Assistance needed in removing "Windows Process Manager"

[Mygnyl]

Hello:
I am having difficulties removing a virus.
The virus is located in my /AppData/ folder with several names (see attachments)
The virus is also hogging resources.
I have tried to manually delete the virus from Ubuntu. I have tried ESET, Malware Bytes, Malware Bytes anti-rootkit, and ADWcleaner. Nothing seems to be able to get rid of this virus and I need some help.
I am at the point where I am about to just nuke and pave my drive, but I am here as a last resort. Any assistance would be greatly appreciated.
Thank you.

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
• In the Choose Recovery Tool menu select Command Prompt.
• You will see a big black window with a blinking cursor (command prompt).
  
  
  
  
  
  Access the notepad and identify your USB drive
  
  In the Command Prompt please type in:
  

  notepad

  and press Enter.
• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.
  
  
  
  
  
  Scan with Farbar Recovery Scan Tool
  
  Once back in the command prompt window, please do the following:
• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.
  
  Transfer it to your clean machine and include it in your next reply.

 

[Mygnyl]

Here is the requested log file.

 

[TwinHeadedEagle]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[Mygnyl]

Here is the requested log file from after the fix and reboot.
On first glance it appears that it is gone but it may come back that is what happened before but I am very hopeful right now!

 

[Mygnyl]

And as soon as I posted the above reply, "Windows Process Manager" started to appear in my Task Manager so it looks like this fix did not work...

 

[TwinHeadedEagle]

Can you create one more FRST report from the Recovery Mode?

 

[Mygnyl]

Here is the requested FRST report.

 

[TwinHeadedEagle]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[Mygnyl]

Hello:
I ran the program again and the fix but it did not fix it. Same thing happened, it came back a minute or two after running the fix and rebooting.
Attached is the log you requested.

 

[TwinHeadedEagle]

It is because you're not running the fix from the recovery but from the safe mode for the second time. Please follow my first message in this topic.

 

[Mygnyl]

Oops sorry I saw F8 and thought Safe Mode. Will try again.