You would need to write a "Script" sniffer to see whats being called for by the hijacker when it excutes. A packet sniffer may display the website being called and whats being downloaded.
What do you use for a standard popup blocker?
Download
Silent runners.Vbs http://www.silentrunners.org/
1. Make sure you have any script blocking software disabled
2. Run the program. It will take a few minutes to complete.
3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post.
Download:
StartDreck
Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'
UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'
Press 'Save' and select the location to save the log file (default is the same folder as the application)
Post the log in this thread
I also need you to try this and it
MUST be done in safe mode.
Reboot to safe mode (as this entry won't show in normal) and open regedit.
Do a search using the following as your search term
adchannel
Let me know if you find it under any keys.