Results 1 to 7 of 7

Thread: Hello all - can you check I'm clean ?

  1. #1
    Member
    Join Date
    Dec 2008
    Posts
    50

    Smile Hello all - can you check I'm clean ?

    Hello everybody, how you all doing ?

    Wow, well I sure am glad I found Spybot Search And Destroy !

    I knew I was being spied upon but until I ran it, I had no idea how bad it was, keylogger software the works.

    Undoubtedly this is the best spyware software I have seen......
    Thankyou so so much...... :o)

    Anyway, I think Spybot has removed these files.

    I've now done a RootAlyzer and wondered if someone could have a look at the log ?
    I'm able to locate all the files using either explorer or regedit.
    Does that mean I'm clear and ok ?

    I suspect I may still be being "pursued".
    Does anybody know any safeguards I can take or do I just keep running the software ?

    Please be warned, I'm a complete novice when it comes to the registry !

    Many thanks in advance.

    10/10 spybot ! (donation on it's way but I need to wait for paypal ! :O)....)

    :: RootAlyzer Results
    File:"No admin in ACL","C:\WINDOWS\{00000000-00000000-00000006-00001102-00000004-00531102}.CDF"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\EA0004_00531102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{1B2D3721-11D6-5795-D000-869CD73B8EB7}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{48FCFB81-480E-11D7-9C86-00D0B78E3BD7}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf"
    File:"No admin in ACL","C:\WINDOWS\system32\Defaults\MX0004_00531102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf"
    File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt"
    RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\","LicCtrl\0lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o "
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\","LicCtrl\0lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o "
    // Attention: entries with a zero character will not be displayed correctly and may not work!

    ---------------------------------------------------------------------------------------------------------
    Also I notice on the "Quick scan" tab it says for one of the entries: "37 handle processes for 38 ..."

    Is that ok ? there's a big green tick next to it.

    Cheers.
    Last edited by mariner77; 2008-12-15 at 04:52.

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,570

    Default

    Hmmmm... while that looks scary at first, the hidden registry entries are part of the eLicense Copy Protection system, probably from some game.

    As for the others, they could be related to that. I don't want to recommend anything that would disrupt the software that uses the copy protection there, so I've sent an email to eLicense requesting some information from them before recommending further.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Member
    Join Date
    Dec 2008
    Posts
    50

    Default

    Quote Originally Posted by PepiMK View Post
    Hmmmm... while that looks scary at first, the hidden registry entries are part of the eLicense Copy Protection system, probably from some game.

    As for the others, they could be related to that. I don't want to recommend anything that would disrupt the software that uses the copy protection there, so I've sent an email to eLicense requesting some information from them before recommending further.
    Hi PepiMK,

    Thankyou for your reply.

    Scary ? Oh dear - well, doesn't suprise me, as I've said.

    Please don't worry about the non-working or uninstallation of games - I don't even play them !

    Being clean is my only wish.

    Thanks very much, I look forward to your reply.

  4. #4
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,570

    Default

    More than two weeks without an answer from eLicense, guess this company doesnt even want to talk about their intruding copy protection scheme when it comes to making sure it is not accidently removed
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  5. #5
    Member
    Join Date
    Dec 2008
    Posts
    50

    Default Thanks, sorry for the delay

    Quote Originally Posted by PepiMK View Post
    More than two weeks without an answer from eLicense, guess this company doesnt even want to talk about their intruding copy protection scheme when it comes to making sure it is not accidently removed
    Hi PepiMK,

    Sorry it's taken me so long to reply..... (lost e-mail info etc)

    Thanks so much for looking into that for me.

    What does all this actually mean ? Could I be at risk ?

    I did use Spybot search and destroy a while ago to remove keylogger software and other stuff, but it seems I'm totally clean now as far as that goes.....

    I've a couple of other issues too (though they may not be related so tell me to look at other threads if you like....).

    1) My mouse has a tendency to "jump" to the bottom of the screen (is this normal ?)

    2) I've got this process CTHELPER.EXE which I can't end(though I do have a creative soundcard) though it doesn't tie up any of my CPU.

    Many thanks again PepiMK

    Kind Regards, mariner77.

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,570

    Default

    Meanwhile they did reply, though only after threatening to black- instead of whitelisting them Not nice, but legit would be my conclusion.

    1) Mouse: have you tried to clean it underneath? Whenever my mouse starts to jump or move by itself, it's dust that has settled around the small pads on which the mouse hovers.

    2) From the description I would at first have guessed it's running as a system service, but I don't see it in our service list right now. Check its description, company, etc. (e.g. ProcAlyzer for stuff the Task Manager does not display)
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Member
    Join Date
    Dec 2008
    Posts
    50

    Default

    Quote Originally Posted by PepiMK View Post
    Meanwhile they did reply, though only after threatening to black- instead of whitelisting them Not nice, but legit would be my conclusion.

    1) Mouse: have you tried to clean it underneath? Whenever my mouse starts to jump or move by itself, it's dust that has settled around the small pads on which the mouse hovers.

    2) From the description I would at first have guessed it's running as a system service, but I don't see it in our service list right now. Check its description, company, etc. (e.g. ProcAlyzer for stuff the Task Manager does not display)
    Thanks so much PepiMK, you're the best !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •