SpyMeTools

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Post Reply
Message
Author
JohnW
Posts: 386
Joined: Wed Apr 19, 2006 9:18 am
Location: London, UK

SpyMeTools

#1 Post by JohnW »

I came across SpyMe Tools V 1.5 recently via ...
http://www.lcibrossolutions.com/spyme_tools.htm

SpyMe Tools is very useful in detecting Registry and Disk changes. If any application installs spyware, adware, dlls, programs, files, or any other type of file, picture, or program, etc. or changes the Registry's content, you will be able to see exactly where the modification occurred so you can take measures. With this software you will know everything that is added or removed.

SpyMe Tools also includes a Real time Disk/Registry monitor so you may spot the changes in real time but this is only available on a NT platform (including Win2k and Win XP).

You can also use the program to backup your Registry.

Now, let's be in no doubt - the program does make some changes to the Registry beyond the usual MRU type entries. But not too many and they may be acceptable.

If interested - download. Uni- extract files. Delete the rubbish but place madCHook.dll in the main folder
Top
User avatar
AlephX
Posts: 664
Joined: Thu May 11, 2006 10:53 pm
Contact:
Contact AlephX

#2 Post by AlephX »

Well, tested with regshot:

the application likes to "register" itself...

Code: Select all

----------------------------------
Keys added:3
----------------------------------
HKLM\SOFTWARE\LC IBros Solutions
HKLM\SOFTWARE\LC IBros Solutions\Spyme Tools
HKU\S-1-5-21-407404009-2007238923-643028249-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rdf

Code: Select all

----------------------------------
Values added:5
----------------------------------
HKLM\SOFTWARE\LC IBros Solutions\Spyme Tools\last_check: 00 00 00 00 00 1A E3 40
HKU\S-1-5-21-407404009-2007238923-643028249-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\e: 53 00 70 00 79 00 4D 00 65 00 54 00 6F 00 6F 00 6C 00 73 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 74 00 65 00 6D 00 70 00 5C 00 50 00 61 00 6F 00 6C 00 6F 00 20 00 43 00 44 00 5C 00 73 00 70 00 79 00 6D 00 65 00 74 00 6F 00 6F 00 6C 00 73 00 5F 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 5C 00 7B 00 61 00 70 00 70 00 7D 00 00 00
HKU\S-1-5-21-407404009-2007238923-643028249-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\g: "C:\temp\test\spymetools_installer\{app}\pippo1.rdf"
HKU\S-1-5-21-407404009-2007238923-643028249-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rdf\a: "C:\temp\test\spymetools_installer\{app}\pippo1.rdf"
HKU\S-1-5-21-407404009-2007238923-643028249-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rdf\MRUList: "a"
The settings are written into an ini file in its folder... The program does not use any "Last used folder"...

Well, I guess that it´s almost portable. I wait for other opinions... :)
Top
User avatar
Andrew Lee
Posts: 3065
Joined: Sat Feb 04, 2006 9:19 am
Contact:
Contact Andrew Lee

#3 Post by Andrew Lee »

I think it is portable, but not stealth.

It writes this lone entry:

Code: Select all

HKLM\SOFTWARE\LC IBros Solutions\Spyme Tools\last_check: 00 00 00 00 40 1A E3 40
Seems to be the timestamp for the last autoupdate, which is the first thing I would disable anyway. :D

I will add this to the database.
Top
calm_observer
Posts: 47
Joined: Tue Mar 27, 2007 12:21 pm

#4 Post by calm_observer »

i found it installs madCHook.dll in the system folder.
Top
User avatar
AlephX
Posts: 664
Joined: Thu May 11, 2006 10:53 pm
Contact:
Contact AlephX

#5 Post by AlephX »

calm_observer wrote:i found it installs madCHook.dll in the system folder.
Hi! Maybe you did not copy that application from the {sys} folder to the {app} folder of the application...
How to extract: Download the installer and extract using Universal Extractor to a folder of your choice. The application files are located in the {app} subfolder, but you need {sys}\madCHook.dll in this folder as well. Launch the program by double-clicking on SpyMeTools.exe.exe. Upon inital launch, you may want to disable auto-update under "Options".
Top
calm_observer
Posts: 47
Joined: Tue Mar 27, 2007 12:21 pm

#6 Post by calm_observer »

AlephX wrote:Hi! Maybe you did not copy...
:oops: forgot to read the instructions, but i did figure out what was wrong and moved the file.
Top
User avatar
AlephX
Posts: 664
Joined: Thu May 11, 2006 10:53 pm
Contact:
Contact AlephX

#7 Post by AlephX »

Don´t worry: sometimes I write those instructions and the I don´t read them... :shock:
Top
donald
Posts: 561
Joined: Wed Dec 19, 2007 4:14 am
Location: knoxville TN USA

Re: SpyMeTools

#8 Post by donald »

Please note that the application website offers a zipped archive with I believe all files included.
Top
User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:
Contact guinness

Re: SpyMeTools

#9 Post by guinness »

Updated the Entry! I added additional information to finally stop HKLM\SOFTWARE\LC IBros Solutions\Spyme Tools\ being created. If you create a new file called 'config.ini' and then paste the following...

Code: Select all

[options]
check_for_updates=0
it will stop the program checking for updates, thus not creating the Registry Key on first run.
Top
Onesimus Prime
Posts: 133
Joined: Wed Sep 05, 2007 8:42 pm

Re: SpyMeTools

#10 Post by Onesimus Prime »

If anyone else has trouble finding the TPFC entry, it's at http://www.portablefreeware.com/index.php?id=1156

And if you try searching for it here, be sure to include the space: "SpyMe Tools". I learned the hard way! :wink:
Top
Post Reply

Return to “Portable Freeware Submission”