Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nic Tech spyware?


  • Please log in to reply

#1
lthilsdorf

lthilsdorf

    New Member

  • Member
  • Pip
  • 5 posts
Today my PC randomly restarted, breifly switching from the normal XP style look to the Windows 9X style before it did so. Once it restarted I was getting pop ups even though I was using FireFox, which had not happened at all since I installed it. Now it randomly switches the site I'm on to things like the following:

http://www.super-sto...mal/XBDYUS.html
http://www.cool-disc...mal/XBDYUS.html
http://www.great-cou...mal/XBDYUS.html

and it also creates a bunch of icons randomly on my desktop and when I right clicked the .exe file that was creating them it gave some licence information about something called Nic Tech. I have no idea why it suddenly did this and no spyware remover has detected it yet so I have no idea what to do. Already as I typed this it has tried to go to the sites listed above three times!! I'll include the HJT log but I doubt it will help. Any info would be great, thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:37 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\regedit.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MS Antispyware] C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: SWF To Video Scout - {5AA8BC0B-9A0E-4E82-8CF8-E26618BCF5A6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D2009E-B2D3-481C-BB9A-46A0DA3DB341}: NameServer = 216.144.240.8 216.144.240.2
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\thcfgwmi.dll
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Downloads\cwshredder.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINNT\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP