11 replies to this topic

[frankbretz]

Chameleon worked. It removed the malware. But now every couple of hours the dos screen pops up and want to run another scan.

It did its job. Now, how do I get it to stop running over and over again? It is not in Add and Remove programs.

[daledoc1]

Hello and welcome to MBAM forum, frankbretz:

Thanks for reporting the success of MBAM Chameleon.

We'll need to wait for an MBAM staffer or malware expert to reply to know for sure, especially since I'm not sure why it's still popping up and wanting to scan (that may or may not be normal?).

However, since Chameleon is just a "tool" for MBAM, I would assume that cleanly uninstalling MBAM using the cleanup tool would also remove Chameleon (important to follow the instructions to reboot after running it).
Here is a link to the KB article: Use mbam-clean.exe to completely remove Malwarebytes Anti-Malware
(I don't see an article in the KB section specifically about how to remove Chameleon. )

If you want to reinstall MBAM afterwards, you can grab a fresh copy of the installer from >>here <<.

HAVING SAID THAT, you might want to wait until someone more expert arrives, just to be sure.

Thanks for your patience,

daledoc1

[Maurice Naggar]

@ frankbretz

You did not say if you rebooted the system after the Chameleon run.

In any event, a logoff and Restart should suffice. I would suggest you post (Copy & Paste) the last scan log for review.
You did not say what "malware" was onboard

[daledoc1]

TYVM, Maurice!

[frankbretz]

I am the local tech support for our community. I already had MalwareBytes installed on my machine. I installed Cameleon on my machine to see how it worked, so just in case I get another machine that will not let it install regularly. But now I can't get Camileleon to stop pulling up the dos screen and wanting to run again and again.

[AdvancedSetup]

Did you restart the computer as requested? That should stop it unless it has already triggered an infection it wants to remove.

[frankbretz]

Yes, I turn it off every night and restart the next day. I installed it about a week ago and every couple of hours it pops up the dos screen wanting to run Chameleon.

[AdvancedSetup]

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.

[frankbretz]

Here are the two files:
------------------------
Attach.txt
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0xee73d4e00+3
Install Date: 3/9/2012 2:21:02 PM
System Uptime: 8/11/2012 7:38:24 AM (22 hours ago)
.
Motherboard: Intel Corporation | | DG45ID
Processor: Intel Pentium III Xeon processor | CPU 1 | 2833/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 19.098 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 230.793 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 19.497 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 5/14/2012 11:30:09 AM - System Checkpoint
RP123: 5/15/2012 12:07:28 PM - System Checkpoint
RP124: 5/16/2012 12:29:54 PM - System Checkpoint
RP125: 5/17/2012 1:28:49 PM - System Checkpoint
RP126: 5/18/2012 1:28:56 PM - System Checkpoint
RP127: 5/19/2012 1:44:09 PM - System Checkpoint
RP128: 5/20/2012 2:24:50 PM - System Checkpoint
RP129: 5/21/2012 2:29:01 PM - System Checkpoint
RP130: 5/22/2012 2:32:31 PM - System Checkpoint
RP131: 5/23/2012 3:26:49 PM - System Checkpoint
RP132: 5/24/2012 4:22:20 PM - System Checkpoint
RP133: 5/25/2012 4:35:58 PM - System Checkpoint
RP134: 5/26/2012 4:37:03 PM - System Checkpoint
RP135: 5/27/2012 5:35:58 PM - System Checkpoint
RP136: 5/28/2012 6:35:58 PM - System Checkpoint
RP137: 5/29/2012 7:37:03 PM - System Checkpoint
RP138: 5/30/2012 8:25:50 PM - System Checkpoint
RP139: 5/31/2012 9:09:09 PM - System Checkpoint
RP140: 6/1/2012 9:18:27 PM - System Checkpoint
RP141: 6/2/2012 10:17:22 PM - System Checkpoint
RP142: 6/4/2012 9:11:08 AM - System Checkpoint
RP143: 6/5/2012 10:18:13 AM - System Checkpoint
RP144: 6/6/2012 10:43:24 AM - System Checkpoint
RP145: 6/7/2012 11:05:53 AM - System Checkpoint
RP146: 6/7/2012 11:04:05 PM - Software Distribution Service 3.0
RP147: 6/9/2012 8:56:21 AM - System Checkpoint
RP148: 6/10/2012 9:31:25 AM - System Checkpoint
RP149: 6/10/2012 10:22:32 PM - Installed LabSim
RP150: 6/12/2012 7:35:57 AM - System Checkpoint
RP151: 6/13/2012 8:24:50 AM - System Checkpoint
RP152: 6/14/2012 9:03:53 AM - System Checkpoint
RP153: 6/15/2012 10:00:40 AM - System Checkpoint
RP154: 6/16/2012 10:53:55 AM - System Checkpoint
RP155: 6/17/2012 11:44:00 AM - System Checkpoint
RP156: 6/18/2012 12:41:52 PM - System Checkpoint
RP157: 6/19/2012 1:02:40 PM - System Checkpoint
RP158: 6/20/2012 1:44:30 PM - System Checkpoint
RP159: 6/21/2012 2:40:59 PM - System Checkpoint
RP160: 6/22/2012 3:13:52 PM - System Checkpoint
RP161: 6/23/2012 3:17:42 PM - System Checkpoint
RP162: 6/24/2012 3:33:01 PM - System Checkpoint
RP163: 6/25/2012 3:53:53 PM - System Checkpoint
RP164: 6/26/2012 4:16:24 PM - System Checkpoint
RP165: 6/27/2012 5:14:19 PM - System Checkpoint
RP166: 6/28/2012 5:31:09 PM - System Checkpoint
RP167: 6/29/2012 5:47:12 PM - System Checkpoint
RP168: 6/30/2012 6:45:15 PM - System Checkpoint
RP169: 7/1/2012 7:09:16 PM - System Checkpoint
RP170: 7/2/2012 7:41:03 PM - System Checkpoint
RP171: 7/3/2012 7:46:04 PM - System Checkpoint
RP172: 7/4/2012 8:56:46 PM - System Checkpoint
RP173: 7/5/2012 9:38:23 PM - System Checkpoint
RP174: 7/7/2012 8:18:11 AM - System Checkpoint
RP175: 7/8/2012 8:36:31 AM - System Checkpoint
RP176: 7/8/2012 7:12:52 PM - Removed Free CraigsList Reader Pro from CraigsPal 4.7.6
RP177: 7/9/2012 8:16:07 PM - System Checkpoint
RP178: 7/10/2012 8:46:55 PM - System Checkpoint
RP179: 7/12/2012 8:40:18 AM - System Checkpoint
RP180: 7/13/2012 9:03:12 AM - System Checkpoint
RP181: 7/14/2012 9:43:27 AM - System Checkpoint
RP182: 7/15/2012 10:02:09 AM - System Checkpoint
RP183: 7/16/2012 10:19:06 AM - System Checkpoint
RP184: 7/17/2012 10:34:22 AM - System Checkpoint
RP185: 7/18/2012 11:22:57 AM - System Checkpoint
RP186: 7/19/2012 11:41:34 AM - System Checkpoint
RP187: 7/20/2012 12:03:40 PM - System Checkpoint
RP188: 7/21/2012 1:02:37 PM - System Checkpoint
RP189: 7/22/2012 1:10:42 PM - System Checkpoint
RP190: 7/23/2012 1:10:43 PM - System Checkpoint
RP191: 7/24/2012 1:39:42 PM - System Checkpoint
RP192: 7/25/2012 1:55:12 PM - System Checkpoint
RP193: 7/26/2012 2:37:08 PM - System Checkpoint
RP194: 7/29/2012 8:38:34 PM - System Checkpoint
RP195: 7/31/2012 8:35:32 AM - System Checkpoint
RP196: 8/1/2012 9:03:37 AM - System Checkpoint
RP197: 8/2/2012 10:02:32 AM - System Checkpoint
RP198: 8/3/2012 10:35:04 AM - System Checkpoint
RP199: 8/4/2012 10:52:31 AM - System Checkpoint
RP200: 8/5/2012 11:33:04 AM - System Checkpoint
RP201: 8/5/2012 9:28:08 PM - Installed Samsung Kies
RP202: 8/7/2012 8:06:12 AM - System Checkpoint
RP203: 8/8/2012 9:30:58 AM - System Checkpoint
RP204: 8/9/2012 9:48:18 AM - System Checkpoint
RP205: 8/10/2012 10:05:10 AM - System Checkpoint
RP206: 8/11/2012 10:43:25 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
Camtasia Studio 7
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG6200 series MP Drivers
Canon MP Navigator EX 5.0
CutePDF Writer 2.8
CyberView Client
DriverAgent by eSupport.com
Easy CD & DVD Creator 6
FileZilla Client 3.3.4.1
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IDT Audio
iFunbox (v1.95.901.639), iFunbox DevTeam
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections 13.0.44.0
iSkysoft Video Converter(Build 3.2.2.0)
iTunes
Java™ SE Runtime Environment 6
LabSim
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiniTool Partition Wizard Home Edition 7.1
MobileMe Control Panel
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Netscape Communicator 4.72
Outlook Express Backup Wizard
PC Viewr D6 Series 2.6.5
Pdf995
PdfEdit995
QuickBooks Pro 2008
QuickTime
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Signature995
Spell Checker For OE 2.1
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Presentation Foundation
WinZip
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
8/5/2012 9:31:00 PM, error: WPDClassInstaller [25088] - It was not possible to install drivers for the device USB\Vid_04e8&Pid_6860&Rev_0400&MS_COMP_MTP&SAMSUNG_Android_SGH-I747. Error code 0xe0000217.
.
==== End Of File ===========================

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 5:19:13 on 2012-08-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2224 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\WinZip\WZQKPICK.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331351566421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C35EF425-007C-4B9F-AB69-26CF8D60E6EE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\pgytaci7.default-1344218571844\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-9 655944]
R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2011-3-11 52736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2012-3-9 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2012-3-9 116224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-9 22344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 116648]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-8-5 80824]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-3-9 23456]
S3 Ftdvdmsmncen;Ftdvdmsmncen;c:\windows\system32\drivers\disk.sys [2008-4-14 36352]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 116648]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-31 32072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-19 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-19 11104]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-8-5 181432]
S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]
.
=============== Created Last 30 ================
.
2012-08-06 02:30:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Samsung
2012-08-06 02:30:04 -------- d-----w- c:\documents and settings\owner\application data\Samsung
2012-08-06 02:29:15 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-06 02:29:15 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-06 02:28:34 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-08-06 02:28:26 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-08-06 02:28:26 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-08-06 02:28:26 -------- d-----w- c:\program files\MarkAny
2012-08-06 02:28:13 -------- d-----w- c:\program files\Samsung
2012-08-06 02:28:13 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2012-08-06 02:27:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2012-08-01 00:17:38 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-21 03:29:00 -------- d-----w- C:\tims bmw
.
==================== Find3M ====================
.
2012-07-18 02:55:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 02:55:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:19:22.82 ===============

[AdvancedSetup]

Well I don't see it being loaded there.

Please do the following and let us know if this corrects the issue for you or not.

• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
    You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.
    
    

    Location for Windows x86
    HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
    Location for Windows x64
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

[frankbretz]

Ok. I ran mbam-clean, and turned it off. The next day I restarted it. I came back in about a hour and the dos screen wanting to run Chameleon ver. 1.60.2 was back, even though malwarebytes had been removed.

Any ideas as to how to stop this thing.

[AdvancedSetup]

Well that doesn't make sense to me Frank. Please open a ticket on the help desk and ask for me and we'll delve into it deeper and see what's going on.

http://www.malwareby...ontact_consumer

Thank you