I just fixed this the other day at work. I dont remember where I got it, but it was pretty simple with a utility i found for just that problem…
SmitFraudFix.Zip
Search for that in google.
Run it in SAFE MODE
Then, run SmitRem.exe (also, find it on google)
Run HiJackThis, removing
-O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - D:\WINDOWS\system32\hp100.tmp
-O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
-O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
It may come back, and it’ll take a little more manual cleaning using WinPFind and KillBox depending on the variant of it, but dont worry… you’re close to being clean.
After cleaning, I like to download and run Ewido. It is a great cleaning program, and may find something else that isn’t showing up in hijackthis. You can also run it in safemode. Just tell it to do the same action for each item you clean, so you dont have to keep saying “yes”
Get windows Defender after you’re all done. Its free from Microsoft.com. Great program for lots of stuff