Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Nic Tech spyware?

Started by lthilsdorf , Nov 02 2005 07:58 PM

  • Please log in to reply

#1
lthilsdorf
Posted 02 November 2005 - 07:58 PM

lthilsdorf

    New Member

  • Member
  • Pip
  • 5 posts
Today my PC randomly restarted, breifly switching from the normal XP style look to the Windows 9X style before it did so. Once it restarted I was getting pop ups even though I was using FireFox, which had not happened at all since I installed it. Now it randomly switches the site I'm on to things like the following:

http://www.super-sto...mal/XBDYUS.html
http://www.cool-disc...mal/XBDYUS.html
http://www.great-cou...mal/XBDYUS.html

and it also creates a bunch of icons randomly on my desktop and when I right clicked the .exe file that was creating them it gave some licence information about something called Nic Tech. I have no idea why it suddenly did this and no spyware remover has detected it yet so I have no idea what to do. Already as I typed this it has tried to go to the sites listed above three times!! I'll include the HJT log but I doubt it will help. Any info would be great, thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:37 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\regedit.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MS Antispyware] C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: SWF To Video Scout - {5AA8BC0B-9A0E-4E82-8CF8-E26618BCF5A6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D2009E-B2D3-481C-BB9A-46A0DA3DB341}: NameServer = 216.144.240.8 216.144.240.2
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\thcfgwmi.dll
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Downloads\cwshredder.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINNT\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP