Hi,
The following thread will probably help you:
http://forums.spywareinfo.com/lofiversion/index.php/t18964.html
To summarize the above you may wish to try the following:
Download HijackThis! from the following site:
http://www.wilderssecurity.com/supportfiles/HijackThis1982.exe
Next, update AdAware, and configure it for a Full Scan (as
described below):
http://www.lavahelp.com/howto/fullscan/index.html
Next, reconfigure Windows to display all files. As quoted
from the initial link:
--
Reconfigure Windows Explorer to show Hidden Files: [required
step]
Open the Windows Explorer | Tools | Folder Options - View
[tab]:
Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".
Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the
Prompt, click Apply
Click the "Apply to all Folders" button. Close Windows
Explorer.
-- (From the above thread)
Next, perform the following:
---(Quoted from the site)
O4 - HKLM\..\Run: [npmwjua] C:\WINDOWS\ckdvbt.exe
O4 - HKLM\..\Run: [jfaquqqy] C:\WINDOWS\hlcn.exe
O8 - Extra context menu item: Shorten URL -
http://www.cjb.net/menuext.html
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F}
(RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.media-motor.net/cabs/mmed.cab
Then reboot, on restart, restart in Safe Mode [required
step - see "How To" below]
Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.
Open Windows Explorer locate and delete the following:
C:\WINDOWS\ckdvbt.exe <--this file
C:\WINDOWS\hlcn.exe <--this file
While still in Safe Mode, run Ad-Aware and fix everything it
finds.
---(End Quote)
If you have different file names, or it doesn't match those
shown above, feel free to post your log here.
If you have any questions or comments, do not hesitate to
reply,
Regards,
Altrus