I started getting some help with my problem over at daniweb, but I think I'm having problems that I might need some backup on.
about a week ago, iexplore.exe started running itself in the background (had audio playing once, never visible windows) and if I clicked on a google link, the first 3 times it will redirect to somewhere else. I installed an extra seat of Norton 360 that I had, ran it, malware bytes, & spybot, and found some things, including a genrouge at one point, all with my system restore turned off, but it never fixed the symptoms. I started getting some help over at Daniweb (here's my thread: http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/398176
) and that's when I started hitting some REALLY odd dead ends.
I ran GMER, but got an error 0xC000010E about not being able to create a subkey under a volatile parent subkey. I can continue, but only a few of the scanning options are available. This happens in normal boot and in safe mode (no networking, no command line)
I tried to run DDS.scn, and first it ran as an autocad script, which only opened notepad and flooded it with non-alpha numeric text. After running a file the guy at Daniweb gave me that added something to my registry, it ran... and about 75% (it seems) of the way through (The #'s line up across the screen until they are under the R and E in "post the log in the forum wheRE it was requested") and it freezes both the software, and seemingly the machine (everything stops working, no response to alt-ctrl-del, clock freezes, mouse still moves) and did the same in safe mode, except the clock kept moving. It took about 10 mins to get to that point, and I let it sit in safe mode 2 hours and still never got further. (I sent a message to sUBs here, hoping they might have an idea of what step was getting bogge down, if they are still active here)
I then tried to run TDDSKiller and it ran(according to task manager) for about 3 seconds, then closed. I tried to run again, and it never even appeared in task manager. if I moved the file, or changed the name, the same thing would happen- run for three the first try, and after that nothing.
hijack this and other logs weren't showing any thing that alerted the person on daniweb, so I was kinda stuck.
I was basically ready to give up and do a new OS install, so I figured i would try running combofix by myself, like an idiot. It ran, told me I had rootkit.zeroaccess and that it would be hard to get rid of. I let it keep going then another popup appeared saying something like "possible rootkit detected" and the clock froze and while the mouse responded, nothing else did. I ran the uninstall command, so I think I'm in the clear on that. Everything runs fine (so I think I lucked out and didn't kill it), except I still have the same redirect and iexplore issues as before.
Any advice would be exceedingly welcome.