http://www.super-sto...mal/XBDYUS.html
http://www.cool-disc...mal/XBDYUS.html
http://www.great-cou...mal/XBDYUS.html
and it also creates a bunch of icons randomly on my desktop and when I right clicked the .exe file that was creating them it gave some licence information about something called Nic Tech. I have no idea why it suddenly did this and no spyware remover has detected it yet so I have no idea what to do. Already as I typed this it has tried to go to the sites listed above three times!! I'll include the HJT log but I doubt it will help. Any info would be great, thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:58:37 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\regedit.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MS Antispyware] C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: SWF To Video Scout - {5AA8BC0B-9A0E-4E82-8CF8-E26618BCF5A6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\ua_lsp.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6D2009E-B2D3-481C-BB9A-46A0DA3DB341}: NameServer = 216.144.240.8 216.144.240.2
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\thcfgwmi.dll
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Downloads\cwshredder.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINNT\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe