I use TrendMicro's online HouseCall as my virus scanner. Though it's
only a simple scanner my security settings are very high. I know what
stupid actions down load viruses, also how to keep my computer safe.
BUT not from people. I know my family uses MY computer when I'm away
at work and, being stupid, download things or go where they're not
suppose to. Finding an empty History, Recent, Temp, etc. already prove
this. Now in events of me moving out I want a clean computer. I've
cleaned and got rid of almost everything, except for my Start-Up
programs or applications that use them. I already know some on there
are virus/worm's, but I don't know how to delete or get rid of them.
The best I could do was deactivate some of them. Below is a list from
my spybot program. All I know is to view them, nothing more. What I
need to know is: Which one's are necessary? Which one's can I disable?
Which one's can I delete and HOW??? Please help, or tell me where I
could find someplace to get some if possible. Thanks, dIsMaL.

Spybot-S&D Startup list report, 8/6/2004 2:57:25 AM
Located: HK_CU:Run, AIM
file: C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
Located: HK_CU:Run, PopUpStopperFreeEdition (DISABLED)
file: "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE
EDITION\PSFREE.EXE"
Located: HK_LM:Run, Lexmark X1100 Series
file: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
Located: HK_LM:Run, LexStart
file: lexstart.exe
Located: HK_LM:Run, ScanRegistry (DISABLED)
file: C:\WINDOWS\scanregw.exe /autorun
Located: HK_LM:Run, TaskMonitor
file: C:\WINDOWS\taskmon.exe
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07
Located: HK_LM:Run, SystemTray (DISABLED)
file: SysTray.Exe
Located: HK_LM:Run, LoadPowerProfile (DISABLED)
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:Run, TotalRecorderScheduler
file: "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
Located: HK_LM:Run, Explorer (DISABLED)
file: C:\WINDOWS\MSGSVR16.EXE
Located: HK_LM:Run, QuickTime Task (DISABLED)
file: "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Located: HK_LM:Run, wcmdmgr
file: C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
Located: HK_LM:Run, TkBellExe
file: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
Located: HK_LM:Run, TGDC IE Plugin (DISABLED)
file: C:\PROGRAM FILES\TGDC\TGDC
Located: HK_LM:Run, LSvr (DISABLED)
file: C:\Program Files\Common Files\Presentia\LSvr.exe
Located: HK_LM:Run, PIOLET (DISABLED)
file: C:\PROGRAM FILES\PIOLET\PIOLET.exe SILENT
Located: HK_LM:Run, FastTrack Accelerator (DISABLED)
file: C:\PROGRAM FILES\KAZAA LITE\SPEED UP.EXE
MD5: D99B087070A3CFFA4613CA6F0FAB4AE8
Located: HK_LM:Run, WebInstall2 (DISABLED)
file: C:\WINDOWS\TEMP\ADWARE\WEBINSTALL.EXE /R
Located: HK_LM:Run, QuickTime Task (DISABLED)
file: "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Located: HK_LM:Run, WinampAgent (DISABLED)
file: "C:\Program Files\Winamp3\winampa.exe"
Located: HK_LM:Run, PCHealth (DISABLED)
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
Located: HK_LM:Run, LTDMgr (DISABLED)
file: C:\Program Files\Common Files\Presentia\LTDMgr.exe
Located: HK_LM:Run, TVMD (DISABLED)
file: C:\WINDOWS\TVMD.EXE
MD5: 4B31F0FB5A2FDC7593F2F6D4A9748821
Located: HK_LM:Run, ik (DISABLED)
file: C:\PROGRA~1\IK\IK.EXE
MD5: 8D8D85E1F9CC4759AF402989006DA0E2
Located: HK_LM:Run, SystemDLL32 (DISABLED)
file: C:\MY DOCUMENTS\MY DOWNLOADS\DEEPTHROAT\SYSTEMPATCH.EXE
Located: HK_LM:RunServices, *StateMgr
file: C:\WINDOWS\System\Restore\StateMgr.exe
MD5: 02282C55DC8B1BF1FF1180C98D7337D6
Located: HK_LM:RunServices, Machine Debug Manager
file: C:\WINDOWS\SYSTEM\MDM.EXE
MD5: 95D85D69FFC099C516D99CB9581E3FE2
Located: HK_LM:RunServices, LoadPowerProfile (DISABLED)
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:RunServices, StillImageMonitor
file: C:\WINDOWS\SYSTEM\STIMON.EXE
MD5: 902252F831D45763F7711B24ED430785
Located: HK_LM:RunServices, SchedulingAgent
file: mstask.exe
Located: HK_LM:RunServices, Explorer (DISABLED)
file: C:\WINDOWS\MSGSVR16.EXE
Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
file: mstask.exe
Located: Startup (user), Microsoft Office.lnk
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
MD5: F15DDC9505E8B4471F0A138A3FC56C54
Located: Startup (user), Runner.LNK
file: C:\Program Files\Hypno\Runner.EXE
MD5: 4A22EAF2648C46C90F70BB46D9684DE3

_-dIsMaL_- wrote on 06.08.2004 09:15:

> I use TrendMicro's online HouseCall as my virus scanner. Though it's
> only a simple scanner my security settings are very high. I know what
> stupid actions down load viruses, also how to keep my computer safe.
> BUT not from people. I know my family uses MY computer when I'm away
> at work and, being stupid, download things or go where they're not
> suppose to. Finding an empty History, Recent, Temp, etc. already prove
> this. Now in events of me moving out I want a clean computer. I've
> cleaned and got rid of almost everything, except for my Start-Up
> programs or applications that use them. I already know some on there
> are virus/worm's, but I don't know how to delete or get rid of them.
> The best I could do was deactivate some of them. Below is a list from
> my spybot program. All I know is to view them, nothing more. What I
> need to know is: Which one's are necessary? Which one's can I disable?
> Which one's can I delete and HOW??? Please help, or tell me where I
> could find someplace to get some if possible. Thanks, dIsMaL.
[...]
Well, well, running Kazaa and no on-access antivirus scanner you call
keeping your computer clean?
If you're talking about Spybot S&D and not a spybot it'd give you the
option for deleting malicious entries.

I'd do something like this:
- In addition to the online scan get NAI's Stinger
<http://vil.nai.com/vil/averttools.asp> and do a full scan
- Make shure you have the newest version (1.3) of Spybot S&D, get any
updates before scanning and do a malware scan
- Get Adaware and proceed like with Spybot S&D
- Get your self an on-access anti-virus scanner like Antivir and keep it
up-to-date
- You din't say what OS you use, if you use W2k/XP never use the
administrator account for day-to-day tasks. It's fairly easy to run
programs as administrator without having to log out.

BUT be aware that once a system is compromized you'll never be entirely
shure if you have it cleaned completely.

--
Cheers
Walter

Walter Schiessberg wrote on 06.08.2004 22:21:

[Some basic advise]

Sorry, I forgot:
for editing/deleting autostart entries get Autoruns from Sysinternals
<http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml>. Although
IMHO the current version looks a little bit confusing.

--
Happy hunting
Walter

PS it's not virus's but virii

actually it's viruses


> PS it's not virus's but virii

On Sat, 7 Aug 2004 16:25:08 +0100, "repo" <(E-Mail Removed)> wrote:

>actually it's viruses


It's been discussed ad nausium. The corrrect term is "viruses". I'm
not sure where the term "virii" came from, but I would assume some
uneducated kid.

Bill - 07.08.2004 17:33 :

> On Sat, 7 Aug 2004 16:25:08 +0100, "repo" <(E-Mail Removed)> wrote:
>
>>actually it's viruses
>
>
> It's been discussed ad nausium. The corrrect term is "viruses". I'm
> not sure where the term "virii" came from, but I would assume some
> uneducated kid.

oh no. If a kid, than on the contrary - a well cultured intelligent one.
"Virus" origine from latin language "virus" and the plural there is
correctly "virii"! ;-)

--
by(e) PS

please reply in newsgroup only

Bill <(E-Mail Removed)> wrote:

> On Sat, 7 Aug 2004 16:25:08 +0100, "repo" <(E-Mail Removed)> wrote:
>
> >actually it's viruses
>
> It's been discussed ad nausium. The corrrect term is "viruses". I'm
> not sure where the term "virii" came from, but I would assume some
> uneducated kid.

The correct term is "ad nauseam".

Bill wrote on 07.08.2004 17:33:

> On Sat, 7 Aug 2004 16:25:08 +0100, "repo" <(E-Mail Removed)> wrote:
[...]
> It's been discussed ad nausium. The corrrect term is "viruses". I'm
> not sure where the term "virii" came from, but I would assume some
> uneducated kid.

Well, I can live with the term viruses too. But ranting about uneducated
children and not knowing how to write "ad nauseam" makes me snigger

--
Walter

Hey guys.....forget the proper spelling of viruses (the correct way, grin)
and tell this person some of the more obvious things he should
know......like never being allowed to own a computer!! (kidding)

And Kazaa Lite is not full of viruses like the original Kazaa.....but on the
other hand I would never download an mp3 without running a scan on it
immediately. And I use a pretty safe site for those......WinMX.

It looks to me like he has Windows Millenium and he (or something) has
disabled some needed startup items. Like "Load Power Profile" for instance.
It is always in Startup twice and should NOT be disabled. Perhaps he should
go to the following websites and see what can and cannot be disabled.

quote.........
The following sites will provide instructions and an outline of
what is needed at startup and what is fluff:

http://www.pacs-portal.co.uk/startup_content.php
http://www.sysinfo.org/startuplist.php
http://www.3feetunder.com/krick/startup/list.html
http://ww2.whidbey.net/djdenham/Uncheck.htm
http://www.answersthatwork.com/Taskl...s/tasklist.htm
http://www.greatis.com/regrun3appdatabase.htm

Cheers.....Heather (kudos to Zvi.....got *nauseum* right, grin)


"Walter Schiessberg" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Walter Schiessberg wrote on 06.08.2004 22:21:
>
> [Some basic advise]
>
> Sorry, I forgot:
> for editing/deleting autostart entries get Autoruns from Sysinternals
> <http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml>. Although
> IMHO the current version looks a little bit confusing.
>
> --
> Happy hunting
> Walter
>
> PS it's not virus's but virii

Peter Seiler wrote:
[snip]
> oh no. If a kid, than on the contrary - a well cultured intelligent one.
> "Virus" origine from latin language "virus" and the plural there is
> correctly "virii"! ;-)

please don't encourage people who don't know better... there is no
latin pluralization rule that replaces "us" with "ii"... virii would be
the plural of virius (maybe) but not virus...

besides which, in latin "virus" was a mass noun (like "dirt" in
english) and therefore no plural form was used (just as there is no
"dirts" in english)...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"