What is ZESOFT and how remove it from Registry



i_zuly
07-09-2005, 11:23 PM
After downloading and running some files from a zipped directory pc started
boot and shutdown very slow. Antivirus scan, Lavasoft AdAware, Microsoft
AntiSpyware, Spybot Search & Destroy, Bazooka Adware and Spyware Scanner
found and deleted some ……...wares, incl., ZESOFT, incl., ZESOFT started from
Services.

Re-running mentioned above programs does not show any ZESOFT, but Registry
scan found many ZESOFT keys and values. When I deleted they, they were
deleted, but next scan shows they are restored again. Repeated several times
without any success. ZESOFT are present in Registry and pc still boot and
shutdown slow.

What is this ZESOFT? How remove it from Registry, e.g,??

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZESOFT\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZESOFT\0000

I’ll appreciate any advice.
Best, L

Shenan Stanley
07-09-2005, 11:23 PM
i_zuly wrote:
> After downloading and running some files from a zipped directory pc
> started boot and shutdown very slow. Antivirus scan, Lavasoft
> AdAware, Microsoft AntiSpyware, Spybot Search & Destroy, Bazooka
> Adware and Spyware Scanner found and deleted some .....wares, incl.,
> ZESOFT, incl., ZESOFT started from Services.
>
> Re-running mentioned above programs does not show any ZESOFT, but
> Registry scan found many ZESOFT keys and values. When I deleted they,
> they were deleted, but next scan shows they are restored again.
> Repeated several times without any success. ZESOFT are present in
> Registry and pc still boot and shutdown slow.
>
> What is this ZESOFT? How remove it from Registry, e.g,??
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZESOFT\0000
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZESOFT\0000

ZESOFT is crapware..

http://labs.paretologic.com/spyware.aspx?remove=Adware.P2PNetworking

--
Shenan Stanley
MS-MVP
--

Rob graham
07-09-2005, 11:23 PM
> What is this ZESOFT? How remove it from Registry, e.g,??
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZESOFT\0000
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZESOFT\0000
>
> I'll appreciate any advice.
> Best, L
>

Use HijackThis and post the log to where it tells you.

Rob Graham

i_zuly
07-09-2005, 11:23 PM
Thank you for reply.
HijackThis log is below.
P.S. to the initial post. I run all diagnostics both in normal and safe
winxp pro mode.

==============================
Logfile of HijackThis v1.99.1
Scan saved at 11:48:49 PM, on 5/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\111408~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\111408~1\EE\AOLServiceHost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PC Care\Games\freecell.exe
C:\PC Care\PC Care\RegSeeker\RegSeeker.exe
C:\windows\system32\taskmgr.exe
C:\windows\regedit.exe
C:\Program Files\Lingvo\lingvo32.exe
C:\PC Care\PC Care\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1114084021\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115273034218
O17 -
HKLM\System\CCS\Services\Tcpip\..\{315BEF35-A6C7-4CBA-B792-B55CB76A4530}:
NameServer = 205.188.146.145
O17 -
HKLM\System\CS1\Services\Tcpip\..\{315BEF35-A6C7-4CBA-B792-B55CB76A4530}:
NameServer = 205.188.146.145
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online,
Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany
- C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex
Feinman\ISO Recorder\ImapiHelper.exe
==============================

"Rob graham" wrote:

> > What is this ZESOFT? How remove it from Registry, e.g,??
> >
> > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZESOFT\0000
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZESOFT\0000
> >
> > I'll appreciate any advice.
> > Best, L
> >
>
> Use HijackThis and post the log to where it tells you.
>
> Rob Graham
>
>
>

Shenan Stanley
07-09-2005, 11:23 PM
i_zuly wrote:
> Thank you for reply.
> HijackThis log is below.

They did not mean for you to post it here... =)

--
Shenan Stanley
MS-MVP
--

i_zuly
07-09-2005, 11:23 PM
Sorry, remove it please, if it's possible.
Best

"Shenan Stanley" wrote:

> i_zuly wrote:
> > Thank you for reply.
> > HijackThis log is below.
>
> They did not mean for you to post it here... =)
>
> --
> Shenan Stanley
> MS-MVP
> --
>
>
>


What is ZESOFT and how remove it from Registry