Hi SC,
I'm assuming that you have XP installed?
I'm going to start gently and get more complicated the more goes it takes to remove this (this version can be a complete and utter pain to get rid of, apparently.. I haven't done one of these myself before now) :)
The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted.
run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close
all browser windows and click the
Fix checked button…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
O1 - Hosts: 645238813 #uto.search.msn.com
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: c:\windows\system32\comkd.dll
Next, please double click on the
My Computer icon on the desktop. Go to
Tools | Folder Options, click on the
View tab and make sure that
Show hidden files and folders is checked. Also uncheck
Hide protected operating system files. Now click
Apply to all folders, then click
Apply then
OK.
Then boot into safe mode, (see
here for info if needed) and delete the entire contents of the C:\Windows\
Temp folder, but
not the folder itself. Next please find and delete the following
bolded file...
C:\windows\system32\
comkd.dll
..and the following folder...
C:\Program Files\
DeskAd Service
Then while still in safe mode, please run Shredder again. Post back a new log when done. You may want to consider restoring back to a point before you got hijacked, if this isn't working so far.
Cheers
Liam
EDIT: ps. Yes, bootconf is part of CWS :(
edit to disable smilies!