Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: win32/Small.CA virus

11 Mar 2013   #41
radman3d

Windows 7 64 Home
 
 

Will do, it will have to wait until tomorrow...at work until mid-night. Do I just attach it here?


My System SpecsSystem Spec
.
11 Mar 2013   #42
cottonball

Windows 7 Home Premium
 
 

If the file is not too long, you can just pot it.

If not, attach is fine.
My System SpecsSystem Spec
12 Mar 2013   #43
radman3d

Windows 7 64 Home
 
 

Here is the text file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Asus on Mon 03/11/2013 at 10:41:35.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Users\Asus\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\smartbar
Failed to delete: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted the following from C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\prefs.js

user_pref("CT2260173.1000082.isPlayDisplay", "true");
user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT2260173.1000234.TWC_TMP_city", "STOCKBRIDGE");
user_pref("CT2260173.1000234.TWC_TMP_country", "US");
user_pref("CT2260173.1000234.TWC_country", "UNITED STATES");
user_pref("CT2260173.1000234.TWC_locId", "USGA0538");
user_pref("CT2260173.1000234.TWC_location", "Stockbridge, GA");
user_pref("CT2260173.1000234.TWC_region", "US");
user_pref("CT2260173.1000234.TWC_temp_dis", "f");
user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"56F\",\"temperatureClear\":\"56F\",\"highTemperature\":\"6 4F\",\"lowTemperature\":\"39
user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.FF19Solved", "true");
user_pref("CT2260173.FirstTime", "true");
user_pref("CT2260173.FirstTimeFF3", "true");
user_pref("CT2260173.UserID", "UN42062467072460616");
user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2260173.addressUrlXPETakeover", "true");
user_pref("CT2260173.autoDisableScopes", -1);
user_pref("CT2260173.defaultSearch", "false");
user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\" :true,\"getMainFrameUrl\":true,\"get
user_pref("CT2260173.enableAlerts", "always");
user_pref("CT2260173.enableFix404ByUser", "FALSE");
user_pref("CT2260173.enableSearchFromAddressBar", "true");
user_pref("CT2260173.firstTimeDialogOpened", "true");
user_pref("CT2260173.fixPageNotFoundError", "true");
user_pref("CT2260173.fixPageNotFoundErrorByUser", "true");
user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2260173.fixUrls", true);
user_pref("CT2260173.installDate", "6/3/2013 9:05:56");
user_pref("CT2260173.installId", "dm");
user_pref("CT2260173.installType", "conduitnsisintegration");
user_pref("CT2260173.isCheckedStartAsHidden", true);
user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.keyword", "true");
user_pref("CT2260173.lastVersion", "10.14.65.43");
user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
user_pref("CT2260173.migrateAppsAndComponents", true);
user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fus-mg6.mail.yahoo.com%2Fneo%2Flaunch%3F.rand%3D5csapj8ojjckr\",\"EB
user_pref("CT2260173.openThankYouPage", "true");
user_pref("CT2260173.openUninstallPage", "true");
user_pref("CT2260173.revertSettingsEnabled", "false");
user_pref("CT2260173.search.searchAppId", "128848965243869715");
user_pref("CT2260173.search.searchCount", "2");
user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362578782894");
user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1362970498713");
user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362578781742");
user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1362943903760");
user_pref("CT2260173.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363005465871");
user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362578781703");
user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1362943903884");
user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1362943903663");
user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1362943903908");
user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362578781639");
user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1363005467629");
user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1362943904403");
user_pref("CT2260173.settingsINI", true);
user_pref("CT2260173.shouldFirstTimeDialog", "false");
user_pref("CT2260173.smartbar.CTID", "CT2260173");
user_pref("CT2260173.smartbar.Uninstall", "0");
user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
user_pref("CT2260173.startPage", "false");
user_pref("CT2260173.toolbarBornServerTime", "6-3-2013");
user_pref("CT2260173.toolbarCurrentServerTime", "11-3-2013");
user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363011081312,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
user_pref("smartbar.originalSearchAddressUrl", "");
Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/11/2013 at 11:02:18.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
.

12 Mar 2013   #44
cottonball

Windows 7 Home Premium
 
 

radman3d,

MyWebSearch, to my understanding is powered by Conduit, which shows on the report.

It also comes bundled with other stuff.

When you download programs, keep an eye on the fine print, or on an occassional item that is checked...
It might be a Gotcha!!
My System SpecsSystem Spec
12 Mar 2013   #45
radman3d

Windows 7 64 Home
 
 

I saw conduit on the report. Not sure where it came from. I try to catch all those that are checked and uncheck them. One may have slipped by. I will have to be more vigilant for now on. Thanks for the help, cottonball.
My System SpecsSystem Spec
12 Mar 2013   #46
cottonball

Windows 7 Home Premium
 
 

Glad to help!

Good luck, radman3d!!
My System SpecsSystem Spec
Reply

 win32/Small.CA virus




Thread Tools




Similar help and support threads
Thread Forum
How do I know if I actually have the Win32/Small.CA virus?
Hi hi all and thanks in advance for taking the time to read this. I hope I can get some help with this as well as help persons who also need help with this. I had posted this same message on TomsHardware.com but to no avail, I got no responses so I hope SevenForums can be more help. So Friday I...
System Security
Win32/Small.CA virus detected
Ive just received an action centre message stating Win32/Small.CA virus detected Part 1 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2 Run by matthew.gee at 14:54:17 on 2013-09-19 Microsoft Windows 7 Enterprise ...
System Security
Yet another with Win32/Small.CA virus detected
I keep getting the annoying message to remove the Win32/Small.CA virus in the message centre, but if I click on the link given, my computer goes off and sulks and never seems to find the message. I've run Malwarebytes, BitDefender and before I changed to BitDefender Total Security, I had and ran...
System Security
Win32/Small.CA virus removal
Hi Can anyone help me get rid of this virus? Windows Action centre is telling me I have the Win32/Small.CA virus and it stopped my PC working on the 19th June. Since then I have run various antivirus software (Sophos, Malwarebytes, Microsoft security scanner) but none of them have found...
System Security
How can I be sure if I am still infected with "Win32/Small.CA" virus".
Hi I got a "Solve PC Issues" (white flag) saying "Remove the Win32/Small.CA virus". I am running MSE (Microsoft Security Essentials) on Windows 7 Pro (x64). So I did an update followed by a full scan using MSE. I then ran - Malware Anti-Virus - SUPERAntispyware - Microsoft Safety Scanner...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:45.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App