Greetings, after attempting to clean this myself and then with a couple of freinds I've decided to seek some expert advice... I can normally work my way through these things however this time..
Problems started after downloading some autoshapes would you believe it for fireworks....
Programs fail to start, halted with a MS dialoge box stating program XYZ has stopped working... reason APPCRASH. So the program fails on launch.
Note:- it's on some fairly random programs, photomatix, process hacker, and a few others... but nothing mainstream. I would have expected outlook or my spyware programs to be targeted here.
Adobe updater seems to just go mad every so often, updating then crashing.
Intercrash Exploder, seems OK then starts redirecting to various sites.
Interestingly it always does this in a very easy to predict manner in that everything slows for a minute then, a new page opens usually with a video about a get rich quick scheme or parts for a BMW. It seems to do this from virtually any page... so not site specific.
Between Adaware, Spybot Avast and Malwarebytes about 13 infections were found and cleared up... I have the MWB log.
I found and located sdra64.exe which strangely they all missed but I found using the Hijackthis log. Oddly this seemed to be easier to get rid of than I had read.. so far it looks like it's not returned.
Certain programmes are being blocked from opening - different from above... nothing happens at all.
In fact the process starts example fireworks.exe, then after a few seconds werfault.exe opens, then they both close. Once they've both closed for some reason windows update is then left open - however I am assuming that this is a result of the windows fault reporting exe.
Further more I've noticed that this infection whatever it may be is turning off windows firewall, not zone alarm just the windows firewall. I think this is quite important as this is probably the only thing about this infection that seems to be uniform or that makes sense.
Everything else it seems to be doing it quite random.
A more regular symptom... the infection seems to cause IE to temporarily think it's lost a connection... everything s connected and a box pops to say -page not available off line... try again? click try again and all works fine...
Other software used
Combofix - id'd a rootkit, then nothing on the re run
Panda root kit - won't install
Helios lite - scan bombs on process scan
Rootkit revealer - won't install
Dark spy - won't install.
Many thanks to anyone that can have a look at this... I really can normally work around these things but this time... I am at a total loss.
I don't even know where to begin... I I only knew what this was I could find out how to get rid of it... but it leaves no clues as to what it is... well at least not that I can see.