Ive been struggling away at this one after being infected yesterday, so far these are some things Ive noticed (for me anyway):
The redirect isn't hard-coded in the way they usually are, its a soft redirect (I.E. it only redirects once you arrive at a site, in the same way that typing a new address in the address bar would redirect you) and is easily bypassed by pressing back, and it only ever redirects once.
This virus/malware runs Internet explorer invisibly (not visible in any task manager i can find)
it then downloads movies from 10-15 sites at once (mainly ads) easily maxing my downstream speed
Ive disabled flash from IE this seems to have stopped the heavy downloading
it seems to be installed as a service, as the svchost.exe is where all the downloading is initiating
Ive noticed at times the memory being used by one particular svchost swells dramatically, sometimes reaching 1.5gb
I thought i narrowed down which service was tainted to com+ event system, but now i'm not so sure, it may be a hidden service.
Ive tried stopping services with the same PID one by one when its downloading, in the end killing the task from task manager is the only thing that stops it, but it restarts itself soon after.
Ive been looking through the various other 64.111.211.158 redirect threads (seem to be a lot in the last 2 days) and haven't seen any resolved, I thought this may help narrow down the problem area.
also i've run a multitude of programs, most are now saying i have no malware (except the cookies from the pages that it continually runs in IE)
at this stage i don't think my logs are going to be useful as they're probably full of the 100 different programs i've tried in the last 2 days
Anyways, more that willing to go through any steps people have, so sick of having to kill svchost
TIA