I have recently registed with this forum. I think I have malware on my computer. I downloaded Xoftspy and scanned my computer. It seems I may have been hacked!! surrender.gif
Kindly assist
John
<?xml version = "1.0"?>
<Session START = "07 Apr 05 17:27:00" END = "07 Apr 05 17:43:57">
<Information Version = "4.10" DatabaseVersion = "72" DataBaseDate = "31 March 2005"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 2"/>
<Information WorkingDirectory = "C:\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "CTFMON.EXE" Data = "C:\WINDOWS\system32\ctfmon.exe"/>
<Information Value = "MSMSGS" Data = ""C:\Program Files\Messenger\msmsgs.exe" /background"/>
<Information Value = "IncrediMail" Data = "C:\Program Files\IncrediMail\bin\IncMail.exe /c"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = ""/>
<Information Value = "NoJITSetup" Data = ""/>
<Information Value = "Disable Script Debugger" Data = "yes"/>
<Information Value = "Show_ChannelBand" Data = "No"/>
<Information Value = "Anchor Underline" Data = "yes"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Display Inline Images" Data = "yes"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\system32\blank.htm"/>
<Information Value = "Save_Session_History_On_Exit" Data = "no"/>
<Information Value = "Show_FullURL" Data = "no"/>
<Information Value = "Show_StatusBar" Data = "yes"/>
<Information Value = "Show_ToolBar" Data = "yes"/>
<Information Value = "Show_URLinStatusBar" Data = "yes"/>
<Information Value = "Show_URLToolBar" Data = "yes"/>
<Information Value = "Start Page" Data = "http://www.ymmss.org/"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "SmoothScroll" Data = ""/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Window_Placement" Data = ","/>
<Information Value = "Use Search Asst" Data = "no"/>
<Information Value = "Error Dlg Displayed On Every Error" Data = "no"/>
<Information Value = "Search Bar" Data = ""/>
<Information Value = "Enable Browser Extensions" Data = "yes"/>
<Information Value = "Use FormSuggest" Data = "yes"/>
<Information Value = "Save Directory" Data = "C:\Documents and Settings\My Internet\My Documents\JDD Publishing\YMMSS\"/>
<Information Value = "NotifyDownloadComplete" Data = "no"/>
<Information Value = "AddToFavoritesExpanded" Data = ""/>
<Information Value = "Use Custom Search URL" Data = ""/>
<Information Value = "ShowedCheckBrowser" Data = "Yes"/>
<Information Value = "Check_Associations" Data = "no"/>
<Information Value = "Expand Alt Text" Data = "no"/>
<Information Value = "Move System Caret" Data = "no"/>
<Information Value = "NscSingleExpand" Data = ""/>
<Information Value = "NoWebJITSetup" Data = ""/>
<Information Value = "Page_Transitions" Data = ""/>
<Information Value = "FavIntelliMenus" Data = "no"/>
<Information Value = "UseThemes" Data = ""/>
<Information Value = "Force Offscreen Composition" Data = ""/>
<Information Value = "AllowWindowReuse" Data = ""/>
<Information Value = "Friendly http errors" Data = "yes"/>
<Information Value = "ShowGoButton" Data = "yes"/>
<Information Value = "Enable AutoImageResize" Data = "yes"/>
<Information Value = "Enable_MyPics_Hoverbar" Data = "yes"/>
<Information Value = "Play_Animations" Data = "yes"/>
<Information Value = "Play_Background_Sounds" Data = "yes"/>
<Information Value = "Display Inline Videos" Data = "yes"/>
<Information Value = "Show image placeholders" Data = ""/>
<Information Value = "Print_Background" Data = "no"/>
<Information Value = "AutoSearch" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://www.microsoft...6&ar=msnhome"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Search Page" Data = "http://www.google.com"/>
<Information Value = "Enable_Disk_Cache" Data = "yes"/>
<Information Value = "Cache_Percent_of_Disk" Data = "
"/>
<Information Value = "Delete_Temp_Files_On_Exit" Data = "yes"/>
<Information Value = "Local Page" Data = "%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Use_Async_DNS" Data = "yes"/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.ymmss.org/"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.0.2600.0000"/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Check_Associations" Data = "no"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://www.google.com/ie"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn...srchcust.htm"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "AGRSMMSG" Data = "AGRSMMSG.exe"/>
<Information Value = "SynTPLpr" Data = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"/>
<Information Value = "SynTPEnh" Data = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"/>
<Information Value = "ATIPTA" Data = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"/>
<Information Value = "PRONoMgr.exe" Data = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"/>
<Information Value = "Cpqset" Data = "C:\Program Files\HPQ\Default Settings\cpqset.exe"/>
<Information Value = "RoxioEngineUtility" Data = ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe""/>
<Information Value = "RoxioDragToDisc" Data = ""C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe""/>
<Information Value = "F-Secure Manager" Data = ""C:\Program Files\F-Secure\Common\FSM32.EXE" /splash"/>
<Information Value = "New.net Startup" Data = "rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s"/>
<Information Value = "OSS" Data = "c:\windows\system32\rk.exe -boot"/>
<Information Value = "HPDJ Taskbar Utility" Data = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"/>
<Information Value = "Smapp" Data = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"/>
<Information Value = "EasyMessage" Data = ""C:\Program Files\Zango Messenger\em2.exe" -wait"/>
<Information Value = "RealTray" Data = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER"/>
<Information Value = "MediaPilot" Data = "C:\Program Files\MediaPilot\MediaPilot.exe"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet001\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "`"/>
<Information Value = "Serial_Access_Num" Data = "8"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet003\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "`"/>
<Information Value = "Serial_Access_Num" Data = "8"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information Value = "DeviceNotSelectedTimeout" Data = "15"/>
<Information Value = "GDIProcessHandleQuota" Data = "'"/>
<Information Value = "Spooler" Data = "yes"/>
<Information Value = "swapdisk" Data = ""/>
<Information Value = "TransmissionRetryTimeout" Data = "90"/>
<Information Value = "USERProcessHandleQuota" Data = "'"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "DebugOptions" Data = "2048"/>
<Information Value = "Documents" Data = ""/>
<Information Value = "DosPrint" Data = "no"/>
<Information Value = "load" Data = ""/>
<Information Value = "NetMessage" Data = "no"/>
<Information Value = "NullPort" Data = "None"/>
<Information Value = "Programs" Data = "com exe bat pif cmd"/>
<Information Value = "Device" Data = "Kyocera Mita FS-1020D KX,winspool,LPT1:"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Scanning TIME = "07 Apr 05 17:27:00">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "c6ce6eec82f187615d1002bb3bb50ed4"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "84885f9b82f4d55c6146ebf6065d75d2"/>
<PROCESS NAME = "C:\WINDOWS\system32\Ati2evxx.exe" MD5 = "a8464ca51c598101a3fef341f4f0b6e0"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\S24EvMon.exe" MD5 = "c2c16e149d970f4733436a30c0f7fd9b"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "7435b108b935e42ea92ca94f59c8e717"/>
<PROCESS NAME = "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" MD5 = "8f5c11f6ceecd5fb7fd03aefaf182cde"/>
<PROCESS NAME = "C:\WINDOWS\System32\cisvc.exe" MD5 = "3192bd04d032a9c4a85a3278c268a13a"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" MD5 = "1ee42860d3922b2a634191a4b9bfdd9e"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" MD5 = "c604bde6a49627ec75a8747e5868008d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" MD5 = "2f856f294d155a8cc4ebb1243bfeb9d4"/>
<PROCESS NAME = "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\WINDOWS\System32\inetsrv\inetinfo.exe" MD5 = "74b9fa2afaf60b7f4e2a952e77b9dc6c"/>
<PROCESS NAME = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" MD5 = "3a86fb5fdf6575568b5f1a694186e45e"/>
<PROCESS NAME = "C:\WINDOWS\System32\RegSrvc.exe" MD5 = "fd63939d444402e35c3bb04e75459af1"/>
<PROCESS NAME = "C:\WINDOWS\System32\tcpsvcs.exe" MD5 = "32933b07fc16d9f778bee12545fa1b1a"/>
<PROCESS NAME = "C:\WINDOWS\System32\snmp.exe" MD5 = "d923bf27723e28e3c121b77f52db4bce"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" MD5 = "3978f082274f723ad5a0a8058c2417dd"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\wanmpsvc.exe" MD5 = "c8413f5b1a6868ab81fb1c15200343e4"/>
<PROCESS NAME = "C:\WINDOWS\System32\MsPMSPSv.exe" MD5 = "668056d5c3c11ab7d266819a96b964e8"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMA32.EXE" MD5 = "fb942e7cb27f6a04d03ecc159fca64b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMB32.EXE" MD5 = "ca8d9eed43063fc0d690c4d9b6d099b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FCH32.EXE" MD5 = "90ac8bc8d461f57729a05f2dea9d7670"/>
<PROCESS NAME = "C:\WINDOWS\system32\ZCfgSvc.exe" MD5 = "513af2c10e6bd58ade5a578f755f3fae"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FAMEH32.EXE" MD5 = "548767d5825109c2638656edcf592b81"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "a0732187050030ae399b241436565e64"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FNRB32.EXE" MD5 = "67b43438e3ba5a4fbea46eeba4cd207d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FIH32.EXE" MD5 = "1bf98bcd63775ae57a42de363baa31b1"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsav32.exe" MD5 = "ee210a7b801beaa51d5af223586043e3"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "f1958fbf86d5c004cf19a5951a9514b7"/>
<PROCESS NAME = "C:\WINDOWS\AGRSMMSG.exe" MD5 = "30dabfaaad430772234e0184fc180410"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" MD5 = "5dc0a404904ff058d0c080a48a960bf5"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" MD5 = "6eb8a26cfbb4e14cf5318cfce37e95e7"/>
<PROCESS NAME = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "75dda1ca7f11e05b53f76ec03b16a6bc"/>
<PROCESS NAME = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" MD5 = "b50bff104773267d0cef35e26db3b932"/>
<PROCESS NAME = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" MD5 = "6b7da9db5a15f762a7a56df0006a531b"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSM32.EXE" MD5 = "26d2da1176739e82f3fd9f26662633d5"/>
<PROCESS NAME = "C:\WINDOWS\system32\rundll32.exe" MD5 = "da285490bbd8a1d0ce6623577d5ba1ff"/>
<PROCESS NAME = "C:\windows\system32\rk.exe" MD5 = "141bae5215de2463759f2ab9400677d6"/>
<PROCESS NAME = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" MD5 = "7c6b5065e7326e3c91a62800df3a31fa"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" MD5 = "2d765e811b6ffea9f91d4425e34b8461"/>
<PROCESS NAME = "C:\Program Files\Real\RealPlayer\RealPlay.exe" MD5 = "849d97fe4cc09cfc2772d10f641e1baf"/>
<PROCESS NAME = "C:\Program Files\MediaPilot\MediaPilot.exe" MD5 = "6233e04e41cfa0a3b2418ff38a45010f"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "24232996a38c0b0cf151c2140ae29fc8"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" MD5 = "b18b3c98c5fec0fa3afff04bf9eec6c2"/>
<PROCESS NAME = "D:\WinZip\WZQKPICK.EXE" MD5 = "2fe253973433442c2cb234fb2bc4bf29"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IMApp.exe" MD5 = "a3e201be06175ee39050a4aa23c61c8c"/>
<PROCESS NAME = "C:\Program Files\Mozilla Firefox\firefox.exe" MD5 = "e8361a7be069282c0108118e3252ded6"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\okshook.dll"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\rk.exe"/>
<FILE PATH = "Marketscore (NetSetter) C:\WINDOWS\system32\OSMIM.DLL"/>
<ScanningRegKeys>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGKEYFOUND NAME = "Software\Netsetter"/>
<REGKEY NAME = "Marketscore (NetSetter) Software\Netsetter"/>
</SW>
<SW NAME = "SaveNow">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink\curver"/>
<REGKEY NAME = "SaveNow software\classes\tldctl2.urllink\curver"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
<REGKEY NAME = "BonziBuddy CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
<REGKEY NAME = "Alexa CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
<REGKEY NAME = "Alexa CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
<REGKEY NAME = "Alexa CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
<REGKEY NAME = "Alexa CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
<REGKEY NAME = "Alexa CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
<REGKEY NAME = "Alexa Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
<REGKEY NAME = "Alexa Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
<REGKEY NAME = "Alexa Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
<REGKEY NAME = "Alexa Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
<REGKEY NAME = "Alexa Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
<REGKEY NAME = "Alexa Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
<REGKEY NAME = "Alexa Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
<REGKEY NAME = "Alexa Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
<REGKEY NAME = "Alexa Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
<REGKEY NAME = "Alexa Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
<REGKEY NAME = "Alexa Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
<REGKEY NAME = "Alexa Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
<REGKEY NAME = "Alexa Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
<REGKEY NAME = "Alexa Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
<REGKEY NAME = "Alexa Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
<REGKEY NAME = "Alexa Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
<REGKEY NAME = "Alexa Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
<REGKEY NAME = "Alexa Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
<REGKEY NAME = "Alexa Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
<REGKEY NAME = "Alexa Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
<REGKEY NAME = "Alexa Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu"/>
<REGKEY NAME = "Alexa PopMenu.Menu"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu.1"/>
<REGKEY NAME = "Alexa PopMenu.Menu.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent.1"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller"/>
<REGKEY NAME = "Alexa Popup.PopupKiller"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller.1"/>
<REGKEY NAME = "Alexa Popup.PopupKiller.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
<REGKEY NAME = "Alexa TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Alexa Internet"/>
<REGKEY NAME = "Alexa Software\Alexa Internet"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
<REGKEY NAME = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink.1"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink.1"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink"/>
</SW>
<SW NAME = "Trojan.Admincash">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
<REGKEY NAME = "Trojan.Admincash SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGVALUE VALUE = "Marketscore (NetSetter) software\microsoft\windows\currentversion\run\OSS"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\OSS"/>
</SW>
<SW NAME = "Alexa">
<REGVALUE VALUE = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
<REGVALUEFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB2.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB2.dll"/>
<FOLDER PATH = "SaveNow C:\Program Files\save"/>
<FOLDER PATH = "180Solutions C:\Program Files\zango"/>
</Scanning>
<Scanning TIME = "07 Apr 05 17:33:02">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "c6ce6eec82f187615d1002bb3bb50ed4"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "84885f9b82f4d55c6146ebf6065d75d2"/>
<PROCESS NAME = "C:\WINDOWS\system32\Ati2evxx.exe" MD5 = "a8464ca51c598101a3fef341f4f0b6e0"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\S24EvMon.exe" MD5 = "c2c16e149d970f4733436a30c0f7fd9b"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "7435b108b935e42ea92ca94f59c8e717"/>
<PROCESS NAME = "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" MD5 = "8f5c11f6ceecd5fb7fd03aefaf182cde"/>
<PROCESS NAME = "C:\WINDOWS\System32\cisvc.exe" MD5 = "3192bd04d032a9c4a85a3278c268a13a"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" MD5 = "1ee42860d3922b2a634191a4b9bfdd9e"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" MD5 = "c604bde6a49627ec75a8747e5868008d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" MD5 = "2f856f294d155a8cc4ebb1243bfeb9d4"/>
<PROCESS NAME = "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" MD5 = "b7f89868cffcc19066febfcb4d45f6ce"/>
<PROCESS NAME = "C:\WINDOWS\System32\inetsrv\inetinfo.exe" MD5 = "74b9fa2afaf60b7f4e2a952e77b9dc6c"/>
<PROCESS NAME = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" MD5 = "3a86fb5fdf6575568b5f1a694186e45e"/>
<PROCESS NAME = "C:\WINDOWS\System32\RegSrvc.exe" MD5 = "fd63939d444402e35c3bb04e75459af1"/>
<PROCESS NAME = "C:\WINDOWS\System32\tcpsvcs.exe" MD5 = "32933b07fc16d9f778bee12545fa1b1a"/>
<PROCESS NAME = "C:\WINDOWS\System32\snmp.exe" MD5 = "d923bf27723e28e3c121b77f52db4bce"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" MD5 = "3978f082274f723ad5a0a8058c2417dd"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\wanmpsvc.exe" MD5 = "c8413f5b1a6868ab81fb1c15200343e4"/>
<PROCESS NAME = "C:\WINDOWS\System32\MsPMSPSv.exe" MD5 = "668056d5c3c11ab7d266819a96b964e8"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMA32.EXE" MD5 = "fb942e7cb27f6a04d03ecc159fca64b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSMB32.EXE" MD5 = "ca8d9eed43063fc0d690c4d9b6d099b7"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FCH32.EXE" MD5 = "90ac8bc8d461f57729a05f2dea9d7670"/>
<PROCESS NAME = "C:\WINDOWS\system32\ZCfgSvc.exe" MD5 = "513af2c10e6bd58ade5a578f755f3fae"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FAMEH32.EXE" MD5 = "548767d5825109c2638656edcf592b81"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "a0732187050030ae399b241436565e64"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FNRB32.EXE" MD5 = "67b43438e3ba5a4fbea46eeba4cd207d"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FIH32.EXE" MD5 = "1bf98bcd63775ae57a42de363baa31b1"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Anti-Virus\fsav32.exe" MD5 = "ee210a7b801beaa51d5af223586043e3"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "f1958fbf86d5c004cf19a5951a9514b7"/>
<PROCESS NAME = "C:\WINDOWS\AGRSMMSG.exe" MD5 = "30dabfaaad430772234e0184fc180410"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" MD5 = "5dc0a404904ff058d0c080a48a960bf5"/>
<PROCESS NAME = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" MD5 = "6eb8a26cfbb4e14cf5318cfce37e95e7"/>
<PROCESS NAME = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "75dda1ca7f11e05b53f76ec03b16a6bc"/>
<PROCESS NAME = "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" MD5 = "b50bff104773267d0cef35e26db3b932"/>
<PROCESS NAME = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" MD5 = "6b7da9db5a15f762a7a56df0006a531b"/>
<PROCESS NAME = "C:\Program Files\F-Secure\Common\FSM32.EXE" MD5 = "26d2da1176739e82f3fd9f26662633d5"/>
<PROCESS NAME = "C:\WINDOWS\system32\rundll32.exe" MD5 = "da285490bbd8a1d0ce6623577d5ba1ff"/>
<PROCESS NAME = "C:\windows\system32\rk.exe" MD5 = "141bae5215de2463759f2ab9400677d6"/>
<PROCESS NAME = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" MD5 = "7c6b5065e7326e3c91a62800df3a31fa"/>
<PROCESS NAME = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" MD5 = "2d765e811b6ffea9f91d4425e34b8461"/>
<PROCESS NAME = "C:\Program Files\Real\RealPlayer\RealPlay.exe" MD5 = "849d97fe4cc09cfc2772d10f641e1baf"/>
<PROCESS NAME = "C:\Program Files\MediaPilot\MediaPilot.exe" MD5 = "6233e04e41cfa0a3b2418ff38a45010f"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "24232996a38c0b0cf151c2140ae29fc8"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" MD5 = "b18b3c98c5fec0fa3afff04bf9eec6c2"/>
<PROCESS NAME = "D:\WinZip\WZQKPICK.EXE" MD5 = "2fe253973433442c2cb234fb2bc4bf29"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IMApp.exe" MD5 = "a3e201be06175ee39050a4aa23c61c8c"/>
<PROCESS NAME = "C:\Program Files\Mozilla Firefox\firefox.exe" MD5 = "e8361a7be069282c0108118e3252ded6"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\WINDOWS\system32\cidaemon.exe" MD5 = "582304f6f1946fa5068cf143d729d7ed"/>
<PROCESS NAME = "C:\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<PROCESS NAME = "C:\WINDOWS\system32\notepad.exe" MD5 = "388b8fbc36a8558587afc90fb23a3b99"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\okshook.dll"/>
<FILE PATH = "Marketscore (NetSetter) C:\windows\system32\rk.exe"/>
<FILE PATH = "Marketscore (NetSetter) C:\WINDOWS\system32\OSMIM.DLL"/>
<ScanningRegKeys>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGKEYFOUND NAME = "Software\Netsetter"/>
<REGKEY NAME = "Marketscore (NetSetter) Software\Netsetter"/>
</SW>
<SW NAME = "SaveNow">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink\curver"/>
<REGKEY NAME = "SaveNow software\classes\tldctl2.urllink\curver"/>
</SW>
<SW NAME = "BonziBuddy">
<REGKEYFOUND NAME = "CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
<REGKEY NAME = "BonziBuddy CLSID\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\microsoft\windows\currentversion\explorer\browser helper objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
<REGKEY NAME = "Alexa software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
<REGKEY NAME = "Alexa CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
<REGKEY NAME = "Alexa CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
<REGKEY NAME = "Alexa CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
<REGKEY NAME = "Alexa CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
<REGKEY NAME = "Alexa CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
<REGKEY NAME = "Alexa Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
<REGKEY NAME = "Alexa Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
<REGKEY NAME = "Alexa Interface\{0BBB0424-E98E-4405-9A94-481854765C80}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
<REGKEY NAME = "Alexa Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
<REGKEY NAME = "Alexa Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
<REGKEY NAME = "Alexa Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
<REGKEY NAME = "Alexa Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
<REGKEY NAME = "Alexa Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
<REGKEY NAME = "Alexa Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
<REGKEY NAME = "Alexa Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
<REGKEY NAME = "Alexa Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
<REGKEY NAME = "Alexa Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
<REGKEY NAME = "Alexa Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
<REGKEY NAME = "Alexa Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
<REGKEY NAME = "Alexa Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
<REGKEY NAME = "Alexa Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
<REGKEY NAME = "Alexa Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
<REGKEY NAME = "Alexa Interface\{B79D9232-A798-43DB-9E61-281D550460E4}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
<REGKEY NAME = "Alexa Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
<REGKEY NAME = "Alexa Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
<REGKEY NAME = "Alexa Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu"/>
<REGKEY NAME = "Alexa PopMenu.Menu"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "PopMenu.Menu.1"/>
<REGKEY NAME = "Alexa PopMenu.Menu.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.HTMLEvent.1"/>
<REGKEY NAME = "Alexa Popup.HTMLEvent.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller"/>
<REGKEY NAME = "Alexa Popup.PopupKiller"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Popup.PopupKiller.1"/>
<REGKEY NAME = "Alexa Popup.PopupKiller.1"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
<REGKEY NAME = "Alexa TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Get Alexa Data"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend..."/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\MenuExt\See Related Links"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Alexa Internet"/>
<REGKEY NAME = "Alexa Software\Alexa Internet"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
<REGKEY NAME = "Alexa Software\Microsoft\Internet Explorer\Extensions\{9D74677A-E227-40fb-9511-F7E92EA4083A}"/>
</SW>
<SW NAME = "Alexa">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
<REGKEY NAME = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink.1"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink.1"/>
</SW>
<SW NAME = "IPInsight">
<REGKEYFOUND NAME = "software\classes\tldctl2.urllink"/>
<REGKEY NAME = "IPInsight software\classes\tldctl2.urllink"/>
</SW>
<SW NAME = "Trojan.Admincash">
<REGKEYFOUND NAME = "SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
<REGKEY NAME = "Trojan.Admincash SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}"/>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "Marketscore (NetSetter)">
<REGVALUE VALUE = "Marketscore (NetSetter) software\microsoft\windows\currentversion\run\OSS"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\run\OSS"/>
</SW>
<SW NAME = "Alexa">
<REGVALUE VALUE = "Alexa SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
<REGVALUEFOUND NAME = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Alexa Toolbar"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxRes.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB1.dll"/>
<FILE PATH = "Alexa C:\WINDOWS\system32\AlxTB2.dll"/>
<FILE PATH = "C:\WINDOWS\system32\AlxTB2.dll"/>
<FOLDER PATH = "SaveNow C:\Program Files\save"/>
<FOLDER PATH = "180Solutions C:\Program Files\zango"/>
</Scanning>
</Session>