[Need help with cleaning and/or infection.]

guera, we need to run Malwarebytes again, this time make sure Remove Selected is checked as in my instructions above, please. it will remove the bad it found in the log above !!

Post that new Malwarebytes log for me !! Also i need the Junkware log please !! Thanks for that Junk log !

Thanks

Chuck

Okay. I am running the Malwarebytes again now.

[Need help with cleaning and/or infection.]

Some of these tools take a while depending on how fast your computer is & how much they are finding !! So don't get discouraged, just hang in there until i give you the "All Clean".

Chuck

Will do. ; )

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.16.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

guerajasso :: GUERAJASSO-PC [administrator]

5/16/2013 10:50:59 AM

MBAM-log-2013-05-16 (11-19-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230080

Time elapsed: 23 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\guerajasso\1os0ieiryvktk-10083.exe -> No action taken.

Registry Data Items Detected: 1

HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\guerajasso\1os0ieiryvktk-10083.exe (Backdoor.IRCBot) -> No action taken.

(end)

This was the nest report. I just restarted my computer. It seems to have done wonders already. My computer didn't take very long to restart. ; ) I am continuing on with the next process now.

This is the last scan.....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Ultimate x64

Ran by guerajasso on Thu 05/16/2013 at 11:39:39.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2189699

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\iwin"

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"

Successfully deleted: [Folder] "C:\Users\guerajasso\AppData\Roaming\big fish games"

Successfully deleted: [Folder] "C:\Users\guerajasso\AppData\Roaming\iwin"

Successfully deleted: [Folder] "C:\Users\guerajasso\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\guerajasso\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\guerajasso\appdata\locallow\conduitengine"

Successfully deleted: [Folder] "C:\Program Files (x86)\bsaving"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"

Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\startnow toolbar"

Successfully deleted: [Folder] "C:\Users\guerajasso\appdata\locallow\asktoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/16/2013 at 11:52:15.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I have restarted my computer and it seems to be a lot quicker and I have not seen that box pop up saying anything about the WormMSIL/Necast.D. ; )

[Need help with cleaning and/or infection.]

Some of these tools take a while depending on how fast your computer is & how much they are finding !! So don't get discouraged, just hang in there until i give you the "All Clean".

Chuck

Will do. ; )

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.16.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

guerajasso :: GUERAJASSO-PC [administrator]

5/16/2013 10:50:59 AM

MBAM-log-2013-05-16 (11-19-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230080

Time elapsed: 23 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\guerajasso\1os0ieiryvktk-10083.exe -> No action taken.

Registry Data Items Detected: 1

HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\guerajasso\1os0ieiryvktk-10083.exe (Backdoor.IRCBot) -> No action taken.

(end)

This was the nest report. I just restarted my computer. It seems to have done wonders already. My computer didn't take very long to restart. ; ) I am continuing on with the next process now.

[Need help with cleaning and/or infection.]

Some of these tools take a while depending on how fast your computer is & how much they are finding !! So don't get discouraged, just hang in there until i give you the "All Clean".

Chuck

Will do. ; )

[Need help with cleaning and/or infection.]

Hey, just wanted to inform you that all these tools/programs are free also so don't be tricked into buying any of them unless you feel you need them !! Also watch for any program wanting to install tool bars, no you don't need them !!

Outside mowing my yard, be in to check on you !!

Thank you. The first part is complete, starting the next part.

[Need help with cleaning and/or infection.]

I have to leave for an hour but will be back to read the results & we can go from there !!

We work at your pace & time !

Thanks

Chuck

Thank you. ; )

[Need help with cleaning and/or infection.]

I am working on this now. ; )

[Need help with cleaning and/or infection.]

Howdy and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

So Do Not Remove anything or run any tools/programs until advised to do so !

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on

a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

I will be right back with some programs to fix your computer. We will get it fixed like new again !

Thanks

Chuck

Thank you.

[Need help with cleaning and/or infection.]

My computer is running slowly and I am needing to double click everything for everything to work. (This is not normal). Also I get a popup in the lower left corner that says....Virus Alert Click to see how to remove Worm:MSIL/Necast.D

This started popping up around December. And since then, my computer has been slow and acting "funny".