1. Wednesday, December 1, 2004

    dear internet, 

    you have given me so much i cant even believe it.

    first there was the porn, then the free music, then rotiserrie baseball, online gambling, friendster, the smoking gun, and now the blogosphere.

    i dont dare ask you for anything more, but alas i will because i know that at your root you love to give.

    currently i have a nasty bit of spyware that i cannot remove. i have norton antivirus going, i have the google toolbar, i have spy bot and ad-aware se with the vx2 cleaner.

    when i scan Hijack This, this is what i get:

    Logfile of HijackThis v1.97.7

    Scan saved at 9:17:39 PM, on 12/1/2004

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sygate\SPF\smc.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\System32\spauthserv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\System32\MsPMSPSv.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\iTunes\iTunes.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

    C:\Documents and Settings\Tony\Desktop\hijackthis\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tonypierce.com/links.htm

    O2 – BHO: (no name) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar1.dll

    O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll

    O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

    O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

    O4 – HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

    O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

    O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

    O4 – Startup: dsl.lnk = ?

    O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 – Extra ‘Tools’ menuitem: Sun Java Console (HKLM)

    O9 – Extra button: AIM (HKLM)

    O16 – DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) – http://download.yahoo.com/dl/installs/yinst0401.cab

    O16 – DPF: {41F17733-B041-4099-A042-B518BB6A408C} – http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe

    O16 – DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab

    O16 – DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} – http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe

    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101934319748

    O16 – DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) – https://www.instantpublisher.com/ip/SoftwareInstalls/svinstall_a_stat_ics.cab

    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O16 – DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} – http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab

    O16 – DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) – http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx

    O17 – HKLM\System\CCS\Services\Tcpip\..\{7AA9F031-5AB6-4240-B721-B3A9A331B0CC}: NameServer = 206.13.29.12 206.13.30.12

    the popup tries to go to a-d-aware.com but since that is blocked it finds an unblocked site and pops up.

    please internet, let me know how i can fix this annoying problem.

    also, does anyone have a torrent of tonight’s Lost episode? i cant believe i didnt tivo it. thnx clippergirl!

    xoxoxox,

    tony

    xtracyx + panama jane + isou