Trojan / SideFind / Pop up Frustration!

BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan / SideFind / Pop up Frustration!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Chris20
New Member

Date Joined Nov 2004
Total Posts : 10

Posted 11-7-2004 9:02 (GMT +1)

Hi, can you’s help me please. I’m having problems since I downloaded an update for my MSN Plus.

I ran Lavasoft Ad-aware and Bazooka Scanner and got the results below.

Lavasoft Ad-Aware - Win32.TrojanDownloader.Swizzor.br

I quarantined the virus but every time I run Ad-Aware the same virus shows up.

Bazooka Scanner - Items found:

SideFind

W32.Sobig.f

I’ve tried following their removal instructions but its not helped.

---------------------------------------------------------

I’ve got the following anti-virus / spyware removal programs:

Lavasoft Ad-Aware SE Personal (virus found, see above)

Avast! Antivirus (no virus found)

AVG 6.0 (no virus found)

CWS Shredder (results shown below)

Spybot - Search & Destroy (no virus found)

Avast! virus cleaner tool (no virus found)

Hijack This (results shown below)

CWS SHREDDER RESULTS:

System Information:

Windows XP (5.01.2600 SP2)

Windows dir: C:\WINDOWS

Windows system dir: C:\WINDOWS\system32

Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, A)

Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe

UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\System32\Userinit.exe

Found Win.ini file: C:\WINDOWS\win.ini (675 bytes, A)

Found System.ini file: C:\WINDOWS\system.ini (302 bytes, A)

HIJACKTHIS RESULTS:

Logfile of HijackThis v1.98.2

Scan saved at 18:21:31, on 07/11/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\ntl\broadband medic\bin\mad.exe

C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE

C:\Program Files\ntl\broadband medic\bin\mpbtn.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\BBC News alerts\skinkers.exe

C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe

C:\Program Files\Tweaks and Tools\ttmem.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Kickchat$cript[2.0]\mirc.exe

C:\Program Files\ntl\broadband medic\bin\MotiveBrowser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Works\wkswp.exe

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Program Files\Microsoft Works\wkgdcach.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\InterMute\SpySubtract\CWShredder.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mjcyriyjwd.com/kiRyq9MDAzJ_kpeAsGDsr/bRb1sxRp3MtzXZtIM5d5RO1pTny7lTMWk/ZpyyxOYZ.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Slow dash - {412863A3-776B-4EE7-A6E4-8BE69534818E} - C:\PROGRA~1\PILEBIKE\CASTWMA.dll (file missing)

O2 - BHO: (no name) - {46447405-0700-52BD-AFEA-7F15D524F33D} - C:\DOCUME~1\CHRISB~1\APPLIC~1\PILEBIKE\BIN GRAM.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Logo play enc multi] C:\Documents and Settings\All Users\Application Data\type save logo play\Newbore.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe

O4 - HKCU\..\Run: [SkySportsCluster] C:\Program Files\Sky Alerts\skinkers.exe

O4 - HKCU\..\Run: [Play Flaw] C:\DOCUME~1\CHRISB~1\APPLIC~1\HIDELO~1\Atom Platform.exe

O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe

O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe

O4 - Startup: Tweaks & Tools - Memory manager.lnk = C:\Program Files\Tweaks and Tools\ttmem.exe

O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-j3.freeserve.com/Java/cfs31235.cab

O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a3.freeserve.com/Java/cfs31245.cab

O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

---------------------------------------------------------

I’m also receiving pop-ups despite my Windows XP service pack 2 pop up blocker being on. In the pop-up blocker settings menu there are entries that I never added:

Lop.com

Mysearchnow.com

www.lop.com

www.mysearchnow.com

Everytime I remove these entries they just add themselves back.

-----------------------------------------------------------

Sorry about the message being so long.

Chris

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 11-8-2004 12:57 (GMT +1)

Hey

Remove - Messenger Plus!- From add remove programs, in controlpanel. Or just delete: C:\Program Files\Messenger Plus! 3\MsgPlus.exe<<< Messenger Plus Folder. And you will get rid of a lot of Spyware

Run this scanner – mwav exe : http://home9.inet.tele.dk/le01/Sikkerhed.htm
Activate all, in settings- Scan

Open adaware and Click the "Check for updates now" line on the main screen. Click the "Connect" button on the webupdate screen.

If an update is available download it and install it. Click the "Finish" button to go back to the main screen.

Click on the Settings button (gear symbol in the upper right corner of the main status screen) in the quick launch toolbar to open the General settings screen. Check the "Automatically quarantine objects prior to removal" setting and then click "Proceed" to save your changes

Click the "Scan now" button in the main menu on the left side of the main status screen or use the "Start" button in lower right corner. This will open the Preparing System Scan screen. Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Then select "Use custom scanning options" and click "Customize". This will open the Scan Settings Page. Make sure all of the following are On with a "green" checkmark:

Scan within archives
Scan active processes
Scan Registry
Deep-scan Registry
Scan my IE Favorites for banned URLs
Scan my Hosts File

Then Click the Advanced Button on the left side to open the Advanced Settings screen. Make sure the following is on with a "green" checkmark:

Others are optional to be checked or unchecked.

Then click on the "Tweak" Button to open up the tweak settings.

Open up the Scanning Engine section and make sure ll of the following are On with a "green" checkmark:

Scan registry for all users instead of current user only

Make sure the following is unchecked with a "red" X:

Unload recognized processes & modules during scan.

Open up the Cleaning Engine section and make sure all of the following are On with a "green" checkmark:

Always try to unload modules before deletion
During Removal, unload Explorer and IE if necessary
Let Windows remove files in use at next reboot.

Click the "Proceed" button to save settings.

Click the "Next" button to start the scan.

When a scan is completed the Performing System Scan screen will change name to "Scan Complete".

Click the "Next" button to get to the Scanning Results screens where more information about the objects detected during the scan is available.

To fix all the bad critical objects do the following:

Right click on one of them to open up the selection screen. Click the "Select All" button to select all entries.

When all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.

Plug-Ins for Ad-Aware (VX2 Cleaner)
Download the free VX2 Cleaner here : http://download.lavasoft.de.edgesuite.n...leaner.exe

Close Ad-Aware SE build 1.04 and Ad-Watch (if running)
Install the VX2 Cleaner
Start Ad-Aware SE build 1.04
Go to “Plug-ins”
Select the VX2 Cleaner plug-in and click “Run Plugin”
If your computer isn’t infected, click “Close”.

If your computer is infected:

Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Download Spybot Search and Destroy here : http://www.safer-networking.org/index.php?page=mirrors if it is not already installed on your computer
Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp.
C:\Windows\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <<<This will delete your files in your internet cache--including cookies.
C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
Empty your "Recycle Bin"

Reboot and post new logfile

Touch

Member of - Alliance of Security Analysis Professionals

Chris20
New Member

Date Joined Nov 2004
Total Posts : 10

Posted 11-9-2004 11:59 (GMT +1)

Hi, thanx for the advice. From what I've seen so far most of the problems are fixed. The one that is still on my PC is SideFind. The Bazooka Scanner is detecting it:

****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 21:00:33.
OS: Windows NT 5.1
Database version: 2.450000
Database format version: 1.020000
Database date: 20041103
Current date: 2004-11-09 21:00

****************************************
Result when scanning:

SideFind 695.333.001 {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
http://www.kephyr.com/spywarescanner/library/sidefind/index.phtml

****************************************
Auto start entries:
    C:\Program Files\ntl\broadband medic\bin\matcli.exe -boot
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\ntl\broadband medic\bin\matcli.exe -boot
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\BBC Ticker\BBCTicker.exe
    C:\Documents and Settings\Chris\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    C:\Program Files\Tweaks and Tools\ttmem.exe hide
    C:\Program Files\BBC Ticker\BBCTicker.exe
    C:\Documents and Settings\Chris\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    C:\Program Files\Tweaks and Tools\ttmem.exe hide

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
AVG_CC C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG_CC

Lexmark X5100 Series "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Lexmark X5100 Series

Qwik-Fix "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Qwik-Fix

Motive SmartBridge C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Motive SmartBridge

MessengerPlus3 "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus3

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ViewMgr

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client

avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avast!

ashMaiSv C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ashMaiSv

BDMCon C:\Program Files\BullGuard\\bdmcon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BDMCon

BGNewsAgent C:\Program Files\BullGuard\bgnewsag.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BGNewsAgent

mwavscan "C:\Kaspersky\mwavscan.com" /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mwavscan

Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

BBCNewsalertsCluster C:\Program Files\BBC News alerts\skinkers.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BBCNewsalertsCluster

Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} not set C:\Program Files\Microsoft Money\System\mnyviewer.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

****************************************
Toolbars:

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{AB360AA8-876C-4DC9-B9EB-D05D80059766} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{AB360AA8-876C-4DC9-B9EB-D05D80059766}\InprocServer32