Wednesday, April 18, 2007

Loose Ends (Part 3)

David S's shop is a converted garage adjoining his home in Boiling Springs, PA. It is simple and professional. The primary workspace is a "countertop" directly inside the door with a carpeted surface to protect the delicate wooden instruments on which he works his craft. A special neck rest permits laying guitars flat on their back while supporting the headpiece.

I'd given David my own guitar as well as another from my friend Joe - an old Epiphone that needed some serious help. Joe had been holding onto this guitar for a while, but it was unplayable in its current condition. The neck had broken and been poorly repaired with a large bolt (perhaps from Home Depot?); the fretboard was cracked clean through where the neck joined the top; and a smattering of other less serious problems were pointed out by David as he made his inspection. At the same time, the body itself appeared to be in nearly perfect condition, probably the saving grace for this unfortunate-looking relic. David's estimate for the Epi was about 500 bucks. Not a lot of money for the amount of work that would probably go into it - but nonetheless, a lot to pay for an instrument that you'd never even heard before. In the end Joe decided to do the work.

David had already done a lot of work on the Epi and it was clearly coming together nicely. The neck was reset and reglued, the fretboard repaired, and some fretwork done. In fact it looked nearly done except for a lot of cosmetic work on the neck. I am dying of curiosity to hear what this thing sounds like.

My guitar, on the other hand was finished, and, as usual, played beautifully. The D16s of this era had a construction known as "forward shifted scalloped bracing" which to my understanding, makes the guitar lighter and creates more resonance, giving a huge, full sound - especially in the middle. The light construction, of course, also makes this thing react to every change in the weather, which is why it was here in the first place. The last time it had been repaired, David added cleats under the top to keep hold the crack together. He'd initially just thought it had shrunk due to dehydration and broken the cleats. In fact, the cleats under the top held, but the wood shrunk unevenly, creating a small crack only on the top surface, and not underneath. Rather than try to humidify the crack back together this time, he filled it. With any luck this should make it less likely to crack again in the future. Of course I could actually try to take CARE of this thing too... but that requires filling up the humidifier very day all winter long. If only I had such discipline!

We got what we came for and didn't hang around too long, because we still had a lot of driving ahead. The guitar found a safe nook in the back of the pickup truck, nestled along side the pressure washer. The ride was definitely starting to get the complete redneck appearance: beat up pickup truck, gas-powered tools, guitars... if I could just find a mangy, underfed golden retriever on the side of the road and throw him in the back with the rest of the stuff, I'd probably fit right in! That, and a "Freedom isn't Free" bumper sticker, and I could probably pass for someone's cousin.

But I digress. We pushed on and an hour later arrived in Gettysburg. It was turning out to be a spectacular day. Sunny and high 60's were the perfect remedy for a winter that had been lingering for too long. Mark wasn't home, so I went in through the back door. Ah, life in the country, where everyone is honest. Or maybe Mark's just absent minded. No matter - I obtained the necessary access and opened up the garage, where the grill was stored.

As you might remember from earlier in the story, we were here to pick up my propane grill and deliver it to Tyler's house. This thing is large. Very large. It is made entirely of stainless steel which doesn't do much to keep the weight down. Even for two strapping individuals such as ourselves, lifting it is a bit of a dangerous prospect. After some reflection we decided to take off the side burner, which would reduce the weight a little bit and also make it easier to get purchase on it from that end. The problem wasn't so much here in Gettysburg, getting it on the truck, but at the other end - we knew we had a couple tight turns to get around in order to bring it into Tyler's house. It seemed sensible to get it in as compact a form as possible before trying to maneuver this beast up the stairs in Columbia.

A few minutes later I had the side burner off, which revealed a rather shocking amount of grease and other nasty byproducts of a grill that hadn't been cleaned in a long time. And then sat in storage for an even longer time. It was clear that we had some work to do before we brought this thing back to Tyler's pristine new home. So we rolled the thing out the the backyard and tackled it with grill cleaner, engine block degreaser, liquid soap, sponges, steel wool, and whatever other implements we could find to get two years' worth of fat and oil off the grill.

To be continued...

Thursday, April 5, 2007

Loose Ends (Part 2)

I departed from Washington around 8:45 with a full thermos of coffee and set course for Columbia. The trip was largely uneventful, with the exception of a brief traffic jam on the beltway. It seems that even at odd hours, such as 9 AM on a Saturday, a beltway snarl is becoming the rule rather than the exception. In this case, an accident on the outer loop was to blame. What was left of a box-truck was being cleared, and of course the rubbernecking from the inner loop slowed travel to a crawl for me. Once passed, though, traffic was light and I was in Columbia twenty minutes later. There, I collected Tyler and headed north towards Carlisle.

I have always found a certain catharsis in long drives, either alone or with a friend. I have never been much for "downtime," which many people seem to need as a method of mental rejuvenation. For me, time on the road is one of the best ways that I can clear my head. I had been looking forward to this trip for exactly this reason. As the months have gone by since my move to Washington, I've had fewer and fewer reasons to go to back to Gettysburg with any kind of regularity. Last winter, I found myself frequently frustrated by the fragmentation of my life - it always seemed as if I needed some little thing that was 70 miles away in Pennsylvania. So I was making nearly weekly trips to recover these errant possessions. But I didn't really mind these trips for the most part. A drive to the country once every week or two was nothing compared to the near-daily commute I had been doing in August and September. But by now, the primary accoutrements of my life have largely been migrated to DC, and at the same time I seem to be getting busier with the normal proceedings of life. So there are few reasons to make the drive, and seemingly less free time to schedule one.

Two hours later we arrived at Jessica's house in Carlisle. She had not expected she'd be home when we arrived, and so she was not; but she did remember to leave the gate unlocked so we could get access to the shed where the pressure washer was stored. Five minutes later, the machine was secured in the truck bed and we were on our way to town to find breakfast.

We ate at Faye's in downtown Carlisle, sharing the dining room with a mix of hung over Dickinson students and tacit locals. Two eggs, home fries, toast: $2.25. Gotta love the country. I am sure that this most basic of breakfasts would be at least five bucks anywhere in DC. The coffee wasn't bad either. Though I can drink just about anything made with coffee beans, I'd rather it be dark and strong. Say what you want about Starbuck's, but they make a decent cup of coffee and are probably responsible for raising the bar of coffee quality (or at least strength) everywhere. So, while I can drink the stuff that gets served as coffee in many remote locales, I'm much happier to be consuming something that I can't see through. Faye's didn't disappoint.

We finished our meal and considered the next move. It was noon. I hadn't heard from the luthier yet, and we had run out of ways to kill time. There was still a lot to get done and while I wasn't anxious to have to come back another time to pick up the guitar, I didn't want to wait around forever either. After some deliberation I decided that we should just drive towards his place in Boiling Springs. If we got there and he wasn't home yet, we'd just keep going. This would only add 20 minutes or so to the trip versus going straight back to Gettysburg; it seemed like a reasonable gamble. The google maps directions bore very little in common with the actual streets that eventually brought us to Boiling Springs. I guess their Central Pennsylvania correspondent hasn't checked in lately, because it took several turns on streets that were not identified by the map to get us on the right course. Fortunately, there was a sign that identified the right direction to Boiling Springs, so we got there without too much confusion.

The drive took us through the quaint downtown area where dozens of people were fishing in a serpentine inlet that divided the town center. Arched, white-railed bridges criss-crossed the river, venetian-like, each occupied by fishermen and spectators. It must have been opening day; it seemed as if the whole town had come out. We drove through the town center, snaking across one of these tiny one-lane bridges and eventually emerged on a country road a few miles from our destination. The phone rang: David was home. As it happened, we were just minutes from his front door when the call came in. Timing is everything; the gamble paid off.

How To Remove Spector Pro 6.0 Keylogger

Update - June 9, 2009:

  1. There is a new version of Spector Pro called "Spector Pro 2009" available now. It appears to have been released around February of this year. This article refers only to the previous version, 6.0. I have no information about whether the specific procedure described here will still be useful in removing Spector Pro 2009. But the basic techniques should still help you indentify any unwanted software on your computer -- look for suspicious system files and registry entries.
  2. I have updated the link to the automated removal tool below, it works now. Note that it has not been tested with Spector Pro 2009, but it seems likely it won't work with the new version. I will post any updates to the software or other information as provided by the author.

Update - March 27, 2008:

One of the commenters (below) has agreed to have his Spector Pro 6 detection/removal tool made available to the public here. Download it. I provide no guarantees as to it's useability, but I have run it, and it seems legitimate. Since I have long since wiped this off my machine I also can't say how well it works (that is, it didn't find anything on my PC to remove), but I welcome feedback from others here.

The author has expressed an interest in continuing development on this application to support future releases of Spector Pro if there's enough interest. So if it works or doesn't work, let us know.

Original Article - April 5, 2007:

Recently, I was faced with removing an unwanted spyware program, Spector Pro 6.0, from a computer. For some reason, there is very little good information about recent versions of Spector Pro on the internet. It's not really that hard to detect and remove, but google turns up a lot of very old and not relevant data. I had to figure it out the hard way.

Here are the forensics:

1) You can access Spector using a multiple key combination. CTRL-ALT-SHIFT-S is the default, but it can be changed. Just try CTRL-ALT-SHIFT-[everything else] and you should get a dialog that ways "Logon - Password" and "Enter Password". It is possible to change the keys used to any combination of CTRL, SHIFT, ALT or WINDOWS, so this might not be the best use of time if nothing comes easily. So read on..

2) Check in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad

This key contains services that will start upon boot (in addition to Run and RunOnce, the usual places). Look for any values with unusual names. I suspect these will be random, in my case there were two suspicious looking keys: "olekenot" and "sapumtab". Both turned out to be offenders. Search the registry for the hex CLSID (minus the curly braces) to find out what processes these things start. Expand the key, and in the InprocServer32 subkey you will see the default value with a process name. In my case these were:

"C:\windows\system32\audotend.dll" and "c:\windows\system32\calitzip.dll"

3) Sort C:\windows\system32 by date. There were a bunch of files with the same modification date (7/5/2006 6:55:01 AM). This happens to be the same date as kernel32.dll. It seems likely that this is intentional, to distract attention from the files. Here are the files I found:

audotend.dll 794,624 bytes
calitzip.dll 802,816 bytes
cmdurnt.dll 1,171,456 bytes
comupcpy.dll 180,224 bytes
engudmag.dll 1,183,744 bytes
erruvbin.dll 274,432 bytes
faxemjob.dll 294,912 bytes
imefuser.exe 970,752 bytes
logundoc32.dll 130,437 bytes
mp4inav.dll 44,018 bytes
sqlipdel32.dll 150,012 bytes
svranbot.exe 6,176,768
vocetbro.dll 598,016 bytes

To get rid of this thing, just delete the registry keys you found, and delete ALL the files modified on this date except kernel32.dll. You will need to boot in safe mode to do this if the keylogger is running.

Being the curious type, I didn't actually delete these files, but moved them so they couldn't be run if I had missed another process that would try to restore the registry entries. I ran the two EXEs.

"svranbot.exe" is the main Spector viewer GUI application. Upon running, it said "Spector serial number has become corrupt, please reinstall the application" but still took me to the very interesting control panel:

But it didn't show me any of the data files - so the configuration must have gotten screwed up, or it didn't work in it's "corrupted" state. The online help is here:

The manual shows how to change the data storage file extensions and locations. It wasn't that hard to find the data files; they all have that same timestamp and were in a subfolder of c:\windows\system32. I preserved them also and will check them out later.

Monday, April 2, 2007

Loose Ends (Part 1)

Saturday. 8 AM. Three hours of sleep and a slight hangover remind me I'm alive. The sun is shining, and the morning air is cool and crisp. Ahead is at least six hours of driving, three destinations, pickups, dropoffs, logistics, timing. My nine months of life in Pennylvania has left me with the occasional need to make a trip to the country to retrieve possessions or deal with loose ends. Today is a grandiose effort to handle a slew of these loose ends in a single trip.

The coffee, black, strong, finishes brewing. As I sip it I regard the scrawled list cautiously. The list is the only thing that can prevent critical oversights or errors that might doom this trip. Given its importance, I curse my own atrocious handwriting as I try to decipher one of the entries. Such lists are how I organize my life - things that need doing, stuff that needs buying, calls that need making. If I think of something and fail to add it to a list, the chances of it getting done in any reasonable amount of time (or at all) drop precipitously. So I have trained myself to either write down something I need to remember, or send myself an email from my phone, ensuring I'll be reminded when I'm next in front of a computer. It's a reasonably effective strategy, with the possible exception of not understanding my own shorthand.

After some scrutiny, the scawls resolve into words: "phone number." What phone number? Ah yes - David, the luthier who is supposed to be the third stop today. I need to call him when I'm in the vicinity, when hopefully he'll be home. He has finished repairing my acoustic guitar, a 1993 Martin D-16H that suffers from the incredibly dry air in my apartment, as well as my occasional neglect. This trip brings me within scant miles of his Boiling Springs, PA shop, two hours from Washington. But the timing is dicey, because he isn't sure what time he'll be home. With a little luck, though, I should be able to finish my second stop in Carlisle to pick up my pressure washer, have lunch, hope that David's gotten home by that time, and retrieve the axe and be on my way.

The rest of the list involves things I need to pick up from the last stop in Gettysburg. The primary goal of this trip is to get my barbecue grill, which has been occupying a rather significant footprint in Mark's garage for some time, and bring it to Tyler's house. I don't have anywhere of my own to use the grill, and Tyler just moved to a new home. So it seemed the perfect solution: Tyler takes the grill, Mark gets his garage back. Beyond that, there are a number of other things to retrieve: the gallons of used motor oil I left in Mark's garage, some ancient computer equipment that needs to be disposed of, some music stuff, and a bunch of odds and ends that I had been missing.

There's a general theme to this trip, which is cleanup. During my time living in Gettysburg, as a guest of my good friend, I managed to spread my possessions throughout his house -- not to mention the greater central Pennsylvania region. Now, after six months in DC, I've mostly settled in and established my life. Things are in order in DC, but I left a legacy of chaos in PA that needs dealing with, and frustrates my general desire to avoid loose ends. I have been feeling guilty about leaving this mess around - so it was time to take some steps towards cleaning it up.