Hello everybody, how you all doing ?

Wow, well I sure am glad I found Spybot Search And Destroy !

I knew I was being spied upon but until I ran it, I had no idea how bad it was, keylogger software the works. :mad:

Undoubtedly this is the best spyware software I have seen......
Thankyou so so much...... :o)

Anyway, I think Spybot has removed these files.

I've now done a RootAlyzer and wondered if someone could have a look at the log ?
I'm able to locate all the files using either explorer or regedit.
Does that mean I'm clear and ok ?

I suspect I may still be being "pursued".
Does anybody know any safeguards I can take or do I just keep running the software ?

Please be warned, I'm a complete novice when it comes to the registry ! :oops:

Many thanks in advance.

10/10 spybot ! :2thumb: (donation on it's way but I need to wait for paypal ! :O)....)

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\{00000000-00000000-00000006-00001102-00000004-00531102}.CDF"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\EA0004_00531102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{1B2D3721-11D6-5795-D000-869CD73B8EB7}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{48FCFB81-480E-11D7-9C86-00D0B78E3BD7}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf"
File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf"
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\","LicCtrl\0lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o "
// Attention: entries with a zero character will not be displayed correctly and may not work!
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\","LicCtrl\0lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o "
// Attention: entries with a zero character will not be displayed correctly and may not work!

---------------------------------------------------------------------------------------------------------
Also I notice on the "Quick scan" tab it says for one of the entries: "37 handle processes for 38 ..."

Is that ok ? there's a big green tick next to it.

Cheers.

Hmmmm... while that looks scary at first, the hidden registry entries are part of the eLicense Copy Protection system, probably from some game.

As for the others, they could be related to that. I don't want to recommend anything that would disrupt the software that uses the copy protection there, so I've sent an email to eLicense requesting some information from them before recommending further.

Hmmmm... while that looks scary at first, the hidden registry entries are part of the eLicense Copy Protection system, probably from some game.

As for the others, they could be related to that. I don't want to recommend anything that would disrupt the software that uses the copy protection there, so I've sent an email to eLicense requesting some information from them before recommending further.

Hi PepiMK,

Thankyou for your reply.

Scary ? Oh dear - well, doesn't suprise me, as I've said.

Please don't worry about the non-working or uninstallation of games - I don't even play them !

Being clean is my only wish.

Thanks very much, I look forward to your reply.

More than two weeks without an answer from eLicense, guess this company doesnt even want to talk about their intruding copy protection scheme when it comes to making sure it is not accidently removed :sad:

More than two weeks without an answer from eLicense, guess this company doesnt even want to talk about their intruding copy protection scheme when it comes to making sure it is not accidently removed :sad:

Hi PepiMK,

Sorry it's taken me so long to reply..... (lost e-mail info etc)

Thanks so much for looking into that for me.

What does all this actually mean ? Could I be at risk ?

I did use Spybot search and destroy a while ago to remove keylogger software and other stuff, but it seems I'm totally clean now as far as that goes.....

I've a couple of other issues too (though they may not be related so tell me to look at other threads if you like....).

1) My mouse has a tendency to "jump" to the bottom of the screen (is this normal ?)

2) I've got this process CTHELPER.EXE which I can't end(though I do have a creative soundcard) though it doesn't tie up any of my CPU.

Many thanks again PepiMK

Kind Regards, mariner77.

Meanwhile they did reply, though only after threatening to black- instead of whitelisting them ;) Not nice, but legit would be my conclusion.

1) Mouse: have you tried to clean it underneath? Whenever my mouse starts to jump or move by itself, it's dust that has settled around the small pads on which the mouse hovers.

2) From the description I would at first have guessed it's running as a system service, but I don't see it in our service list right now. Check its description, company, etc. (e.g. ProcAlyzer (http://forums.spybot.info/downloads.php?id=25) for stuff the Task Manager does not display)

Meanwhile they did reply, though only after threatening to black- instead of whitelisting them ;) Not nice, but legit would be my conclusion.

1) Mouse: have you tried to clean it underneath? Whenever my mouse starts to jump or move by itself, it's dust that has settled around the small pads on which the mouse hovers.

2) From the description I would at first have guessed it's running as a system service, but I don't see it in our service list right now. Check its description, company, etc. (e.g. ProcAlyzer (http://forums.spybot.info/downloads.php?id=25) for stuff the Task Manager does not display)

Thanks so much PepiMK, you're the best ! ;)