Okayso, about a week ago the "Security Tool" fake anti-spyware program started popping up on my computer. I hadn't seen it or heard of it before, and especially didn't remember downloading or initiating it, so I was immediately suspicious. I found most of the files associated with it, and deleted them, and the popups and "notifications" have since stopped. What I did was all manual search and delete, though, so I may have missed pieces of it. I've tried "Rkill", but that ended up freezing and shutting down my computer. At about the same time as all of this was going on, my internet started acting up. Any google search result was redirected to a site like "thefeedwater" or a random assortment of advertising pages. If google search results provided the full URL, I could copy and paste and still get through successfully. Most helpful websites, like microsoft.com, symantec.com, almost any anti-spyware or internet security site (anything HELPFUL at ALL), my brower is unable to access. I checked the hosts file, but if I understood it correctly, that wasn't the problem. I tried renaming the hosts file, but the problem persists. In my C:\WINDOWS and C:\WINDOWS\system32 folders, there are a lot of exe files that don't belong. Many of the known badguys I have deleted myself, but some of them keep reappearing, and run on startup. The most persistent are "sv1.exe", "svchust.exe", and "isvchost.exe". In my task manager, once I have ended the previous three that are obviously fake, I have exactly ten instances of "svchost.exe" running. There were at one point constantly four or more instances of "iexplore.exe" running, even when I didn't even have internet explorer open. On top of that, even more instances would appear as actual pop ups, consistently. I actually ended up DELETING iexplore.exe, and I'm now using CravingExplorer, a Japanese browser. Unfortunately (or, fortunately?), this means I can only have one window or tab up at a time and there are no popups.
Additional problems: On restart, about 70% of the time explorer.exe won't start on it's own. It asks me to login with a password I never created (blank, no password), and I've never had to do this before. As soon as it's finished restarting, a dialogue box appears with "UserInit Logon Application - Data Execution Prevention". If I try to start task manager, a similar window appears. I can start the task manager if I hold down ctrl+alt+delete, and then I can start explorer.exe from there. Soon after start up, there's a popup error message saying that a "calc.dll" cannot be found.
Three times recently, I've found three new icons that appear to link to pornographic websites on my desktop. In hindsight, I don't remember what they were actually shortcuts TO.
I've downloaded and run MalwareBytes, Super Anti-Spyware, and Spybot - Search & Destory. Each found a large number of results, and removed them successfully, but the problems have persisted.
Running Processes:
alg.exe
ccApp.exe
ccEvtMgr.exe
ccProxy.exe
ccSetMgr.exe
Compaq Connections.exe
CravingExplorer.exe
csrss.exe
ehmsas.exe
ehtray.exe
explorer.exe
hpsysdrv.exe
hpwuSchd2.exe
jusched.exe
lsass.exe
LSSrvc.exe
mcrdsvc.exe
msmsgs.exe
navapsvc.exe
NSCSRVCE.exe
rundll32.exe
rundll32.exe
services.exe
smss.exe
SNDSrvc.exe
SUPERAntiSpyware.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
symlcsvc.exe
System
System Idle Process
taskmgr.exe
winlogon.exe
WkCalRem.exe
I'm not sure of the exact location of some of those.
Er, can anyone help me out here, or is this a lost cause?
Edited by Rac9n, 09 November 2009 - 12:14 PM.