So, a bit embarrassing, but I've got what appears to be an impressively resilient malware strain wreaking havoc.
Notable problems caused by it are the creation of several mysterious processes which will be discussed further down, and Chrome being unable to open external links properly, leading only to a blank page.
Additionally, it creates profoundly bizarre invisible windows with bizarre names like "eaaghrji" and similar variants all sharing that "eaa" prefix.
Beyond being profoundly annoying and limiting some browser functionality, it doesn't seem to be explicitly malevolent; most things work fine, but it's impressively resilient.
It creates the processes "Ebeling.exe" and "Coaxing.exe" at unknown prompting, with Coaxing being able to be created multiple times and having multiple processes running simultaneously, of widely variable processing strain.
I like to think I'm relatively competent in minor bug repair, but this thing's pretty tough.
After performing scans with Malwarebytes and Spy Hunter, it did not recognize any threats. As such, I dug a little deeper.
I looked at the root folders and processes making the processes, and it led me into my Local directory, to a small (600-ish kb) application called Coaxing. I tried deleting it, but it crawled back from the grave and can do so easily.
Ebeling and Coaxing both had homes in the Registry and in a program file I didn't make called Greenman. I deleted that, and there were some others in there that seemed to die peacefully, but Coaxing in particular remains. I found these leads through Spy Hunter recognizing "strange" files, but it couldn't connect online to check its database or what-have-you. I even tried downloading Avast to see if it could come to any conclusion, but nothing doing.
I even tried looking at Coaxing's code in Notepad++, and was greeted with what looked to be gibberish I didn't understand. Since it kept regenerating I tried just modifying it to be blank to see if it did anything, but no.
When it regenerates, it always comes back with its friends GDIPFONTCACHV1.DAT, too.
I did some more digging, and it looks like it fiddled with my hosts file, and its directory was absolutely stuffed with ad domains. It tried to lock me out of it, since HIjackthis couldn't get in on its own.
I also used Hijackthis, and tried doing some virus scans in Safe Mode, to no avail.
I cleared my registry with CCleaner as well.
Frankly I'm at the end of my rope, as far as doing this myself; I don't know what more I can possibly attempt.
If anyone has some help they could offer I'd really appreciate it. I can't even find any documentation on Coaxing or Ebeling online at all!
Thank you for your time.