Sorry about the mixup on the explorer.bat. The guy that developed pv'zip changed it yesterday nd I didn't know it. I see you figured it out.
OK here's the hidden file I was looking for:
comdecm.dll 61c00000 61440 c:\windows\system32\comdecm.dll
That is what keeps reloading this hijack.
If you do not already have it
Click here to download CWShredder. UnZip the file, but do not run it yet.
Now download TheKillbox from here:
http://download.broadbandmedic.com/VbStuff/KillBox.zip
Unzip the files to the folder of your choice.
Now
go offline and
Do Not go back online until these procedures are completed.
Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:
c:\windows\system32\comdecm.dll
Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The
c:\windows\system32\comdecm.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.
Finally click on the cwshredder.exe and then click
"Fix" (Not "Scan only") and let it do it's thing.
When it is finished
restart your computer.
When you're back in windows, check to see if there's any change in the search problem and report back. Please also post a new Hijack This log. along with a new explorer.bat log like you did before. You can post it in two posts to get the whole log in.
IMPORTANT!: To help prevent this from happening again, I strongly recommend you install the patches for the vulnerabilities that this hijacker exploits.
The simplest way to make sure you have all the security patches is to go to
Windows update and install all "Critical Updates and Service Packs"
