[JulySFX]

hmm.. the Fix keeps running endlessly again.

Might re-do it again if it's still running in an hour.

[Advertisements]

Copy the following text in bold to Notepad and save the document (Any name) in the USB.

Ren C:\WINDOWS\System32\config\SYSTEM SYSTEM.001

Boot the computer to the Recovery Command Prompt. Type notepad and open the document. Copy and paste the above line on the command prompt and press Enter.

Does it return an error message?

[JSntgRvr]

Copy the following text in bold to Notepad and save the document (Any name) in the USB.

Ren C:\WINDOWS\System32\config\SYSTEM SYSTEM.001

Boot the computer to the Recovery Command Prompt. Type notepad and open the document. Copy and paste the above line on the command prompt and press Enter.

Does it return an error message?

[JulySFX]

yes. it says "The system cannot find the path specified."

[JSntgRvr]

Perhaps I am not using the right partition letter, or the file is corrupted.

Please download Listparts to a flash drive.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Put check mark on List BCD.
• Press Scan button.
• It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

[JulySFX]

Okay, here is the result:

ListParts by Farbar Version: 10-05-2013
Ran by SYSTEM (administrator) on 22-07-2013 at 09:17:40
Windows 7 (X64)
Running From: H:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 6100 MB
Available physical RAM: 5221.59 MB
Total Pagefile: 6098.2 MB
Available Pagefile: 5195.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (OS) (Fixed) (Total:914.66 GB) (Free:840.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_RECOVERY) (Fixed) (Total:16.75 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: (DRIVE) (Removable) (Total:3.73 GB) (Free:2.67 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 98860AB3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 914 GB 101 MB
Partition 3 Primary 16 GB 914 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D OS NTFS Partition 914 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 16 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: 6A53CFD0

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H DRIVE FAT32 Removable 3820 MB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 98860AB3
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 2:
===============
Disk ID: 6A53CFD0
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {ba23bae7-69cc-11e2-960c-f3279071d8bb}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{1f5d3711-69c5-11e2-aca8-24be05019b40}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{1f5d3711-69c5-11e2-aca8-24be05019b40}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {ba23bae7-69cc-11e2-960c-f3279071d8bb}
nx OptIn

Resume from Hibernate
---------------------
identifier {ba23bae7-69cc-11e2-960c-f3279071d8bb}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=D:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {1f5d3711-69c5-11e2-aca8-24be05019b40}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

[JSntgRvr]

I had indicated the wrong partition letter.

Copy the following text in bold to Notepad and save the document (Any name) in the USB.

Ren D:\WINDOWS\System32\config\SYSTEM SYSTEM.001

Boot the computer to the Recovery Command Prompt. Type notepad and open the document. Copy and paste the above line on the command prompt and press Enter.

Does it return an error message?

[JulySFX]

It does. 'D:\WINDOWS\System32\config\SYSTEM' is not recognized as an internal or external command,
operable program or batch file.

[JulySFX]

Oh no sorry, i forgot to type in 'Ren'.

It just worked and didn't give me an error msg! However, nothing has happened.

Edited by JulySFX, 21 July 2013 - 06:05 PM.

[JSntgRvr]

Copy the following text in bold to Notepad and save the document (Any name) in the USB.

Copy D:\WINDOWS\System32\config\RegBack\SYSTEM D:\WINDOWS\System32\config

Boot the computer to the Recovery Command Prompt. Type notepad and open the document. Copy and paste the above line on the command prompt and press Enter.

Does it return an error message?

[JulySFX]

No, it doesn't return an error message but says "1 file(s) copied".

Edited by JulySFX, 21 July 2013 - 06:20 PM.

[JSntgRvr]

Attempt to boot in Normal mode. Let it boot unhindered.

[JulySFX]

Oh wow! It has successfully booted up!

Thank you very much for all your help! I really appreciate it!

But umm, it still has a slow boot problem. Can you fix it for me too please?

[JSntgRvr]

Lets scan the computer.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[JulySFX]

Alright. I just done everything you said.

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by July on 22/07/2013 Mon at 19:59:03.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{045f91b3-695f-423a-98c7-8de3c47aa020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{1348bd1b-c32a-41a7-9bd4-5377aa1ab925}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{395afe6e-8308-48db-89be-ed5f4aa3d3ec}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{43969e3f-3e7c-4911-a8f1-79c6ca6ac731}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{43b390f0-6ba2-45ca-abf2-5db0cee9b49d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{93cf54f5-cfaa-4440-b588-8ed0dfad5c21}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{94cada2e-1d3f-419f-8a3d-06c58edf53c8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e52eb8b-8dd9-4605-ad36-d352bcd482f2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{a1440ec3-f0fa-407a-b811-de6668c06d29}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{b9a84ad0-5777-46fd-8b8f-1ebd06750fbc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{c1995f88-1c7f-40d7-b0fa-6f107f6308b8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{c815e3da-0823-49b0-9270-d1771d58b317}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{d3bc53e7-0437-4c97-90ee-2cd6ff47fb14}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\July\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Program Files (x86)\file scout"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{12A62FCB-BB52-4CFD-AFB6-30BE28A46D29}
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{3A13DACC-1E72-41FE-8C67-41554B3C90FE}
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{3A64BD8B-0B6C-49FD-8EAE-ADD9B1311378}
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{58BDB315-9378-4738-9120-4683AFE5C5F3}
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{B50EF7EA-8C92-441F-A64E-5DB2DBE2F512}
Successfully deleted: [Empty Folder] C:\Users\July\appdata\local\{F6FBB066-DD72-41D8-96ED-4536CCB05639}



~~~ FireFox

Successfully deleted: [File] C:\Users\July\AppData\Roaming\mozilla\firefox\profiles\pte6fuu7.default\user.js
Successfully deleted: [File] "C:\Users\July\AppData\Roaming\mozilla\firefox\profiles\pte6fuu7.default\extensions\[email protected]"
Successfully deleted: [Folder] C:\Users\July\AppData\Roaming\mozilla\firefox\profiles\pte6fuu7.default\jetpack
Emptied folder: C:\Users\July\AppData\Roaming\mozilla\firefox\profiles\pte6fuu7.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/07/2013 Mon at 20:02:48.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner[S1].txt

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 20:07:52
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : July - JULY-HP
# Boot Mode : Normal
# Running from : C:\Users\July\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\5d0d9dbe26dea45
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\pte6fuu7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\July\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2935 octets] - [22/07/2013 20:07:52]

########## EOF - C:\AdwCleaner[S1].txt - [2995 octets] ##########

mbam-log-2013-07-22 (20-47-47).txt

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
July :: JULY-HP [administrator]

Protection: Enabled

22/07/2013 8:47:47 PM
mbam-log-2013-07-22 (20-47-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214839
Time elapsed: 28 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\WindowsTab (Adware.Korad) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WindowsTab0 (Adware.Korad) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WindowsTab1 (Adware.Korad) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\windowviewcon (Adware.K.WindowViewCon) -> Quarantined and deleted successfully.
HKCU\Software\WindowsTaba (Adware.KorAd) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MICROSOFT\ADMATCHING (Adware.K.ShoppingAd) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\AdMatching|urlcountperday (Adware.K.ShoppingAd) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher (Adware.Adload) -> Quarantined and deleted successfully.

Files Detected: 15
C:\Users\July\AppData\Local\Temp\137665C.tmp (Adware.Korad) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\windowstab_ins.exe (Adware.Korad) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\windowstab_recom.exe (Adware.Korad) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\~tmp_file_003.exe (Adware.K.AdMatching) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\~tmp_file_004.exe (Adware.K.OpenShopper) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\~tmp_file_007.exe (Rogue.LiveSpeed) -> Quarantined and deleted successfully.
C:\Windows\System32\CafeChat.exe.Bak (Backdoor.Agent.TIS) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Local\Temp\adm\adinstall.exe (Adware.KorAd) -> Quarantined and deleted successfully.
C:\Users\July\Favorites\11번가.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\wDetector QnA.lnk (Adware.Adload) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\Uninstall.lnk (Adware.Adload) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\wAffinityChanger 설명서.lnk (Adware.Adload) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\wDetector 설명서.lnk (Adware.Adload) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\wLauncher 설명서.lnk (Adware.Adload) -> Quarantined and deleted successfully.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wLauncher\wLauncher.lnk (Adware.Adload) -> Quarantined and deleted successfully.

(end)

[JSntgRvr]

How does the computer feel?