buk9tp

ChloroformxKisses 08:11:10 AM Viewing the topic HMT was DOS attacked today.

beaker

lol....dammit buk. i think u scared him off with that one

buk9tp

naaa its his gf... he claims he cant even acess the site.

here is his second computers hjt log..

someone look over it please..

i dont know why its being posted as a cluster ---- but it is..


Logfile of HijackThis v1.99.1Scan saved at 803 AM, on 4/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\s ystem32\winlogon.exeC:\WINDOWS\system32\services.e xeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 \Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WIN DOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\At i2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system 32\spoolsv.exeC:\WINDOWS\system32\RunDll32.exeC:\P rogram Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Grisoft\AVGF RE~1\avgupsvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\WINDOWS\system32\svchost .exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\Grisoft\AVGFRE~1\ avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Grisoft\AVG Free\avgemc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AIM\aim.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\cmd.exeC: \Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\WP2R8H6B\HijackThis[1].exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar10.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar10.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar10.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar10.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar10.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar10.dll/cmcache.htmlO8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htmO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar10.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar10.dll/cmtrans.htmlO8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho.../hcImpl.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

beaker

gotta brush up on my computer language but all i see in this one is music and messageing. although i think he google mapped someone.

Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar10.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar10.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar10.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar10.dll/cmcache.htmlO8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htmO8

HondaTuner

lol out of boredom I just told him "HMT ownz joo"

What a homo.

buk9tp

so that rules out his pc being jacked right?

beaker

like i said. computer lingo still pwnes me. its been awhile since ive been serious about it. but it just looks like everyday ---- that you and i do.......minus the ****

buk9tp

m j: d/c
xsuicidexkingx: d/c?
m j: disconnect
xsuicidexkingx: oh sorry
m j: i posted up your xanga
xsuicidexkingx: i know my gf is on the site and told me
xsuicidexkingx: i dont think thats fair considering i didnt do anything
m j: well
m j: that was before i contacted u
xsuicidexkingx: that makes it better?
m j: ip logs was all the evidence i needed..
xsuicidexkingx: agian i say its not my ip
xsuicidexkingx: mines not even close to starting with a 70
m j: ChloroformxKisses
m j: nice
xsuicidexkingx: thanks
m j: thats bad for u
m j: to make another account..
m j: how did u make another account if ur ip is blocked
xsuicidexkingx: huh? i havnet made an account. i still havnt gotten the site to open at all
m j: who the hell is ChloroformxKisses then
xsuicidexkingx: my gf
m j: she just made an account..
m j: i thought u said she'd been on the site
xsuicidexkingx: yea shes pissed that you guys are accusing me.
xsuicidexkingx: yea shes lookin at it, not a member
m j: i suggest u tell her not to post
xsuicidexkingx: i already did
m j: and u dont need a legit email to be a member
m j: tell her to put in a fake email
m j: unless she wants to be harrassed
xsuicidexkingx: shes not posting
m j: i posted up her name tho
xsuicidexkingx: why?
m j: so tell her to change her email
m j: because
xsuicidexkingx: she didnt use a real one
m j: i didnt know she was ur gf
xsuicidexkingx: yep shes my gf
xsuicidexkingx: not me
xsuicidexkingx: im not at her house
m j: ok imma look over the second log now
m j: someone says nothing in the first log to show u were jacked
xsuicidexkingx: well its not the comp i use alot
xsuicidexkingx: the second one is the one i use
m j: posted it..
m j: shud be a few minutes till people review it
xsuicidexkingx: ok
m j: and ur gf did use a real email..
xsuicidexkingx: she said she didnt
xsuicidexkingx: *shrug*'
m j: http://p5.xanga.com/5d/c2/5dc28a60da...4eb6756751.jpg
m j: she from ohio right?
xsuicidexkingx: yes
xsuicidexkingx: 20 mins from my house
xsuicidexkingx: so its not a long distance thing. i know you already think im a ***
m j: AIM
xAccio xLove
Yahoo
xsharplikepainx
MSN
ladysingstheblues@hotmail.com
AIM
WithAKiss xIDiex
m j: naaaa
m j: i have emo freinds
xsuicidexkingx: haha well im not really even emo...just take elements from it. the eyeliner pic, only time ive worn it. i know you posted it up haha
m j: she shudnt have used her xanga name..
m j: or her real email..
xsuicidexkingx: dont harrass her man thats not cool
m j: i wont..
m j: im telling u to tell her to change her email
m j: so someone else doesnt..
xsuicidexkingx: shes says she didnt use that email
m j: she did
m j: how else could i have gotten it
xsuicidexkingx: i have no idea man
xsuicidexkingx: thats what im wondering
m j: Name: ChloroformxKisses
Posts: 0 (N/A per day)
Position: 0.0 BAR
Date Registered: Today at 07:55:58 AM
Last Active: Today at 08:15:09 AM

--------------------------------------------------------------------------------

ICQ:
AIM:
MSN:
YIM:
Email: tishyishyishy@excite.com

m j: tishyishyishy whatever
m j: thats the one she used..
m j: its on her profile now..
xsuicidexkingx: weirdf
xsuicidexkingx: someone jsut im'd me sayin hmt owns joo good luck gettin nailed
m j: lol
m j: sinistercrx..
m j: dont mind him
m j: lol out of boredom I just told him "HMT ownz joo"

What a homo.
m j: thats what he said..
xsuicidexkingx: so whats google mapping someone?
xsuicidexkingx: yea i know gf showed me
m j: u used google maps..
m j: and it leaves it in a cache..
m j: its nothing
m j: ur pc isnt infected
m j: or jacked
m j: so thats bad for u
m j: cud be ur dads..
xsuicidexkingx: obziouly, but i didnt do it. i stick by that and if it goes to court i stick by that. lie dectector and all.
xsuicidexkingx: the infected one?
m j: yep
m j: u dont have wireless
xsuicidexkingx: right
m j: so that narrows it down to the pc's connected to ur internet..
m j: u have 2
m j: and ur dad has 1
m j: any others?
xsuicidexkingx: mom
m j: send me ur moms log if u can
xsuicidexkingx: i duno if i can
m j: well
m j: i guess im done here
m j: i did the best i could
xsuicidexkingx: man, dont go
m j: well
m j: i cant do anything
m j: i wont post ur info up..
xsuicidexkingx: i know, but it wasnt me. and i dont know how to prove it to you.
m j: u cant..
m j: lol
xsuicidexkingx: thank you for not posting my info
m j: ittl be up to the site owner weathr they want to push through and file charges
m j: but dos attacks are always taken seriously..
xsuicidexkingx: is there anyway i can get ahold of the guy?
m j: well
m j: he has ur contact info now..
xsuicidexkingx: i figured so much
m j: so he would contact u
xsuicidexkingx: right, but id like to talk to him
xsuicidexkingx: doubt it would do any good
m j: but they no longer have the @homemadeturbo email accounts
xsuicidexkingx: so, what are you to the site?
m j: a post -----
xsuicidexkingx: haha gotcha

Xgenturbo

What a dumb ---- "AND I have a different IP" He's looking at a 192 that his networked router is putting out, yet his server IP is the one from his provider, I say ---- this kid up, stick his fingers in a spinning 60 trim.

buk9tp

xsuicidexkingx: so there isnt anyway that i could contact him?
xsuicidexkingx: or them, or whoever
m j: well
m j: let me see
xsuicidexkingx: ok
m j: nope.. the only contacts i have are the @homemadeturbo
xsuicidexkingx: hmm
m j: which no longer work.
xsuicidexkingx: ok
xsuicidexkingx: thanks for lookin
m j: theyll mail ya
xsuicidexkingx: can i ask something again?
m j: sup
xsuicidexkingx: oh well i dont really check my email. i guess ill have to start.
m j: he'll talk to u on aim i guess..
m j: ill tell em to
m j: or yahoo
xsuicidexkingx: umm, ok so like i said before, the ip didnt match mine so how can that work?
m j: or whatever
m j: ur profile was logged into that ip
m j: i.e. proxy server
m j: that made that ur ip
m j: and u were logged in on that ip for the attacks
xsuicidexkingx: but if thats not my ip i dont understand
m j: brb
xsuicidexkingx: ok
m j: bak
xsuicidexkingx: ok
m j: ok so that ip..
m j: the proxy server connects u to it
m j: and u work on the internet through it..
m j: so whomever did the attack logged in with ur profile on that ip..
m j: the location of that ip is irrelevant..
m j: u can use a proxy server and it can make it look like ur connecting from anywhere else on the planet..
xsuicidexkingx: i see
xsuicidexkingx: so could someone else have used one to make it look like it was me?
m j: someone made a good point
m j: ur ip ur looking at isnt ur ip
m j: u have a router
m j: so its the router network ip
m j: 192.xxx.xx.x
m j: so hmm
xsuicidexkingx: oh
xsuicidexkingx: well still,someone have made it look like it was me right?
m j: http://www.showmyip.com/
m j: no
m j: kinda hard to do
m j: plus
m j: ur pc isnt infected
m j: what ip does it show
xsuicidexkingx: the one that was 192...?
m j: http://www.showmyip.com/
m j: http://www.showmyip.com/
m j: http://www.showmyip.com/
m j: go ther
xsuicidexkingx: oh
xsuicidexkingx: what did you say the ip was that was used
m j: just tell me ur ip
BUZZ!!!
xsuicidexkingx: i have to let out a major sigh on this one. it matches
m j: ouch
xsuicidexkingx: yea no kinding. it hurts a lot, cause im inocent