Mlaewarebytes will not open

[joanied]

Hello...New here, first post.

A few days ago I got an email from someone I know with a link...this person sends me links often, so I clicked on it....big mistake, but how was I to know!! I got a warning that my computer was infected...some 'program' that looked alot like Microsoft Security Essentials, and I am embarassed to say I can't remember the name of this thing...but my computer acted crazy and my browser pages kept closing while I was trying to Google this thing to get info...I finally did read it was bad and takes over your computer. I am not computer savy when it comes to things like this...I tried the MSE program and Malwarebytes to get my computer scanned, but they would not open...I went into a panic and used an online outfit called Advanced Technical Support to clean up my machine...they got on the phone with me and used a remote to acsess my machine...I still don't know if that was also a mistake or not...still not sure if they asre legitimate or not...but 3 hours later, my computer seemd to be running fine...I got back the MSE program, as far as I know, my firewall was not effected...but I decided to run Malwarebytes for another scan...it would not open. I decided to try an uninstall and installed it again (paid version)...still would not work.

I emailed Malwarebytes to get some help.

below is the email I got back:

Tom Mercado, May 13 10:10 pm (PDT):

Hello and welcome to the Malwarebytes consumer helpdesk. Thank you for choosing Malwarebytes Anti-Malware as your malware security solution, my name is Tom Mercado and I'll be assisting you today.

Contact your credit card carrier and have the charges reversed

If you have Malwarebytes v1.60(or newer) installed, go to 'Start' button, >'All Programs'>'Malwarebytes Anti-Malware' folder>'Tools'>'Malwarebytes Anti-Malware Chameleon' and open that help file.

This technology is designed to work around common blocking tactics which disable Malwarebytes.

Once open, click the first 'Test' button, if it runs, accept the prompt to update and the system will be scanned. Once the scan is done, apply the 'Remove Selected button, save the log and allow a reboot if prompted to do so to reomve stubborn malware.If the first one fails, click the next 'Test' option and so forth until one runs.

****>>>>>If for any reason at all Chameleon does not run, move onto the steps below, with DDS. DO NOT reply to tell me it failed as that will just make corrective action replies longer. It's more important we get the DDS data.<<<<<<<*****

Then attach the log in your next reply.

Also, after that's been done, download DDS from the link below and save it to your desktop:

http://download.blee...om/sUBs/dds.scr

*Disable any security software before running(excluding Malwarebytes)

*Steps to disable some common security applications(no need to disable Malwarebytes, it will not cause any issues):

http://forums.whatth...showtopic=96260

Please double click dds.com to run the tool. (File name will be different if alternate download used).

Vista & Windows 7 users: You must right click on the file above and select "Run As Administrator" to run the tool.

A black window(DOS window) will open with some instructions/comments.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

If I need the other log, I'll request it.

Please save using the default Notepad format,

DO NOT USE WORD or any other office type of software.

DO NOT COPY & PASTE the log, send it as an attachment.

Reply to THIS ticket, DO NOT create a new one

Name of file to be attached into your next reply:

mbam-log.txt

dds.txt

Please reply only to this ticket, do not create new tickets for the same issue. Support requests which have received no customer response within 7 days will be closed automatically.

Order #: reference number: 32261269

Version: 1.61

Operating System: Windows 7 - 64 bit

-----------

I don't know how to do what he suggested...I don't even know what DDS is!!! Now, I did use that Chameleon thing, but every button I clicked gave me the little black screen but when I clicked any button to continue the same text would appear...over and over...it did say 'attempting to update', but nothing happened...I clicked every test button on the page. Guess maybe I was doing something wrong...but seems like the Chameleon test just didn't work?

I'm confused and just don't know what to do...I think there is still something lurking within my computer...I did the hijack this scan also...below are the results. From all this I hope someone can help me...I'm a computer 'dufas' about any of the technical stuff and dare not try anything to get things sorted out...I might mess it up more.

Please, help...I would appreciate it very much.

Thank you

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:48:30 AM, on 5/15/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe

C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Shrink Pic\shrink_pic.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Users\Joanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MSUPWSQ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloodhorse.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)

O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Shrink Pic.lnk = C:\Program Files (x86)\Shrink Pic\shrink_pic.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12233 bytes

Message-Id:9Q5B32EY_4fb093aa3dcaf_7b321d8b27816605061_sprut

hijackthis.log

[exile360]

Greetings

Once Chameleon runs the update, you should see a message box saying that the database was updated successfully. Once that happens, you should be able to click on OK. After that, Malwarebytes Anti-Malware should launch and start scanning automatically.

Once the scan completes, click Show Results and on the screen that follows, click on Remove Selected. You will then be prompted to restart your computer to complete the removal process, click Yes to allow Malwarebytes Anti-Malware to restart your PC and once the reboot completes, your computer should be clean.

[joanied]

http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Thank you...I was just visiting a page that one of the members has posted on all the rouge and safe programs...he has a picture of one of the rouge programs, and it looks like the one I got on my computer when all this started. This is the link: well, for some reason it keeps copying on top, so that's it above my text in case you need to see what started all this mess.

I don't think the Chameleon program did finish the update...as I mentioned, it just keeps telling me to click any button to continue and when I do it says trying to update...I must be doing something wrong. No box comes up that says updateed successfully.

Can you tell me what to do?

Thanks so much. (if I don't get back to your next reply right away...I will be back asap...I am going crazy over all this...never had a virus or hijack or anything...I'm always so careful....gggrrr!!

[exile360]

Ah, that's OK.

I'm guessing that it's a rogue program that looks similar to this one. Please try these instructions, and it should work.

Let me know if it does not.

Thanks

[joanied]

exile360...yes, that is the rouge program that I had (or maybe still have?)...I followed your instructions...but I don't think I did it right...I copied the bold text into notepad, but when I open the Chameleon folder there is no place I could see to paste that bold text into Chameleon...so I pasted it into that black DOS box that comes up when you click on the 'test' button...it started to scoll down really fast, I waited but that's all it did..I can't figure this out, no debug.bat for me to double click, no icon on my desktop...man, I just don't get this...am I that stupid?

I'm lost now and don't know what to do.

[exile360]

You have to paste that text into notepad, but it's easier if you just download the text file attached at the end of the intructions called debug.txt. When you go to save it, click on the Save as type drop down menu and select All Files and name the file debug.bat (the .bat extension is very important).

Place that file into your C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon folder and then double-click on debug.bat to run it.

[joanied]

exile360....I had gotten in touch with a tech via email about all this...guy named Tom... I didn't know he knew I was also asking for help here, didn't know it's six of one, half dozen of the other...so Tom said I should just work with you to get all this resolved.

I cannot figure out the Chameleon thing... I'm so confused now I could scream. Tom had me send him a thing callled DDS.txt, so I am going to attmept attching that to this post...and if I still need to do the Chameleon test, you will have to give me very simple instructions...I don't see anything like 'debug.txt'...when I use the test button I get the black DOS box but rergardless of how many test buttons I try, it does the dame thing..."click any button to continue"...over and over...

I'm sorry I am being so dumb about this, I obviously don't know what the heck I'm doing.

Well now I really want to scream...I have the DDS.txt saved on my desktop and in Wordpad... and I can't figure out how to attach it or even copy & paste it into this post... I will have to wait until you reply again, exile360...geeze, I'm sorry.

PS...by the way, I clicked on the 'follow this topic', but I don't gtet an notice that I've gotten a reply...so I'll just keep checking here to see if you posted again to me.

[exile360]

Hello again,

Don't worry about it. The debug.txt file I was referring to is attached at the bottom of this page.

Don't worry though. I've simplified it a bit. All you need to do is download the attached zip file and extract it. Once it has been extracted, place the file into your C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon folder and double-click on it to run it.

Once that is done, double-click on the debug.bat file you just put into that folder to run it and press Continue or Allow to any User Account Control prompts.

debug.zip

[joanied]

OK...just one dumb question before I try that...when I open the attached debug file you posted for me, so I save it or open it? If I save it, what do I save it to? God, I feel like a dunce!!

[exile360]

No problem. If you're using Internet Explorer, it would be easiest to just open it. Once it is open, you can open the C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon folder and then just drag and drop the file which will be shown in the opened zip file into the Chameleon folder.

Once that's done, just double-click the file you placed in the Chameleon folder and continue with the rest of the instructions.

[joanied]

I swear... I have the debug.bat file saved as a zip...but when I open my programs to get the Malwaerbytes and then Chameleon folders, the debug.bat file disappears...I've been screwing around for 40 mins. trying to get this obviously simple thing done...I am about to throw my computer threw the window...

[exile360]

Yes, computers can be frustrating at times. Don't worry, we will get this figured out.

I think I have an easier method for you which should do the trick. Just download this file but rename it svchost instead of uSeRiNiT and run it (the location it is run from doesn't matter, so it doesn't need to be inside your Chameleon folder).

Once that tool finishes running, go ahead and try running Chameleon again.

Please let me know if it works this time (you'll be able to tell if it's working when you see Malwarebytes Anti-Malware downloading an update).

Thanks

[joanied]

exile360.... Good news, bad news... good news is I was able to run that program, did the Chameleon Test and watched Malwarebytes update....yipppeeeee!!

Bad news...after I re registered (paid version) I got the following error message:

PROGRAM_ERROR_PROTECTION_MODULE(1053, 0, Protection Enable)

This service did not respond to the start or control request in a timely manner

I tried to enable the protection mode again, but the same error box came up. Now what??

[exile360]

That's OK. Did you run a quick scan with Malwarebytes Anti-Malware and remove everything that was found, then allow it to reboot your computer when it asked you to?

[joanied]

No, I didn't run it...I figured without the paid Pro version it wouldn't clean anything it finds...it would just tell me to buy the Pro version to get things cleaned up...but, I will go do that right now and get back here later...might be a while as I have a busy day ahead.

Thanks, I will be back.

[Firefox]

Just for your info.... The free version will let you Update, Scan, and remove any infections that are found, YES all for free.

The PRO or Paid version, has some added features like automatic updates and scans as well as our very popular Web Blocking Technology, which will help from getting infected in the first place.

[joanied]

Thanks, Firefox...I found out because I ran a quick scan...I've already paid for the Pro version...and guess it's worth it to have the Web Blocking Technology...I just learned the hard way that as careful as I am...you know what happens!!!

[joanied]

That's OK. Did you run a quick scan with Malwarebytes Anti-Malware and remove everything that was found, then allow it to reboot your computer when it asked you to?

Ok, exile360...I beleive everything is OK now...I ran the quick scan and it did find some things that I had it remove and after that I was able to re register and get the program up & running...I will also do a full scan sometime today just to be sure it found everything...I tried to copy & paste the scan results, but there is no way to do that, but this is what it found:

Two results that said: Security Hijack Registry Key HKLM\Software\MicrosoftWindowsNTCurrent

One result that said: Heuristics.RegisterFileusersjoanie\Desktop\svchost (on this entry I wrote it down so fast I can't read my own writting and so I'm not sure what the second word really is, but beleive it was 'register', but could be wrong...you rpobably know what that word would be)

So, it found those three things...I assume that 'securityhijack' is what took over my computer.

I can't tell you how much I appreciate all your help and the patience you showed...THANK YOU SO MUCH!!!

[exile360]

You can open Malwarebytes Anti-Malware and go to the Logs tab. There it will list the scan logs. You can double-click on any log listed to open it. You should be able to find the one from your scan and double-click on it. It will open in notepad. From there, you should be able to copy the log's contents. Please do so, and then paste the contents into your next reply so I may take a look.

I just want to make sure that it got the rogue and the security hijacks (the hijacks were the reason that some programs would not run, including Malwarebytes).

Thanks

[joanied]

Here ya go, exile360...I'll be curious about what you have to say...thanks!! I hope the below results has all 3 of the threrats Malwarebytes go rid of....they are listed in the Quarentine section, but I can't get the quarentine to open in Notepad or copy & paste.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.02.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Joanie :: JOANIE-PC [administrator]

1/2/2012 5:06:26 PM

mbam-log-2012-01-02 (17-06-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 192294

Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Joanie\AppData\Local\Temp\ICReinstall\cnet2_dfsetup_exe[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)

[joanied]

exile360...I just noticed the date on this log...now I am not sure this is from my most recnt scan this morning... this log file seems to be outdated as the date on it says 1/2/12...that's Jan.!! Why is that and if it is an old one, where is the most recent

scan results that I typed into my post ??

[exile360]

Open your Logs tab, there should be several logs listed. You just have to find the one with the most recent date.

[joanied]

exile...the date on the above scan results Log from Malwarebytes says 1/2/12...could that be right? There are no other log file that I know of in the program...is this the right one, the one I did today??

[exile360]

The log should be named something similar to mbam-log-2012-05-17 (##-##-##).txt if you did the scan today. It's also possible that the date and time on your PC are not set correctly, which could cause the lofile to have the wrong name.

[joanied]

exile...the date on the above scan results Log from Malwarebytes says 1/2/12...could that be right? There are no other log file that I know of in the program...is this the right one, the one I did today??