Over 1 million tech questions and answers.

A Lot of Google Chrome Processes on at a Time

Q: A Lot of Google Chrome Processes on at a Time

When I open my task manager, there is 13 chrome.exe running at the same time and I don't know why. Chrome is running even though I don't even have Google Chrome on this computer. I use Firefox. There is a lot of chrome.exe running when nothing is on either. My laptop is slowing because of this. I really need help to fix this.

RELEVANCY SCORE 200
Preferred Solution: A Lot of Google Chrome Processes on at a Time

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: A Lot of Google Chrome Processes on at a Time

Looks like the Chrome.exe virus. Do a full AV scan

Read other 13 answers
RELEVANCY SCORE 74.8

Hello,
 
I'm trying to repair my parents computer. They were getting Trojan horse warning messages and crashing to blue screens. So far I have updated the BIOS and uninstalled all the browser addons and questionable apps I found on there PC. Since updating the BIOS it hasn't crashed to blue screen. However I'm getting a lot of lywqyjla.exe processes that say they belong to Google Chrome. I uninstalled Google Chrome and they are still there. Each of them is using varying amounts of memory and the CPU usage keeps spiking. I have run malware bytes and adw cleaner, each of them said they found and removed threats but these processes keep showing up.

A:Multiple Google Chrome processes running even though I uninstalled Google Chrome

Welcome to BC !
 
Run a scan using RKill. Read its description as to what it does. Once you have successfully run the scan, DO NOT reboot.
Proceed with the other scans. Reboot if the MBAM or other scans ask you to.
RKill Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then... Read more

Read other 1 answers
RELEVANCY SCORE 71.6

I noticed a lat jump after updating adobe. I checked my processes and there is a ton of Google Chrome Processes running. I did not have chrome loaded at that time. I have win 7. I have run bitfinder and it finds nothing wrong. I try ending them but they launch right back up. Bitfinder has found 430 infected web resource detected just today but it blocks it and says computer is safe. 
 
kraxzciwyk.exe*32  is the image name and the description is Google Chrome.

A:Lots of Google Chrome processes running but don't have chrome installed

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 16 answers
RELEVANCY SCORE 71.6

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

A:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 20 answers
RELEVANCY SCORE 70.8

My computer is running Windows 7.
 
About a week ago, I started getting messages saying "Google Chrome has crashed" when Google Chrome was not open. When I opened task manager, many Google Chrome processes under the same name were running. To try to fix the problem, I uninstalled Google Chrome, but the processes are still running.
 
Right now there are about 15 processes named "dlxyoesklw.exe *32" with the description "Google Chrome" in the task manager. The number of running processes changed frequently, and there are sometimes more than 30 running, all using various amounts of memory. When I press "End Process," more processes just appear.
 
If I press "Open File Location," it now takes me to C:\Users\Owner\AppData\LocalLow\EmieBrowserModeList\igsqvescqy\mwqvrxfk
If I try to delete the .exe file, it says "The action can't be completed because the file is open in Google Chrome. Close the file and try again" but of course Google Chrome is uninstalled.
 
Twice I have tried to delete the whole folder by restarting the computer and quickly deleting it before the processes launched. This did not work, as the processes still appeared after the file was deleted, and the folder relocated to a new one under \AppData\LocalLow\
The folder used to be in \AppData\LocalLow\EmieSiteList\ before it relocated.
 
I have G Data TotalSecurity 2014 installed but it did not find anything.
 
This behavior is very suspicious. What should I... Read more

A:Google Chrome processes running when Chrome is uninstalled

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 18 answers
RELEVANCY SCORE 66.8

This is a personal computer I use for school and play. My important information is already backed up to an external.
 
Last night my computer started to run extremely slow and I had an unexpected and very bad drop in frame rates. When I looked into my task manager I noticed several “Google Chrome” processes running. I stopped them then uninstalled Chrome. I restarted and looked back into the task manager and the processes were still there.
 
At this point I ran Microsoft Security Essentials with a quick scan and it did not find any threats. I set it to run a full scan at midnight and this morning the report still had nothing in it.
 
After finding this forum and beginning the preparation portion to posting a new topic I can no longer change any setting on my Windows Firewall I only receive an error message that says:
 
Windows Firewall can’t change some of your settings Error Code 0x80070422
 
Below is the DDS text and the attach.txt is uploaded. Thank you, any help is very appreciated.
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by AJ at 9:26:03 on 2015-01-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6028.2847 [GMT -6:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *... Read more

A:"Google Chrome" processes.

Well, since the average wait of 5 days is a long time, when it is nearly impossible to do any school work, I have not just been idle. While looking further into this I found this posted on YouTube buy Mr. RemoveVirus.
 
https://www.youtube.com/watch?v=HF3DcptRwuU
 
I know this is not the most reliable method to accomplish my desire for a functioning PC but I can't afford to just go buy a new one and I also can't have this one offline for so long.
 
So the progress report so far is 2 hours after "fix" and several restarts still no rogue "Google Chrome" processes and my computer CPU is not about to explode.
 
If anyone still reviews the above logs and sees anything that is a problem I will keep checking back here till the topic is closed. Hope this helps and thank you for any help in advance.

Read other 23 answers
RELEVANCY SCORE 66.4

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

A:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

Read other 8 answers
RELEVANCY SCORE 66.4

A couple months ago I was here and tried to resolve this issue with dozens of google chrome processes showing up and slowing down my computer. It was suggested I post in a new area so more powerful tools could be used. I didn't have time to keep trying to resolve the problem because I needed to finish off other things but now I have time again since I still have the problem. It only goes away after I run JRT but once I restart the computer, the google chrome processes start up again. From what I could find out, the file is an iobit file probably from a program I use to have but have since deleted. Would appreciate any help in figuring out this problem, thank you.
 

 dds.txt   22.77KB
  1 downloads
 attach.txt   9.76KB
  0 downloads

A:suspicious google chrome processes

Hey my friend, Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Read other 2 answers
RELEVANCY SCORE 66.4

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

A:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

Read other 16 answers
RELEVANCY SCORE 66.4

Apparently our family PC has been infected with the Many Google Chrome Processes bug - anywhere from 3 to 20 instances. After reading through a few forums it appears the solution may vary from case to case. The file location of the GoogleChrome process lead me to the hidden EmieBrowserModeList folder.

After running MBAM the GoodleChrome process are gone for now, but I'm not confident that all is well, so here are the log files. THANKS in advance!

MBAM.TXT

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 12/29/2014 11:01:13 PM, SYSTEM, ROTHPC_II, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/29/2014 11:01:13 PM, SYSTEM, ROTHPC_II, Manual, Rootkit Database, 2014.11.18.1, 2014.12.29.2,
Update, 12/29/2014 11:01:37 PM, SYSTEM, ROTHPC_II, Manual, Malware Database, 2014.11.20.6, 2014.12.30.2,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan, 12/30/2014 12:27:10 AM, SYSTEM, ROTHPC_II, Manual, Start:12/29/2014 11:01:54 PM, Duration:1 hr 20 min 45 sec, Threat Scan, Completed, 7 Malware Detections, 21 Non-Malware Detections,
(end)

DDS "ATTACH.TXT"
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2012 5:29:11 PM
System Uptime: 12/30/2014 12:28:10 AM (0 hours ago)
.
Motherboard: MSI | | 2AE0
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics | P0 | 3400/100... Read more

A:Google Chrome Processes (lots of 'em)

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

MBAM log is incorrect.
Please re-read instructions how to obtain proper log.
 

Read other 20 answers
RELEVANCY SCORE 66.4

Twin-Headed Eagle. I have a chrome.exe file in windows task manager that I cannot 'end process' because I think caused by ransomware blocker. This is on another desktop and Chrome browser is locked shut. I have tried to follow your instructions above and cannot get past Farber recovery scan tool installation which will download but not install - just does nothing even if I try to run as admin. Can you please help.
 

A:Can't kill Google Chrome processes

I got Farber to run from the networked second desktop - it seems malware/ransomeware has prevented it from running on the affected desktop. Attached are the files.
 

Read other 2 answers
RELEVANCY SCORE 66.4

I would really appreciate any help with this, thanks.
 

Read other answers
RELEVANCY SCORE 66.4

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

A:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 10 answers
RELEVANCY SCORE 66.4

My computer started running really slow when I logged on today and websites were taking forever to load.  I noticed that there is a process called Neweozpowt.ext*32 running 10 or more times in the task manager and I can't kill them as they respawn.  Please help

A:Fake Google Chrome processes

Please disregard found the issue with help from Farbar recovery tool.

Read other 2 answers
RELEVANCY SCORE 66.4

Hello,
 I see a couple other people have posted this same problem in the last few days so hopefully someone can help.
 I have got 5-20 processes running under image name Bcexfymkqard.exe*32. Description Google Chrome. I have never installed Chrome. It is sucking maximum bandwidth from my modem. Malwarebytes did not clean it.  Please help. Here are my FRST and Addition logs:
 
FRST:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by John (administrator) on JOHN-PC on 21-10-2014 08:33:05
Running from C:\Users\John\Downloads
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Locktime So... Read more

A:Need Help... Fake Google Chrome processes

Bumpety Bump.  Can anyone help me with this?

Read other 22 answers
RELEVANCY SCORE 65.6
RELEVANCY SCORE 65.6

I have multiple processes on Google Chrome running in the background and almost every time I open a new tab I get re-directed to ads / virus. I've ran a lot of different program and they all come up empty so I hope you can help.
 
Here are logs from FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Niklas (administrator) on DESKTOP-2GDOA4M (22-05-2016 11:20:24)
Running from C:\Users\Niklas\Downloads
Loaded Profiles: Niklas (Available Profiles: Niklas)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Pr... Read more

A:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Duplicate post.This topic will be closed.

Read other 0 answers
RELEVANCY SCORE 65.6

I have multiple processes on Google Chrome running in the background and almost every time I open a new tab I get re-directed to ads / virus. I've ran a lot of different program and they all come up empty so I hope you can help.
 
I've attached logs from FRST:
 

 Addition_22-05-2016_11-21-16.txt   38.41KB
  1 downloads
 

 FRST_22-05-2016_11-21-16.txt   59.83KB
  2 downloads

A:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Duplicate post.This topic will be closed.

Read other 1 answers
RELEVANCY SCORE 65.6

Howdy,
 
New here, seem to have the same problems as many others.  Fake browser.exe processes.
 
I ran FRST as admin, here are my logs.
 
Any help is appreciated.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014
Ran by David_2 (administrator) on BOUNTIFUL on 29-08-2014 15:08:55
Running from C:\Users\David_2\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(CrossLoop) C:\Users\David_2\AppData\L... Read more

A:Another Fake Google Chrome (browser.exe) processes

Hi there,please do the following:Step 1Please download this attached
 fixlist.txt   357bytes
  8 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

Read other 5 answers
RELEVANCY SCORE 65.6

Hello,
 
I believe I am having a similar issue to this thread:
 
www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
On my customer's computer, I keep getting processes showing up in task manager that are called browser.exe *32 (identified as Google Chrome) even though Chrome is not installed on the PC.  I traced the processes to the User/AppData/LocalLow/ and the folders they are coming from are called NarratorHagg and VolunteerJawa.  I have deleted them in safe mode but they keep regenerating.
 
I ran the FRST scan and I will post my scan log below.  Any help is appreciated!
 
---------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by fogal3 (administrator) on ORTHOWS3 on 26-08-2014 16:02:22
Running from C:\Users\fogal3\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/to... Read more

A:Fake Google Chrome processes (browser.exe *32)

Hello,please do the following:Step 1Please download this attached
 fixlist.txt   2.58KB
  37 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Make sure the option Addition.txt (under Optional Scan) is checked.Press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 7 answers
RELEVANCY SCORE 65.6

Hi - I'm new here, and found that I'm having a similar (same?) problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
I don't have Google chrome installed, but I see multiple processes running (named browser.exe) with Google Chrome as the description.  I also found that the process was being run from C:\Users\%USERNAME%\AppData\LocalLow\EmieSiteList\Ytybvruxk\gaynsmnsbl - so, like the other user, I ended the processes and deleted the folder, but the folder just immediately regenerated. 
 
I have downloaded dds and run it to create logs if you would like me to post those. Additionally, I have downloaded Fabar Recovery Tool as instructed in the other thread but have not run it yet.
 
Thank you for any help you can provide.

A:Fake Google Chrome (browser.exe) processes also

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 14 answers
RELEVANCY SCORE 65.6

Hello. I believe I'm having a similar issue to the one resolved in the following post:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not installed on my PC, but the Task Manager continues to show 3 instances of the Google Chrome process named "jhtrmnotfjhv.exe" running. If I end the processes, they just reappear. I ran Malwarebytes, Spybot, and SuperAntiSpyware but no suspicious files were detected. The file is saved in "c:/users/%username%/appdata/locallow/temp/jognafav/udrswncoq".  I'm convinced this process is affecting my PC's performance as I've noticed changes in the past few days. Can you please help? I downloaded the DSS tool and generated the requested logs. These are attached for your review.
 
Thank you.

A:Fake Google Chrome (jhtrmnotfjhv.exe) processes

Hello pantojaf,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked... Read more

Read other 4 answers
RELEVANCY SCORE 65.6

Hi I was online last night surfing the internet when I had a pop up I couldn't close or exit.. so instead of turning off my computer I clicked ok. Immediately after that I opened window task manager and seen egwpdiofqs.exe being run about 8 of them. So I started to exit out of them they would immediately reappear so I tried to open file location and delete the folders it wouldn't let me as it said they were still in use from google chrome which I don't have installed. I seen posts of other people with similar problems so I already downloaded the frst64 and ran a scan. Sigh im so dumb I pretty much hit OK for this virus to get onto my computer. =( Will TIP nicely for assistance haha thanks again... P.S. my computer is terribly sluggish after this happened it tends to freeze a lot and it won't let me run system restore.

A:Mutliple processes running from google chrome.

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Win... Read more

Read other 3 answers
RELEVANCY SCORE 65.6

Probably starting with messages I needed to update my Java version after wandering onto an infected site, and clicking to do that update, I soon found things runnings slowly.  Reviewing the Task Manager, I found a number of Google Chrome processes running (this time as chrome.exe), without any visible corresponding browser windows, I couldn't permanently kill via the Task Manager.
 
Trying to take this in stages, I ran the AdwCleaner tool.  (Google Chrome was never my default browser on this machine, so, if reading right, that was suspicious in this log, which is attached.)  I removed an eBay link, but nothing major found here.
 
Initially, trying to deal with this as an infected executable, I moved (to hide it) the folder c:\ProgramFiles(x86)\Google\Chrome\Application, as it was the initial source when I viewed properties of all the Google Chrome processes.  At that time, the Task Manager showed them all to be chrome.exe.  (Later, properties showed as Google Chrome, but the files themselves were called browser.exe *32.)  The files re-installed, still at this time pointed to chrome.exe in the same folder, and it was basically a useless exercise.
 
Next, I installed the malwarebytes trial version.  This found a number of trojans and registry issues, triggered a restart, seems to have helped somewhat, but, with each re-start, I find about six of those files back and running again every time.  The program is still apparently... Read more

A:Spoof Google Chrome Processes & Other Badness

Hi there,please run the following scans to start with:Step 1Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options (except "Loaded modules") are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).Copy and paste its contents in your next reply.Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 14 answers
RELEVANCY SCORE 65.6

Hello,
I have several fake google chrome processes that keep appearing under task manager.  If I end the processes, more just appear.
All have the name:  ybvwcdhrvmk.exe *32
The location of this process is AppData>LocalLow>Apple Computer>cizveoortqui>fqevmdgnxsk
Please help!  Thanks in advance!
Sunil

A:Fake google chrome processes keep appearing

Step 1: Malwarebytes Scan. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkCopy Paste that... Read more

Read other 6 answers
RELEVANCY SCORE 65.6

Hello.  I believe I'm having a similar issue to the one resolved in the following post:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not installed on my PC, but the Task Manager continues to show 3 instances of the Google Chrome process named "jhtrmnotfjhv.exe" running.  If I end the processes, they just reappear.  I ran Malwarebytes, Spybot, and SuperAntiSpyware but no suspicious files were detected.  The file was originally saved in "c:/users/%username%/appdata/locallow/macromedia/jognafav/udrswncoq". I surmised after some online research that all of the content in subfolder "jognafav" was bogus, so I logged in as an administrator and removed the entire folder.  However, when I logged back in as myself an identical version of this folder (and all its contents) reappeared in "c/users/%username%/appdata/locallow/temp".  I'm convinced this process is affecting my PC's performance as I've noticed changes in the past few days.  Can you please help?  I downloaded the DSS tool and generated the requested logs.  These are attached for your review.
 
Thank you.  

A:Fake Google Chrome (jhtrmnotfjhv.exe) processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 10 answers
RELEVANCY SCORE 65.6

Hello. I have an infection where there is a .exe called "Fzpjrgr.exe" posing as Google Chrome that runs itself on startup and opens usually a dozen different processes (Chrome tabs) and keeps reopening them if I try to end the processes. I have also booted in Safe Mode, found the location of the .exe and deleted it, only to have the .exe recreate itself later in a new location and continue opening itself. My anti-virus software doesn't detect this infection. Can someone please help me in removing this?

A:Fake Google Chrome processes virus

bump. Still looking for help. Included in this post are my FRST.txt and Addition.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014Ran by Joe (administrator) on JOE-PC on 25-10-2014 18:44:24Running from C:\Users\Joe\DownloadsLoaded Profile: Joe (Available profiles: Joe)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe(Intel... Read more

Read other 6 answers
RELEVANCY SCORE 65.6

Hi There,
New to the site. I seem to have the same problem many others have discussed here. I dowloaded and ran the FRST and here are my results.
Can you please help?? An additional note, as I was typing this yet another window is playing something in the background although I can't see it.
 
FRST Notepad-
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-08-2014 01
Ran by Christine (administrator) on MURPHS on 29-08-2014 17:59:04
Running from C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAL3Z1SU
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Pr... Read more

A:Fake Google Chrome (browser.exe) processes - I have it as well

Hi there,you have more than one malware running on your system.Please execute Combofix to start with:Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)

Read other 8 answers
RELEVANCY SCORE 65.6

Hi - I'm new here, and found that I'm having a similar (same?) problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/545162/browserexe-rogue-process-taking-up-memory
 
I don't have Google chrome installed, but I see multiple processes running (named browser.exe) with Google Chrome as the description.  I also found that the process was being run from C:/Users/%USERNAME%/AppData/LocalLow/BrowserVoice/VinylGravity - so, like the other user, I ended the processes and deleted the folder, but the folder just immediately regenerated.  There was a NavigatorBeerware folder that appeared in C:/Users/%USERNAME%/AppData/LocalLow as well.
Both of those folders remanifest immediately upon deletion.  So I attempted to rename the (browser).exe in C:/Users/%USERNAME%/AppData/LocalLow/BrowserVoice/VinylGravity to browser.old as the other user did, but a new browser.exe immediately appeared.  The original folder(s) had appeared on 8/20/2014 9:36PM.
I downloaded & ran the free trial versions of spybot & malwarebytes, and no suspicious files were found/removed.  I'm periodically plagued with incessant popups that sometimes go dormant for a while.  Thank you in advance for having a look at my issue!  Attached are my logs:
 

 attach-jrm25.txt   16.9KB
  9 downloads

 dds-jrm25.txt   40.29KB
  9 downloads

A:Fake Google Chrome (browser.exe) processes

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi jrm25,
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal cr... Read more

Read other 14 answers
RELEVANCY SCORE 65.6

Almost every time I open up a new tab or try to go to a new URL in Google Chrome I get a pop up or re-directed to an ad or virus site. I have ran so many different scanners that come up with 0 that its starting to drive me crazy that its still there.
 
Here's the FRST logs (I downloaded that fixit.txt and ran it with additions):
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
Ran by Niklas (administrator) on DESKTOP-2GDOA4M (22-05-2016 11:20:24)
Running from C:\Users\Niklas\Downloads
Loaded Profiles: Niklas (Available Profiles: Niklas)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program ... Read more

A:Multiple Google Chrome (32 bit) Processes + Pop Ups in Browser

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/615148 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 0 answers
RELEVANCY SCORE 65.6

Hi, I am new to the forum but came here because I have seen another thread that looked similar to my problem.  I don't have Google chrome installed, but I see multiple processes running (named gtgpalgcum.exe *32) with Google Chrome as the description.  I believe my computer is infected with some kind of malware.  Can anyone help me with this issue? 
Stan

A:Multiple Google Chrome Processes Running

Welcome to Bleeping Computer,
Please do the following:
Please download the Farbar Recovery Scan Tool from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
Note: Wait for the direct download to begin, do not click on anything else on the page.
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.
Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well
NEXT
Download Malwarebytes Anti-Rootkit (MBAR) from the following link and save it to your desktop.http://downloads.malwarebytes.org/file/mbar
**Next, exit Malwarebytes Anti-Malware ( MBAM ) if it is running. You can do so via the notification area icon near the clock. Right click on the mbam icon, and select Exit.**
Next...Double click on the MBAR file you downloaded.
Approve the UAC prompt in Vista and newer operating systems.
Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mba... Read more

Read other 2 answers
RELEVANCY SCORE 65.6

My computer has been bogged down by multiple fake google chrome processes that keep popping up.  I downloaded and ran the FRST, below are the FRST and Addition logs.  Any help will be greatly appreciated.
 FRST.txt   44.01KB
  0 downloads
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by Kentaro Abe (administrator) on GALLY on 11-12-2014 02:48:49
Running from C:\Users\Kentaro Abe\Desktop
Loaded Profile: Kentaro Abe (Available profiles: Kentaro Abe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualizat... Read more

A:Infected with multiple google chrome processes

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txtHKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1451700218-2503860457-661068883-1000\...\Run: [xwmypuchpc] => regsvr32.exe /s "C:\Users\Kentaro Abe\AppData\Local\Macromedia\xwmypuchpc.dll" <===== ATTENTION
C:\Users\Kentaro Abe\AppData\Local\Macromedia\xwmypuchpc.dll
2014-11-11 20:20 - 2014-11-11 20:20 - 00000000 __SHD () C:\Users\Kentaro Abe\AppData\Local\EmieBrowserModeList
EmptyTemp:NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow run FRST again.When the tool opens click Yes to disclaimer.Press the Fix button just once and wait.The tool will make a log (Fixlog.txt) please post it to y... Read more

Read other 12 answers
RELEVANCY SCORE 64.8

Hello,
 
I have the fake google chrome malware on my laptop. I followed the steps in the following link but with no success. http://www.bleepingcomputer.com/forums/t/546245/fake-google-chrome-browserexe-processes-i-have-it-as-well/
 
I would greatly appreciate some help.
Thank you.
 
Jake
 
EDIT: I just restored my computer to 6 hours earlier. So far I have not seen any fake google chrome pop ups. 
I am running a McAfee Scan to see if there's anything else. 
Is it possible that the malware was removed simply by restoring my system to before the incident occurred?

A:Fake Google Chrome (browser.exe) processes - Another Victim

Hello Jake,let's check the current state of your computer with a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 7 answers
RELEVANCY SCORE 64.8

Good Evening,
 
I am having a similar problem as others have posted about with rogue Google Chrome processes (Nteibgrnv.exe*32) appearing in my task manager and bogging down my computer.  I cannot stop the processes, cannot remove the folder where they are coming from, cannot find anything with either Norton Internet Security or Super AntiSpyware.  I could not delete the folder where they were coming from unless I went into safe mode but then the processes reappeared when I booted back into normal mode.
 
Can someone please help me deal with this?  I am pretty computer literate and will try to follow instructions as best as possible.
 
The DDS.txt log is pasted below.  The Attach.txt log is attached as instructed.  Thanks in advance for any help you can give!
 
KK
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by William at 22:36:13 on 2014-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3042 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Window... Read more

A:Fake Google Chrome Processes (Nteibgrnv.exe*32) Cannot stop them!

Hello Again,
 
Did I do something wrong in the original post?  I see people with the same issue who posted today already got replies.  I was at work all day and not able to check the forums often.  If I did something wrong and need to post a new or different version of the log, please let me know.
 
Thanks,
 
KK

Read other 19 answers
RELEVANCY SCORE 64.8

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

A:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 7 answers
RELEVANCY SCORE 64.8

I have seen this Trojan on this forum before, but I need to get it off unique to my computer so I don't accidentally kill my computer.
A fake Google Chrome application called "ckfgiex.exe" is running multiple processes and lagging my computer like crazy. It is located in my LocalLow data folder (at seemingly random folder choices in LocalLow since it plants itself into a different folder for each different user). Thankfully it doesn't run in Safe Mode. How do I get this thing off of my computer?
Thanks,
Aidan
 

A:Fake Google Chrome processes taxing computer

Read other 16 answers
RELEVANCY SCORE 64.8

Today my laptop became infected with a virus that runs multiple processes described as Google Chrome (name of processes: jwpvubxyrw.exe *32). These processes vastly slow down performance. I believe the virus was installed after an internet explorer error screen prompted me to run a program in the command prompt, which I accepted. The laptop is an Acer Aspire E1-731-4699 running 64-bit Windows 7. I would greatly appreciate help to remove this virus. Here are the contents of the DDS.txt report:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by RussellAult at 17:07:13 on 2014-10-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3934.925 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Syst... Read more

A:Virus with Fake Google Chrome executable processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 12 answers
RELEVANCY SCORE 64.8

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

A:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

Read other 15 answers
RELEVANCY SCORE 64

I have an issue similar to the reported here:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
This is on my wife's PC. She removed Chrome from the computer but there are 6 Rogue Chrome process (dxvjblkaap.exe) running in Task Manager. I have tried to remove using: Norton 360, Spybot, CCleaner, Malwarebytes Anti-Malware, Emisoft Emergency Kit, adware cleaner and MS defender. All did not locate or remove the problem. The problem program is in a hidden folder in this location 'C:\Users\PA\AppData\LocalLow\EmieUserList\yxwnnavwldvm\sjbwkwojunjx\dxvjblkaap.exe'. This is listed in the DDS log file output. I also downloaded and ran FRST64 the output log show the offending process in the Process Whitelist part of the log file. as the following: '(Google Inc.) C:\Users\PA\AppData\LocalLow\EmieUserList\yxwnnavwldvm\sjbwkwojunjx\dxvjblkaap.exe'.
I someone could assist me in the removal of this problem it would be very much appreciated.

A:Fake Google Chrome Rogue Processes (dxvjblkaap.exe) Can't remove

Hello and welcome to Bleeping Computer! My nickname is Pystryker , and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with youIf you are receiving help for this issue at another forum, please let me know so I can close this thread.Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may in... Read more

Read other 22 answers
RELEVANCY SCORE 64

Multiple fake google chrome processes name pwkoxslg.exe
 
Farbar Recovery Scan Tool logs attached.
Thank you for your help.
 
 

A:Fake Google Chrome Multiple Processes (2014-11-13 1944)

Hello MarioDDN,  Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.  If you do not understand any step(s) provided, please do not hesitate to ask before continuing.  Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  I will be analyzing your log. I will get back to you with instructions.  Download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machi... Read more

Read other 8 answers
RELEVANCY SCORE 64

I am having an issue similar to the one reported here:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
This is on my home PC.  I have tried running mcafee internet security, spybot, and some other cleaners but the problem still persists.  I tried starting in safe mode and deleting all the folders where this program is originating from but the folders just continue to move to another location under the same root folder.  Please help me remove this problem.  It takes up a lot of system resources and I'm not sure what other damage it is doing.
 
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Liam at 11:39:41 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8188.2511 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atie... Read more

A:Fake Google Chrome Rogue Processes (Fqivsuimptm.exe) Can't remove

Hello shuytco,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked ... Read more

Read other 11 answers
RELEVANCY SCORE 64

I would greatly appreciated help!  My Windows 7 desktop is infected with malware that has keeps the CPU usage at extreme high levels although no processes show in Task Manager above about 10% usage.  There are multiple copies of a fake Google Chrome image named vbbxqhmz,exe which seem suspicious since I uninstalled Googgle Chrome.  I have run all the malware and spyware removal tools that I have and the problem persists.  I would be so grateful for help recovering my computer.
 
Here are my logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Julie at 13:44:07 on 2014-12-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7991.2026 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Prog... Read more

A:Infected! Multiple google chrome vvxbqhmz processes, CPU @ 100% usuage

Hello starbusrt1989,
 
I'm Stan and I will be helping you for this problem.
 
First of all I want to clear some things about the malware removal process:
Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
Share with me any problems/changes you experience while working with the current system.
Please, do not use any quotes or code boxes when you post logs.
I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.
 
I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.
 
********************
 
Pleas... Read more

Read other 38 answers
RELEVANCY SCORE 64

I have seen the threads where others had this problem. My task manager shows at least a dozen instances of Google Chrome running even though I have removed Chrome. Another users thread identified this as a Trojan Virus?
 
I have followed the Preparation Guide as best I can & attached the "DDS" and "Attach" logs. This is all pretty new / foreign to me & I am a little over my head but I think I attached what's needed.
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.65.2
Run by Tayler at 13:32:41 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1040 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windo... Read more

A:Multiple fake Google Chrome Processes - Logs included.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554911 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 64

On Windows 7 running on bootcamped iMac. I ran Malwarebytes and it only found PUP.optional.opencandy.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Sean (administrator) on PC on 14-02-2015 20:19:36
Running from C:\Users\Sean\Desktop
Loaded Profiles: Sean (Available profiles: Sean & Pillowpunch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32... Read more

A:browser.exe*32 Google Chrome appears repeatedly and hogs processes

Hello optionsmom, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
Ensure you... Read more

Read other 6 answers
RELEVANCY SCORE 64

Computer very slow a few minutes after startup.  I've tried several AV programs. 
 
FRST.txt and Addition.txt logs below.
 
Thanks,
 
.....
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by admin (administrator) on HOMEOFFICE on 14-09-2014 22:48:14
Running from E:\
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(EMC Corporation) C:\Program Files\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(PFU LIMITED) C:\Windows\twain_32\fjscan32... Read more

A:multiple processes: dllhost.exe COM Surrogate & jfkglnuyzli.exe Google Chrome

DDS txt file below.  attach.txt attached.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by admin at 3:54:14 on 2014-09-15
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1756 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\TeamViewer\Version9\Te... Read more

Read other 16 answers
RELEVANCY SCORE 63.6

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

A:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

Read other 10 answers