Computer Support Forum

Multiple Google Chrome processes running even though I uninstalled Google Chrome

Question: Multiple Google Chrome processes running even though I uninstalled Google Chrome

Hello,
 
I'm trying to repair my parents computer. They were getting Trojan horse warning messages and crashing to blue screens. So far I have updated the BIOS and uninstalled all the browser addons and questionable apps I found on there PC. Since updating the BIOS it hasn't crashed to blue screen. However I'm getting a lot of lywqyjla.exe processes that say they belong to Google Chrome. I uninstalled Google Chrome and they are still there. Each of them is using varying amounts of memory and the CPU usage keeps spiking. I have run malware bytes and adw cleaner, each of them said they found and removed threats but these processes keep showing up.

Relevance 100%
Preferred Solution: Multiple Google Chrome processes running even though I uninstalled Google Chrome

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Multiple Google Chrome processes running even though I uninstalled Google Chrome

Welcome to BC !
 
Run a scan using RKill. Read its description as to what it does. Once you have successfully run the scan, DO NOT reboot.
Proceed with the other scans. Reboot if the MBAM or other scans ask you to.
RKill Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR REVIEW.
download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
Download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

1 more replies
Relevance 119.19%

My computer is running Windows 7.
 
About a week ago, I started getting messages saying "Google Chrome has crashed" when Google Chrome was not open. When I opened task manager, many Google Chrome processes under the same name were running. To try to fix the problem, I uninstalled Google Chrome, but the processes are still running.
 
Right now there are about 15 processes named "dlxyoesklw.exe *32" with the description "Google Chrome" in the task manager. The number of running processes changed frequently, and there are sometimes more than 30 running, all using various amounts of memory. When I press "End Process," more processes just appear.
 
If I press "Open File Location," it now takes me to C:\Users\Owner\AppData\LocalLow\EmieBrowserModeList\igsqvescqy\mwqvrxfk
If I try to delete the .exe file, it says "The action can't be completed because the file is open in Google Chrome. Close the file and try again" but of course Google Chrome is uninstalled.
 
Twice I have tried to delete the whole folder by restarting the computer and quickly deleting it before the processes launched. This did not work, as the processes still appeared after the file was deleted, and the folder relocated to a new one under \AppData\LocalLow\
The folder used to be in \AppData\LocalLow\EmieSiteList\ before it relocated.
 
I have G Data TotalSecurity 2014 installed but it did not find anything.
 
This behavior is very suspicious. What should I... Read more

Answer:Google Chrome processes running when Chrome is uninstalled

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

18 more replies
Relevance 106.43%

Hi, I am new to the forum but came here because I have seen another thread that looked similar to my problem.  I don't have Google chrome installed, but I see multiple processes running (named gtgpalgcum.exe *32) with Google Chrome as the description.  I believe my computer is infected with some kind of malware.  Can anyone help me with this issue? 
Stan

Answer:Multiple Google Chrome Processes Running

Welcome to Bleeping Computer,
Please do the following:
Please download the Farbar Recovery Scan Tool from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
Note: Wait for the direct download to begin, do not click on anything else on the page.
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.
Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well
NEXT
Download Malwarebytes Anti-Rootkit (MBAR) from the following link and save it to your desktop.http://downloads.malwarebytes.org/file/mbar
**Next, exit Malwarebytes Anti-Malware ( MBAM ) if it is running. You can do so via the notification area icon near the clock. Right click on the mbam icon, and select Exit.**
Next...Double click on the MBAR file you downloaded.
Approve the UAC prompt in Vista and newer operating systems.
Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mba... Read more

2 more replies
Relevance 106.43%

I noticed after a reformat (previous severe infection) that it was only a few days before my system slowed down considerably.
I went into task manager and found 10-30 google chrome processes running. I removed google chrome and anything related, restarted , deleted spyware and opened it up again.
I tried to delete the processes and process trees only to have them appear again.
I am unable to use the internet much less my gaming community.
I can also provide a screenshot if necessary.
 

Answer:multiple google chrome processes running . . . .

I need Addition.txt
 

12 more replies
Relevance 106.43%

Multiple Google Chrome processes running, whose image name is Bkumbzlzkp.exe.
The file location for this is C:\Users\Gel\AppData\LocalLow\EmieSiteList\Moqhsillt\Xkjonjiipp.
 

Answer:Multiple Google Chrome processes running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 105.56%

Hi, I am infected with a virus of some sort which is causing multiple Google Chrome processes to be running using up almost all of the CPU. I have run and attached the scans.. This is very similar to the com surrogate virus I had on this computer last month which you helped me fix. Thanks in advance for your assistance.
 

Answer:Multiple Google Chrome exe processes running. -- virus?!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 105.56%

Here are uploads of FRST log, DDS and Attach logs.

Any help is appreciated.

Regards
 

Answer:Multiple Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 104.4%

Help is much appreciated, Thanks
 

Answer:Multiple rogue Google Chrome processes (rjjbiyctioq.exe) running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 104.4%

Multiple Fake Google Chrome Processed are running on laptop. See multiple similar threads. Ran FRST and have provided logs. Any assistance would be greatly appreciated!
 

Answer:Multiple Fake Google Chrome Processes Running on Laptop

Uninstall Ask Toolbar.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

Start
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe [1693800 2012-03-04] (MusicLab, LLC)
C:\Program Files (x86)\BearShare Applications\MediaBar
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Program Files (x86)\Ask.com
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4192403223-262647996-3079662322-1000\...\Run: [Xjdzilqlbnw] => regsvr32.exe /s "C:\Users\Jane\AppData\Local\{692D8DB2-29A3-41AE-92B9-083ADAB4A61B}\Xjdzilqlbnw.dll" <===== ATTENTION
C:\Users\Jane\AppData\Local\{692D8DB2-29A3-41AE-92B9-083ADAB4A61B}
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll [1778608 2012-03-04] (MusicLab, LLC)
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr... Read more

4 more replies
Relevance 104.4%

fake google chrome processes run in the background causing memory log jam. Processes keep popping up if you closes them or delete them. Location of running processes are similar to the other posts similar forums. Users\*name*\AppData\LocalLow\Adobe\eairvsfboeds\Hpgvkcia
 

Answer:Fake google chrome running multiple processes (ybbkifcdeb.exe)

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.
 

3 more replies
Relevance 103.24%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 100.92%

I noticed a lat jump after updating adobe. I checked my processes and there is a ton of Google Chrome Processes running. I did not have chrome loaded at that time. I have win 7. I have run bitfinder and it finds nothing wrong. I try ending them but they launch right back up. Bitfinder has found 430 infected web resource detected just today but it blocks it and says computer is safe. 
 
kraxzciwyk.exe*32  is the image name and the description is Google Chrome.

Answer:Lots of Google Chrome processes running but don't have chrome installed

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

16 more replies
Relevance 100.05%

hello I am having the same problem with my pc and was wondering if I could get some help to resolve I am not could with computers or typing so I will do my best
 

Answer:processes labeled google chrome but chrome isn't running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

17 more replies
Relevance 100.05%

i suppose these are also needed
 

Answer:processes labeled google chrome but chrome isn't running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 97.15%

I have many "Google Chrome" processes running (jthzgxbastyz.exe *32), but I don’t have Chrome installed on this computer. I have tried to run Malwarebytes and Malwarebytes anti-root, MacAfee root kit, and several others. Anything I try to open, never actually opens. I ran DDS, but it doesn’t look like its accessing the file system. I am an administrator on this computer, but when I attempt to download anything now from Internet Explorer, I get a Security Alert " Your current security settings do not allow this file to be downloaded." I reset IE and it allows me to download the programs, but I still can’t run them. Hope this helps! Seems like I have a full blown infestation. L
 
Windows 7 Home Premium
 

 attach.txt   933bytes
  1 downloads
DDS LOG
 

 FRST.txt   22.46KB
  1 downloads
FRST LOG
 

Answer:Multiple Google Chrome Executables Running, but Chrome Not Installed

Hey, Please post the FRST Log into the thread rather attaching them. ;)

36 more replies
Relevance 96.28%

Computer crashes on startup fairly often - I've always thought it was due to running 4 monitors but it is getting more regular. Checked Task Manager this morning and found 11 instances of Google Chrome running before I even opened the browser.
After googling and reading several threads it appears there is some sort of mutating virus on my system. It does not appear that there is a standard anti-virus fix (yet) and I'm fairly basic in my computer tech skills. I got directed to this site from a few others hence I'm here seeking some help.

I've followed the 3 steps and uploaded the 2 files as directed

Any help would be much appreciated

PS I run avast (free) as real time protection and I ran Malwarebytes this morning that picked up nothing.
 

Answer:Multiple chrome.exe.32 on StartUp without Google Chrome running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 93.96%

This problem is eating up my CPU and I am unable to do the things I want to do. Plus I dont even have Google Chrome installed on my computer...
 

Answer:Multiple Google Chrome Processes

Hello,

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

1 more replies
Relevance 93.96%

Initial symptoms started this morning. Have tried various methods to remove, but to no avail. I have attached the FRST logs as requested. Thank you in advance for your help.
 

Answer:Multiple Google Chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 92.8%

I have multiple processes on Google Chrome running in the background and almost every time I open a new tab I get re-directed to ads / virus. I've ran a lot of different program and they all come up empty so I hope you can help.
 
Here are logs from FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Niklas (administrator) on DESKTOP-2GDOA4M (22-05-2016 11:20:24)
Running from C:\Users\Niklas\Downloads
Loaded Profiles: Niklas (Available Profiles: Niklas)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Pr... Read more

Answer:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Duplicate post.This topic will be closed.

0 more replies
Relevance 92.8%

I have multiple processes on Google Chrome running in the background and almost every time I open a new tab I get re-directed to ads / virus. I've ran a lot of different program and they all come up empty so I hope you can help.
 
I've attached logs from FRST:
 

 Addition_22-05-2016_11-21-16.txt   38.41KB
  1 downloads
 

 FRST_22-05-2016_11-21-16.txt   59.83KB
  2 downloads

Answer:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Duplicate post.This topic will be closed.

1 more replies
Relevance 92.8%

My computer has been bogged down by multiple fake google chrome processes that keep popping up.  I downloaded and ran the FRST, below are the FRST and Addition logs.  Any help will be greatly appreciated.
 FRST.txt   44.01KB
  0 downloads
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by Kentaro Abe (administrator) on GALLY on 11-12-2014 02:48:49
Running from C:\Users\Kentaro Abe\Desktop
Loaded Profile: Kentaro Abe (Available profiles: Kentaro Abe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualizat... Read more

Answer:Infected with multiple google chrome processes

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txtHKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1451700218-2503860457-661068883-1000\...\Run: [xwmypuchpc] => regsvr32.exe /s "C:\Users\Kentaro Abe\AppData\Local\Macromedia\xwmypuchpc.dll" <===== ATTENTION
C:\Users\Kentaro Abe\AppData\Local\Macromedia\xwmypuchpc.dll
2014-11-11 20:20 - 2014-11-11 20:20 - 00000000 __SHD () C:\Users\Kentaro Abe\AppData\Local\EmieBrowserModeList
EmptyTemp:NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow run FRST again.When the tool opens click Yes to disclaimer.Press the Fix button just once and wait.The tool will make a log (Fixlog.txt) please post it to y... Read more

12 more replies
Relevance 92.8%

Thank you in advance for any help you can provide.

It's really nice to know that for every bad guy creating these viruses, there's a good guy out there to help people in need. Thank you for the work you do, and thank you for reading my post.

I hope the information above is sufficient.

EDIT: P2P program utorrent has been disabled
 

Answer:Multiple Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 92.8%

Noticed a game acting odd yesterday then on start-up this morning I found all the silly processes. tried stopping them but obviously had no progress.
googled the processes and found you guys and the ability to help others with this issue.

Thank you in advance for any help you can give!
 

Answer:Multiple Google Chrome Processes Gqjmgrtv.exe *32

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 92.8%

Almost every time I open up a new tab or try to go to a new URL in Google Chrome I get a pop up or re-directed to an ad or virus site. I have ran so many different scanners that come up with 0 that its starting to drive me crazy that its still there.
 
Here's the FRST logs (I downloaded that fixit.txt and ran it with additions):
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Niklas (administrator) on DESKTOP-2GDOA4M (22-05-2016 11:20:24)
Running from C:\Users\Niklas\Downloads
Loaded Profiles: Niklas (Available Profiles: Niklas)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program ... Read more

Answer:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/615148 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

0 more replies
Relevance 92.8%

Apparently this is going around, but I just got hit with a bunch of fake google chrome processes, and I have never downloaded, installed or used chrome. Log files attached.

Thanks in advance for the help!
 

Answer:Multiple fake google chrome processes

I also ran a scan with malwarebytes anti-rootkit. Those logs are attached. It found an instance of the poweliks Trojan, which hit me last week and I thought was gone, but maybe this is all related? After the malwarebytes scan, the bogus processes are gone right now, but I'm skeptical that all is well now. One thing I do know is maybe it's time to ditch Norton 360...
 

5 more replies
Relevance 92.8%

My hard disk is running like crazy and my pc won't go into sleep mode. I started task manager and found 6-7 Google Chrome processes running. They can't be stopped. They just start right back up. I don't even have Google Chrome installed. The processes all have hdeppwkv.exe *32 as an image name in task manager. They have Google Chrome as a description.

Thanks
 

Answer:Multiple Google Chrome processes can't be stopped

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
==========================


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a rest... Read more

7 more replies
Relevance 92.8%

My hard disk is running like crazy and my pc won't go into sleep mode. I started task manager and found 6-7 Google Chrome processes running. They can't be stopped. They just start right back up. I don't even have Google Chrome installed. The processes all have hdeppwkv.exe *32 as an image name in task manager. They have Google Chrome as a description.
 

Answer:Multiple Google Chrome processes can't be stopped

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

3 more replies
Relevance 91.93%

Hoping to soon have a green 'solved' sticker on my topic.
 

Answer:Multiple 'google chrome' processes eating memory

2nd file from the tool listed as Step 1
 

7 more replies
Relevance 91.93%

First noticed on 10/30/2014, in the volume mixer there were anywhere from 3 to 4 different Google Chrome volume bars displayed, all muted. If unmuted, the audio of an ad could be heard. When Task Manager was opened, there were multiple processes (orazjsv.exe) that were running, anywhere from 4 to 12 at any given time.

Tracing the folder to where orazjsv.exe is installed, I deleted the entire folder in Safe Mode only to have it reinstall in a different location once Windows was restarted. So far everytime I have deleted it, it has been from an existing folder in the AppData folder under my username, particularly a folder within the LocalLow folder. I have run Malwarebytes, Norton AV, and CCleaner. Currently I also have my firewall set to block the program from sending or receiving data.
 

Answer:Need Assistance, multiple fake google chrome processes

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

Start
C:\Users\WastelandRogue\AppData\LocalLow\Adobe\pgnzuluwmcae
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Run: [Ycebtlrd] => regsvr32.exe /s "C:\Users\WastelandRogue\AppData\Local\Skype\Ycebtlrd.dll" <===== ATTENTION
C:\Users\WastelandRogue\AppData\Local\Skype\Ycebtlrd.dll
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
FF SearchPlugin: C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\trovi-search.xml
C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\safesearch.xml
C:\Users\Wast... Read more

3 more replies
Relevance 91.93%

Thank you for you help. Husband thinks it may have happened yesterday when attaching GoPro, but can't say for sure.
 

Answer:Multiple fake Google Chrome processes - CPU bogged down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 91.64%

I have about 15+ processes running under goggle chrome. I did my research and know its a virus, so I started the Malwarebytes scan and currently am showing as 12 malwares found, but its still going!

Thank you for the help!!
 

Answer:Google Chrome running several processes - need help with this virus!

mbar-log-2015-02-01 (15-28-36).txt
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.01.07
rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Christy :: CHRISTY-PC [administrator]

2/1/2015 3:28:36 PM
mbar-log-2015-02-01 (15-28-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 344802
Time elapsed: 18 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 4
C:\Users\Christy\AppData\Local\Microsoft Games\Phgllgdxsq.dll (Trojan.Chrome.INJ) -> Delete on reboot. [103b66b37713cc6a1788e63105fd6d93]
C:\Users\Christy\AppData\Local\Microsoft Games\Phgllgdxsq.dll (Trojan.Chrome.INJ) -> Delete on reboot. [103b66b37713cc6a1788e63105fd6d93]
C:\Users\Christy\AppData\Local\Microsoft Games\Phgllgdxsq.dll (Trojan.Chrome.INJ) -> Delete on reboot. [103b66b37713cc6a1788e63105fd6d93]
C:\Users\Christy\AppData\Local\Microsoft Games\Phgllgdxsq.dll (Trojan.Chrome.INJ) -> Delete on reboot. [103b66b37713cc6a1788e63105fd6d93]

Registry Keys Detected: 5
HKU\S-1-5-21-1152919652-166373410-1757317350-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Delete on reboot. [08432feac3c765d1ccf966be976... Read more

2 more replies
Relevance 91.64%

I have afake google chrome process in task manager and don't have google chrome installed. First indication of an issue was when popups prompted me to allow a windows command processor to do something. I believe I always said no.. but my kids may have said yes.
 

Answer:Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

17 more replies
Relevance 91.64%

Hi I was online last night surfing the internet when I had a pop up I couldn't close or exit.. so instead of turning off my computer I clicked ok. Immediately after that I opened window task manager and seen egwpdiofqs.exe being run about 8 of them. So I started to exit out of them they would immediately reappear so I tried to open file location and delete the folders it wouldn't let me as it said they were still in use from google chrome which I don't have installed. I seen posts of other people with similar problems so I already downloaded the frst64 and ran a scan. Sigh im so dumb I pretty much hit OK for this virus to get onto my computer. =( Will TIP nicely for assistance haha thanks again... P.S. my computer is terribly sluggish after this happened it tends to freeze a lot and it won't let me run system restore.

Answer:Mutliple processes running from google chrome.

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Win... Read more

3 more replies
Relevance 91.64%

You've helped me before. FRST scan is attached. Please let me know the next step.
 

Answer:Google chrome not installed but running in processes.

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let ... Read more

6 more replies
Relevance 91.64%

Looking for best way to fix this malware/virus issue. Currently do not have any virus protection/software (thought I did & up til recently this computere was not used for downloading files/internet access so virus software was not really needed).

Attached addition.txt and frst.txt for you to view. Computer running Windows xp 32bit. Symptoms started when downloaded zip file for printer drivers because I couldnt find my disk. Or at same time, maybe from an external drive I was copying a file to.

Again, computer harddrive constantly running, so much that manouvering around on the internet is painstaking...google chrome not installed yet processes keep popping up in task manager.

If you can help me clean this up, I would be grateful, and then suggest some virus protection software....cause obviously I need it.
Thanks.
 

Answer:Fake Google Chrome processes running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 91.64%

Hello. I have read most of your replies, and I am hoping I don't need to start a new thread and I can just upload my scan files here. Please let me know if I need to do something different.

Thank you in advance for all your help.
 

Answer:Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 90.77%

I would greatly appreciated help!  My Windows 7 desktop is infected with malware that has keeps the CPU usage at extreme high levels although no processes show in Task Manager above about 10% usage.  There are multiple copies of a fake Google Chrome image named vbbxqhmz,exe which seem suspicious since I uninstalled Googgle Chrome.  I have run all the malware and spyware removal tools that I have and the problem persists.  I would be so grateful for help recovering my computer.
 
Here are my logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Julie at 13:44:07 on 2014-12-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7991.2026 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Prog... Read more

Answer:Infected! Multiple google chrome vvxbqhmz processes, CPU @ 100% usuage

Hello starbusrt1989,
 
I'm Stan and I will be helping you for this problem.
 
First of all I want to clear some things about the malware removal process:
Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
Share with me any problems/changes you experience while working with the current system.
Please, do not use any quotes or code boxes when you post logs.
I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.
 
I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.
 
********************
 
Pleas... Read more

38 more replies
Relevance 90.77%

Computer very slow a few minutes after startup.  I've tried several AV programs. 
 
FRST.txt and Addition.txt logs below.
 
Thanks,
 
.....
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by admin (administrator) on HOMEOFFICE on 14-09-2014 22:48:14
Running from E:\
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(EMC Corporation) C:\Program Files\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(PFU LIMITED) C:\Windows\twain_32\fjscan32... Read more

Answer:multiple processes: dllhost.exe COM Surrogate & jfkglnuyzli.exe Google Chrome

DDS txt file below.  attach.txt attached.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by admin at 3:54:14 on 2014-09-15
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1756 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\TeamViewer\Version9\Te... Read more

16 more replies
Relevance 90.77%

I have seen the threads where others had this problem. My task manager shows at least a dozen instances of Google Chrome running even though I have removed Chrome. Another users thread identified this as a Trojan Virus?
 
I have followed the Preparation Guide as best I can & attached the "DDS" and "Attach" logs. This is all pretty new / foreign to me & I am a little over my head but I think I attached what's needed.
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.65.2
Run by Tayler at 13:32:41 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1040 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windo... Read more

Answer:Multiple fake Google Chrome Processes - Logs included.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554911 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 90.77%

Multiple fake google chrome processes name pwkoxslg.exe
 
Farbar Recovery Scan Tool logs attached.
Thank you for your help.
 
 

Answer:Fake Google Chrome Multiple Processes (2014-11-13 1944)

Hello MarioDDN,  Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.  If you do not understand any step(s) provided, please do not hesitate to ask before continuing.  Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  I will be analyzing your log. I will get back to you with instructions.  Download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machi... Read more

8 more replies
Relevance 90.48%

complete beginner here. forgive my for my outdated knowledge and lingo.

Google Chrome process called "vfiujynubu.exe" is creating itself in random folders around my computer and running itself on startup, creating many processes and hogging CPU and RAM. When I try to delete the .exe, i either can't or it recreates itself upon next computer startup and continues running fake Chrome processes (even after I have completely uninstalled Chrome).

I am a subscriber to webroot secureanywhere and reported this problem to them. They suggest it is not a problem. They probably are correct. However I don't understand why all these processes continue to run (and why the .exe is even there) after I uninstall chrome. Here is the exchange:

Hello,

After examining all the information and logs you returned to us. We can see that the file you are referring to is a genuine Google Chrome file.
[G] c:\users\keim delepine\appdata\locallow\rbxlogs\ihmevlph\kywngyniqin\vfiujynvbv.exe [MD5: 0BDAE865738D27A4D84D50591C8C9D2D] [Flags: 10001000.21689]

More info on this file can be found on the (Virus Total)VT link below:
https://www.virustotal.com/en/file/...e974ebff8700f5f93dca2ec8a6b0991e2ac/analysis/

If you still suspect that your computer is infected, please provide any additional details that might lead you to believe that your computer's behavior is due to malware, and not an unrelated technical issue.

Thank you,

The Webroot Threat Research
Your Message (Nov 6,... Read more

Answer:Fake? google chrome processes running wild

hope this helps!
 

6 more replies
Relevance 90.48%

This morning a message box popped up in the middle of my screen and said something like "Google Chrome is not able to write to it's directory" but I don't even have Google Chrome installed. I went to Task Manager and noticed several processes running with Google Chrome as the description, but the processes are named "yzcuofj.exe". This seemed odd, so I was searching the web for help and came across this website. I'm a little hesitant to start downloading and running executable files, for fear of "fake helpers" getting people to download malware/viruses, but this site seems pretty legit...so here goes! I'm guessing the first thing you'll ask me to do is run FRST? (although I've seen in other threads you've asked users to run ZOEK or RogueKiller or TDSSKiller, etc)
 

Answer:Google Chrome processes running but application not installed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

16 more replies
Relevance 89.61%

It seems that I have acquired the Google Chrome Process issue. Hopefully you will be able to help as you have with others here.
 

Answer:Another case of Google Chrome processes running without application installed

Re-run FRST.exe as you did before ...
Download fixlist.txt that you find attached at the bottom of this post and save it same place you
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
 

3 more replies
Relevance 89.61%

My laptop has been running extremely slowly. I often get errors when trying to go to websites - IE says it can't display the page. When I view the Windows Task Manager, I see multiple processes running with the description "Google Chrome" however this program is not currently installed on my computer. I downloaded the Farbar Recovery Scan Tool and have attached the FRST file. Thanks in advance for your help!
 

Answer:Very slow computer, Google Chrome processes running when it is not installed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 89.61%

I ran malware and it is clean but included the file. The farbar files are attached. Thank you for all your help.

Joel
 

Answer:Very slow computer, Google Chrome processes running when it is not installed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

26 more replies
Relevance 89.03%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 88.74%

Hello,

As noted above, I'm currently having problems with a process that is being detected as Gooogle Chrome taking up most of the resources on my system. This, even though I don't have Chrome installed on my computer. I've tried deleting the file, but it just pops up somewhere else.

I ran FRST and have attached the resulting reports to this thread. Any help you can provide would be greatly appreciated.

Thanks in advance,

J
 

Answer:Google Chrome Processes stalling system, but Chrome isn't installed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 88.74%

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

Answer:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

20 more replies
Relevance 88.16%

An install of Google Crhome browser is apparantly recording cookies while the Google Chrome browser itself is not being used;  the cookies seem to be of webpages and sites that other people in this location visit through another browser.  This makes me thing that the Google Chrome browser sneaks information from the user of other browsers on the computer, and this makes me wonder, what more is being done with this set of cookies lifted from the other browser?
 
This cannot be normal; is it?
 
Every day, I come to the particular computer with google chrome on it, open history, see the cookies listed, delete them, and only use the browser in Incognito mode.  No cookies recorded during any of my usage sessions.  Later, after other people who never use Chrome use the computer, go online (with Internet Explorer), makes their website visits, and then finish; when I come back to use the computer again and go online in incognito mode on Chrome, ... there again are more cookies listed, and mostly from sites that I did not visit.
 
This just seems like it should not be happening.  Tell me about it?
 
 
IE 11, Firefox 33, Google Chrome 38
Norton 360;
Windows 7.

Answer:Google Chrome records cookies without running Google Chrome

What content settings is ticked for Cookies? I frequently use Chrome Browser so I must need to observe the behavior you were referring to as cookie populated on All cookies and site data if this is what you were referring to(?).

15 more replies
Relevance 87.87%

I have multiple processed named Mgoqzmdjmx.exe *32 with a descriptions as Google Chrome. I'm pretty certain this is a virus of some sort. Attaching a screenshot of the task manager. Any help will be extremely appreciated.
 

Answer:Random Google Chrome Processes (even after uninstalling chrome)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 86.42%

After a 100% improvement on my Windows 7 laptop, I wanted to see if there was a way to make my Mac even faster. I found Google Chrome Helper in my Activity Monitor>Memory 21 times using 1522 MB of my memory. Is this normal or do I have a problem?

I tried to run your SysInfo, but couldn't get it to do anything.

Is there any other info that might be helpful?
PegM
 

Answer:Google Chrome Helper running multiple times

Google chrome is a massive memory hog...so more than likely its just being "memory hungry"
 

1 more replies
Relevance 86.13%

The processes are named Adjyodaeamxj.exe *32, There are at least five of these processes running at any given time, though sometimes many more will run. They are using up large chunks of memory and taxing my computer.
 

Answer:Processes from Google Chrome, do not have chrome installed.

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 85.26%

Google Chrome process "ydapirqtjcb.exe *32" is running multiple times (up to twenty) when viewing processes in task manager.  Every time I try to end the processes more appear.  
 
I uninstalled Chrome and Adobe. After a minute or so after restarting the exe begin to appear again.
 
Does anyone what this process is doing and how it can be deleted.
 
This is causing my computer is run slow and will no longer go into sleep mode.
 
Any help would be appreciated.
 

Answer:Google Chrome process "ydapirqtjcb.exe *32" running multiple times

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

3 more replies
Relevance 82.36%

Someone said I need to find the binary file kicking off all these processes? How do I do that? I've run FRST and attached the output as well.
 

Answer:Multiple ckfgiex "Google Chrome" looking processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all t... Read more

8 more replies
Relevance 82.07%

Google chrome will not allow me to open a web page sent to me on my e-mail. I did not install google chrome. When I click the sent web page address, a chrome logo appears in the upper bar and the page does not open . I do not want google chrome and do not know how it got into my computer. I did not sign in, make it a default search page, or download it. Please help. Thank you.

Answer:I want want google chrome uninstalled..

Straight from google.Windows Vista/ Windows 7/ Windows 8 Close all Chrome windows and tabs. Go to the Start menu > Control Panel. Click Programs and Features. Double-click Google Chrome. Click Uninstall from the confirmation dialog. If you want to delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.If you're having problems uninstalling the browser using these methods, try manually uninstalling the browser instead.

3 more replies
Relevance 82.07%

Google Chrome is now on my computer. I am having problems since its installation. These never occurred before. Current problem is that I cannot download a document using MS Word. This is a serious problem for me and I hope that one of you computer tech gurus can help. Thanks.

Answer:Google Chrome must be uninstalled

Pretty simple.http://support.google.com/chrome/bi...

3 more replies
Relevance 81.2%

I recently downloaded/installed Google Chrome on 10/28/14. My default browser is Internet Explorer, which I did not uninstall. Within a few days, it seemed my system slowed down a bit, and the hourglass was visible a lot of the time. Also can hear the drive/fan pulsing. Screen & mouse seem jumpy (desktop icons flash & reload, cursor is hard to control). So I decided to uninstall. Did this through Control Panel Uninstall procedure. Symptoms seemed to persist. When I run Task Manager the Processes tab shows multiple listings (varies from 1 to maybe 15 listings from moment to moment) of a Google Chrome file called zbinmoea.exe *32 (even though Chrome does not show as an installed program) I was unable to end the process. Searched for the file and found it on the C:\ drive. When I tried to delete it by selecting, right-clicking & choosing "delete" I got the message "The action can't be completed because the file is open in Google Chrome. Close the file and try again." However, Google Chrome has supposedly been uninstalled and is NOT running. How do I get rid of this zbinmoea.exe file? I have tried re-installing Chrome and then uninstalling again. Problem persists.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8099 Mb
Graphics Card: Intel(R) HD Graphi... Read more

Answer:Google Chrome not completely uninstalled

16 more replies
Relevance 81.2%

I am running a Windows 7 machine primarily using Google Chrome. I regularly use antivirus software and a firewall and run a weekly scan. However my system runs very slowly and I have been trying to find the source of what I assume is a virus or malware.  I have tried different online scans and new antivirus programs and nothing seems to work.  I was investigating all the processes that are running and noticed multiple instances of chrome.exe *32.  I had noticed them in the past but assumed they were related to Google Chrome.  When I searched that process, I found multiple postings on your site dealing with the same problem.  It seems you have a particular order to work through the issue so I am reaching out to see if you can help me.  You seem to have been very successful in the past with other folks.  Your reply and help is greatly appreciated. 

Answer:multiple chrome.exe *32 processes running

Chrome.exe (Chrome.exe *32) is a legitimate process related to the Google Chrome web browser. Multiple copies of chrome.exe, referred to as process-per-tab, listed in Task Manager is intentional by design as a crash control. Chrome creates three types of processes (browser, renderers, and plug-ins). Each Chrome tab is treated as it's own individual process for the life of tab meaning it is treated as a separate process so that multiple tabs can run with less problems. This feature increases responsiveness, and prevents the browser from locking up if a particular web app or plug-in stops responding. In the event of a browser crash or hang in one tab, it prevents the entire browser from closing down. Chrome has its own built-in Task Manager which is accessed by right-clicking on the browser's title bar. You can see what which process does by going to Menu > Tools > Task Manager. The Chrome Task Manager lets you track resource usage for each individual tab and lets you kill any tabs that have stopped responding without having to restart the entire browser.For more specific information, please refer to:Chrome's Process Model ExplainedMulti-process ArchitectureUnderstanding Chrome & ProcessesWhy Does Chrome Have So Many Open Processes?There are numerous comments about this at the Chrome Help forum. See Multiple chrome.exe in Task Manager.Tools & Tips to Optimize & Troubleshoot Memory/CPU Usage in Firefox and Chrome:Tools to optimize the Memory Usage of Firefox an... Read more

16 more replies
Relevance 80.91%

Hi TwinHeadedEagle,
I have almost exactly the same problem running on my computer. I have run zoek, malwarebytes, and AdwCleaner and I still have the problem. Rather than create a new post in the forum I have just replied to this post since it seems so similar. I have now run Farbar and have attached the two logs. I also included a pic of my task manager showing the processes that keep loading. Can you help me? Thank you!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 80.91%

My computer was running slow so I went to my task manager and seen a whole bunch of Google Chrome processes running. I was confused at first because I don't even have Google Chrome installed. As I tried to stop the processes one at a time, more only popped up. Then I looked it up on the net, found others yall have helped on this site, and know there's something wrong. If possible, would like to know how and when the malware was installed as I have multiple students that use the pc and this is the first time ever had this happen, would like to know if it was a user doing something wrong by accident or on purpose (is even possible to know, but mainly would like to just get pc fixed!)

I right clicked and Disabled Antivirus AutoDetect (Norton); Downloaded zoek and have result log attached. Required a pc reboot and did that too. Problem is still happening. It also changed my home page to google.com (I changed it back). I also uploaded a picture of my task manager if that helps any.

Thanks!!!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 80.33%

cannot go on line with pc. get white screen. on laptop now. is there a way to down load a browser if I can't go on line?

Answer:google chrome got uninstalled how do i reinstall/findit.

You actually (probably) won't be able to just copy and paste the program onto the computer. Don't install the program on the PC, just copy the installer, then run the installer on the laptop.

8 more replies
Relevance 80.33%

Hi there,

I believe I have two problems, which may be separate or related, and I've had a look around the web to find some answers and have come to the conclusion that I probably need help from you guys! As the title suggests, I seem to have multiple versions of both iexplorer and chrome running at the same time, even when I am not running them at all. The processes are using large proportions of my system resources (around 10% cpu and roughly 66% of physical memory), thus making the pc slow. This is a real pain.
Also annoying is the intermittent re-direction of my browsers as they load a new web page, to move me onto some ads for lots of rubbish that I don't want.
These problems have been ongoing for a couple of weeks or so, but haven't been too much for me to cope with until the last couple of days when I have been busy on the pc.
I have done nothing to my machine to try to rectify the problem, except for searching the web to find out info on the problems.
Any help would be greatly appreciated.

 

Answer:multiple iexplorer and chrome processes running

User receiving assistance at different forum.
 

1 more replies
Relevance 80.33%

When I am using Chrome, Task Manager shows that I have multiple Chrome processes running. Currently I have 11 Chrome processes running. Earlier I had 17 Chrome processes running.

Is this normal? If not, how do I correct the problem?

Thanks
Matt

Answer:[SOLVED] Multiple Chrome processes running

This is normal. Chrome does this to help make it more stable. By having every window, tab, plug-in, web app, and renderer in its own process, this allows the browser to continue to function if any one of those components crashes or becomes unresponsive.

2 more replies
Relevance 79.46%

Please help me..... :(My google chrome is not working. I have tried following several attempts to repair but still not working1. from google support i have tried using Internet download manager2. i have renamed default folder from user data as backup and opened google chrome still its not working3. looked for SFC:/ SCANNOW command even though that also not helped me4. I have uninstalled chrome and installed chrome beta.... same can't open that too5.I have tried Revo uninstaller that also not working to repair From last 3 days i am siiting infront of my laptop for repairing google chrome but i couldnot make it proper.Chrome is my favourite browser but its not working what to do?? Please help me :(((((((((((((

Answer:google chrome cannot open showing google chrome stopped work

If you mark it best answer, it will close out this question and Justin will put a lil' star by my name. You are most welcome, glad to help.To err is human but to really screw things up, you need a computer!

6 more replies
Relevance 79.46%

This is a personal computer I use for school and play. My important information is already backed up to an external.
 
Last night my computer started to run extremely slow and I had an unexpected and very bad drop in frame rates. When I looked into my task manager I noticed several “Google Chrome” processes running. I stopped them then uninstalled Chrome. I restarted and looked back into the task manager and the processes were still there.
 
At this point I ran Microsoft Security Essentials with a quick scan and it did not find any threats. I set it to run a full scan at midnight and this morning the report still had nothing in it.
 
After finding this forum and beginning the preparation portion to posting a new topic I can no longer change any setting on my Windows Firewall I only receive an error message that says:
 
Windows Firewall can’t change some of your settings Error Code 0x80070422
 
Below is the DDS text and the attach.txt is uploaded. Thank you, any help is very appreciated.
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by AJ at 9:26:03 on 2015-01-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6028.2847 [GMT -6:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *... Read more

Answer:"Google Chrome" processes.

Well, since the average wait of 5 days is a long time, when it is nearly impossible to do any school work, I have not just been idle. While looking further into this I found this posted on YouTube buy Mr. RemoveVirus.
 
https://www.youtube.com/watch?v=HF3DcptRwuU
 
I know this is not the most reliable method to accomplish my desire for a functioning PC but I can't afford to just go buy a new one and I also can't have this one offline for so long.
 
So the progress report so far is 2 hours after "fix" and several restarts still no rogue "Google Chrome" processes and my computer CPU is not about to explode.
 
If anyone still reviews the above logs and sees anything that is a problem I will keep checking back here till the topic is closed. Hope this helps and thank you for any help in advance.

23 more replies
Relevance 78.88%

I've tried multiple anti-everything programs from Super Anti-Spyware, Malwarebytes, ComboFix, Spybot S&D, and various online scans that have found nothing, or found something but never fully cleaned my system. For a week or two, Google was being redirected to various ad sites, but after my system was "cleaned" everything was fine. Now today, anything remotely related to Google won't load at all. I've tried to manually remove the TDSS google-redirecting virus, but I have none of the files that supposedly come along with the virus.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Des at 14:42:16 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.... Read more

Answer:Infected with a virus that redirects Google, shows Google "not found nginx" also, no Youtube, Google Chrome or Google E...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

38 more replies
Relevance 78.59%

Hello. Recently my PC has become infected with the "Google Chrome" virus where a fake .exe posing as Chrome creates itself, runs itself, and opens many processes which hogs CPU and RAM. Deleting the .exe is no good because this virus recreates itself in a new random folder upon next PC startup and does its same thing again. I have already run Farbar Recovery Tool, so attached are my FRST and Addition txts.
 

Answer:Fake Google Chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 78.59%

Noticed other people having the same issue. Hopefully this can get fixed.
 

Answer:Fake Google Chrome processes

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

1 more replies
Relevance 78.59%

My computer started running really slow when I logged on today and websites were taking forever to load.  I noticed that there is a process called Neweozpowt.ext*32 running 10 or more times in the task manager and I can't kill them as they respawn.  Please help

Answer:Fake Google Chrome processes

Please disregard found the issue with help from Farbar recovery tool.

2 more replies
Relevance 78.59%

Need help removing fake Google Chrome processes. Google Chrome is not even installed on this PC. Please provide some help.
 

Answer:Google Chrome Processes killing CPU

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 78.59%

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

Answer:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

16 more replies
Relevance 78.59%

Twin-Headed Eagle. I have a chrome.exe file in windows task manager that I cannot 'end process' because I think caused by ransomware blocker. This is on another desktop and Chrome browser is locked shut. I have tried to follow your instructions above and cannot get past Farber recovery scan tool installation which will download but not install - just does nothing even if I try to run as admin. Can you please help.
 

Answer:Can't kill Google Chrome processes

I got Farber to run from the networked second desktop - it seems malware/ransomeware has prevented it from running on the affected desktop. Attached are the files.
 

2 more replies
Relevance 78.59%

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

Answer:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 78.59%

Hi, this is the 3rd time I am making a thread about the fake Google Chrome processes. When I made the first two threads, TwinHeadedEagle helped me to remove the virus so it wouldn't recreate itself on startup, but it always eventually came back. I have come to discover that the virus comes back when I launch Internet Explorer. I rarely use that browser, and noticed then when the last time I opened it up the malware immediately re-created itself and started opening itself. Of course I could be wrong about IE being the cause, but this is what it seems to be.

Anyway, I need help removing it again.

Attached are fresh FRST and Addition .txts.
 

Answer:Google Chrome processes malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 78.59%

No idea where to begin with this. Please help!
 

Answer:Fake Google Chrome Processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
===================================


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware wa... Read more

7 more replies
Relevance 78.59%

Apparently our family PC has been infected with the Many Google Chrome Processes bug - anywhere from 3 to 20 instances. After reading through a few forums it appears the solution may vary from case to case. The file location of the GoogleChrome process lead me to the hidden EmieBrowserModeList folder.

After running MBAM the GoodleChrome process are gone for now, but I'm not confident that all is well, so here are the log files. THANKS in advance!

MBAM.TXT

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 12/29/2014 11:01:13 PM, SYSTEM, ROTHPC_II, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/29/2014 11:01:13 PM, SYSTEM, ROTHPC_II, Manual, Rootkit Database, 2014.11.18.1, 2014.12.29.2,
Update, 12/29/2014 11:01:37 PM, SYSTEM, ROTHPC_II, Manual, Malware Database, 2014.11.20.6, 2014.12.30.2,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan, 12/30/2014 12:27:10 AM, SYSTEM, ROTHPC_II, Manual, Start:12/29/2014 11:01:54 PM, Duration:1 hr 20 min 45 sec, Threat Scan, Completed, 7 Malware Detections, 21 Non-Malware Detections,
(end)

DDS "ATTACH.TXT"
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2012 5:29:11 PM
System Uptime: 12/30/2014 12:28:10 AM (0 hours ago)
.
Motherboard: MSI | | 2AE0
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics | P0 | 3400/100... Read more

Answer:Google Chrome Processes (lots of 'em)

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

MBAM log is incorrect.
Please re-read instructions how to obtain proper log.
 

20 more replies
Relevance 78.59%

I just migrated Windows 7 from one SSD to another SSD today. I did not do any type of install - just cloned the drives and set up the new drive to be the boot master. I ran the ZOEK before I knew what I was supposed to do with requesting help from this forum, so I uploaded that log, too.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 78.59%

i saw that other users had this issue solved but that the fix files were created for their particular machines. i'm hoping to get the same kind of assistance.
 

Answer:more fake google chrome processes

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

C:\Users\morgan\AppData\LocalLow\{E7AE305C-39A3-4FFB-8910-E33B62A071E7}\Jcacvhbrtnb\tctmnaabyyis
HKU\S-1-5-21-4241491024-506926899-3993154103-1000\...\Run: [Cmhysiwv] => regsvr32.exe /s "C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}\Cmhysiwv.dll" <===== ATTENTION
C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131147,20033,0,25,0
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not w... Read more

5 more replies
Relevance 78.59%

Can't rid this computer of Google Chrome processes. Please Help. Regards,
 

Answer:Help on getting rid of Yusmsqa.exe *32 Google Chrome Processes

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

C:\Users\Michael\AppData\LocalLow\ge3916\Rekootmimrma\Njeoyqcnkfo
HKU\S-1-5-21-1158752609-1568451080-3026114070-1000\...\Run: [xbxldamb] => regsvr32.exe /s "C:\Users\Michael\AppData\Local\Adobe\xbxldamb.dll" <===== ATTENTION
C:\Users\Michael\AppData\Local\Adobe\xbxldamb.dll
HKU\S-1-5-21-1158752609-1568451080-3026114070-1000\...\MountPoints2: {150b4f78-205b-11e1-90ce-180373cf6b89} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1158752609-1568451080-3026114070-1000\...\MountPoints2: {dee0e048-c622-11e2-a605-180373cf6b89} - I:\vs_professional.exe
HKU\S-1-5-21-1158752609-1568451080-3026114070-1000\...\MountPoints2: {e7568d7c-3c34-11e1-ae63-180373cf6b89} - E:\LaunchU3.exe -a
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm003^S06473^us&si=COe98e7Vl7kCFazm7AodOXsAUw&ptb=1512B2A9-6982-4B94-A8BD-1BBDDC5BF9AE&ind=2013082423&n=77fd3337&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {1173C974-5F69-41D9-A250-859A1E710F26} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&l... Read more

6 more replies
Relevance 78.59%

I just ran my FRST scan while in safe mode. I don't know if that will affect the outcome of the log or going forward. I've had had this problem for a few days and haven't been able to stop and just post about it. Thank you very much in advance for assistance.
 

Answer:Fake Google chrome processes

Here is my addition file as well.
 

6 more replies
Relevance 78.59%

Hello,
 I see a couple other people have posted this same problem in the last few days so hopefully someone can help.
 I have got 5-20 processes running under image name Bcexfymkqard.exe*32. Description Google Chrome. I have never installed Chrome. It is sucking maximum bandwidth from my modem. Malwarebytes did not clean it.  Please help. Here are my FRST and Addition logs:
 
FRST:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by John (administrator) on JOHN-PC on 21-10-2014 08:33:05
Running from C:\Users\John\Downloads
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Locktime So... Read more

Answer:Need Help... Fake Google Chrome processes

Bumpety Bump.  Can anyone help me with this?

22 more replies
Relevance 78.59%

I would really appreciate any help with this, thanks.
 

More replies
Relevance 78.59%

A couple months ago I was here and tried to resolve this issue with dozens of google chrome processes showing up and slowing down my computer. It was suggested I post in a new area so more powerful tools could be used. I didn't have time to keep trying to resolve the problem because I needed to finish off other things but now I have time again since I still have the problem. It only goes away after I run JRT but once I restart the computer, the google chrome processes start up again. From what I could find out, the file is an iobit file probably from a program I use to have but have since deleted. Would appreciate any help in figuring out this problem, thank you.
 

 dds.txt   22.77KB
  1 downloads
 attach.txt   9.76KB
  0 downloads

Answer:suspicious google chrome processes

Hey my friend, Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

2 more replies
Relevance 78.59%

I need help with a fake google chrome problem. Many processes are running and slowing my computer way down. I've taken multiple steps to attempt to fix this but my problem is still here. please help me
 

Answer:Need help on fake google chrome processes

Here are zoek results, I realized they may be helpful. Like I said above, the problem is still afflicting my computer after this.
 

11 more replies
Relevance 78.59%

When I open my task manager, there is 13 chrome.exe running at the same time and I don't know why. Chrome is running even though I don't even have Google Chrome on this computer. I use Firefox. There is a lot of chrome.exe running when nothing is on either. My laptop is slowing because of this. I really need help to fix this.

Answer:A Lot of Google Chrome Processes on at a Time

Looks like the Chrome.exe virus. Do a full AV scan

13 more replies
Relevance 78.59%

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

Answer:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

8 more replies
Relevance 78.59%

The description pretty much says it all, I ran FRST and those files are attached.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 78.59%

As described, multiple fake Chrome processes. As opposed to just the fix, I'd also like any details you can give me about this issue and what causes it.
 

Answer:Fake Google Chrome Processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

9 more replies
Relevance 78.59%

Hi,

Since a week I've had multiple chrome.exe *32 processes running while having chrome open. All these processes also use a lot of memory and cpu capacity. I have already followed this guide (http://malwaretips.com/blogs/remove-chrome-exe-virus/) but the processes are still there. Ran full scans with several anti virus and malware programs like ESET, Adwcleaner, avast and roguekiller. I'm running out of options so I am hoping that anyone can help me.

Thanks in advance!
 

Answer:Multiple chrome.exe *32 processes running and constant anti-virus pop-ups.

You're missing Addition.txt report.

Attach here screenshot Avast alerts.
 

2 more replies
Relevance 78.59%

Yesterday, after my son used the computer, the IE10 history showed all kinds of spammy sites listed. There are multiple processes running of Krkelqjrcw.exe out of the user\appdata\locallow\yahoo folders. The process description says google chrome for each one.
 
I've run Roguekiller and malwarebytes. They both have identified the process, but have been unsuccessful in removing it.
 
Any guidance is GREATLY appreciated
 
Here is the DDS file
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Laura at 9:39:51 on 2014-11-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.1283 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mob... Read more

Answer:Possible Poweliks Infection - Multiple Processes Running Assigned to Chrome

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

14 more replies
Relevance 78.59%

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Ryan at 2014-10-30 11:09:36
Running from C:\Users\Ryan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Acronis True Image WD Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14184 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ANT Drivers Install... Read more

Answer:Multiple chrome processes running disguised in Apple folder

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies