i haven't slept yet, really.

i got out of the shower a few hours ago, took the machine out of hibernation, rebooted and hoped that i'd get most of this done before the sun came up.

instead, i got that annoying rpcremote error which keeps coming back after a few hard restarts. i did point out a few, but wasn't convinced it was another attack because the only other thing i saw running was that weird clsid that keeps coming back free of viruses.

i also noticed that my usb hub was knocked sideways and my cords were all tangled up, making me wonder if somebody wasn't down here when i was actually in the shower, which would be absolutely desperate and pathetic.

as it is, i never made it back on to the internet before i formatted - 10 passes this time - so if somebody actually came down here to patch something remotely, it didn't get them very far. it's no doubt gone, now.

after i reinstalled clean, i took a closer look at a few things and realized that the clsid i saw poking around actually wasn't there in the clean install, it was these other ones that were. and, i noticed that explorer didn't have some of the mutants loaded that i'd seen previously in the other install, including the shutdown and startup ones that i flagged while poking through last time.

i was able to completely delete this file once by changing the permissions on the cache folder, but then i got the lock screen again.

what i want to know is how to insert and remove mutants and semaphores from a running explorer. i have taken os classes. i do know what these things are. but, i haven't the slightest idea how to actually get in there and mess with them, and it looks like i'm going to have to figure it out.

as mentioned - i've run scans, and they come up blank, indicating that this is a sophisticated attacker. and, the broad scope of the scenario indicates as much, as well. this person, who i do suspect is my landlord, who i also suspect is a cop, and i'm sure is smoking a lot of drugs, is being very persistent.