPDJ Taskbar Utility" Data = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"/>
<Information Value = "Smapp" Data = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"/>
<Information Value = "EasyMessage" Data = ""C:\Program Files\Zango Messenger\em2.exe" -wait"/>
<Information Value = "RealTray" Data = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER"/>
<Information Value = "MediaPilot" Data = "C:\Program Files\MediaPilot\MediaPilot.exe"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet001\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "`"/>
<Information Value = "Serial_Access_Num" Data = "8"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet003\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "`"/>
<Information Value = "Serial_Access_Num" Data = "8"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information Value = "DeviceNotSelectedTimeout" Data = "15"/>
<Information Value = "GDIProcessHandleQuota" Data = "'"/>
<Information Value = "Spooler" Data = "yes"/>
<Information Value = "swapdisk" Data = ""/>
<Information Value = "TransmissionRetryTimeout" Data = "90"/>
<Information Value = "USERProcessHandleQuota" Data = "'"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "DebugOptions" Data = "2048"/>
<Information Value = "Documents" Data = ""/>
<Information Value = "DosPrint" Data = "no"/>
<Information Value = "load" Data = ""/>
<Information Value = "NetMessage" Data = "no"/>
<Information Value = "NullPort" Data = "None"/>
<Information Value = "Programs" Data = "com exe bat pif cmd"/>
<Information Value = "Device" Data = "Kyocera Mita FS-1020D KX,winspool,LPT1:"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Scanning TIME = "07 Apr 05 17:27:00">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "c6ce6eec82f187615d1002bb3bb50ed4"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "84885f9b82f4d55c6146ebf6065d75d2"/>
<PROCESS NAME = "C:\WINDOWS\system32\Ati2evxx.exe" MD5 = "a8464ca51c598101a3fef341f4f0b6e0"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\S24EvMon.exe" MD5 = "c2c16e149d970f4733436a30c0f7fd9b"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "7435b108b935e42ea92ca94f59c8e717"/>
<PROCESS NAME = "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" MD5 = "8f5c11f6ceecd5fb7fd03aefaf182cde"/>
<PROCESS NAME = "C:\WINDOWS\System32\cisvc.exe" MD5 = "3192bd04d032a9c4a85a3278c268a13a"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" MD5 = "1ee42860d3922b2a634191a4b9bfdd9e"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" MD5 = "c604bde6a49627ec75a8747e5868008d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" MD5 = "2f856f294d155a8cc4ebb1243bfeb9d4"/>
<PROCESS NAME = "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\WINDOWS\System32\inetsrv\inetinfo.exe" MD5 = "74b9fa2afaf60b7f4e2a952e77b9dc6c"/>
<PROCESS NAME = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" MD5 = "3a86fb5fdf6575568b5f1a694186e45e"/>
<PROCESS NAME = "C:\WINDOWS\System32\RegSrvc.exe" MD5 = "fd63939d444402e35c3bb04e75459af1"/>
<PROCESS NAME = "C:\WINDOWS\System32\tcpsvcs.exe" MD5 = "32933b07fc16d9f778bee12545fa1b1a"/>
<PROCESS NAME = "C:\WINDOWS\System32\snmp.exe" MD5 = "d923bf27723e28e3c121b77f52db4bce"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" MD5 = "3978f082274f723ad5a0a8058c2417dd"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\wanmpsvc.exe" MD5 = "c8413f5b1a6868ab81fb1c15200343e4"/>
<PROCESS NAME = "C:\WINDOWS\System32\MsPMSPSv.exe" MD5 = "668056d5c3c11ab7d266819a96b964e8"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMA32.EXE" MD5 = "fb942e7cb27f6a04d03ecc159fca64b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMB32.EXE" MD5 = "ca8d9eed43063fc0d690c4d9b6d099b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FCH32.EXE" MD5 = "90ac8bc8d461f57729a05f2dea9d7670"/>
<PROCESS NAME = "C:\WINDOWS\system32\ZCfgSvc.exe" MD5 = "513af2c10e6bd58ade5a578f755f3fae"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FAMEH32.EXE" MD5 = "548767d5825109c2638656edcf592b81"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "a0732187050030ae399b241436565e64"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FNRB32.EXE" MD5 = "67b43438e3ba5a4fbea46eeba4cd207d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FIH32.EXE" MD5 = "1bf98bcd63775ae57a42de363baa31b1"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsav32.exe" MD5 = "ee210a7b801beaa51d5af223586043e3"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "f1958fbf86d5c004cf19a5951a9514b7"/>
<PROCESS NAME = "C:\WINDOWS\AGRSMMSG.exe" MD5 = "30dabfaaad430772234e0184fc180410"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" MD5 = "5dc0a404904ff058d0c080a48a960bf5"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" MD5 = "6eb8a26cfbb4e14cf5318cfce37e95e7"/>
<PROCESS NAME = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "75dda1ca7f11e05b53f76ec03b16a6bc"/>
<PROCESS NAME = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" MD5 = "b50bff104773267d0cef35e26db3b932"/>
<PROCESS NAME = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" MD5 = "6b7da9db5a15f762a7a56df0006a531b"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSM32.EXE" MD5 = "26d2da1176739e82f3fd9f26662633d5"/>
<PROCESS NAME = "C:\WINDOWS\system32\rundll32.exe" MD5 = "da285490bbd8a1d0ce6623577d5ba1ff"/>
<PROCESS NAME = "C:\windows\system32\rk.exe" MD5 = "141bae5215de2463759f2ab9400677d6"/>
<PROCESS NAME = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" MD5 = "7c6b5065e7326e3c91a62800df3a31fa"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" MD5 = "2d765e811b6ffea9f91d4425e34b8461"/>
<PROCESS NAME = "C:\Program Files\Real\RealPlayer\RealPlay.exe" MD5 = "849d97fe4cc09cfc2772d10f641e1baf"/>
<PROCESS NAME = "C:\Program Files\MediaPilot\MediaPilot.exe" MD5 = "6233e04e41cfa0a3b2418ff38a45010f"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "24232996a38c0b0cf151c2140ae29fc8"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" MD5 = "b18b3c98c5fec0fa3afff04bf9eec6c2"/>
<PROCESS NAME = "D:\WinZip\WZQKPICK.EXE" MD5 = "2fe253973433442c2cb234fb2bc4bf29"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IMApp.exe" MD5 = "a3e201be06175ee39050a4aa23c61c8c"/>
<PROCESS NAME = "C:\Program Files\Mozilla Firefox\firefox.exe" MD5 = "e8361a7be069282c0108118e3252ded6"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\okshook.dll"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\rk.exe"/>
<FILE PATH = "Marketscore (NetSetter) C:\WINDOWS\system32\OSMIM.DLL"/>
<ScanningRegKeys>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGKEYFOUND NAME = "Software\Netsetter"/>
<REGKEY NAME = "Marketscore (NetSetter) Software\Netsetter"/>
</SW>
<SW NAME = "SaveNow">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink\curver"/>
<REGKEY NAME = "SaveNow software\classes\tldctl2.urllink\curver"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
<REGKEY NAME = "BonziBuddy CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
<REGKEY NAME = "Alexa CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
<REGKEY NAME = "Alexa CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
<REGKEY NAME = "Alexa CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
<REGKEY NAME = "Alexa CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
<REGKEY NAME = "Alexa CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
<REGKEY NAME = "Alexa Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
<REGKEY NAME = "Alexa Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
<REGKEY NAME = "Alexa Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
<REGKEY NAME = "Alexa Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
<REGKEY NAME = "Alexa Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
<REGKEY NAME = "Alexa Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
<REGKEY NAME = "Alexa Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
<REGKEY NAME = "Alexa Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
<REGKEY NAME = "Alexa Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
<REGKEY NAME = "Alexa Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
<REGKEY NAME = "Alexa Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
<REGKEY NAME = "Alexa Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
<REGKEY NAME = "Alexa Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
<REGKEY NAME = "Alexa Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
<REGKEY NAME = "Alexa Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
<REGKEY NAME = "Alexa Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
<REGKEY NAME = "Alexa Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
<REGKEY NAME = "Alexa Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
<REGKEY NAME = "Alexa Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
<REGKEY NAME = "Alexa Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
<REGKEY NAME = "Alexa Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu"/>
<REGKEY NAME = "Alexa PopMenu.Menu"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu.1"/>
<REGKEY NAME = "Alexa PopMenu.Menu.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent.1"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller"/>
<REGKEY NAME = "Alexa Popup.PopupKiller"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller.1"/>
<REGKEY NAME = "Alexa Popup.PopupKiller.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
<REGKEY NAME = "Alexa TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Alexa Internet"/>
<REGKEY NAME = "Alexa Software\Alexa Internet"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
<REGKEY NAME = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink.1"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink.1"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink"/>
</SW>
<SW NAME = "Trojan.Admincash">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
<REGKEY NAME = "Trojan.Admincash SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGVALUE VALUE = "Marketscore (NetSetter) software\microsoft\windows\currentversion\run\OSS"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\OSS"/>
</SW>
<SW NAME = "Alexa">
<REGVALUE VALUE = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
<REGVALUEFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB2.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB2.dll"/>
<FOLDER PATH = "SaveNow C:\Program Files\save"/>
<FOLDER PATH = "180Solutions C:\Program Files\zango"/>
</Scanning>

<Scanning TIME = "07 Apr 05 17:33:02">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "c6ce6eec82f187615d1002bb3bb50ed4"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "84885f9b82f4d55c6146ebf6065d75d2"/>
<PROCESS NAME = "C:\WINDOWS\system32\Ati2evxx.exe" MD5 = "a8464ca51c598101a3fef341f4f0b6e0"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\S24EvMon.exe" MD5 = "c2c16e149d970f4733436a30c0f7fd9b"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "7435b108b935e42ea92ca94f59c8e717"/>
<PROCESS NAME = "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" MD5 = "8f5c11f6ceecd5fb7fd03aefaf182cde"/>
<PROCESS NAME = "C:\WINDOWS\System32\cisvc.exe" MD5 = "3192bd04d032a9c4a85a3278c268a13a"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" MD5 = "1ee42860d3922b2a634191a4b9bfdd9e"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" MD5 = "c604bde6a49627ec75a8747e5868008d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" MD5 = "2f856f294d155a8cc4ebb1243bfeb9d4"/>
<PROCESS NAME = "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\WINDOWS\System32\inetsrv\inetinfo.exe" MD5 = "74b9fa2afaf60b7f4e2a952e77b9dc6c"/>
<PROCESS NAME = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" MD5 = "3a86fb5fdf6575568b5f1a694186e45e"/>
<PROCESS NAME = "C:\WINDOWS\System32\RegSrvc.exe" MD5 = "fd63939d444402e35c3bb04e75459af1"/>
<PROCESS NAME = "C:\WINDOWS\System32\tcpsvcs.exe" MD5 = "32933b07fc16d9f778bee12545fa1b1a"/>
<PROCESS NAME = "C:\WINDOWS\System32\snmp.exe" MD5 = "d923bf27723e28e3c121b77f52db4bce"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" MD5 = "3978f082274f723ad5a0a8058c2417dd"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\wanmpsvc.exe" MD5 = "c8413f5b1a6868ab81fb1c15200343e4"/>
<PROCESS NAME = "C:\WINDOWS\System32\MsPMSPSv.exe" MD5 = "668056d5c3c11ab7d266819a96b964e8"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMA32.EXE" MD5 = "fb942e7cb27f6a04d03ecc159fca64b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMB32.EXE" MD5 = "ca8d9eed43063fc0d690c4d9b6d099b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FCH32.EXE" MD5 = "90ac8bc8d461f57729a05f2dea9d7670"/>
<PROCESS NAME = "C:\WINDOWS\system32\ZCfgSvc.exe" MD5 = "513af2c10e6bd58ade5a578f755f3fae"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FAMEH32.EXE" MD5 = "548767d5825109c2638656edcf592b81"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "a0732187050030ae399b241436565e64"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FNRB32.EXE" MD5 = "67b43438e3ba5a4fbea46eeba4cd207d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FIH32.EXE" MD5 = "1bf98bcd63775ae57a42de363baa31b1"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsav32.exe" MD5 = "ee210a7b801beaa51d5af223586043e3"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "f1958fbf86d5c004cf19a5951a9514b7"/>
<PROCESS NAME = "C:\WINDOWS\AGRSMMSG.exe" MD5 = "30dabfaaad430772234e0184fc180410"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" MD5 = "5dc0a404904ff058d0c080a48a960bf5"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" MD5 = "6eb8a26cfbb4e14cf5318cfce37e95e7"/>
<PROCESS NAME = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "75dda1ca7f11e05b53f76ec03b16a6bc"/>
<PROCESS NAME = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" MD5 = "b50bff104773267d0cef35e26db3b932"/>
<PROCESS NAME = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" MD5 = "6b7da9db5a15f762a7a56df0006a531b"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSM32.EXE" MD5 = "26d2da1176739e82f3fd9f26662633d5"/>
<PROCESS NAME = "C:\WINDOWS\system32\rundll32.exe" MD5 = "da285490bbd8a1d0ce6623577d5ba1ff"/>
<PROCESS NAME = "C:\windows\system32\rk.exe" MD5 = "141bae5215de2463759f2ab9400677d6"/>
<PROCESS NAME = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" MD5 = "7c6b5065e7326e3c91a62800df3a31fa"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" MD5 = "2d765e811b6ffea9f91d4425e34b8461"/>
<PROCESS NAME = "C:\Program Files\Real\RealPlayer\RealPlay.exe" MD5 = "849d97fe4cc09cfc2772d10f641e1baf"/>
<PROCESS NAME = "C:\Program Files\MediaPilot\MediaPilot.exe" MD5 = "6233e04e41cfa0a3b2418ff38a45010f"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "24232996a38c0b0cf151c2140ae29fc8"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" MD5 = "b18b3c98c5fec0fa3afff04bf9eec6c2"/>
<PROCESS NAME = "D:\WinZip\WZQKPICK.EXE" MD5 = "2fe253973433442c2cb234fb2bc4bf29"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IMApp.exe" MD5 = "a3e201be06175ee39050a4aa23c61c8c"/>
<PROCESS NAME = "C:\Program Files\Mozilla Firefox\firefox.exe" MD5 = "e8361a7be069282c0108118e3252ded6"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<PROCESS NAME = "C:\WINDOWS\system32\notepad.exe" MD5 = "388b8fbc36a8558587afc90fb23a3b99"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\okshook.dll"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\rk.exe"/>
<FILE PATH = "Marketscore (NetSetter) C:\WINDOWS\system32\OSMIM.DLL"/>
<ScanningRegKeys>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGKEYFOUND NAME = "Software\Netsetter"/>
<REGKEY NAME = "Marketscore (NetSetter) Software\Netsetter"/>
</SW>
<SW NAME = "SaveNow">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink\curver"/>
<REGKEY NAME = "SaveNow software\classes\tldctl2.urllink\curver"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
<REGKEY NAME = "BonziBuddy CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
<REGKEY NAME = "Alexa CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
<REGKEY NAME = "Alexa CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
<REGKEY NAME = "Alexa CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
<REGKEY NAME = "Alexa CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
<REGKEY NAME = "Alexa CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
<REGKEY NAME = "Alexa Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
<REGKEY NAME = "Alexa Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
<REGKEY NAME = "Alexa Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
<REGKEY NAME = "Alexa Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
<REGKEY NAME = "Alexa Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
<REGKEY NAME = "Alexa Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
<REGKEY NAME = "Alexa Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
<REGKEY NAME = "Alexa Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
<REGKEY NAME = "Alexa Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
<REGKEY NAME = "Alexa Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
<REGKEY NAME = "Alexa Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
<REGKEY NAME = "Alexa Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
<REGKEY NAME = "Alexa Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
<REGKEY NAME = "Alexa Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
<REGKEY NAME = "Alexa Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
<REGKEY NAME = "Alexa Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
<REGKEY NAME = "Alexa Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
<REGKEY NAME = "Alexa Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
<REGKEY NAME = "Alexa Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
<REGKEY NAME = "Alexa Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
<REGKEY NAME = "Alexa Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu"/>
<REGKEY NAME = "Alexa PopMenu.Menu"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu.1"/>
<REGKEY NAME = "Alexa PopMenu.Menu.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent.1"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller"/>
<REGKEY NAME = "Alexa Popup.PopupKiller"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller.1"/>
<REGKEY NAME = "Alexa Popup.PopupKiller.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
<REGKEY NAME = "Alexa TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Alexa Internet"/>
<REGKEY NAME = "Alexa Software\Alexa Internet"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
<REGKEY NAME = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink.1"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink.1"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink"/>
</SW>
<SW NAME = "Trojan.Admincash">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
<REGKEY NAME = "Trojan.Admincash SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGVALUE VALUE = "Marketscore (NetSetter) software\microsoft\windows\currentversion\run\OSS"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\OSS"/>
</SW>
<SW NAME = "Alexa">
<REGVALUE VALUE = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
<REGVALUEFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB2.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB2.dll"/>
<FOLDER PATH = "SaveNow C:\Program Files\save"/>
<FOLDER PATH = "180Solutions C:\Program Files\zango"/>
</Scanning>

</Session>
  • 0

Advertisements

#2
Guest_thatman_*
Posted 25 April 2005 - 02:39 PM

Guest_thatman_*
  • Guest
Hi jmwaweru

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Kc :tazz:
  • 0

#3
Guest_thatman_*
Posted 16 May 2005 - 07:44 AM

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP