To help get connected remotely and to help remove this rogue enter this key (thanks to S!ri):
Another fake MSE... Internet Security Guard this time. This one is fairly straight-forward to remove. It disables task manager using an image file execution option. To get around this, we must rename taskmgr to something that Windows needs running to operate such as "winlogon.exe". The following command from the run box should suffice:
cmd /k copy "C:\windows\system32\taskmgr.exe" "%userprofile%\desktop\winlogon.exe"
This will copy the task manager to the desktop and rename it to "winlogon.exe" which will allow it to run. Now kill the process. Run your favorite malware scanner (MalwareBytes' is mine) and you are all set.
C:\Documents and Settings\All Users\Application Data\<random>\<random>.exe
C:\Documents and Settings\Administrator\Desktop\Internet Security Guard.lnk
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Security Guard.lnk C:\Documents and Settings\Administrator\Start Menu\Internet Security Guard.lnk
Notable Registry Keys Infected
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Security Guard
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes | URL (Hijack.SearchPage) ->
There are 760 more keys made and 30 more values infected but they are all image file execution options or policies to disable either real AV or other fake AV so I will not be listing all of them here. :)