Slashdot Mirror

Yahoo has always been like this, it's just people didn't notice while google was the new hotness

Or perhaps people were pre-occupied with Yahoo!'s problem of being linked to spyware funding. People are worried about Google's response to the government subpoena for info, but seem to turn a blind eye to Yahoo! complicity. People are blasting Google for censoring Chinese search results, but the Shi Tao PR flap seems to have blown over for Yahoo!.

Or are you talking strictly in the context of free code for developers? There have been complaints that Google uses OSS but doesn't contribute enough back, yet their overal social & business ethics seem to be better than Yahoo!'s. Does Yahoo!'s code-release to the developer community somehow mitigate their other poor ethics? And how much redemption is there in a codebase that many developers have already created on their own?

For details on 180 solutions tricks go to http://www.benedelman.org. It has screenshots of 180 solutions in action...pretty detailed and interesting to read. I'm especially amused by this recent bit of jousting going on between 180 solutions and Ben Edelman. Here Ben accuses 180 solutions of targetting kids as well as being deceptive. 180 solutions responded and here are Ben's latest additions to the arguments. This is a great (and sad) example of how people choose to define the law when it's not explicitly defined.

For details on 180 solutions tricks go to http://www.benedelman.org. It has screenshots of 180 solutions in action...pretty detailed and interesting to read. I'm especially amused by this recent bit of jousting going on between 180 solutions and Ben Edelman. Here Ben accuses 180 solutions of targetting kids as well as being deceptive. 180 solutions responded and here are Ben's latest additions to the arguments. This is a great (and sad) example of how people choose to define the law when it's not explicitly defined.

For details on 180 solutions tricks go to http://www.benedelman.org. It has screenshots of 180 solutions in action...pretty detailed and interesting to read. I'm especially amused by this recent bit of jousting going on between 180 solutions and Ben Edelman. Here Ben accuses 180 solutions of targetting kids as well as being deceptive. 180 solutions responded and here are Ben's latest additions to the arguments. This is a great (and sad) example of how people choose to define the law when it's not explicitly defined.

For details on 180 solutions tricks go to http://www.benedelman.org. It has screenshots of 180 solutions in action...pretty detailed and interesting to read. I'm especially amused by this recent bit of jousting going on between 180 solutions and Ben Edelman. Here Ben accuses 180 solutions of targetting kids as well as being deceptive. 180 solutions responded and here are Ben's latest additions to the arguments. This is a great (and sad) example of how people choose to define the law when it's not explicitly defined.

For details on 180 solutions tricks go to http://www.benedelman.org. It has screenshots of 180 solutions in action...pretty detailed and interesting to read. I'm especially amused by this recent bit of jousting going on between 180 solutions and Ben Edelman. Here Ben accuses 180 solutions of targetting kids as well as being deceptive. 180 solutions responded and here are Ben's latest additions to the arguments. This is a great (and sad) example of how people choose to define the law when it's not explicitly defined.

Bombadier,

I'm on SiteAdvisor's advisory board, and I've tested their products at length. I've never seen anything like SiteAdvisor installing the Yahoo Toolbar, and I'm confident that there's some other explanation for what happened to your computer. Can you send me an email so we can troubleshoot what happened? I want to get to the bottom of this and clear SiteAdvisor's good name.

Ben Edelman

searching arroung I was able to find
http://www.benedelman.org/spyware/180-affiliates/, and http://www.spywareguide.com/product_show.php?id=50 7

I tried submiting this to Slashdot but apparently the editors didn't find it newsworthy.

http://www.benedelman.org/news/112105-1.html
http://www.downloadsquad.com/2005/11/23/sony-could -use-xcp-to-protect-its-customers-but-wont/

Sony could use XCP to protect its customers, but won't

Spyware researcher Ben Edelman says that XCP, the software at the heart of Sony's rootkit fiasco, could also be used to inform Sony's customers that their computers have been compromised. Sony doesn't know whose computers are infected by their rootkit, but the XCP player software includes code for automatically fetching a banner from Sony's servers. Sony could easily use this to display a recall notice to the rootkit's victims, but are they going to? I seriously doubt it. While the whole affair has been gaining more and more traction with the media, Sony knows that the majority of its customers will never hear about any of it, and they want to keep it that way. While their recall was intended to be viewed as a good-faith gesture (and, indeed, there may be some actual good faith in there somewhere), the last thing Sony wants is for every Switchfoot fan to know how badly their record company screwed up their computer.

The case survived a motion to dismiss, that's all. But the judge indicated that he thought the plaintiff had a legitimate case.

The defendant, DirectRevenue, is going to have a tough time at trial. go here for videos of their drive-by installations and other data about their products. "All told, in my testing the single press of the "Yes" button caused the creation of 1,274 registry keys, 2,175 registry entries, 56 folders, and 711 files. PacerD also added two new web browser toolbars, and six advertisement icons on my Windows desktop." That's going to look like "trespass" and "exceeds authorized access" to a judge.

but who is guilty, the people who create the malware or the people that finance them ?

im looking forward to seeing a few more executives in jail, they seem to think if you wear a suit and have a PLC/INC you can do what you want without recourse

Yes, this is the same 180solutions whose software has been so frequently observed to become installed through security exploits.

Most recently -- just last week! -- I posted video proof showing 180 installing even after users specifically decline and refuse 180. Details.

Too little too late, indeed!

Are we talking here about the same 180 solutions that would never install spyware using the holes of internet explorer?

How Yahoo Funds Spyware

I post screenshots and packet logs showing how Yahoo ads get syndicated into notorious spyware -- Direct Revenue, eXact Advertising, 180solutions, and some smaller players too (SideFind, Slotchbar, etc.).

While I 100% encourage people to make their opinion on this known, I think there really isn't enough information on just what MS plans to do with claria.

There are any number of scenario's, some good, some bad, as to what MS will do. They could be buying them to shut them down (and don't want to tip their cards before the purchase, thus we have their silence on the matter). Or they could be buying them for some other technology they hold, and don't plan to continue their business (or sell it off without said technology to someone else).

I think it's a bit premature to be claiming the sky is falling, especially in light of the fact that other spyware vendors seem to reclassify vendors all the time:

http://www.benedelman.org/spyware/threats/

The frightening thing is that this is happening more and more over time. Recently, IDownload (you may remember them from the WMP trojan download exploit, thats how most people got their software) sent out a slew of cease and desist letters to a number of visible anti-spyware sites claiming they were unfairly rated as spyware. The claims held absolutely no water since a number of people had very convincing screenshots of the software being downloaded with no consent whatsoever, but the trend remains the same. The spyware companies are increasingly wealthy, powerful, and unafraid to try to throw their weight around. Unfortunately, this means that rather than doing the right thing and fighting for the correct ratings, anti-spyware vendors will capitulate and downgrade the software rather than engage in time consuming and expensive litigation. take a look: http://www.benedelman.org/spyware/threats/

This all makes sense when you realize one key, critical piece of information.

First, a quote:

Has Microsoft given in to vendors' threats? Or forgotten how badly "adware" damages the Windows experience (ultimately encouraging users to switch to other platforms)?

Now, the key, critical piece of information.

Microsoft's anti-spy ware devision is headed by a MAC user! You see, MAC zealots have infiltrated the Microsoft hierarchy, and are plotting it's downfall from within.

As a matter of fact, this is a pervasive presence, weaving into all levels of the company.

Think about it. Doesn't Clippy make much more sense as MAC sabotage than as an actual feature? No doubt someone floated a mock up with the note, "Looks just like something I saw at the last MAC expo."

Architecture changes that mean the XBOX II won't be able to run XBOX games, the endless delays in Longhorn, the XP default theme, the differences between XP Home and XP Pro, these are all contributed by MAC users who are gradually whittling away Microsoft from within.

And because Microsoft has been shamelessly copying the MAC for so long, all they have to do is float the rumor that MAC is going to do something, and Microsoft programmers and management throw themselves into trying to replicate it, or at least toss together a half asses rip-off of the feature / technology.

I independently observed the same thing -- Claria set to Ignore within MSAS. See image on my site, final paragraph of http://www.benedelman.org/news/063005-1.html .

The rabbit hole goes much deeper than that, if you look at ad syndication, what 'don't be evil' Google is doing, etc. Excellent reference at:
http://www.benedelman.org/

--dungeness

The Big Green Guy ought to pay a visit to the spyware companies and do a World Wrestling Federation Hulk Drop on 'em! ;-)

Because Amazon only pays about 3% commission. Every 3 months. Minimum of $100 payout. Not worth it. Look for sites that pay big and you'll find tons of spam. Also, they can't spider the blogs for spam, because a lot of times the blog links points to a junk domain the affiliate registers, for the sole purposes of filtering traffic back to the Casino. To figure out what sites are paying, you can check out www.cj.com, www.linkshare.com, etc.

Hope that helps clear up the confusion. I'm an affiliate marketer who only uses what I consider ethical methods, and I don't like to see good advertisers (PartyPoker actually is quite ethical, marketing-wise) get bashed.

If you guys want to slam someone, there are more than a few fortune 500 companies who buy advertising in software we all would consider adware. I'll leave the google exercise to you.

Okay, I'll do some.
Investment Firms who are funding spyware
Yahoo is Largest Paying Advertiser on Gator ("Claria")
Blockbuster, Thrifty Rental Cars, Chase Credit Cards

I think I've given everyone enough starting points. Let's vote with our wallets. If you don't support spyware, don't indirectly fund it by using these companies.

Because Amazon only pays about 3% commission. Every 3 months. Minimum of $100 payout. Not worth it. Look for sites that pay big and you'll find tons of spam. Also, they can't spider the blogs for spam, because a lot of times the blog links points to a junk domain the affiliate registers, for the sole purposes of filtering traffic back to the Casino. To figure out what sites are paying, you can check out www.cj.com, www.linkshare.com, etc.

Hope that helps clear up the confusion. I'm an affiliate marketer who only uses what I consider ethical methods, and I don't like to see good advertisers (PartyPoker actually is quite ethical, marketing-wise) get bashed.

If you guys want to slam someone, there are more than a few fortune 500 companies who buy advertising in software we all would consider adware. I'll leave the google exercise to you.

Okay, I'll do some.
Investment Firms who are funding spyware
Yahoo is Largest Paying Advertiser on Gator ("Claria")
Blockbuster, Thrifty Rental Cars, Chase Credit Cards

I think I've given everyone enough starting points. Let's vote with our wallets. If you don't support spyware, don't indirectly fund it by using these companies.

MOD PARENT UP! Very true, but a little too mild, in my opinion.

The job that is mentioned in the Slashdot story would take an already skilled person 50% to 100% of his time. That's because it is not serving regular users, it is serving programmers, who expect a lot more from their computers.

Computer administration is not just administration. There a many lengthy one-time projects, like finding better backup methods, or dealing with the latest vulnerability. Fixing and cleaning after a serious security breach can take a month, for example.

Anyone administering Windows computers must deal with the fact that there are people with huge amounts of money who want to exploit Microsoft's (deliberate) sloppiness. One list of major investors in spyware companies shows a total of over $139 million in venture capital. Remember, Microsoft makes more money if a user becomes tired of slowness and problems caused by spyware and buys a new computer, which is how most resolve such problems. If you administer Windows computers you have the richest man in the world and his rich think-alikes riding on your back.

It sounds like the old story. People with control over more money than brains buy a successful software company, figuring that they can extract more that ever before from the customers.

We already have enough information to predict that the company will go out of business. Because it is a reasonable assumption that the person who submitted the Slashdot story isn't the only one being abused, we know that the company has already begun dying; the abuse is killing the company right now. It may, however, be a slow death, sometimes old customers are reluctant to change to new software, and try to live with the new stupidity.

There is a reason why Dilbert is one of the most popular comics in the United States. The real bosses are actually worse than the pointy-haired bosses in the comic. The real PHB's abuse everyone, take more than their share of the money, and destroy the company, too.

The new owner of the company is wanting to test the limits to see how much he can abuse the Slashdot story writer. He is: 1) wildly out of touch, 2) ignorant, 3) self-destructive, 4) arrogant, 5) abusive, 6) seriously abusive, and 7) lacking in social skills.

What may happen is that not enough time will be spent on computer system administration, and the programmers will not be served. That's the self-destructive element.

The amount of deception and misinformation in those license agreements is astounding. Some of them have 54 screens of legalese in a tiny box. Others bring up the activeX install box saying "hit yes to install critical media player 9 update". Others are on sites for children, who are too young to legally enter a contract: http://www.benedelman.org/spyware/installations/ez one-claria/details.html#1c Quite frankly, if someone were making contracts like these for real life goods and services, lawyers would be brought in in nanoseconds. Plus there's the fact that quite a lot of them *don't* ask for consent, and install via one of the many IE exploits.

I've written about this on multiple occasions. Some links:

Claria/Gator: http://cyber.law.harvard.edu/people/edelman/ads/ga tor/gator-customers.html

eXact Advertising: http://www.benedelman.org/spyware/exact-advertiser s

While I think Splitzer can be a bit overzealous and grandstanding (plus laying groundwork for his run for political office), I can't think of a better group of companies to go after than *&^%$#@! spyware companies. For those interested in some great detailed info about these cockroaches, take a look at Ben Edelman's web site ... where he also indentifies the folks who finance 'em.

Personally, I don't think Congress should be making an anti-spyware bill. It's stupid, and a waste of time and money. What they SHOULD be doing is coming up with a bill that forces companies to be more straightforward with their EULAs. Certain things should have to be hilited, and restated in non-legal terminology.

What congress should be doing is setting statutory civil penalties, like $5000 or actual damages whichever is more, for distributing software that deliberately or even negligently damages your computer. So you can sue them for your damages.

Damages are trebled if there is deception involved, like a multi page EULA such as used by Gator (Claria) & 180Solutions and described at http://www.benedelman.org/spyware/installations/3d -screensaver/

In the recent news 180solutions is complaining about CA and their PestPatrol product which removed the 180solutions spyware product, and Gator threatens to sue CA over removal of their spyware.
See http://www.nwfusion.com/news/2005/040405-spyware.h tml
The above article is well worth a read.

As to the small size of the article's text: I suspect you're using Firefox. My CSS has the problem recently described at codestore. I've hesitated to put absolute font-sizes ("10px") right into my CSS. But font-size x-small is what I need to use in IE to make my page look "right" to the millions of users with IE; Firefox, of course, has its own (arguably more sensible) ideas as to what's medium and what's in fact x-small. So the same code that looks great in IE looks lousy in Firefox.

Anyone want to suggest a fix for this, other than hard-coding size in CSS? If so, I'd certainly appreciate a tip by email.

Indeed, on the matter of "real" certs, you can't get much more real than VeriSign. And VeriSign is apparently willing to issue "microsoft.com" certificates to strangers and issue certificates that claim to be owned by PRESS YES TO CONTINUE. If that's the sort of security we get from the "real" CAs, I'm not terribly impressed.

oooh please do, perhaps you should colab with Ben Edleman (lawyer with a penchanct for collecting spyware evidence) slap those scumware peddlers as hard as you can

--AJ

Are you asserting that "VeriSign Class 3 Code Signing 2001 CA" which issued the certificate to "CLICK YES TO CONTINUE" is not Verisign?

Read my Technocrat article for more info and I also submitted to Slashdot, but it got rejected - oh well.

Well, Windows Media might be one of the top 2 most-utilized codecs... but just like Windows is the top-used OS, that doesn't mean it's the best or that everyone else who doesn't use it should get the finger.

Incidentally, I view Windows Media on my FreeBSD box all the time using mplayer.

There are other codecs available though that are far better-supported across different platforms/browsers/OSes. By using them, a company can open its media to a wider audience (and the non-Windows audience continues to grow). The line to draw from that to more profits is a short one.

Windows Media is closed, owned and pushed by Microsoft to be only used on Windows on i386 platforms. Quicktime, although pushed by Apple, is well-supported by other OSes and browser, far more than Windows Media. And there are many other codecs too. Considering it's Microsoft, it's no big surprised that the masses have been brainwashed into using it. The repair of that needs to start somewhere. If it means being hardline about it and not using/supporting Windows Media, I'm fine with that.

One thing that will help is to not only point out the benefits ($$$) of using a codec supported by other platforms, but the actual dangers of using Windows Media

The spyware guys are like cockroaches - they scurry into corners when lights are shined on 'em, and Ben is doing a darn fine job of that - ummmmm ... I may have insulted cockroaches with that last sentance! ;-)

Ben's analysis/comments on 180solutions is now posted - good reading!

There are a handful of other people I can think of who've done a similar amount of work. Merijin Bellekom, Patrick Kolla and Andrew Clover spring to mind, although there are others.

I've actually met Ben in a professional capacity at the Berkman Center. He is one of the smartest people I've come across; he has a rare depth of understanding of both the technical and legal sides of the internet (and is able to do it through the fairly objective filter of microeconomics).

Most importantly, he has been an expert witness is several important software cases (see here, last paragraph). Take my subjective opinions above for what they're worth, but people with much at stake trust his opinions. What he thinks matters: judges and lawyers hear his views, not slashdot's.

cleetus

If you wade around the site, it has the odd interesting point r.e. legal agreements in spyware EULAs and who invests in spyware companies (clickable link), topics recently posted to slashdot. The content on the site is hardly partisan, while this fits in with the mindset of the lawyer, I'm curious how it aligns itself with a PhD student (given research should be as unbiased as possible).

I recently made a video showing spyware installed through security holes.

My records (packet sniffer logs, etc.) do tell me what specific exploits were used, though my public write-up doesn't include all these details. In any event, the video is certainly sufficient to validate the "hefty claim" of software installed through security holes.

Edelman article
You try to play a file and then see this Image

Most users would know that once some weird web page comes up that they maybe should be careful. But what if it looks like the picture above? You only see an installer and no webpage and you just want to play a file? At that point its not even clear that you were directed to a website since a webpage can be easily hidden leaving only the installer visible. Chances are most people just think they are agreeing to a media files licensed terms.

So yea its debatable what's at fault here, but by design WMP is flawed if this is what can happen if you simply try to play a Windows Media file. Scary stuff.

Edelman article
You try to play a file and then see this Image

Most users would know that once some weird web page comes up that they maybe should be careful. But what if it looks like the picture above? You only see an installer and no webpage and you just want to play a file? At that point its not even clear that you were directed to a website since a webpage can be easily hidden leaving only the installer visible. Chances are most people just think they are agreeing to a media files licensed terms.

So yea its debatable what's at fault here, but by design WMP is flawed if this is what can happen if you simply try to play a Windows Media file. Scary stuff.

I only hope you're running Windows XP with Service Pack 2 or this could happen to you even without clicking "OK" on some installer windows...

Avenue Media is claiming "tortious interference with contract" on the grounds that DirectMedia is interfering with their contractual relationships with their customers. This is in addition to their Computer Fraud and Abuse Act claim. The rationale, presumably, is that if they can show some kind of illegal act under the Computer Fraud and Abuse Act, their "tortious interference" claim might go somewhere.

Some anti-spyware group might want to file a friend-of-the-court brief. The best possible ruling would be that both parties are violating the Computer Fraud and Abuse Act, and therefore DirectMedia cannot claim to come to court with clean hands.

I have personally observed -- and recorded in screen-capture videos -- the software of both plaintiff and defendant, installed through security holes.

See e.g. Who Profits from Security Holes?.

Perhaps also of interest:

After DirectRevenue removes competitors' programs from users' disks, it also transmits extensive information about users' computers. Among the information: MAC address, Windows Product ID, all running tasks, and registry entrise for certain additional competitors (Gator, 180solutions) and removal programs (Ad-Aware, PestPatrol) if installed.

I agree that there's lots of room for EULA reform.

See also my recent article about Gator's EULA (Slashdot'ed last week): Gator's EULA Gone Bad.

Basically, that's my disinfection routine for other people's PCs. I don't get spyware infestations either, but that's because I know about Windows Update and antivirus software.

1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.

No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria, WhenU, 180solutions, all the fake 'anti-spyware' vendors et al. It's amazing that we can allow these people to go on.

Basically, that's my disinfection routine for other people's PCs. I don't get spyware infestations either, but that's because I know about Windows Update and antivirus software.

1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.

No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria, WhenU, 180solutions, all the fake 'anti-spyware' vendors et al. It's amazing that we can allow these people to go on.

Basically, that's my disinfection routine for other people's PCs. I don't get spyware infestations either, but that's because I know about Windows Update and antivirus software.

1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.

No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria, WhenU, 180solutions, all the fake 'anti-spyware' vendors et al. It's amazing that we can allow these people to go on.

Basically, that's my disinfection routine for other people's PCs. I don't get spyware infestations either, but that's because I know about Windows Update and antivirus software.

1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.

No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria, WhenU, 180solutions, all the fake 'anti-spyware' vendors et al. It's amazing that we can allow these people to go on.

Please try again? Server is doing fine, serving thousands of requests per hour, still working fine in my testing.

I did have to upgrade my hosting plan after the tens of thousands of downloads of my spyware-installed-through-security hole video last week (4MB file!) (see write-up, slashdot coverage). But especially compared to that, this week has been a cakewalk!