Nightmare. I have come across this twice now, and really struggled to figure out what’s going on. In both cases it was apparent that the problem was specific to the particular user – i.e. another user on the same computer was fine.

I tried the offline setup, and even the enterprise MSI setup – still will not launch chrome.exe

Well, I figured it out. It’s caused by a user-mode rootkit. This particular user did not have local admin rights on his computer so I guess that’s the only sort of rootkit that could take hold.

The computer had a history of some virus infection, with ESET v4 half-blocking a zbot.aoo infection.

Running malwarebytes, gmer, eset v4, zbotkiller as Administrator didn’t achieve much.

Running zbotkiller.exe (kaspersky) as the affected user found something, and then again another time, but problem still persisted.

Running GMER as administrator turned up nothing. Running GMER as the user turned up something of interest (“telnet server” hidden service or something). Problem still persisted though.

In the end, because it’s a user-mode rootkit, I rebooted, logged on as a different user (local admin), and loaded the affected user’s NTUSER.DAT profile into regedit, then browsed to his Software->Microsoft->Windows->CurrentVersion->Run key and removed about three offending entries from there.

All seems OK now.