Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: win32/Small.CA virus


10 Feb 2013   #11

Windows 7 Home Premium 64 bit SP1
 
 
win32/Small.CA virus

Second log for System Lock:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:35 on 10/02/2013 by xxxxxx
Administrator - Elevation successful
No Context: HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /sub
-= EOF =-

My System SpecsSystem Spec
.

10 Feb 2013   #12

Windows 7 Home Premium 64 bit SP1
 
 
win32/Small.CA virus

Second log for System Look:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:45 on 10/02/2013 by xxxxx
Administrator - Elevation successful
No Context: HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /sub
-= EOF =-
My System SpecsSystem Spec
10 Feb 2013   #13

Windows 7 Home Premium
 
 

Strange...

Try the following:

Quote:
:reg
HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
Or,

Quote:
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc /sub
If no result, then, do the following:

Please download Farbar Service Scanner






Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
.


10 Feb 2013   #14

Windows 7 Home Premium
 
 

Make sure the :reg is included in SystemLook.
My System SpecsSystem Spec
10 Feb 2013   #15

Windows 7 Home Premium 64 bit SP1
 
 
win32/Small.CA virus

System Log report:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:54 on 10/02/2013 by xxxxxx
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DependOnService"="RpcSs WinMgmt"
"ObjectName"="NT AUTHORITY\LocalService"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege"
"DelayedAutoStart"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]

-= EOF =-

Every time I copied the KLM/system.....into system look, the HKey_Local_ would come up. Maybe restart and post the KLM again in another post?
My System SpecsSystem Spec
10 Feb 2013   #16

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

HKLM is just shorthand for HKEY_Local_Machine
My System SpecsSystem Spec
10 Feb 2013   #17

Windows 7 Home Premium
 
 

This is a tough ride...any entries we look into are OK.

BTW, you can XXX out your name anytime you wish.

If you had problems removing the Easy Burner program, and parts of it did not uninstall, see if the following finds anything pertaining to it:

Download and install the Revo Uninstaller (Freeware):
http://www.revouninstaller.com/download/revosetup.exe
Run Revo Uninstaller

At the console, select the program to remove (if there), and click the Uninstall icon.

Now, select: Advanced

Click Next, and follow the prompts.

Please click Select All (1.) and Delete (2.) to delete all Registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.
My System SpecsSystem Spec
10 Feb 2013   #18

Windows 7 Home Premium
 
 

Without regard to the outcome of Revo, try the Microsoft Safety Scanner (64-bit version):
Microsoft

Post back on what it finds..
My System SpecsSystem Spec
10 Feb 2013   #19

Windows 7 Home Premium 64 bit SP1
 
 
win32/Small.CA virus

Installed Revo Uninstaller but could not find any traces of that Easy Burner. Do you ignore that Program Compatibility Assistant that comes up with Revo install that reads - Reinstall using recommended settings and below - This program installed correctly?

MSS scan - No infections MSRT - No infections

This sure has been a journey and Action Center still says to remove win32/Small.CA virus. Where in blazes could it be?

Farbar FSS.text log: (checked in those 6 items you listed)

Farbar Service Scanner Version: 10-02-2013
Ran by xxxxx (administrator) on 10-02-2013 at 22:14:24
Running from "C:\Users\xxxxxx\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
My System SpecsSystem Spec
11 Feb 2013   #20

Windows 7 Home Premium
 
 

Well, we keep on rolling...

Please download the Junkware Removal Tool:
Junkware Removal Tool Download
Save to the Desktop.

Temporarily shut down your protection software to avoid potential conflicts.

Right-click JRT.exe and select: Run as Administrator

The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report (JRT.txt) is saved on the Desktop.
Please post the contents of JRT.txt in your reply.



Next, please download Temp File Cleaner (TFC):
TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums

Double-click on TFC.exe to run the program.

Be sure to save any work in progress before running TFC!!

Click on Start to begin the cleaning process.
TFC closes all running programs, and may ask you to restart the computer.

When done, also check the Action Center.
My System SpecsSystem Spec
Reply

 win32/Small.CA virus




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:27 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33