Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

chrome.exe *32 in Processes - Numerous Entries - HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 7:26 pm

System rebooted after the fix was ran.

No problems encountered.

Thank you

next steps?
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am
Advertisement
Register to Remove

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 7:42 pm

Internet speed on this PC is very slow (2mps) and the other computers in our home are 23MBps
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 28th, 2016, 12:09 pm

Please re-post the entire content of the C:\AdwCleaner[C1].txt logfile. You cut it off at "scheduled tasks".
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 3:55 pm

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 16:22:55
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Serum Office - SERUMOFFICE-PC
# Running from : C:\Users\Serum Office\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.4

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\4C4C4544-1450565426-5A10-8057-B2C04F563032
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
[-] Folder Deleted : C:\Users\Serum Office\AppData\Roaming\Elex-tech

***** [ Files ] *****

[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safesidesearch.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safesidesearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\user.js
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : madakpajlmcpaodhfbekojajlhbdklol

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3492 bytes] ##########
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 5:31 pm

c2 is the one I found there
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 28th, 2016, 5:46 pm

Does the computer still connect at a slower rate than the others?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 6:38 pm

Just ran Ookla speedtest and it is running at the same as the other computers.

Looks like you did it! Google fiber is getting installed soon so the speed will go from 20Mbps to 1GBPs.

I really appreciate not just the help (which was awesome) but your candor about the way I got infected int he first place.

It was very nice of you to help me - I am very appreciative - thank you.
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 28th, 2016, 7:11 pm

Hi mbserum,

It was very nice of you to help me - I am very appreciative - thank you.
Thank you and that is good to here, but we are far from done.

Step 1.
Farbar Service Scanner (FSS)
SCAN Option
Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  1. Right click on FSS.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Make sure the following options are checked:
    • Internet Services (checked by default)
    • Windows Update
  3. Press the "Scan" button.
    When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  4. Please copy and paste the contents of the FSS.txt log to your reply.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt. NOTE: The file may not be at this exact location.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!


Step 3.
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Right mouse click SystemLook.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Copy and paste the content of the following codebox into the main textfield;
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *deluge*
    *Enigma*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *Torre*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *deluge*
    *Enigma*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *Torre*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    borgata
    Cheat
    Conduit
    Coupons
    deluge
    Enigma
    searchab
    Fun4IM
    Funmoods
    Hoyle
    iLivid
    MyPC
    Iminent
    Poker
    Realms
    Searchqu
    Searchnu
    Slick
    smartbar
    Somoto
    Sweetpack
    Tarma
    Torre
    trolltech
    systweak
    vshare
    whitesmoke
    YahooPartnerToolbar
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of FSS.txt
  2. Contents of C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  3. Contents of SystemLook.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 7:55 pm

Farbar Service Scanner Version: 27-01-2016
Ran by Serum Office (administrator) on 28-01-2016 at 17:54:51
Running from "C:\Users\Serum Office\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 9:15 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 27871
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 9:19 pm

The eset program found 39 malware but the log.txt seems to not reflect that. This file also had a time stamp from when I started eset not when it completed. I lloked all over for another log and could not find one - should I run this again? Should I let it fix what it found?
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 9:45 pm

I am continuing on with systemlook but may need to rerun the previous utility as it sppears the log file does not contain data on what was discovered (39 malware)
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 10:11 pm

I ran eset again and let it fix what it found since no log was seemingly produced.
Last edited by mbserum on January 29th, 2016, 9:17 am, edited 3 times in total.
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 28th, 2016, 10:12 pm

fd
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 29th, 2016, 11:50 am

This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialog to a successful conclusion.
If false information is provided, that trust is violated, and no further help will be given.

This thread will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware