Oh, come on, Laz - a rootkit?
It's just scumware, probably loaded into IE's extensions.
I saw a new scumware method a couple of weeks ago.
It loaded itself into Chrome's extensions, and when you removed it, it loaded ANOTHER extension, with similar properties (DANGER!!! Microsoft has detected REAL BAD STUFF on your computer! Call this weird 818 number!) but a DIFFERENT name.
The third time, I tracked it down to its own little folder in ProgramData (Win 8.1), uninstalled Chrome excised the ProgramData folder, and got a couple of mentions in the registry.
I re-installed Chrome, and we were good to go.
The persistence was interesting.
I had the rootkit from hell, it did a browser redirect. I spent a FULL WEEK trying to remove it. I even re-imaged my computer from factory discs, and BAM, in a day, it would be back.
It was a very sophisticated rootkit that actually sought out peripherals and installed itself with a firmware rewrite. Brilliantly diabolical.
I factory flashed the router, did another re-image, and it was finally gone.