Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

What is spyware for?

2147 Views 5 Replies 2 Participants Last post by  pyritechips
N
What is spyware for?, I have comet curser and Kazaa!
Save
Like
Status
Not open for further replies.
1 - 6 of 6 Posts
pyritechips
Spyware is evil nasty stuff! Just do a google search under "spyware tutorial"

In the mean time, start by going to the following site, download Startup list and post the results here.

http://www.lurkhere.com/~nicefiles/

Also click report at the top right of your post and request that this be moved to the security forum.

And read this thread: http://forums.techguy.org/t114549/s.html
Save
Like
N
Okay, it brought up my c: is that what you want me to post?
Save
Like
pyritechips
If you unzip the download and run it you should get a list the beginning of which looks like this:

StartupList report, 1/1/01, 6:06:08 PM
StartupList version: 1.50
Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE

This is just a sample of mine. You should paste the entire list here.
See less See more
Save
Like
N
StartupList report, 1/27/2003, 7:12:40 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\JF9XF82O\STARTUPLIST151[1]\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\JF9XF82O\STARTUPLIST151[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Hidserv = Hidserv.exe run
Digital Dashboard = C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
CountrySelection = pctptt.exe
PCTVOICE = pctvoice.exe
LoadQM = loadqm.exe
Dcfssvc = C:\WINDOWS\System32\Drivers\dcfssvc.exe
CpqBootPerfDb = C:\Cpqs\Scom\CpqBootPerfDb.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
wcmdmgr = C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
WT GameChannel = C:\Program Files\WildTangent\Apps\GameChannel.exe
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Tracks Eraser Pro = C:\PROGRAM FILES\ACESOFT\TRACKS ERASER PRO\TE.exe min

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 27/1/2003, 16:43:34)

[rename]
nul=C:\PROGRA~1\WINZIP\winzip32.exe
nul=C:\PROGRA~1\WINZIP
nul=C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
nul=C:\PROGRA~1\WINZIP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
CSBHO - C:\PROGRAM FILES\COMET\BIN\CSBHO.DLL - {D14D6793-9B65-11D3-80B6-00500487BDBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Synchronize Time.job
Check E-mail.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe

[WildTangent Control]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab

[{A45F39DC-3608-4237-8F0E-139F1BC49464}]
CODEBASE = http://www.logoplugin.com/diallerfiles/027890.exe

[DivX Player]
CODEBASE = http://download.divx.com/player/DivXPlayerInstaller.exe

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE = http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab

[Register Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HWUTILS.DLL
CODEBASE = http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab

--------------------------------------------------
End of report, 6,549 bytes
Report generated in 0.294 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

OKAY, I"M A BIT SCARED, DON'T BE LOOKING AT IT ALL:confused:
See less See more
Save
Like
pyritechips
Ok good! I'm not a security expert by a long shot but there will be other more knowledgealbe people looking over the list. It doesn't look too terrible- no reason to be skeered!:D
Save
Like
1 - 6 of 6 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top