# What about these spyware tools?



## geranimo:// (Nov 21, 2004)

* Ad-aware SE
    * ADS Spy
    * BHOlist
    * BugOff
    * CWSShredder
    * HijackThis
    * LSPFix
    * MVPS hosts
    * Spybot S&D
    * Spywareblaster
    * Startuplist

Theres a site I can download all these spyware tools from, but I dont know half of them, could someone tell me wich ones I should really get besides Adaware, Spybot S&D and HijackThis?

Thnx


----------



## Lorand (Nov 21, 2004)

AdAware, Spybot S&D and HijackThis would be more than enough.


----------



## geranimo:// (Nov 21, 2004)

Ok thnx  , Ill run them and post my log if thats ok with you


----------



## geranimo:// (Nov 21, 2004)

Iight, here we go, so Ive used Adaware SE, Spybot S&D but also Advanced registry Optimizer, for my registry ofcourse  

(ow yeah, Im kinda attached to my MSN Plus, even if some say its a spywaremagnet and stuff...  )

Logfile of HijackThis v1.98.2
Scan saved at 14:24:10, on 21-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Mijn documenten\Programma's\GMail\Gmail Notifier\gnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mijn documenten\Programma's\WinRaR\WinRAR.exe
C:\DOCUME~1\JRME~1\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Mijn documenten\Programma's\Adobe Reader 6\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Mijn documenten\Programma's\GMail\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] D:\Mijn documenten\Programma's\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Mijn documenten\Programma's\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

*It looks clean to me btw  *


----------



## Lorand (Nov 21, 2004)

Wow, I never saw such a clean log...  
Everything is fine, except that Messenger Plus, but keep it if you're attached to it.


----------



## geranimo:// (Nov 21, 2004)

Haha thnx, but what is actually so bad about MSN Plus?


----------



## Lorand (Nov 21, 2004)

Read this, and after that you might consider deleting it.


----------



## geranimo:// (Nov 21, 2004)

Lol, iight, Ill do that, in the mean time, could you also take a look at my sisters log?

I also ran adaware and spybot on it, and she doesnt wantto get ridof her LookNMeet thing...

Hehe, thnx, and srryif Im taking all of your time  

Logfile of HijackThis v1.98.2
Scan saved at 15:20:56, on 21-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire 4.0.8 Pro\LimeWire.exe
C:\DOCUME~1\Azzy\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.looknmeet.nl/azzy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AdsManager Class - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LookNMeet\AddAPI.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LookNMeet\AddAPI.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: LookNMeet - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.looknmeet.nl/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096911356375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab


----------



## Lorand (Nov 21, 2004)

This log is pretty clean too.
But there are some useless or dubious processes:

C:\Program Files\LookNMeet\Agent.exe
R3 - URLSearchHook: AdsManager Class - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LookNMeet\AddAPI.dll
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LookNMeet\AddAPI.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O9 - Extra button: LookNMeet - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.looknmeet.nl/ (file missing)


----------



## geranimo:// (Nov 21, 2004)

Ok thnx, well Ive read it, but I havent really noticed any negative effects yet from the lop thing, although Ive been using plus qite some time now. I do remember that when I was installing Plus, it asked me if I wanted to support some kind of sponsor, I just said no, could that maybe be it?


----------



## Lorand (Nov 21, 2004)

It could be a newer version of Plus that allows you to skip the spyware install...
In that case you could keep it.


----------



## samuelhii_mei (Nov 21, 2004)

i think i asked this question before but i forgot where i post it !!so i repeat agian here!!
how u know what are useless??


----------



## geranimo:// (Nov 21, 2004)

samuelhii_mei said:
			
		

> how u know what are useless??


Uhm, a lil bit of experiance?


----------



## Lorand (Nov 21, 2004)

Yep... And when some process is dubious then you could search for it here: http://www.processlibrary.com/


----------



## geranimo:// (Nov 21, 2004)

Wow   great site!!! Thnx


----------



## Praetor (Nov 23, 2004)

That is a clean log


----------

