How do I uninstall Chameleon

[frankbretz]

Chameleon worked. It removed the malware. But now every couple of hours the dos screen pops up and want to run another scan.

It did its job. Now, how do I get it to stop running over and over again? It is not in Add and Remove programs.

[daledoc1]

Hello and welcome to MBAM forum, frankbretz:

Thanks for reporting the success of MBAM Chameleon.

We'll need to wait for an MBAM staffer or malware expert to reply to know for sure, especially since I'm not sure why it's still popping up and wanting to scan (that may or may not be normal?).

However, since Chameleon is just a "tool" for MBAM, I would assume that cleanly uninstalling MBAM using the cleanup tool would also remove Chameleon (important to follow the instructions to reboot after running it).

Here is a link to the KB article: Use mbam-clean.exe to completely remove Malwarebytes Anti-Malware

(I don't see an article in the KB section specifically about how to remove Chameleon. )

If you want to reinstall MBAM afterwards, you can grab a fresh copy of the installer from >>here <<.

HAVING SAID THAT, you might want to wait until someone more expert arrives, just to be sure.

Thanks for your patience,

daledoc1

[Maurice Naggar]

@ frankbretz

You did not say if you rebooted the system after the Chameleon run.

In any event, a logoff and Restart should suffice. I would suggest you post (Copy & Paste) the last scan log for review.

You did not say what "malware" was onboard

[daledoc1]

TYVM, Maurice!

[frankbretz]

I am the local tech support for our community. I already had MalwareBytes installed on my machine. I installed Cameleon on my machine to see how it worked, so just in case I get another machine that will not let it install regularly. But now I can't get Camileleon to stop pulling up the dos screen and wanting to run again and again.

[AdvancedSetup]

Did you restart the computer as requested? That should stop it unless it has already triggered an infection it wants to remove.

[frankbretz]

Yes, I turn it off every night and restart the next day. I installed it about a week ago and every couple of hours it pops up the dos screen wanting to run Chameleon.

[AdvancedSetup]

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[frankbretz]

Here are the two files:

------------------------

Attach.txt

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\Harddisk0\DP(1)0x7e00-0xee73d4e00+3

Install Date: 3/9/2012 2:21:02 PM

System Uptime: 8/11/2012 7:38:24 AM (22 hours ago)

.

Motherboard: Intel Corporation | | DG45ID

Processor: Intel Pentium III Xeon processor | CPU 1 | 2833/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 60 GiB total, 19.098 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 298 GiB total, 230.793 GiB free.

F: is FIXED (NTFS) - 233 GiB total, 19.497 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP122: 5/14/2012 11:30:09 AM - System Checkpoint

RP123: 5/15/2012 12:07:28 PM - System Checkpoint

RP124: 5/16/2012 12:29:54 PM - System Checkpoint

RP125: 5/17/2012 1:28:49 PM - System Checkpoint

RP126: 5/18/2012 1:28:56 PM - System Checkpoint

RP127: 5/19/2012 1:44:09 PM - System Checkpoint

RP128: 5/20/2012 2:24:50 PM - System Checkpoint

RP129: 5/21/2012 2:29:01 PM - System Checkpoint

RP130: 5/22/2012 2:32:31 PM - System Checkpoint

RP131: 5/23/2012 3:26:49 PM - System Checkpoint

RP132: 5/24/2012 4:22:20 PM - System Checkpoint

RP133: 5/25/2012 4:35:58 PM - System Checkpoint

RP134: 5/26/2012 4:37:03 PM - System Checkpoint

RP135: 5/27/2012 5:35:58 PM - System Checkpoint

RP136: 5/28/2012 6:35:58 PM - System Checkpoint

RP137: 5/29/2012 7:37:03 PM - System Checkpoint

RP138: 5/30/2012 8:25:50 PM - System Checkpoint

RP139: 5/31/2012 9:09:09 PM - System Checkpoint

RP140: 6/1/2012 9:18:27 PM - System Checkpoint

RP141: 6/2/2012 10:17:22 PM - System Checkpoint

RP142: 6/4/2012 9:11:08 AM - System Checkpoint

RP143: 6/5/2012 10:18:13 AM - System Checkpoint

RP144: 6/6/2012 10:43:24 AM - System Checkpoint

RP145: 6/7/2012 11:05:53 AM - System Checkpoint

RP146: 6/7/2012 11:04:05 PM - Software Distribution Service 3.0

RP147: 6/9/2012 8:56:21 AM - System Checkpoint

RP148: 6/10/2012 9:31:25 AM - System Checkpoint

RP149: 6/10/2012 10:22:32 PM - Installed LabSim

RP150: 6/12/2012 7:35:57 AM - System Checkpoint

RP151: 6/13/2012 8:24:50 AM - System Checkpoint

RP152: 6/14/2012 9:03:53 AM - System Checkpoint

RP153: 6/15/2012 10:00:40 AM - System Checkpoint

RP154: 6/16/2012 10:53:55 AM - System Checkpoint

RP155: 6/17/2012 11:44:00 AM - System Checkpoint

RP156: 6/18/2012 12:41:52 PM - System Checkpoint

RP157: 6/19/2012 1:02:40 PM - System Checkpoint

RP158: 6/20/2012 1:44:30 PM - System Checkpoint

RP159: 6/21/2012 2:40:59 PM - System Checkpoint

RP160: 6/22/2012 3:13:52 PM - System Checkpoint

RP161: 6/23/2012 3:17:42 PM - System Checkpoint

RP162: 6/24/2012 3:33:01 PM - System Checkpoint

RP163: 6/25/2012 3:53:53 PM - System Checkpoint

RP164: 6/26/2012 4:16:24 PM - System Checkpoint

RP165: 6/27/2012 5:14:19 PM - System Checkpoint

RP166: 6/28/2012 5:31:09 PM - System Checkpoint

RP167: 6/29/2012 5:47:12 PM - System Checkpoint

RP168: 6/30/2012 6:45:15 PM - System Checkpoint

RP169: 7/1/2012 7:09:16 PM - System Checkpoint

RP170: 7/2/2012 7:41:03 PM - System Checkpoint

RP171: 7/3/2012 7:46:04 PM - System Checkpoint

RP172: 7/4/2012 8:56:46 PM - System Checkpoint

RP173: 7/5/2012 9:38:23 PM - System Checkpoint

RP174: 7/7/2012 8:18:11 AM - System Checkpoint

RP175: 7/8/2012 8:36:31 AM - System Checkpoint

RP176: 7/8/2012 7:12:52 PM - Removed Free CraigsList Reader Pro from CraigsPal 4.7.6

RP177: 7/9/2012 8:16:07 PM - System Checkpoint

RP178: 7/10/2012 8:46:55 PM - System Checkpoint

RP179: 7/12/2012 8:40:18 AM - System Checkpoint

RP180: 7/13/2012 9:03:12 AM - System Checkpoint

RP181: 7/14/2012 9:43:27 AM - System Checkpoint

RP182: 7/15/2012 10:02:09 AM - System Checkpoint

RP183: 7/16/2012 10:19:06 AM - System Checkpoint

RP184: 7/17/2012 10:34:22 AM - System Checkpoint

RP185: 7/18/2012 11:22:57 AM - System Checkpoint

RP186: 7/19/2012 11:41:34 AM - System Checkpoint

RP187: 7/20/2012 12:03:40 PM - System Checkpoint

RP188: 7/21/2012 1:02:37 PM - System Checkpoint

RP189: 7/22/2012 1:10:42 PM - System Checkpoint

RP190: 7/23/2012 1:10:43 PM - System Checkpoint

RP191: 7/24/2012 1:39:42 PM - System Checkpoint

RP192: 7/25/2012 1:55:12 PM - System Checkpoint

RP193: 7/26/2012 2:37:08 PM - System Checkpoint

RP194: 7/29/2012 8:38:34 PM - System Checkpoint

RP195: 7/31/2012 8:35:32 AM - System Checkpoint

RP196: 8/1/2012 9:03:37 AM - System Checkpoint

RP197: 8/2/2012 10:02:32 AM - System Checkpoint

RP198: 8/3/2012 10:35:04 AM - System Checkpoint

RP199: 8/4/2012 10:52:31 AM - System Checkpoint

RP200: 8/5/2012 11:33:04 AM - System Checkpoint

RP201: 8/5/2012 9:28:08 PM - Installed Samsung Kies

RP202: 8/7/2012 8:06:12 AM - System Checkpoint

RP203: 8/8/2012 9:30:58 AM - System Checkpoint

RP204: 8/9/2012 9:48:18 AM - System Checkpoint

RP205: 8/10/2012 10:05:10 AM - System Checkpoint

RP206: 8/11/2012 10:43:25 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Camtasia Studio 7

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MG6200 series MP Drivers

Canon MP Navigator EX 5.0

CutePDF Writer 2.8

CyberView Client

DriverAgent by eSupport.com

Easy CD & DVD Creator 6

FileZilla Client 3.3.4.1

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

IDT Audio

iFunbox (v1.95.901.639), iFunbox DevTeam

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® Network Connections 13.0.44.0

iSkysoft Video Converter(Build 3.2.2.0)

iTunes

Java SE Runtime Environment 6

LabSim

Macromedia Dreamweaver MX 2004

Macromedia Extension Manager

Macromedia Fireworks MX 2004

Macromedia Flash MX 2004

Macromedia FreeHand MXa

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MiniTool Partition Wizard Home Edition 7.1

MobileMe Control Panel

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB925673)

Netscape Communicator 4.72

Outlook Express Backup Wizard

PC Viewr D6 Series 2.6.5

Pdf995

PdfEdit995

QuickBooks Pro 2008

QuickTime

Safari

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Signature995

Spell Checker For OE 2.1

SupportSoft Assisted Service

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Presentation Foundation

WinZip

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/5/2012 9:31:00 PM, error: WPDClassInstaller [25088] - It was not possible to install drivers for the device USB\Vid_04e8&Pid_6860&Rev_0400&MS_COMP_MTP&SAMSUNG_Android_SGH-I747. Error code 0xe0000217.

.

==== End Of File ===========================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 5:19:13 on 2012-08-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2224 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\WinZip\WZQKPICK.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331351566421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{C35EF425-007C-4B9F-AB69-26CF8D60E6EE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\pgytaci7.default-1344218571844\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-9 655944]

R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2011-3-11 52736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2012-3-9 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2012-3-9 116224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-9 22344]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 116648]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-8-5 80824]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-3-9 23456]

S3 Ftdvdmsmncen;Ftdvdmsmncen;c:\windows\system32\drivers\disk.sys [2008-4-14 36352]

S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 116648]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-31 32072]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-19 16472]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-19 11104]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-8-5 181432]

S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]

.

=============== Created Last 30 ================

.

2012-08-06 02:30:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Samsung

2012-08-06 02:30:04 -------- d-----w- c:\documents and settings\owner\application data\Samsung

2012-08-06 02:29:15 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-08-06 02:29:15 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-08-06 02:28:34 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-08-06 02:28:26 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-08-06 02:28:26 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-08-06 02:28:26 -------- d-----w- c:\program files\MarkAny

2012-08-06 02:28:13 -------- d-----w- c:\program files\Samsung

2012-08-06 02:28:13 -------- d-----w- c:\documents and settings\all users\application data\Samsung

2012-08-06 02:27:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations

2012-08-01 00:17:38 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-21 03:29:00 -------- d-----w- C:\tims bmw

.

==================== Find3M ====================

.

2012-07-18 02:55:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 02:55:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 5:19:22.82 ===============

[AdvancedSetup]

Well I don't see it being loaded there.

Please do the following and let us know if this corrects the issue for you or not.

• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.
    
    Location for Windows x86
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
    
    
    Location for Windows x64
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
    
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
    

[frankbretz]

Ok. I ran mbam-clean, and turned it off. The next day I restarted it. I came back in about a hour and the dos screen wanting to run Chameleon ver. 1.60.2 was back, even though malwarebytes had been removed.

Any ideas as to how to stop this thing.

[AdvancedSetup]

Well that doesn't make sense to me Frank. Please open a ticket on the help desk and ask for me and we'll delve into it deeper and see what's going on.

http://www.malwarebytes.org/contact_consumer

Thank you