Computer Support Forum

Fake Google Chrome exes in Task Manager

Question: Fake Google Chrome exes in Task Manager

I am experiencing the same issues as some of your other users with a Fake Google Chrome process residing my Task Manager screen. My issue on my Laptop began yesterday, after I tackled removing a dllhost.exe issue over the weekend. I thought I had done well to get rid of it, using information from your forum, but then this file showed up the next day.My file is titled "Immytfefs.exe" and it states that it resides in the "C:\Users\User\AppData\LocalLow\Adobe\nmvkurfye" directory.It says it is a Google Chrome process, but I have uninstalled that program, and it is still there. I have Norton360 and MalwareBytes running, and neither detect this issue. I have downloaded your FARBAR Recovery Tools and ran the process to create the First and Addition files. and will attempt to upload them with this issue request. [Can't upload] If anyone has answers to this, that would be much appreciated.I came to this forum, because I can see others are currently experiencing the same issues.Please let me know what I can do to resolve this.  I think this is a true virus...Sincerely,David I can't seem to upload the FRST and Addition files to this post, so maybe someone can help me with that also. FRST.txt************Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by User (administrator) on USER-PC on 11-11-2014 12:54:20Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMFWEVJLoaded Profile: User (Available profiles: User)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [138312 2011-07-20] (BUFFALO INC.)HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [581704 2011-07-14] (BUFFALO INC.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [BuffaloTools] => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [175176 2011-08-18] (BUFFALO INC.)HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [705496 2013-04-08] (CyberLink Corporation.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...\Run: [Power2GoExpress8] => NAHKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...\Run: [Oemwnzttjop] => regsvr32.exe /s "C:\Users\User\AppData\Local\Apps\Oemwnzttjop.dll" <===== ATTENTIONHKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnkShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x982E37DE3DBCCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3152762198-1509176925-3484532452-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {AE374D9C-2D1E-4C51-A515-0E42B85C2D68} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {AE374D9C-2D1E-4C51-A515-0E42B85C2D68} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)BHO: Privacy Safeguard BHO -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll No FileBHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-3152762198-1509176925-3484532452-1000: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)FF Plugin HKU\S-1-5-21-3152762198-1509176925-3484532452-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npCWAHostPlugin.dll ()FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npCWAVersionPlugin.dll ()FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-16]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-11]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-21]Chrome:=======CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx []CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-22]CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx [2014-09-22]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-22]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()S2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)S2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-06-17] (CyberLink)S2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-06-17] (CyberLink)S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation)S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] ()S2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)S2 TC2Service; C:\Windows\system32\TC2Service.exe [309320 2011-07-12] (BUFFALO INC.)S2 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134216 2011-07-20] (BUFFALO INC.)S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)R3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)S1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)S1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-17] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)S1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20141108.001\IDSvia64.sys [633560 2014-10-17] (Symantec Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)S3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141110.032\ENG64.SYS [129752 2014-10-17] (Symantec Corporation)S3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141110.032\EX64.SYS [2137304 2014-10-17] (Symantec Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)S1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-10-31] (Acronis)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-10-31] (Acronis)S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-06-18] (CyberLink Corp.)S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2011-09-06] (CyberLink Corp.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]U2 V2iMount; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-11 12:54 - 2014-11-11 12:54 - 00000000 ____D () C:\FRST2014-11-11 12:01 - 2014-11-11 12:01 - 00029921 _____ () C:\ComboFix.txt2014-11-11 11:49 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe2014-11-11 11:49 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe2014-11-11 11:49 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-11-11 11:49 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-11-11 11:49 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-11-11 11:49 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe2014-11-11 11:49 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe2014-11-11 11:49 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe2014-11-11 11:46 - 2014-11-11 12:01 - 00000000 ____D () C:\Qoobox2014-11-11 11:46 - 2014-11-11 12:00 - 00000000 ____D () C:\Windows\erdnt2014-11-11 11:46 - 2014-11-11 11:46 - 05598118 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe2014-11-11 11:44 - 2014-11-11 11:44 - 04163057 _____ () C:\Users\User\Downloads\tdsskiller.zip2014-11-11 11:29 - 2014-11-11 11:37 - 00000000 ____D () C:\AdwCleaner2014-11-11 11:28 - 2014-11-11 11:29 - 02140160 _____ () C:\Users\User\Downloads\adwcleaner_4.101.exe2014-11-11 11:26 - 2014-11-11 11:26 - 00008579 _____ () C:\Users\User\Documents\JRT111114.txt2014-11-11 11:25 - 2014-11-11 11:25 - 00008579 _____ () C:\Users\User\Desktop\JRT.txt2014-11-11 11:23 - 2014-11-11 11:23 - 00000000 ____D () C:\Windows\ERUNT2014-11-11 11:22 - 2014-11-11 11:22 - 01706808 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe2014-11-11 09:55 - 2014-11-11 09:55 - 00135207 _____ () C:\Users\User\Desktop\remove.reg2014-11-10 23:15 - 2014-11-10 22:26 - 00271360 _____ () C:\Users\User\AppData\Local\Apps\Oemwnzttjop.dll2014-11-10 13:08 - 2014-11-10 13:08 - 00323616 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller.exe2014-11-10 12:58 - 2014-11-11 12:29 - 00000000 ___RD () C:\Users\User\Dropbox2014-11-10 12:58 - 2014-11-10 12:58 - 00001037 _____ () C:\Users\User\Desktop\Dropbox.lnk2014-11-10 12:56 - 2014-11-10 12:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-10 12:54 - 2014-11-11 12:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox2014-11-09 11:35 - 2014-10-03 10:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe2014-11-04 15:45 - 2014-11-04 15:45 - 00000138 _____ () C:\Users\User\Desktop\Survival Shelter.url2014-11-03 13:15 - 2014-11-03 13:15 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment2014-10-17 20:19 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-17 20:19 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-17 20:19 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-17 20:19 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-17 20:19 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-17 20:19 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-17 20:19 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-17 20:19 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-17 20:19 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-17 20:19 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-17 20:19 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-17 20:19 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-17 20:19 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-17 20:19 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-17 20:19 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-17 20:19 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-17 20:19 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-17 20:19 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-17 20:19 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-17 20:19 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-17 20:19 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-17 20:19 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-17 20:19 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-17 20:19 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-17 20:19 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-17 20:19 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-17 20:19 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-17 20:19 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-17 20:19 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-17 20:19 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-17 20:19 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-17 20:19 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-17 20:19 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-17 20:19 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-17 20:19 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-17 20:19 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-17 20:19 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-17 20:19 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-17 20:19 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-17 20:19 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-17 20:19 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-17 20:19 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-17 20:19 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-17 20:19 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-17 20:19 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-17 20:19 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-17 20:19 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-17 20:19 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-17 20:19 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-17 20:19 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-17 20:19 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-17 20:19 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-17 20:19 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-17 20:19 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-17 20:19 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-17 20:19 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-17 20:19 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-17 20:19 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-17 20:19 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-17 20:19 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-17 20:19 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-17 20:19 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-17 20:19 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-17 20:19 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-17 20:19 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-17 20:19 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-17 20:18 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-17 20:18 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-17 20:18 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-17 20:18 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-17 20:18 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-17 20:18 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-17 20:18 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-17 20:18 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-17 20:18 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-17 20:18 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-17 20:18 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-17 20:18 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-17 20:18 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-17 20:18 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-17 20:18 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-17 20:18 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-17 20:18 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-17 20:18 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-17 20:18 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-17 20:18 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-17 20:17 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-17 20:17 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-17 20:11 - 2014-11-11 12:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-17 20:11 - 2014-10-17 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-17 20:11 - 2014-10-17 20:11 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-17 20:11 - 2014-10-17 20:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-17 20:11 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-17 20:11 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-17 20:11 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-17 20:10 - 2014-10-17 20:10 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-11 12:53 - 2009-07-13 23:13 - 00957502 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-11 12:49 - 2012-09-13 05:31 - 00000000 ____D () C:\Users\User\Documents\Outlook Files2014-11-11 12:49 - 2012-09-11 18:47 - 01955204 _____ () C:\Windows\WindowsUpdate.log2014-11-11 12:36 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-11 12:36 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-11 12:28 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-11 12:28 - 2009-07-13 22:51 - 00116991 _____ () C:\Windows\setupact.log2014-11-11 12:07 - 2010-11-20 21:47 - 01447444 _____ () C:\Windows\PFRO.log2014-11-11 12:01 - 2014-04-22 13:37 - 00000000 ____D () C:\Users\dub_cm_auto2014-11-11 12:01 - 2012-09-21 14:55 - 00000000 ____D () C:\Users\David Lyons2014-11-11 11:59 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini2014-11-11 11:00 - 2012-09-13 08:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-11 10:20 - 2012-09-18 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe2014-11-11 00:06 - 2012-09-25 08:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer2014-11-11 00:04 - 2012-09-17 07:36 - 00000000 ____D () C:\Program Files (x86)\Google2014-11-11 00:02 - 2012-09-13 09:21 - 00000000 ____D () C:\Users\User\AppData\Local\Google2014-11-10 16:41 - 2012-09-23 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps2014-11-10 14:00 - 2014-04-29 10:17 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live2014-11-10 09:33 - 2012-09-13 09:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent2014-11-07 09:30 - 2012-09-27 07:01 - 00000000 ____D () C:\Users\David Lyons\My Excel2014-11-06 16:38 - 2014-09-25 08:53 - 00000000 ____D () C:\Users\User\AppData\Local\Mixxx2014-11-06 12:59 - 2014-09-25 08:44 - 00000000 ____D () C:\Program Files (x86)\Mixxx2014-11-04 09:19 - 2012-11-05 11:30 - 00000000 ____D () C:\Program Files (x86)\JustCloud2014-11-03 13:15 - 2012-09-13 15:57 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.02014-10-31 11:45 - 2012-09-19 21:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc2014-10-24 12:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-23 11:34 - 2012-09-11 18:00 - 00007641 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg2014-10-21 14:21 - 2013-10-28 08:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss2014-10-18 02:44 - 2009-07-13 22:45 - 05271432 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-18 02:42 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-18 02:22 - 2012-09-12 23:07 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-18 02:16 - 2013-07-23 02:00 - 00000000 ____D () C:\Windows\system32\MRT2014-10-18 02:04 - 2012-10-01 08:39 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-17 21:23 - 2012-09-12 23:13 - 00000000 ____D () C:\Windows\PCHEALTH2014-10-17 20:05 - 2012-09-13 09:01 - 00000000 ____D () C:\ProgramData\Norton2014-10-17 20:05 - 2012-09-12 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition2014-10-17 20:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-17 20:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-17 20:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration2014-10-17 20:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-17 20:04 - 2012-11-06 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar20002014-10-17 20:04 - 2012-11-01 14:58 - 00000000 ____D () C:\BUFFALO2014-10-17 20:04 - 2012-10-10 11:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.02014-10-17 20:04 - 2012-09-12 23:07 - 00000000 __RHD () C:\MSOCacheSome content of TEMP:====================C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyueic.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-09-10 13:44==================== End Of Log ============================ ADDITION.txt*******************Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014Ran by User at 2014-11-11 12:55:10Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMFWEVJBoot Mode: Safe Mode (with Networking)============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.2 - Adobe Systems Incorporated)Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.2.232 - Adobe Systems Incorporated)Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Amazon Cloud Player (HKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )BitTorrent (HKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version:  - )BUFFALO TurboPC EX (HKLM-x32\...\UN110613) (Version:  - )BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenC4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenCapture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.0 - NIKON CORPORATION)Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) HiddenCorel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) HiddenCreator NXT Content (x32 Version: 14.0.024 - Roxio) HiddenCrystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)CyberLink DVD Menu Template Pack (HKLM-x32\...\{0C8EBB00-4909-459C-8347-B2068B7F0319}) (Version: 2.0 - CyberLink Corp.)CyberLink Media Suite 11 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2109i - CyberLink Corp.)CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1202 - CyberLink Corp.)CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3306.54 - CyberLink Corp.)CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2402 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDaily Planner Journal 7.0 (HKLM-x32\...\{64E765CE-2E72-4B86-83C1-08E4216EF7BC}) (Version: 7.0.0.0 - R. E. G. Software)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenDivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)Dropbox (HKU\S-1-5-21-3152762198-1509176925-3484532452-1000\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)FontManagementSystem (HKLM-x32\...\{3F2E8044-BA23-4604-AB00-BB164410964C}) (Version: 4.3.0 - Summitsoft)foobar2000 v1.1.16 (HKLM-x32\...\foobar2000) (Version: 1.1.16 - Peter Pawlowski)GDR 5512 for SQL Server 2008 (KB2716436) (64-bit) (HKLM\...\KB2716436) (Version: 10.3.5512.0 - Microsoft Corporation)GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenHP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Officejet 6100 Basic Device Software (HKLM\...\{F68DC393-4115-4018-A8B6-600FAE86B218}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Insta Backup Gold (HKLM\...\Insta Backup Gold_is1) (Version: 3.0.0.0 - Stellar Information Systems Ltd)InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)JustCloud  (HKLM\...\JustCloud) (Version:  - JustCloud)LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)Logo Design Studio Pro (HKLM-x32\...\{58BC2FF4-68A5-4D8A-B0B0-33C2CDCA2F2D}) (Version: 1.5 - Summitsoft Corporation)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMediaInfo 0.7.64 (HKLM\...\MediaInfo) (Version: 0.7.64 - MediaArea.net)Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)Microsoft Lync Web App Plug-in (HKLM\...\{7F2142CA-6DC2-4F55-8F41-A1C1BFE11BBD}) (Version: 4.0.7577.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)Mixxx 1.11.0 (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidd

Relevance 100%
Preferred Solution: Fake Google Chrome exes in Task Manager

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Fake Google Chrome exes in Task Manager

Ran ESET Powelikscleaner.exe tool and did find Poweliks virus, and cleaned it.  Do not see the multiple files in Task Manager running behind the scenes.  Virus may have been involved with that!
Will keep the forum posted if any other files pop up.  Thanks for your help, and I am being patient...just reading alot of what others are experiencing.

3 more replies
Relevance 81.78%

Hi TwinHeadedEagle,
I have almost exactly the same problem running on my computer. I have run zoek, malwarebytes, and AdwCleaner and I still have the problem. Rather than create a new post in the forum I have just replied to this post since it seems so similar. I have now run Farbar and have attached the two logs. I also included a pic of my task manager showing the processes that keep loading. Can you help me? Thank you!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 81.78%

My computer was running slow so I went to my task manager and seen a whole bunch of Google Chrome processes running. I was confused at first because I don't even have Google Chrome installed. As I tried to stop the processes one at a time, more only popped up. Then I looked it up on the net, found others yall have helped on this site, and know there's something wrong. If possible, would like to know how and when the malware was installed as I have multiple students that use the pc and this is the first time ever had this happen, would like to know if it was a user doing something wrong by accident or on purpose (is even possible to know, but mainly would like to just get pc fixed!)

I right clicked and Disabled Antivirus AutoDetect (Norton); Downloaded zoek and have result log attached. Required a pc reboot and did that too. Problem is still happening. It also changed my home page to google.com (I changed it back). I also uploaded a picture of my task manager if that helps any.

Thanks!!!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 79.75%

I keep getting memory error's. So I opened up task manager and I have about 10 instances of Google Chrome running and they keep multiplying. I don't even have Google Chrome on my machine.
 

Answer:Fake Google Chrome in task manager

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

4 more replies
Relevance 78.88%

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

7 more replies
Relevance 78.88%

When I restart from Sleep, I have windows open that look like a browser with various ads in them. I looked in my task manager and saw a number of Chrome processes named Wgvsgnxdj.exe *32 that use about 20% of the CPU. When I end the processes, they restart on their own. The processes are all located in the AppData/LocalLow/Adobe/zqjpwqzm folder.

Can you please help me out? I have scanned with MalwareBytes, MaAfee, SpyBot 2, and tdsskiller. None of these have found anything.

I have attached FRST scan logs.

Thank You!
 

Answer:Fake Google Chrome Processes in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 77.43%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 77.43%

A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 77.43%

Strider said:


A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.Click to expand...

I had the same issue. Hopefully you can help. File attached. The google chrome process was called "Eskuyiyifxt.exe*32"
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 75.69%

Infections date probably on 10/26/2014. Fake google chrome processes (a lot of them) are running in the task manager, hogging memory and CPU. Computer is slow.

The process name is listed as Mjjckmsq.exe *32 in task manager, and is running from the location....
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\Uuiputi\fzsdleeocr
.....as mentioned by task manager when I right-click on the process and ask to open file location.

This EmieUserList is a hidden folder and is not visible in the LocalLow folder even if I enable the "show hidden files and folders" option.

I have run the Farbar Recovery scan tool and have attached the results with this post.

Please let me know if there is anything else I can do to help solve this problem.
 

Answer:Fake Google Chrome processes named Mjjckmsq.exe *32 in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 75.69%

Hello,

First off, I'm a new member to the forum and I would like to express my sincere appreciation for help resolving this problem. I'm usually able to clean up malware but have not been successful in this case. As I've read through the furum, I've noticed other posts with a similar issue so this must be something new going around.

The issue I have is popups (always three windows) which became noticeable about five days ago and prompted my actions. I have two accounts on the infected PC and the issue is present on one account while the other account is free of the issue. As I investigated, I noticed a fake google chrome entry in the processes tab of the task manager. Its name is "cphngsji.exe*32" and its listed description is "google chrome." There are 10 to 15 entries in the task manager and it varies increasing and decreasing randomly. The randomly increasing and decreasing entries are visible and correspond to peaks and valleys in the CPU usage trace on the performance tab of the task manager. I also have an issue with the CPU fan running a great deal of the time when the infected account is active. This began several months ago and I now believe it is a result of this infection.

So far I have run my antivirus (McAfee), a tool called SUPERAntiSpyware Free Edition. They were able to find and fix other bugs but not this one. I also ran a McAfee tool called 'GetSusp' which identified three PUP's and one Assumed Dirty ... Read more

Answer:Fake google chrome entry in task manager causing popups and system slowness

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wa... Read more

7 more replies
Relevance 75.69%

The process name is listed as wgjbmmc.exe *32 in task manager.
When I 'Open file location' it is located at...
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\pgngpdf\zhgekhrmttku

I attached the FRST results files.

Thank you
 

Answer:Fake Google Chrome processes named wgjbmmc.exe *32 in task manager slowing computer down

Hello.
Uninstall Microsoft Security Essentials

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

Start
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\Software\Classes\.exe: => <===== ATTENTION!
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\Run: [Wkudeas] => regsvr32.exe /s "C:\Users\Jeff\AppData\Local\{CB212118-3492-4DED-963D-DAB6283A1E07}\Wkudeas.dll" <===== ATTENTION
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {08c6c7e4-0e4a-11e0-9774-96bca1c77bb5} - G:\setup.exe -a
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {e5848bdb-fdad-11e1-8325-8bf135db7bca} - G:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that bo... Read more

8 more replies
Relevance 95.12%

Could you please help me considering this is my work computer. I have added both files from the program I downloaded from your website first64
 

Answer:Help with fake chrome in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 93.07%

My laptop runs slower than usual and is creating new folders in weird places. I did notice task manager processes for chrome and did an online search to find a few connected to fake processes like
programdata\ntuser.pol and programdata\Roaming and windows\XSxS.

I ran MGlogs and attached the zip that was one my desktop after it completed.
 

Answer:Task Manager Shows Fake Chrome Processes

Can you upload all of the other requested logs please?

I will post to procedures for your reference.

READ & RUN ME FIRST - Malware Removal Guide
 

10 more replies
Relevance 92.25%

My computer is being taken over by fake chrome processes using the vast majority of my CPU.

Answer:Massive amounts of CPU being used by a Fake chrome process in task manager

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553421 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 86.92%

Hi, I just found a neat little feature in Google Chrome and I'd like to share it with others who might not have noticed it.

First you'll click the wrench in the top-right of your browser.



Then navigate to the option 'View Background Pages'

Then in the open window you can manage the processes Chrome is currently using. To get a more detailed look click the 'Stats for nerds' option.




And you should find yourself at a page that looks like this:



Hope this helps!

More replies
Relevance 86.1%

Basically every time i start up chrome about 5-8 other chrome.exe 32s appear. 
Side note: its only doing it in chrome, i tried opening internet explorer and no .exe appeared in my task manager. 
They are slowing my browser massively, any help will be greatly appreciated.  

Answer:Multiple Google chrome .exe 32 in task manager

Why Does Chrome Have So Many Open Processes

10 more replies
Relevance 85.28%

Should I have 6 svchost.exes in my Task Manager process log? I have beed trying to find information on this process via Google.com, but I am so confused as to what it all means. Some places say it's vital, others say that only 4 should be up and others say they are viruses or malware. Does anyone have any info for me? I will post my hijack this log in a few minutes.

DJ
 

Answer:6 svchost.exes in Task Manager??

Relax a bit. Old post of mine, and I will look for it, lead me to the fact that each occurrence of svchost is tied to a specific DLL. I posted the same query a while ago. Will post back the link when I find it. Bazza

===



LoneGreyWolf20 said:



Should I have 6 svchost.exes in my Task Manager process log? I have beed trying to find information on this process via Google.com, but I am so confused as to what it all means. Some places say it's vital, others say that only 4 should be up and others say they are viruses or malware. Does anyone have any info for me? I will post my hijack this log in a few minutes.

DJClick to expand...


 

5 more replies
Relevance 85.28%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 85.28%

I had been using AVG & found it adequate. I got this computer in fall 2009 with Windows 7 32-bit on it. Since then, I've been using Microsoft Security Essentials.But it never found anything, until this month.Nov 21, I decided to try AVG again. D/Led the 30 day trial version & ran it. It found 4 Trojans in less than an hour. There was a "buy right now" sales pitch - pushy already; I was suspicious. Deleted AVG on 26th.Dec 30, I found right away that my computer is infected with a serious, really active bit of Malware/virus. I don't know its name; it apparently settles into or at least uses a directory in Windows ... C:\\Windows\sysWOW\dllhost.exe is said to be the culprit. MalwareBytes was continuously blocking "ads," I guess they are, generated by dllhost.exe? Try as I may, I've not been able to do anything about it.(Update: I bought & used Malwarebytes in 2014, March thru July I think. It used a lot of CPU while running. Slowed me down. I thoughtlessly deleted it ... at least, I think I did.)The very frequent message that Malwarebytes is blocking outgoing "stuff" must have been generated by the virus itself, as MWB wasn't on here at that time. My CPU was running at=close to 100%. The main user seemed to be C:\Windows\SysWOW64\dllhost.exe.Dec 31, MSE found something!: Trojan:Win32/Powessere.A!reg - "severe, active." I said Remove it.Jan 1, MSE found Trojan:Win32/Powessere.A!reg - "severe, active" again. I said Quarantine it. I was in over my head.I'd "lost" my tru... Read more

Answer:More Badness & Task Manager Credits "Google Chrome"

Can you re-run malwarebytes this time remove the infections and post the new log.   Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile a... Read more

1 more replies
Relevance 85.28%

Hi,
 
I noticed a few days ago that my computer was running slow.  I opened the task manager and noticed that the dllhost.exe*32 was in my Task manager over 20 times.  I ran my antivirus and nothing came up, I have both Malware, and Comodo.  I read through some removal logs and found one that was the same issue as mine basically.  I downloaded the Farber Recovery Scan Tool.  At first, I didn't read ALL the way through it and ended up downloading someone else's fixlist.txt that was part of a reply.  At the time I just figured it was a blanket fix for everyone, didn't realize it was for that specific computer.  So I pressed fix and it seemed to work......temporarily.  I also deleted Chrome but it still pops up in my Task Manager although I don't have the program. 
 
So...now I have read more and am going to do this the right way.  I ran a new scan and am including it in the post.  Hopefully someone can help me fix the problem.  I really appreciate all the help. 
 
I have a HP Pavillion dm4, 64 bit, running Windows 7 Home Premium
 
Here are my logs:
 Addition.txt   40.46KB
  4 downloads
 

 FRST.txt   82.95KB
  5 downloads
 

 Shortcut.txt   81.92KB
  1 downloads
 
 
Any help would be greatly appreciated.  Thanks so much,
 
Mik

Answer:dllhostexe*32 and google chrome app appear over 20 times each in Task Manager.

Hi Mik,please do the following steps:Step 1Please download this attached
 fixlist.txt   2.7KB
  7 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

17 more replies
Relevance 84.46%

It only started today and is really annoying me. After i've opened Internet Explorer, multiple IEXPLORE.EXEs start appearing in my task manager. ive looked at other forums for solutions and none work. Here is my HiJack log. Only 2 IEXPLORE.EXEs are shown, but many more appear.


Logfile of HijackThis v1.99.1
Scan saved at 14:04:52, on 22/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Philips\Sound Agent 2\qvecplsk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\winldra.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\DRIVERS\C... Read more

Answer:Multiple IEXPLORER.EXEs in task manager

Please download SSA Kelogger Clean Immediately: http://research.sunbelt-software.com/ssaclean.cfm Install it and run it.

Next download Zone Alarm, or an alternative FireWall.

4 more replies
Relevance 84.46%

I have two versions of "explorer.exe" running in Task Manager:

C:\Windows\Explorer.exe
C:\Windows\Explorer.EXE

Are both of these legitimate in Vista?

Thanks

P.S. Explorer crashes very frequently...
 

Answer:Two Explorer.exes In Vista Task Manager

Well, thanks a lot, experts.
 

2 more replies
Relevance 84.05%

I am suddenly unable to use Google Chrome (nothing happens), task manager (nothing happens). I have tried clicking on a system Reset, nothing happens. I have tried a restore, message says it is unable to start restore. PC is taking ages to come on and switch off.

Other things are slow. PC is practically unusable. Any suggestions?

Answer:Reset, task manager, Google Chrome plus other things not working

Do a repair install.
It will allow you to keep your files, settings and apps.
No product key is required.
Activation is automatic.
Repair Install Windows 10 with an In-place Upgrade

14 more replies
Relevance 84.05%

hello I have been playing with this multiple google chrome processes in task manager past few days it is malware but haven't been successful in removing it I have traced file to multiple disguised fake folders it created saved the location in note pad and booted computer in safe mode deleted the folder only to have it reappear in a new folder it created.  done this three times before investigating more on line about the issue. if im understanding correctly it requires a more practiced hand than my own to fully remove it I will post a farbar txt of its findings in this chat and if anyone is available to walk me through how to remove it I would greatly appreciate your time and help I hate  to say this but I really admire this one normally I can handle basic malware but this is really out of my league
I work during the day Monday through Friday 8 to 5 so any time during evenings or weekends I can really spend time and get this removed with a practiced hand
sincerely
EvilAxis
 
this is the current paths the infected folders took while I vainly tried to remove it doing the find folder reboot in  safemode and delete its  made quite a journey and is really a amazing little bug
 
1st attempt original location    C:\Users\Jason\AppData\LocalLow\AVG SafeGuard toolbar\Iqlhknlcn\Dyzpbxtjfb
 
jumped after safe mode delete and reboot
 
2nd  location          ... Read more

Answer:Multiple google chrome found in task manager on computer

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.  Please post the addition.txt as well.

5 more replies
Relevance 84.05%

My lap top is running slow my google has been taken over by yahoo and i have lots of chrome,exe*32 files in mt task manager. i've removed yahoo as my search and put google as my deault but yahoo just comes back again. i havent used the lap top in a while my daughter uses it more she doesnt know whats happened, im a complete novice and dont know one end of the lap top from the other so will need a patient helper and no pc jargon as i wont understand, im not even sure if ive posted this thread right.
thanks
 

Answer:google taken over by yahoo and lots of chrome.ex*32 files in task manager

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

11 more replies
Relevance 82.41%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 80.77%

Computer running very slow, a couple of dozen tasks show up in Windows Task Manager with Image Name Nuyxhacoxa.exe having Decription 'Google Chrome'.

Chrome has been uninstalled from the system.
 

Answer:Malware/Virus infection - dozens of jobs showing in task manager with Description = 'Google Chrome'

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 77.08%
Answer:In windows task manager: 8 chrome procceses in chrome built in task manager: 4 procceses

that's normal, Chrome uses multiple processes to increase stability/performance.
 

1 more replies
Relevance 74.21%

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

Answer:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

20 more replies
Relevance 72.57%

The Current Issues and Steps Taken pretty much cover it. Any help would be much appreciated!
 

Answer:Fake Chrome task after opening Steam

Hello,

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

1 more replies
Relevance 71.34%

Hello a computer at our company was recently infected by a fake antivirus program. More than one apparently one called Anti-Malware Pro and Security Master AV. Also a browser hijacker that keeps taking me to Gala.com.

I already deleted what I could of the fake antivirus programs but it seems to be recreating parts of itself.

I am also unable to open task manager. I am unable to activate it even when I use gpedit.msc. I tried various fixes but was unable to enable the task manager so I can not see what processes are going on. The button used to be greyed out but after a few fixes I was able to make the button appear but clicking on the task manager button does nothing.

I would also like to know how to make the search function more powerful because it is unable to see files I know that exist and am looking at hidden in certain places. Can I enable it to scan all locations on my C: drive? For example it was unable to find this file SM3c38.exe using it but luckily I was able to trace the location of it due to another file linking to it.

Thanks for the help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by djackson at 17:44:17.35 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.375 [GMT -5:00]

AV: Security Master AV *On-access scanning enabled* (Updated) {8694A4DD-598A-47BE-87C3-CF75716861EC}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ... Read more

Answer:Fake antivirus removal + task manager

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

2 more replies
Relevance 71.34%

I have had TwinHeadedEagle help this last week at this link: http://malwaretips.com/threads/fake...dont-even-have-google-chrome-installed.35660/

It worked to remove fake google chrome malware, but now I have in the task manager under processes tab, many "dllhost.exe.*32" with description "COM Surrogate" that is basically doing the same thing as the other one. I try and end their process, but they just keep coming back. I tried to download the zoek.exe, and even after I disabled my antivirus, it said my security settings wouldn't allow the download, so I can't run the scan!

Help! Attached is what it looks like in my task manager and also, what it looks like in volume mixer.
 

Answer:FAKE COM Surrogate in task manager (dllhost.exe*32)

Hello,

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

9 more replies
Relevance 71.34%

Hi all,
 
First of all I want to say thank you, you are just wonderful guys and we are lucky to have you in our lives.
I've searched and found here similar posts by other users. But I thought it would be wise to troubleshoot this one together.
As one of the admin said that using some tools without the guidance of a professional troubleshooter\penetration tester is not recommended, so you know thought not to take the chances
 
Here is a log file from AdwCleaner
 
# AdwCleaner v5.102 - Logfile created 14/03/2016 at 19:38:48
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : h***z - DESKTOP-EN7P12P
# Running from : C:\Users\ha\Downloads\adwcleaner_5.102.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\ProgramData\mntemp
Folder Found : C:\Users\h***z\AppData\Local\Temp\Video Converter
Folder Found : C:\Users\h***z\AppData\LocalLow\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\acestream
Folder Found : C:\Users\h***z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
 
***** [ Files ] *****
 
File Found : C:\Users\h***z\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\h***z\AppData\Local\Go... Read more

Answer:While in Chrome mouse cursor move by itself and opened Google Chrome Task Manage

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please run the AdwCleaner tool and clean everything that was identified.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.Let me know what problems persists.

7 more replies
Relevance 70.93%

Help guys, this virus is really pissing me of to the point where I am about to chuck my pc out the window. On bootup I will not get any taskbar/start menu etc, alt+tab doesn't work or anything. I get a fake screen telling me I have been illegally downloading software, if I press CTRL+ALT+DELETE then I get no option to open the task manager, I don't have any administrator access. In safemode it will still boot with the message, no task manager still. I attempted to do a recovery from the safemode menu thing, but it will still boot into the virus screen. I am on windows 7, and I cannot run a hijack this log or anything .
 

Answer:Fake Piracy warnings! Cannot access task manager

Hi, lost4468

Welcome.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30

Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during t... Read more

3 more replies
Relevance 70.93%

Hi, recently I moved to a new apartment and the first day I was on the network I discovered a couple strange .exe files around my computer. I was stupid enough to click on one called "games.exe" that showed up in my shared network places folder, and since then I've had strange problems. For starters, the main symptom is that most non-microsoft .exe files have changed color quality to about 16 colors, and not just on the desktop, but EVERYWHERE on my computer (even the miniature icons in the start menu). What I have discovered is that clicking on any of these programs starts up a process called "Nvsvc32.exe" that causes my regular task manager to close immediately upon opening, and also makes my computer and internet unbearably slow. I can easily end this process using Security Task Manager, which sees this process as a 97% threat, but it starts back up any time any of the infected icons are accessed, either directly or indirectly. I understand that the real "Nvsvc32.exe" is an Nvidia driver file of some sort - this is merely a disguise that some sort of virus or worm is using. I have found the malicious and self-regenerating .exe file in my C:\WINDOWS\system32\drivers folder, whereas the real "nvsvc32.exe" should and does reside in the C:\WINDOWS\system32 folder. I have spent several days searching the internet for these symptoms, but since all I really have to go off of is this fake .exe name which I assume is ... Read more

Answer:Fake Nvsvc.exe 97% threat in Security Task Manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 70.93%

Hello a computer at our company was recently infected by a fake antivirus program. More than one apparently one called Anti-Malware Pro and Security Master AV. Also a browser hijacker that keeps taking me to Gala.com.I already deleted what I could of the fake antivirus programs but it seems to be recreating parts of itself.I am also unable to open task manager. I am unable to activate it even when I use gpedit.msc. I tried various fixes but was unable to enable the task manager so I can not see what processes are going on. The button used to be greyed out but after a few fixes I was able to make the button appear but clicking on the task manager button does nothing.I would also like to know how to make the search function more powerful because it is unable to see files I know that exist and am looking at hidden in certain places. Can I enable it to scan all locations on my C: drive? For example it was unable to find this file SM3c38.exe using it but luckily I was able to trace the location of it due to another file linking to it.Thanks for the help.DDS (Ver_10-03-17.01) - NTFSx86Run by djackson at 17:44:17.35 on Wed 06/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.375 [GMT -5:00]AV: Security Master AV *On-access scanning enabled* (Updated) {8694A4DD-598A-47BE-87C3-CF75716861EC}AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Security Master AV *enabled* {8C5D978... Read more

Answer:Fake Anitivirus, browser hijack, and task manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 69.7%

Hello,
 
In my Windows task manager, I have  multiples file labeled " Dcvdpgzxc". It is listed as Google Chrome in the description and it is location is AppData/localLow/ Adobe. Please help me get rid of it
 
 
 
EDIT: I forget to mention this is the second time, this has happen on the same computer. I had it once, I rebooted the computer, then deleted the location it was in " AppData/LocalLow/* (it was located somewhere else before).

Answer:Fake Google Chrome.....

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi smoth1,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run ... Read more

14 more replies
Relevance 69.7%

So I was on my computer trying to find some cheap clothing websites and I happened to stumbled upon a video that I then watched but shortly after was asked to update my google chrome.. from reading other forms I am thinking there is a few people with a similar problem.. I didn't even realise it could have been a virus until my computer start to run a little slower so I googled it and came to this page. I downloaded FRST and done as the forum suggested although when I visited virustotal it said the file which I copied was not recognised so I'm just wondering what I should now do?
 
This was the forum I used, http://www.bleepingcomputer.com/forums/t/548427/fake-google-chromeexe-virus/

Answer:Fake Google Chrome.exe app

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient. Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Paste the logs in your posts, attachments make my work harder and more complicated. Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt!
Let's start and enjoy the fight! Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedpr... Read more

2 more replies
Relevance 69.7%

Hi, I am new to this site. I am drawn to this site because I am having the same "fake Google Chrome Malware" problem that several members have posted on this site recently. After googling for an hour, it seems this is the only place that offers viable solution!
 
I started to notice this a couple of days ago when the laptop was making loud noises even though I was not doing anything. From the task manger, there are over 15 fake chrome processes clogging up. I have Malwarebytes and Symantec installed, but they both failed to screen out the malware. I ran the Farbar Recovery Scan Tool as some the previous threads suggested and included the two txt files in this message.  Please help.
Thanks!
xun

Answer:Fake Google Chrome exe

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Malware WarningAll passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.
 Step 1
Please uninstall some programs:
... Read more

34 more replies
Relevance 69.7%

Hi,
 
New to the site and having issues with that google chrome .exe fake program.  It generates a bunch of the program and run it in process.  Could anyone help me?  I ran malwarebyte have norton installed and even ran AdwCleaner but its still there and causes my pc to lag and flashes sometimes.  Oh here is the 2 FRST files.
 
Edit:  After trying out some malware removal programs I seem to have been able to remove it and here is the updated FRST logs in case you catch anything else or if I didn't really solve the root of the problem.  Thank You.

Answer:Fake Google Chrome .exe

Can someone help and look to see if my pc is clean now?  Thanks

15 more replies
Relevance 69.7%

Hi,
  I may have a similar problem to the person who posted http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
  This seems to be a very new thing, because a Google search for it brings up mostly posts from this month, the only practical information about it is on this site, and standard anti-virus software seems to miss it entirely.
   This all started when I was browsing some sites about health food or exercise.  Suddenly, I was getting messages from Windows asking my permission to run regsrvr to register some dll, and I kept saying no, but it would come back up.  In the details, it said it was coming from some executable named by a really long random-looking string beginning with an X.
  There were a bunch of copies of that process in my task manager, taking up a lot of memory and CPU, and every time I tried to force-quit them, more appeared.  They show up in the task manager as Chrome, but the name of the process was this long string beginning with an X. It was an exe file under a strange folder within appdata/locallow/Adobe.
   I ran a quick scan with Windows Security Essentials, and also ran a custom scan of locallow, but it didn't find anything it thought was suspicious.
   I wanted to get back up and able to do stuff, so I rebooted in safe mode, reset my machine back a few days with system recovery, and deleted that entire folder inside appdata/locallo... Read more

Answer:Fake Google Chrome too

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552959 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

5 more replies
Relevance 69.7%

Please help me! I have read up a lot on the other people with this problem. A file called "rchnxsshh.exe" appears, and it's description is "Google Chrome" although I've uninstalled Chrome. When I open file location, it is in my appdata/locallow/ various folders. I've read this is a backdoor Trojan that has entered my system through a flash/java exploit present in past versions.

I'm generally capable and good with computers but I am not sure what to do, as all the other solutions have been machine/user specific. Please help! Thank you.
 

Answer:Fake google chrome .exe

Will upload Zoek scan soon. Also, I'm noticing this weird thing where it will scroll to the bottom of a web page or document after like, 5 seconds. Very weird and annoying.
 

2 more replies
Relevance 69.7%

Many instances of a fake Google Chrome are running in the background and I traced them using task manager to "Users/(My Name)/AppData/LocalLow/vprixmf". This is leading to a slow PC. A google search took me to this site and I found a thread with someone that had the same problem (http://malwaretips.com/threads/fake-google-chrome-virus-malware-cant-get-rid-of-this-thing.35419/). I did the scan with ZOEK but the fake Chrome is still present.
 

Answer:FAKE GOOGLE CHROME (10-20-14)

Hello,

In the top right corner of Chrome, click 3 lines, and then About Chrome. Picture of that windows would be good. If not, just tell me exactly what is written under Version.
 

10 more replies
Relevance 69.7%

I see that many people here are having the same problem, and have had success in resolving it in these forums, so this seems to be the place to go to get help. I've followed the instructions listed in the preparation guide, and have enclosed the FRST files. Thanks in advance for your help.
 

Answer:Yet Another Fake Google Chrome

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 69.29%
Answer:mshta hijacked and multiple instances of fake programs in task manager

Thanks for reading,

I have a windows xp laptop that is severly infected.
Mshta has been duped in task manager and there are other fake programs running. When connected to the web it redirects any search or address bar submissions. Home page redirects aswell even with it set via Internet options.

Avg didn't catch anything and acted as if it was operating 3 times it's normal speed which was very odd to me and it only found tracking cookies but a prompt popped up saying I needed to update before it could delet the tracking cookies....I called bs to that and downloaded rkill ran it and like magic my avg was terminated along with all the fake mshtas/fake programs. So I downloaded mbam,emsisoft,hijackthis,dds,gmer,defoger,superantispyware. Before I got started I tested the severity of reoccurances if I ended a fake proccess. Ending each in task manager was fine with no issues even the web would work with fewer redirects any time a page was closed a fake program would appear in the proccess list. I then ran mbam It found 7 Trojans they deleted fine but now the computer was slower than before and now mbam needed to update? I launched task manager and now instead of 8 mshtas running I now had 20 and other fake programs running. I ran rkill again but this time it didn't remove any fake processes from running. Any attemp at ending a fake proccess like before now results in access denied and a fatal error occurring shutting down with a timer. Says I have 1 min before the la... Read more

4 more replies
Relevance 69.29%

Hello TSGF,
I caught something-- your help is much appreciated!
-on desktop: "Warning: Spyware threat has been detected on your PC."
-popups, including "Your computer is working slowly",
"Warning: Your computer is infected..., "Click here", etc.
IE pages auto-opening with "Top-rated Spyware Removal..." etc. etc.
-"Task Manager has been disabled by your administrator"
Nothing new for you, yes?
Thank you very much---

My HJT log............

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:20 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2.e... Read more

Answer:Solved: Task Manager disabled, fake Spyware removal popups, etc.

Update---
I have run and/or am running
AVAST!, Spybot SD, and Ad-Aware,
Was told by "expert" that I have Zlob.trojan and/or smitfraud,
both of which reportedly may be cured via Spybot or Ad-Aware.
But still have same issues affecting:
Task Manager (not available)
Desktop (hijacked with spyware ad)
Toobar (regular ad/warning popups)
IE (regular ad/warning popups)
...please someone help soon--
been waiting for days-- thank you...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:59:41 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explo... Read more

2 more replies
Relevance 68.88%

Hello, I found this forum today when trying to determine if what I keep seeing on my laptop is actually a virus. Found a bunch of similar posts/responses here from people that seem to have been having the same problem as me. I keep noticing dozens of Google Chrome processes that are constantly running, slowing my laptop down. I don't see how it could possibly from Chrome, since I have uninstalled it from my laptop. Anyway, I need some assistance at this point. I have tried everything I know how to do. Any assistance or advice would be greatly appreciated. Thank you!
 

Answer:Trying to get rid of that fake Google Chrome .exe virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 68.88%

I'm at the affected PC to communicate and hopefully resolve this issue. Thanks for any help that you can give me. Tried to end process but keeps replicating and is using up large amount of memory. Google Chrome is not installed on this PC.
 

Answer:Fake google chrome process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

20 more replies
Relevance 68.88%

Have a Windows 7 Pro 64bit system that has multiple chrome.exe processes running. The system does not have Chrome installed.Have run a full virus check with NIS and it did not find anything.Ran TDSSKiller and it came back clean.Do you have any suggestions as to how I might remove the Trojan or virus that infected my system? Thank You,Decatur31

Answer:Fake google chrome ( browser.exe)

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkbox:
 
List Installed Programs
 
Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

2 more replies
Relevance 68.88%

I'm waiting on the Zoek application to complete. I'll then run FRST and attach the Zoek and FRST logs to this post.
 

Answer:Fake Google Chrome virus

Zoek results - .exe file still running after running Zoek. I may have been able to delete the "Temp" file it was in, but am afraid it is still in the registry and will re-load if the computer is rebooted.
 

3 more replies
Relevance 68.88%

Hello,
 I see a couple other people have posted this same problem in the last few days so hopefully someone can help.
 I have got 5-20 processes running under image name Bcexfymkqard.exe*32. Description Google Chrome. I have never installed Chrome. It is sucking maximum bandwidth from my modem. Malwarebytes did not clean it.  Please help. Here are my FRST and Addition logs:
 
FRST:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by John (administrator) on JOHN-PC on 21-10-2014 08:33:05
Running from C:\Users\John\Downloads
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Locktime So... Read more

Answer:Need Help... Fake Google Chrome processes

Bumpety Bump.  Can anyone help me with this?

22 more replies
Relevance 68.88%

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

Answer:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

8 more replies
Relevance 68.88%

I have a virus that creates a ton of processes that slows down my computer, and says its google chrome. It is in the appdata folder. What should I do?
John
 
Edit: I have a Windows 7, this is the folder for the program:
 
AppData\LocalLow\EmieBrowserModeList
 
The file name is srcgwulu.exe
 
To fix the problem, I tried to delete the file and contents in safe mode, but the file reappeared.

Answer:Fake google chrome virus

Here is the Farber Recovery Scan Tool
===========================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by John Rieth (administrator) on JOHNRIETH-THINK on 30-12-2014 00:52:28
Running from C:\Users\John Rieth\Downloads
Loaded Profile: John Rieth (Available profiles: John Rieth)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files (x86)\Th... Read more

3 more replies
Relevance 68.88%

As described, multiple fake Chrome processes. As opposed to just the fix, I'd also like any details you can give me about this issue and what causes it.
 

Answer:Fake Google Chrome Processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

9 more replies
Relevance 68.88%

My computer started running really slow when I logged on today and websites were taking forever to load.  I noticed that there is a process called Neweozpowt.ext*32 running 10 or more times in the task manager and I can't kill them as they respawn.  Please help

Answer:Fake Google Chrome processes

Please disregard found the issue with help from Farbar recovery tool.

2 more replies
Relevance 68.88%

Hello,

Early this year I started having problems with my browses. I got home page changes in both Firefox and Chrome. I tried using my Avast scan, always finding adware and such, but never actually solving the problem. After a few months, last week I tried running Netflix on my Chrome browser and I found out I had a fake Chrome version installed. I uninstalled it, erased all Chrome data left over in my machine and the program was gone. Only problem is the new Chrome installer didn't seem to work, both offline ad online versions. So I've been trying to fix this without luck. Today to my surprise, the fake Chrome is back on my desktop, only this time it doesn't appear in my Programs list or anywhere. When I looked at the root file it's a file called Setleaf. Please I need help getting rid of this fake program. It's already messing with my Firefox again and new adware is showing up everyday in my Programs list!

Hope you can give me a hand. Thx!
 

Answer:Fake Google Chrome nightmare!

Hello,
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

1 more replies
Relevance 68.88%

Hello. Recently my PC has become infected with the "Google Chrome" virus where a fake .exe posing as Chrome creates itself, runs itself, and opens many processes which hogs CPU and RAM. Deleting the .exe is no good because this virus recreates itself in a new random folder upon next PC startup and does its same thing again. I have already run Farbar Recovery Tool, so attached are my FRST and Addition txts.
 

Answer:Fake Google Chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 68.88%

Hello all, I recently have contracted a virus on my pc that is calling itself google chrome. I haven't ever downloaded google chrome and yet, it somehow is on my pc. It only shows up in my processes tab and I am unable to remove it as it recreates itself when I try to. It is hidden in my loval C: drive and has really messed with my computer as it now freezes quite often and is much slower than before. Can somebody help me out here. Thanks

Answer:Fake Google Chrome Virus

Please run Malwarebytes AntiMalware Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically. 1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation. 2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.  Click on Update Now, after Malwarebytes is updated click on Scan. If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan  You will be prompted to update Malwarebytes, to do so click on Update Now.   3)  The scan will automatically run now.   4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions   5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes   6)  Please post the Malwarebytes log. To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.  To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.   Please run AdwCleaner Please d... Read more

9 more replies
Relevance 68.88%

The process for me is named "uledyhxq.exe" and like i mentioned above, if you End Process/End Process Tree it causes it to duplicate like 'bunny rabbits' or 'gremlins'. The Folder of Origin is "C:\Users\ANUSTRT\AppData\LocalLow\Microsoft\Xjnxlhqx" yet I've noticed reappearing folders either in "C:\Users\ANUSTRT\AppData\LocalLow\Microsoft\" but also in the "C:\Users\ANUSTRT\AppData\LocalLow\Temp", "C:\Users\ANUSTRT\AppData\LocalLow\Sun", and "C:\Users\ANUSTRT\AppData\LocalLow\Adobe".

I also noticed that "AppData\LocalLow\Temp\ltotwuh", "AppData\LocalLow\Microsoft\Qzonkmt", "AppData\LocalLow\Adobe\Ivjczifql" folders have subfolders with closely resemble what you see in the "C:\Users\*USERNAME_HERE*\" directory.

I've attached my ADWCleaner & FRST scan logs
 

Answer:I too have a fake google-chrome infection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 68.88%

i saw that other users had this issue solved but that the fix files were created for their particular machines. i'm hoping to get the same kind of assistance.
 

Answer:more fake google chrome processes

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

C:\Users\morgan\AppData\LocalLow\{E7AE305C-39A3-4FFB-8910-E33B62A071E7}\Jcacvhbrtnb\tctmnaabyyis
HKU\S-1-5-21-4241491024-506926899-3993154103-1000\...\Run: [Cmhysiwv] => regsvr32.exe /s "C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}\Cmhysiwv.dll" <===== ATTENTION
C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131147,20033,0,25,0
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not w... Read more

5 more replies
Relevance 68.88%

Hello, my name is Michael and I have a virus on my computer. It disguises itself as Google Chrome. There are at least 30-40 of these suckers on my computer. I clearly know it's not ACTUALLY google chrome because of one simple reason.... I don't have Google Chrome on my computer. I am running 8.1 and ComboFix doesn't run on 8.1. The file is called ccbzyuln.exe with the chrome symbol. I see in my task manager. I'm also typing this on my phone. Last night I was playing on my PC perfectly fine. I play games such as DayZ and Counterstrike : Global Offensive. I was updating DayZ to the newest patch and I noticed it would spend a large amount of time being "BUSY WRITING TO DISK" I opened task manager and I see that 100% is on my disk tab and I'm stumped. Please help.
 

Answer:Google Chrome Fake program On my PC Plz Help!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 68.88%

Hello this morning I noticed my computer was slow. The file was coming from a folder called Locallow in my Appdata folder. I renamed the file and deleted that folder because I thought it would do the trick but it recreates 5 minutes later. I suspect I have a virus. It's a work laptop.

Answer:Fake google chrome.exe virus

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

9 more replies
Relevance 68.88%

I have a laptop that is running slow and after checking task manager I see several processes named Oigisuhyfs.exe and the description says that it is Google Chrome, I uninstalled Chrome, booted into safe mode and deleted the files in the Oigisuhyfs location but the virus just came back, after doing some research online I noticed that this was a recurring problem and read several posts on this website, all with a similar theme of instructions so I downloaded FRST and ran the scan, here are the results of the scan.......
 
Thanks in advance.

Answer:Fake Google Chrome virus

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire cont... Read more

14 more replies
Relevance 68.88%

I just migrated Windows 7 from one SSD to another SSD today. I did not do any type of install - just cloned the drives and set up the new drive to be the boot master. I ran the ZOEK before I knew what I was supposed to do with requesting help from this forum, so I uploaded that log, too.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 68.88%

I just ran my FRST scan while in safe mode. I don't know if that will affect the outcome of the log or going forward. I've had had this problem for a few days and haven't been able to stop and just post about it. Thank you very much in advance for assistance.
 

Answer:Fake Google chrome processes

Here is my addition file as well.
 

6 more replies
Relevance 68.88%

Like others on this site, I have been infected with a program that says it's Google Chrome but actually isn't.  Briefly, there is an executable file named “XSIAKQJE.EXE” (in Task Manager, the image name is the same with *32 afterwards) and has a description name of “Google Chrome” in Task Manager.  Google Chrome is not installed on the computer, nor any other Google application, but there are a minimum of 4 processes of this application running at the same time at any given time which easily goes up to 15 or so processes within a short period (<15 minutes) of computing.  As long as the internet connection is disabled, each running process is below 70mb of memory usage; after connection is made, 2-4 of the processes jump up to 100-400+MB of memory usage.  The application is running on an HP DV6T laptop computer, i7 Q720 Intel processor, 8gb ram, Windows 7 professional w/service pack 1 and all current updates performed.  The internet browser used is IE version 11.
 
Shown below is the DDS.txt file contents.  I have also attached the "attach.txt" file and 3 other files in a Zip file which details more specific information that I found while researching the behavior of this rogue application that I have not found others to have reported.  These 3 other files are in a Microsoft WinWord document - please let me know if that format is not able to be read.
 
I really do appreciate any help you can provide me... Read more

Answer:Fake Google Chrome application

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554736 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies
Relevance 68.88%

Apparently there's malware in my CPU. Getting errors stating Google Chrome has crashed and I do not use Google Chrome nor is it installed in my computer. Do I follow the Windows 7 malware removal procedure? Any help would be appreciated.
 

Answer:Fake Google Chrome errors

Yes.
 

7 more replies
Relevance 68.88%

TwinHeadedEagle helped me last week with a Trojan Ad Clicker virus. That seemed to have been fixed, but now having a different issue with a corrupt Google Chrome file. (even though I don't use Google Chrome or have even downloaded it)
 

Answer:Fake Google Chrome Process

Re-run FRST.exe as you did before ...
Download fixlist.txt that you find attached at the bottom of this post and save it same place you
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
 

4 more replies
Relevance 68.88%

Looks like my grandmother's computer has succumbed to some malware and she's not having too great a time with it. Any help would be greatly appreciated. Thanks, and Merry Christmas!
 

Answer:Fake Google Chrome malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 68.88%

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

Answer:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 68.88%

Hello,
 
Our HTPC got infected with virus:
C:\Users\Rita\AppData\LocalLow\Move Networks\Tssjgwzkpwxk\Qtnhygxoegxf\bewzwczd (bewzwczd.exe *32)
 
Here is FIRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Rita (administrator) on LIVINGROOMPC on 03-11-2014 12:57:41
Running from C:\Users\Rita\Desktop
Loaded Profile: Rita (Available profiles: Rita & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited                                                  ) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
() C:\Program Files\NVIDIA C... Read more

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554585 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 68.88%

Hello, I have followed the instructions for posting to this thread and uploaded the two documents from FRST. I am having the fake google chrome process virus as well, please help!
 

Answer:Fake Google Chrome Process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 68.88%

My computer is running super, super slow. When I open my task manager I find several (usually about eight) Google Chrome processes (with the image name of mnmtbcm.exe) going on all at once, all sucking up loads of memory and completely bogging down my computer... Annnnd I don't even have Google Chrome installed. So, something must be up.
 

Answer:Fake Google Chrome Virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 68.88%

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

Answer:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

16 more replies
Relevance 68.88%

My computer is running very slow. I found several Google Chrome processes (with the image name of okursqwayt.exe) going on all at once. I don't have Google Chrome installed.
 

Answer:Fake Google Chrome Virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

28 more replies
Relevance 68.88%

Same as the others. Up to 15 processess running under the guise of Google Chrome
 

Answer:Fake Google Chrome processess

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 68.88%

It looks like a bunch of other people here might be having similar problems with a Fake Google Chrome application running malware.... I'm having this problem too. I appreciate any help you can give me!
 

Answer:EmieSiteList Fake Google Chrome

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

5 more replies
Relevance 68.88%

No idea where to begin with this. Please help!
 

Answer:Fake Google Chrome Processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
===================================


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware wa... Read more

7 more replies
Relevance 68.88%

I need help with a fake google chrome problem. Many processes are running and slowing my computer way down. I've taken multiple steps to attempt to fix this but my problem is still here. please help me
 

Answer:Need help on fake google chrome processes

Here are zoek results, I realized they may be helpful. Like I said above, the problem is still afflicting my computer after this.
 

11 more replies
Relevance 68.88%

Hello and help! My infection began November 8. Task manager shows 10 to 15 processes with identical names jpokptfz.exe*32 Google Chrome, using up to 40% of CPU. The processes reappear immediately after ending manually. Chrome is not currently installed on my machine. Computer is running very slow; fake Google Chrome is causing high CPU usage. Also, today I uninstalled Java, but I can't delete folder appdata/locallow/Sun; looks like subfolders contain the fake Google Chrome .exe files. I ran SuperAntiSpyware, Malwarebytes Anti-Malware 2.0, and Norton 360 AV with no success.
 

Answer:Another Fake Google Chrome infection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 68.88%

Log for issue from this thread: http://www.bleepingcomputer.com/forums/t/555409/fake-google-chrome-slowing-computer/
 
Summary:  I run Windows 7.  Multiple processes labeled "Google Chrome" (which I do not have) had been slowing the computer.  I identified some of the files related to the issue, but when I deleted them they were recreated on next start-up.
 
I have not seen the processes running lately, but the related files are still present on the computer.  Norton and various malware removal programs have not identified or removed them.
 
DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Home at 1:20:57 on 2014-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4080 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted... Read more

Answer:Fake Google Chrome Infestation

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559154 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 68.88%

I have seen this same problem on the forums but I need a specific fix that works for me. There is a process that appears on startup that claims to be Google Chrome but obviously is not. You can't end the process and even when you boot into safe mode and delete the file, it just loads up from another location. It roams around in: C:/Users/gordon2/AppData/LocalLow. I found the same problem on another page on the forum but the fix that was used does not work for me due to file and folder names being different. Please create a fix like the one used in the other forum that I can use to remove this malicious process. http://www.bleepingcomputer.com/forums/t/551943/fake-google-chrome-processes/
 
I have attatched logs from FRST that will give you the information you need.
 
Also attatched is the fixlog.txt file that was used in the last forum, but does not work for me since the file and folder names are different.
 
Thanks for your help.
 
-Benjamin

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555149 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 68.88%

Mine is another case of fake Google Chrome processes running. I deleted the relevant files in the C:\Users\XXXX\AppData\LocalLow directory, but they start back up again! Thanks in advance for your help!
 

Answer:Another fake Google Chrome issue

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
==================================



Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Downl... Read more

4 more replies
Relevance 68.88%

Noticed other people having the same issue. Hopefully this can get fixed.
 

Answer:Fake Google Chrome processes

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

1 more replies
Relevance 68.88%

The description pretty much says it all, I ran FRST and those files are attached.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 68.47%

Hi,

I am having problems with my other computer. It seemed to be infected with a fake virus warning a few days ago and I rad a few virus scans and removed everything that was found. Since then, I have had numerous "Your computer is infected" popups in my System Tray that lead to AVCare opening up and beginning to run on its own. I cannot open Task Manager or some applications as an error pops up reading "Application cannot be executed. The file is infected. Please activate your antivirus software." This happens in Safe Mode too. When in Normal Mode the AVCare runs in about 5 different windows and I usually get around 10-15 System Tray Icons of the fake security center.

I am unsure what to do now, as I can only run some things and in Normal mode I get so many popups and AVCare windows that it becomes filled with the windows and system tray icons.

Please help me, anything is appreciated. Also, I am typing this on my other computer as I had trouble getting online with the infected computer, but that computer is accessible once I need to do something to start the process of healing it.

Thank you.

Answer:Fake Security Center, AVCare, Error Popup, CANNOT RUN TASK MANAGER or APPLICATIONS

You could try this scan:http://www.freedrweb.com/livecd

87 more replies
Relevance 68.06%

Ever since I did a clean install of my Windows 7 about 3 weeks ago, I have noticed that when I go to any website that has multiple pictures, my mouse freezes in the sense that I can't click on anything because it is busy and my task manager shows 50% of my CPU usage in a file named Chrome.exe *32. This never happened prior to my clean install. Why is it happening now? What would cause this?OS: Windows 7 64bit/Ubuntu 12.04 LTS 64bitCPU/Ram: E8500/8GB PC2-6400Manufacturer/Model: AVA Direct / Built online

Answer:50% cpu usage in Task Manager under Chrome.exe * 32

Maybe one of the installed plugins will cause this.Try to disable all plugins and restart Chrome.The enable the plugins step by step to figure out, which of them is the culprit.You can do this by typing:about:pluginsin the address bar.

7 more replies
Relevance 68.06%

These IE and chrome processes keep opening on their own. Internet was doing google redirect until I reset IE.

hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:56 PM, on 2/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Dale\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Dale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Users\Dale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dale\AppData\Local\Google\Chrome\Application\c... Read more

Answer:IE and chrome instances in task manager

6 more replies
Relevance 68.06%

Seem to have the same problem as every one else with the fake google chrome virus. please help. I am currently scanning with FRST and will have a log shortly.
 

Answer:Struck by the fake google chrome virus. help please

here are my scan results
 

6 more replies
Relevance 68.06%

My husband's PC has the same issue as I have seen on a few other topics.  He has  a fake google chrome executable running in the background.  I have run malware bytes and HitmanPro and cannot remove it.  Help would be appreciated.

Answer:Fake Google Chrome executable running on PC

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

22 more replies