dear internet,

you have given me so much i cant even believe it.

first there was the porn, then the free music, then rotiserrie baseball, online gambling, friendster, the smoking gun, and now the blogosphere.

i dont dare ask you for anything more, but alas i will because i know that at your root you love to give.

currently i have a nasty bit of spyware that i cannot remove. i have norton antivirus going, i have the google toolbar, i have spy bot and ad-aware se with the vx2 cleaner.

when i scan Hijack This, this is what i get:

Logfile of HijackThis v1.97.7

Scan saved at 9:17:39 PM, on 12/1/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:







C:\Program Files\Sygate\SPF\smc.exe


C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe




C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Winamp\winampa.exe


C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe



C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Documents and Settings\Tony\Desktop\hijackthis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 – BHO: (no name) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar1.dll

O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll

O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 – HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 – Startup: dsl.lnk = ?

O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 – Extra ‘Tools’ menuitem: Sun Java Console (HKLM)

O9 – Extra button: AIM (HKLM)

O16 – DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) –

O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) –

O16 – DPF: {41F17733-B041-4099-A042-B518BB6A408C} –

O16 – DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) –

O16 – DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} –

O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) –

O16 – DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) –

O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) –

O16 – DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} –

O16 – DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) –

O17 – HKLM\System\CCS\Services\Tcpip\..\{7AA9F031-5AB6-4240-B721-B3A9A331B0CC}: NameServer =

the popup tries to go to but since that is blocked it finds an unblocked site and pops up.

please internet, let me know how i can fix this annoying problem.

also, does anyone have a torrent of tonight’s Lost episode? i cant believe i didnt tivo it. thnx clippergirl!



xtracyx + panama jane + isou

Leave a Reply