At first I contacted Symantec and paid them some money for new definitions, however that was a complete waist of time, and the information on this website seems to be the most useful. So far I have removed by hand SystemSecurity, some thing similar called AdvancedVirusDefense and SDRA64.exe, that allowed me to install antivirus again. Housecall, found a bunch of virus for me, and then I installed SuperAntiSpyware, which has found quite a few trojans and variations of system securty. now everything I run tells me I'm clean. however I am still noticing aberrant behavior.
MaulwareBytes, has not been able to run since I got it to install, it crash's (error code 5) in the first few seconds of a scan, usually i see a system dll, relating to zip folders as the current scan file.(some times it doesn't even start listing files before crash tho)
Windows Genuine advantage is claiming I'm not activated any more, I thought this might be cuebot-k, but I don't have any of the known cuebot-k files or reg entries. Also the computer is a factory built workstation and the hardware has not changed since day one, its 2yrs old now.
Firefox redirects to random shopping and anti virus websites.
once since the first clean bill of health I have been locked out of taskmgr, however smitfraudfix.exe was able to kill whatever process did it and supperantispyware, found a new virus and removed it.
I haven't tried today yet, however since first infection I can not boot into safemode, as it will cause a bluescreen.
Previously one of the virus's made a new admin user account which blocked me from taking normal action, and made a lot of web tutorials on removal useless. luckily I was able to make my own new admin account which was what let me get my computer back under control. but I haven't seen any mention of that function in the virus's I have found and deleted.
Well if anyone can detect any signs of a name or anything for me to research I'd sure appreciate it. I've tried googling my tasklist services to hunt down a possible virus, and also I've been combing through hijackthis reports, but I can't come up with anything.
I uploaded both hijackthis and dds repots.