Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Hijack this forum confusion

Reply
Thread Tools

Hijack this forum confusion

 
 
zvn[]teq[7]
Guest
Posts: n/a
 
      05-23-2009
Hey,

yesterday I posted my log from HJT here:

http://thespykiller.co.uk/index.php/...5.new.html#new

so somebody replies to my post named Derek and he requested that I
Download to Desktop: DDS by sUBs and to attach the contents of both logs
back to that thread.

But then somebody named 'therumdude' responds back to Derek and with a
response: reports as requested with 2 .txt attachments from his DDS scans

Soooooooo I'm like thinking, wha? That was my first time posted a HJT
log to a forum but correct me if I'm wrong but, isn't there something
odd about someone else reponding in my thread as if *they* were the OP?

Then Derek responds back to 'therumdude' and says "nothing definite but
ther error messages in teh attach.txt suggest a possible service or
rootkit problem" and then gives tips on removal.

Anyway, could someone recommend a better forum to post the log to or is
there something I'm missing?

Thanks in advance
 
Reply With Quote
 
 
 
 
philo
Guest
Posts: n/a
 
      05-23-2009
zvn[]teq[7] wrote:
> Hey,
>
> yesterday I posted my log from HJT here:
>
> http://thespykiller.co.uk/index.php/...5.new.html#new
>
> so somebody replies to my post named Derek and he requested that I
> Download to Desktop: DDS by sUBs and to attach the contents of both logs
> back to that thread.
>
> But then somebody named 'therumdude' responds back to Derek and with a
> response: reports as requested with 2 .txt attachments from his DDS scans
>
> Soooooooo I'm like thinking, wha? That was my first time posted a HJT
> log to a forum but correct me if I'm wrong but, isn't there something
> odd about someone else reponding in my thread as if *they* were the OP?
>
> Then Derek responds back to 'therumdude' and says "nothing definite but
> ther error messages in teh attach.txt suggest a possible service or
> rootkit problem" and then gives tips on removal.
>
> Anyway, could someone recommend a better forum to post the log to or is
> there something I'm missing?
>
> Thanks in advance



Nothing odd, the world is full of idiots
 
Reply With Quote
 
 
 
 
Aardvark
Guest
Posts: n/a
 
      05-23-2009
On Sat, 23 May 2009 15:11:47 -0400, zvn[]teq[7] wrote:

> Hey,
>
> yesterday I posted my log from HJT here:
>
> http://thespykiller.co.uk/index.php/...5.new.html#new
>
> so somebody replies to my post named Derek and he requested that I
> Download to Desktop: DDS by sUBs and to attach the contents of both logs
> back to that thread.
>
> But then somebody named 'therumdude' responds back to Derek and with a
> response: reports as requested with 2 .txt attachments from his DDS
> scans
>
> Soooooooo I'm like thinking, wha? That was my first time posted a HJT
> log to a forum but correct me if I'm wrong but, isn't there something
> odd about someone else reponding in my thread as if *they* were the OP?
>
> Then Derek responds back to 'therumdude' and says "nothing definite but
> ther error messages in teh attach.txt suggest a possible service or
> rootkit problem" and then gives tips on removal.
>
> Anyway, could someone recommend a better forum to post the log to or is
> there something I'm missing?
>
> Thanks in advance


You don't post the log to forums. You get it analysed by copying/pasting
your log into the box at <www.hijackthis.de/en>

The analysis will have different symbols after each entry. Delete those
entries with a red 'X' immediately. Anything else apart from those with a
green symbol (a tick or a cross, can't remember) should be researched and
as a result of your research you can decide whether or not to delete them.



--
 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      05-23-2009
zvn[]teq[7] wrote:
> yesterday I posted my log from HJT here:
>
> http://thespykiller.co.uk/index.php/...5.new.html#new
>
> so somebody replies to my post named Derek and he requested that I
> Download to Desktop: DDS by sUBs and to attach the contents of both

logs
> back to that thread.


Derek is admin; as trustworthy as the site, with which I am not
familiar.

> But then somebody named 'therumdude' responds back to Derek and with a
> response: reports as requested with 2 .txt attachments from his DDS
> scans


therumdude was borrowing/hijacking your thread. That is, he read the
advice of Derek and followed it and posted his own report - dds.txt &
attach.txt - to the/your forum thread that you started.

> Soooooooo I'm like thinking, wha? That was my first time posted a HJT
> log to a forum but correct me if I'm wrong but, isn't there something
> odd about someone else reponding in my thread as if *they* were the

OP?

Wellll, yeah, sorta. But I understood what was going on and (I assume)
Derek understood what was going on.

> Then Derek responds back to 'therumdude' and says "nothing definite but
> ther error messages in teh attach.txt suggest a possible service or
> rootkit problem" and then gives tips on removal.


He was talking to therumdude, not you. The forum guidelines recommend
that people start their own threads, not hijack someone else's.

> Anyway, could someone recommend a better forum to post the log to or is
> there something I'm missing?


-1- you could follow thru' with the advice about how to make your dds.txt
& attach.txt at thespykiller and post them there
-2- you could use any one of a number of other similar sites such as
http://www.hijackthis.de/ or
http://www.spywarewarrior.com/viewtopic.php?t=25477 GUIDELINES to using
the HijackThis Logs Forum - MUST READ!


--
Mike Easter

 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      05-23-2009
Post it here.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




"zvn[]teq[7]" <(E-Mail Removed)> wrote in message
news:gv9hpb$2le$(E-Mail Removed)...
> Hey,
>
> yesterday I posted my log from HJT here:
>
> http://thespykiller.co.uk/index.php/...5.new.html#new
>
> so somebody replies to my post named Derek and he requested that I
> Download to Desktop: DDS by sUBs and to attach the contents of both logs
> back to that thread.
>
> But then somebody named 'therumdude' responds back to Derek and with a
> response: reports as requested with 2 .txt attachments from his DDS scans
>
> Soooooooo I'm like thinking, wha? That was my first time posted a HJT log
> to a forum but correct me if I'm wrong but, isn't there something odd
> about someone else reponding in my thread as if *they* were the OP?
>
> Then Derek responds back to 'therumdude' and says "nothing definite but
> ther error messages in teh attach.txt suggest a possible service or
> rootkit problem" and then gives tips on removal.
>
> Anyway, could someone recommend a better forum to post the log to or is
> there something I'm missing?
>
> Thanks in advance


 
Reply With Quote
 
otyerqw@sldajfa.com
Guest
Posts: n/a
 
      05-23-2009
On Sat, 23 May 2009 15:11:47 -0400, "zvn[]teq[7]"
<(E-Mail Removed)> wrote:

>Hey,
>
>yesterday I posted my log from HJT here:
>
>http://thespykiller.co.uk/index.php/...5.new.html#new
>
>so somebody replies to my post named Derek and he requested that I
>Download to Desktop: DDS by sUBs and to attach the contents of both logs
>back to that thread.
>
>But then somebody named 'therumdude' responds back to Derek and with a
>response: reports as requested with 2 .txt attachments from his DDS scans
>
>Soooooooo I'm like thinking, wha? That was my first time posted a HJT
>log to a forum but correct me if I'm wrong but, isn't there something
>odd about someone else reponding in my thread as if *they* were the OP?
>
>Then Derek responds back to 'therumdude' and says "nothing definite but
>ther error messages in teh attach.txt suggest a possible service or
>rootkit problem" and then gives tips on removal.
>
>Anyway, could someone recommend a better forum to post the log to or is
>there something I'm missing?
>
>Thanks in advance


Look here:

http://www.whatthetech.com/hijackthis/
 
Reply With Quote
 
zvn[]teq[7]
Guest
Posts: n/a
 
      05-23-2009
Leythos wrote:
> Post it here.
>


No problem:
Here is my Hijack This logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:04 PM, on 5/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\vVX3000.exe
C:\Users\Christopher\Desktop\HiJackThis\HijackThis .exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...estbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...estbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TY...estbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO -
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper -
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program
Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer -
{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program
Files\PicLensIE\cooliris.dll
O3 - Toolbar: Microsoft Live Search Toolbar -
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program
Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar -
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir
Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program
Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program
Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-658350393-2128842377-1336856930-1001\..\Run:
[Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User
'Giuseppe')
O4 - Startup: K-Meleon Loader.lnk = C:\Program Files\K-Meleon\loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris -
{3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program
Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}
- C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0231421243033582)
(0231421243033582mcinstcleanup) - McAfee, Inc. -
C:\Users\CHRIST~1\AppData\Local\Temp\023142~1.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira
GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH -
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program
Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program
Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program
Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA
Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7062 bytes
 
Reply With Quote
 
Buffalo
Guest
Posts: n/a
 
      05-24-2009


zvn[]teq[7] wrote:
> Leythos wrote:
>> Post it here.
>>

>
> No problem:
> Here is my Hijack This logfile:

[snip0
That wasn't Lethos posting, it was PcButts, the mental sicko who does this
****. (The Real Truth http://pcbutts1)(therealtruth.blogspot.com/).

You really shouldn't be posting that log in this ng.
Well, since you already did, let's see how sharp Butts is and if he has the
knowledge to decipher your log.
If not, I hope that frick'in a-hole never posts again.
Have a good weekend.
Buffalo


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      05-24-2009
In article <03ZRl.30347$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)
says...
> Path: news.astraweb.com!border5.newsrouter.astraweb.com! flph200.ffdc.sbc.com!prodigy.net!flph199.ffdc.sbc. com!prodigy.com!flpi107.ffdc.sbc.com!nlpi064.nbdc. sbc.com.POSTED!1244ae27!not-for-mail
> From: "Leythos" <(E-Mail Removed)>
> Newsgroups: 24hoursupport.helpdesk
> References: <gv9hpb$2le$(E-Mail Removed)>
> In-Reply-To: <gv9hpb$2le$(E-Mail Removed)>
> Subject: Re: Hijack this forum confusion
> Lines: 41
> MIME-Version: 1.0
> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
> X-Antivirus: avast! (VPS 090523-0, 05/23/2009), Outbound message
> X-Antivirus-Status: Clean
> Message-ID: <03ZRl.30347$(E-Mail Removed)>
> NNTP-Posting-Host: 76.198.93.184
> X-Complaints-To: (E-Mail Removed)
> X-Trace: nlpi064.nbdc.sbc.com 1243110716 ST000 76.198.93.184 (Sat, 23 May 2009 16:31:56 EDT)
> NNTP-Posting-Date: Sat, 23 May 2009 16:31:56 EDT
> Organization: at&t http://my.att.net/
> X-UserInfo1: OX[[B_SGABSUS^I]^JKBOW@@YJ_ZTB\MV@BL\QMIWIWTEPIB_NVUAH_[BL[\IRKIANGGJBFNJF_DOLSCENSY^U@FRFUEXR@KFXYDBPWBCDQJA @X_DCBHXR[C@\EOKCJLED_SZ@RMWYXYWE_P@\\GOIW^@SYFFSWHFIXMADO@^[ADPRPETLBJ]RDGENSKQQZN
> Date: Sat, 23 May 2009 13:32:02 -0700
>
> Post it here.
>


The headers from the Usenet posts prove that the message was not posted
by myself, Leythos. The Usenet troll/unethical hack, PCBUTTS is posting
impersonating myself, proving all the bad things that this group has
posted about him and proving just how unethical he is.

You should avoid following any advice from impersonation based posts.

Complaint filed with (E-Mail Removed)

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(E-Mail Removed) (remove 999 for proper email address)
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      05-24-2009
What problems are you having? Your log looks good except for the fact that
you need to reboot your system.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




"zvn[]teq[7]" <(E-Mail Removed)> wrote in message
news:gv9skq$g64$(E-Mail Removed)...
> Leythos wrote:
>> Post it here.
>>

>
> No problem:
> Here is my Hijack This logfile:
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 10:08:04 PM, on 5/22/2009
> Platform: Windows Vista SP1 (WinNT 6.00.1905)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> Boot mode: Normal
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hijack this log file confusion? =?Utf-8?B?bWNrNjg0?= Wireless Networking 1 10-10-2006 11:30 PM
[Ruby Forum] Forum digest by email Alexey Verkhovsky Ruby 0 09-22-2004 07:21 PM
hijack of explorer bern Computer Support 2 07-05-2003 08:20 PM



Advertisments