Well, you're welcome for the help and thank you for giving complete answers to my questions--that is actually kind of rare so you did a good job at that.
Judging from the page you were looking at on the Spybot site I can certainly see why you would think you could have a rootkit. In my opinion, it is a bit of a jump to conclude that a rootkit is the cause without more information. From that one set of circumstances alone it is possible but I would say it isn't as likely--and if it is caused by an infection it could be malware alone and not necessarily malware hidden by a rootkit.
Spybot not running could be caused by other, non-malware issues. A prime suspect would be that Norton 360 is interfering in some way. It is a very large and comprehensive program and the more complex something like that is, the more that can go wrong. That could explain why GMER and Root Repeal also do not run. Antivirus and other security software has to be very aggressive to deal with today's malware and often mistake one another for something malicious. This is why victims are often asked to disable their protection programs while doing a cleanup. The following thread was created for that reason: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
And if not Norton, a bad update from Spybot itself could cause problems. I've looked tonight at the Spybot support forums and don't see an obvious trend of reports of one bad update--there are a few that may or may not be related to your problem, but one caught my eye: http://forums.spybot.info/showthread.php?t=57262
Question: When did Spybot first refuse to run? Was it any time around May5?
More questions: What happens when you try to run it? Do you get any errors or other messages and if so what exactly is the message?
Did you try to run System Restore to a time before the problem with Spybot? If not I would give this a try first.
Altho rootkitted malware could be truly stealthed--it would remain hidden so that you never know it's there--the malware it hides usually gives itself away as an infected computer will exhibit a list of symptoms. Some common symptoms:
1. System tools that help you find and deal with infections become inaccessible--such as msconfig, Task Manager, regedit, Security Center, Control Panel applets, etc.
2. You are blocked from accessing security related websites. For example, you would not be able to visit any Symantec website, or Safer networking (Spybot) and sometimes even BC.
3. If you do manage to download other security tools, you could be blocked from installing them or, if installed, they cannot be run.
4. When you search on Google or other search engines, you get redirected to something else.
There are others, but the point is if you don't have more of these obvious symptoms than what you've told me so far, then you are probably looking at something besides a malware issue. A slow computer is another sign, but it is usually a sudden slow down, not a gradual one. My computer is old too and has slowed down on me, even tho I keep it pretty clean--that's normal unless you've done a good deal of upgrading. I understand you want to be sure, so lets try a few things first that might rule out malware. Then if you still want to proceed with a rootkit search that would be up to you.
First, try the System Restore I alluded to earlier. Let me know what happens or if there are special circumstances in your case, such as having System Restore turned off. Also check that your system tools such as msconfig, Task Manager, etc., are still functioning.
Second, try disabling Norton, according to the instructions in the thread linked to above and see if you can get Spybot to run. You might also try running Spybot in safe mode. This may not help tho, as Norton could have self-protection mechanisms in place that allow it to interfere whether in safe mode or not and you may not be able to disable it easily. If it were me, I would uninstall Norton completely, run Norton's removal tool, then install a lighter free AV, such as AntiVir, if only temporarily.
Third, download install and run both Malwarebytes' Anti-Malware and SuperAntispyware. Refer to this tutorial to run MBAM:http://www.bleepingcomputer.com/virus-remo...alware-tutorial
SAS is here: http://www.superantispyware.com/?rid=3324
Let me know if you have any problems installing and running these programs--and you may need to try both with and without Norton enabled. If they run and any malware is found, post the logs here please.
Lastly, try running Spybot according to the instructions here: http://forums.spybot.info/showthread.php?t=50194
At the end of it, don't worry about posting at their malware removal forum as you have already requested help here. However, if we determine that this is mostly an issue with Spybot, posting to their support forum might get you better help and let others with the same issues know what is up. You may notice that the instructions are very similar to what you were looking at on the Spybot website. The difference is that this this thread correctly notes that malware could be the problem, rather than a rootkit only, and the webpage you were looking at is gathering data for email support. It's been my experience that you get better support from forums than those developers.
As far as ComboFix, I don't see why any malware would have downloaded it to your computer. So last question is, have you had anyone over to have a look at your computer? I.E., you've asked someone to help you out that sat at the keyboard? Or does anyone at all besides you have access to your computer?
Edited by Papakid, 12 May 2010 - 02:05 PM.