Unable to removal malware from Win 7 computer

Hi,
One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains.  I have limited access to the computer as this infection kills most programs as I try to run them.  However, there's nothing listed to uninstall in the Program list.  There is however a rogue process listed in Task Manager which I'm unable to kill.  Any suggestions please?
malware.bmp
t38Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David WallCommented:
Probably easier to remove the disk backup critical files to another drive and reinstall Windows 7 .
KimputerIT ManagerCommented:
Most malware, once on the system, are smart enough to evade the current installed antivirus/antimalware software, as it has the "upper hand" in that case.
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
JohnBusiness Consultant (Owner)Commented:
rogue process listed in Task Manager which I'm unable to kill.

Get Process Explorer from Microsoft SysInternals, install it and run it.

Look down the left side under Explorer for strange (alphanumeric) processes.

Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.

If it is really bad, then reinstall Windows as suggested above.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

rindiCommented:
Don't run malwarebytes in safe mode unless you are explicitly told to do so, or if it won't run in normal mode. It (like most AV tools), needs to run in normal mode in order for it to find and be able to remove most infections.
Don ThomsonCommented:
Restart the PC in safe mode with networking - This should allow you to download and install MaleWareBytes free program.  Run the program then go into Start - Run - msconfig.  and click on Diagnostic startup.  
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.

If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.

If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking  

You will most likely have to use Task Manager   File - Run new task  to get anywhere. Just youe the remote host  version of TeamViewer  - not the full program
rindiCommented:
As I mentioned above, DON'T run malwarebytes in safe mode. Most malware must be active for MBAM to be able to reliably find it, and most malware isn't active when in safe-mode.

If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:

https://www.malwarebytes.org/chameleon/
David WallCommented:
Just a thought this isnt a case that its run a script to make it start in some special king of startup, Run msconfig check the boot settings to make sure it isnt always starting in Safe Boot!

usually seen this with one of those Windows support calls where they log into your PC and change the settings.
Uptime Legal SystemsCommented:
If it keeps launching be sure to check:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

As well as the startup folder.  Some times these items will remain and you need to manually remove them.
t38Author Commented:
Thanks for the advice - this is our Call Recording 'server' so I really don't want to have to rebuild it but will do so as a last resort - I'm running an AVG scan on it atm to see if that can give me back the 'upper hand' as Kimputer so appropriately phrased it...  Will revert once complete.
t38Author Commented:
Btw, I hadn't refereshed my browser so didn't see all the additional input, will go through each and revert asap - thanks again.
t38Author Commented:
Thank you all for your suggestions - AVG Free in Safe Mode w Networking removed the infected files.  I was then able to install run MalwareBytes and HitManPro topped off by CCleaner and finally updated and ran EsetNod32.  All now working as normal.  Thanks again

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
t38Author Commented:
Resolved the issue myself.  Thanks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.