windows hijack - never seen this before

A computer suddenly had all it's desktop shortcuts changed to .lnk
Can't run any exe files etc, even in safe mode (can't add or remove programs etc either).

Internet Explorer is hijacked to:

http:/shell.windows.com/flearsoc/0409/xml/redir.asp?ext=lnk

Could not install or run ANYTHING, even in Safe mode

No choice but to try a repair install, which fails because after the installer installs components, a message comes up saying that can't run run32.dll, go on the internet to find the right program or choose a program from the list (which is what was happening previously)

I know that basically all that can be done is a reformat and fresh install, but has anyone seen anything like this - very malicious

 

Thanks chaslang - I've attached the drive to one of my systems - AdaWare immediately found kybrdff_38.exe and nwnmff_e38.exe, both described as W32/Adload.DHD and W32/Adload.DHH respectively. This is interesting because I had tried a repair via the repair consolde, and when moving the system files from the Windows Repair directory, the System file had been renamed as DHD_System, while there was an older system file that had the extension.BAK. I tried copying that System.BAK to the Windows/System32/Config as simply System (without the BAK extension). Unfortunately while the system would get to Safe mode afterwards, it would not proceed to the login page,

Since AdaWare has now moved the two suspect files (above) to quarantine, I'll try to rerun the repair install and see where this gets me. I'll continue posting if this is of interest to you, otherwise let me know and I won't keep posting.

Appreciate very much your help both with this issue and others in the past.