Last couple of days i have been infected with adware.
What happens is that on opening IE the default home page comes up as a windows security center clone saying "alert spyware detected on your computer!" It is made to look like a bonafide windows page but it redirects to anti-spyware box.com.
There are also popups in the bottom right of the screen and in the middle warning of spyware (nothing to do with my resident software). It also prevents you from ending processes in the windows task manager.
I have tried all of the usual anti-virus/adware/spyware scans but they cannot remove this.
The problem stems from the system32 folder which on startup runs runsrv32.exe (i have deleted it with regedit in safemode and from the folder but it comes back) also there is a runsrv32.dll. I think the main daddy is a.exe in system32. I cannot delete it in safe mode or otherwise - says it is being used by another program but it doesnt show as a running process I have also tried after having killed runsrv32.exe with Process Explorer. In the processes there is also a user32.exe which spawns qirkvy.exe(the popup).
Any ideas appreciated.