Windows Processes Galore

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

The link in the instructions directs you to the Major Geeks download page and both the 32 bit and 64 bit versions are there. You must have clicked the 32 bit version which is why it would not work.

 

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.


Download Fixlist.txt (attached below)

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Please attach the above two log first before you continue with the below.
Also at this point, I want to double check the status of Poweliks by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.

 

Hi there. Sorry about the delayed response, you slipped off my radar a little way. Could you re run RogueKiller please and attach log?

 

Re run Hitman Pro and have it remove all that it finds please.

Delete this:

• C:\ProgramData\@system3.att

Delete as many files/folders as Windows lets you from this location: C:\Users\Razor\AppData\Local\Temp
Then give Ccleaner a run. Not the reg scanner, just the cleaner itself.

• Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
• Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!

 

That is one to remove but there were a few more in the last FRST log. I see the below


CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [Not Found]
2014-11-12 00:54 - 2014-11-12 14:14 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-12 00:53 - 2014-11-12 15:00 - 00000000 ____D () C:\Users\Razor\AppData\Roaming\FrameworkUpdate7
2014-11-12 00:53 - 2014-11-12 00:53 - 00000448 ____H () C:\Users\Razor\AppData\Roaming\麽鎒駓覜

 

I tried to save this into my fixlist.txt but it's having issues..."file contains charaters in unicode...." etc.. I don't know how to get around it. I never ever used to have this problem when pasting lines like this into my fixlist.txt and then saving...

 

Good evening, could you please run FRST again like you did in the very beginning (just a scan) and attach new log. Thanks.

 

Good.

Only thing left I'm seeing to do is for you to delete this:

C:\Program Files (x86)\Industriya

Ready for final steps?

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!