Jump to content

MBAM Won't open

Recommended Posts

Hi. I need help.  I can't open Malwarebytes, and have tried using Chameleon twice, with no success. What is my next step?  Per your instructions, I've downloaded both farbar and rogue killer, and have attached the logs for farbar.  Below is the roguekiller log:


RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carole [Admin rights]
Mode : Scan -- Date : 06/30/2014  15:59:24
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] 5596925c5bc53c5056d46e16cb9f343f
[bSP] 4c81a6565b554e0c7643e9c6ec98577e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 MB
User = LL1 ... OK
User = LL2 ... OK
RKreport_SCN_06302014_154857.log - RKreport_SCN_06302014_155252.log


I look forward to your response, and thank you in advance for your help.



Carole Parker



Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.


    Download the attached fixlist.txt to the same folder as FRST.exe.

    Run FRST.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.


    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Do a clean install of Malwarebytes:


    (If you need to find your id and key....download, unzip and run the attached MB64.zip)


Link to post
Share on other sites

Thank you again for all your help, and for responding so quickly.  Per your instructions, attached is the fixlog.txt.  Here is the report from ADWcleaner:


# AdwCleaner v3.214 - Report created 30/06/2014 at 16:33:35
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carole - CAROLE-PC
# Running from : C:\Users\Carole\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\q7oqgsd3.default\user.js
File Found : C:\Users\Carole\AppData\LocalLow\SkwConfig.bin
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\FileCure
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Carol\AppData\Local\blekkotb_031
Folder Found : C:\Users\Carol\AppData\Roaming\DriverCure
Folder Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\q7oqgsd3.default\blekkotb_031
Folder Found : C:\Users\Carole\AppData\Local\Conduit
Folder Found : C:\Users\Carole\AppData\Local\iLivid
Folder Found : C:\Users\Carole\AppData\LocalLow\Conduit
Folder Found : C:\Users\Carole\AppData\LocalLow\MixiDJ_V30
Folder Found : C:\Users\Carole\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Carole\AppData\Roaming\24x7 help
Folder Found : C:\Users\Carole\AppData\Roaming\DriverCure
Folder Found : C:\Users\Carole\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Carole\AppData\Roaming\Systweak
Folder Found : C:\Windows\SysWOW64\ARFC
Folder Found : C:\Windows\SysWOW64\jmdp
Folder Found : C:\Windows\SysWOW64\WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\WNLT
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v
[ File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\q7oqgsd3.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "Blekko");
Line Found : user_pref("browser.search.order.1", "Blekko");
Line Found : user_pref("browser.search.selectedEngine", "Blekko");
Line Found : user_pref("browser.startup.homepage", "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=8A791F5FEE52B1F91529AB4FC00DF095&tbp=homepage");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Line Found : user_pref("extentions.y2layers.installId", "5ba83848-b052-4774-a64a-fda7760275b0");
Line Found : user_pref("extentions.y2layers.lastDnsTest", 371664);
Line Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=");
[ File : C:\Users\Carole\AppData\Roaming\Mozilla\Firefox\Profiles\2o56yfph.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [search Provider] : hxxp://www.kcrw.com/sitesearch?submit.x=0&submit.y=0&SearchableText={searchTerms}&dosearch=1
Found [search Provider] : hxxp://movies.netflix.com/WiSearch?oq=page+eight&ac_posn=-1&ac_rec=false&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Found [search Provider] : hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=8A791F5FEE52B1F91529AB4FC00DF095&q={searchTerms}
Found [search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=610&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8204098915524023&q={searchTerms}
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[ File : C:\Users\Carole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
AdwCleaner[R0].txt - [7128 octets] - [30/06/2014 16:33:35]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7188 octets] ##########
Since I don't know what most of these files and folders are, I've left them all checked. Please advise what should be removed.  I will wait for your reply before I run the junkware removal tool.


Link to post
Share on other sites

Again, so sorry. Won't happen again.


Before I run the next cleaner, I see I need to disable my protection. I use Microsoft security essentials, and can't figure out how to temporarily shut it down. I assume you know how to do that, being the computer expert you are. What do I need to do.




Link to post
Share on other sites

Mr. C --


I have finished the remaining steps, and am now running a malwarebytes scan. THANK YOU SO MUCH.  You are a tech GOD.  I'm speechless. Great job.  (And thank you for putting up with my temporary meltdown.)  I assume there's nothing left to do, but if there is, please let me know.  I will not hesitate to recommend malwarebytes and their incredible support team to all my friends and business associates.


Best regards,

Carole Parker

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

... and here are the results!


<3 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Secunia PSI (   
 Java 7 Update 55  
 Java version out of Date! 
  Adobe Flash Player Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


Java 7 Update 55 <----please update, should be Update 60
Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".


Adobe Flash Player Flash Player out of Date!
Flash Player:

Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /


Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)


bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.


Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Ran delfix, got these results:


# DelFix v10.7 - Logfile created 01/07/2014 at 17:25:54
# Updated 27/04/2014 by Xplode
# Username : Carole - CAROLE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
Now rebooting ... 
Link to post
Share on other sites

All done! removed EVERYTHING.  


Thanks so much, Mr. Tech Guru. Wish I could make a donation, but I'm a poor writer and need to pay my phone bill.  (Which is why I came here instead of hiring someone to help me.)  BUT, I will give great comments for all your hard work and expertise. 


You da bomb.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.