Re: Tired of self professed "security experts"
<<But, according to them, it's not that easy these days. They said the virus code could have been buried inside other processes - which would make finding it more problematic.>>
As pointed out by other comments, rootkits can go to great lengths to hide themselves, either embedding themselves into executable images, obfuscating their code so that it is not recognized by scanners or altering low level disk read call to return the original data they overwrote. So the the worst ones (really the "best" made ones) would be difficult to detect using tools that run on the compromised machine. Any security expert would have suggested you first to image the disk booting the machine from a read only media, or better yet (BIOS can be compromised, although that is much more unlikely and difficult) plugging the boot disk on another computer
Even this could not be enough, in theory the on board drive controller can be compromised, but going to such lengths to play audio seems to use a lot of effort into something not very profitable, so I'd discard it.
Once you've imaged the disk you mount it on a known safe machine and take a MD5 hash of everything in the file system and compare it with other known good system. Not so easy as it sounds because of the many different patches and Service Packs around there. For some reason Microsoft ships close to entire code rewrites on it patches. But it can be done.
Even so, the thing can hide itself outside the reach of the file system by changing the boot loader itself and/or using the "system image" partition that is used to boot the installation process when it comes out of the factory. That is also easy to detect if you have the raw image of the disk.
<<there was SOME process that was pushing audio to my sound card, would it be impossible to trace that chain back and see what was issuing those commands?>>
Yes, it would be possible. It requires knowledge of media APIs, how the kernel handles multimedia devices and a lot of time waiting for the audio play to happen to be able to examine the system while it does that. Of course assuming that the rootkit in question has not placed any countermeasures to be debugged or that it can be circumvented.
I'm not a security expert, but I know that kernel hackers capable of doing such things exists. I know also that none of them would work over the phone helping customers.
I think what your experience summarizes best is what sorry state the security industry itself is. Each time I look at it says "scam" and "bubble" all over the place.