win32/Small.CA virus

Page 5 of 5 FirstFirst ... 345

  1. Posts : 94
    Windows 7 64 Home
       #41

    Will do, it will have to wait until tomorrow...at work until mid-night. Do I just attach it here?
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #42

    If the file is not too long, you can just pot it.

    If not, attach is fine.
      My Computer


  3. Posts : 94
    Windows 7 64 Home
       #43

    Here is the text file:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.9 (03.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Asus on Mon 03/11/2013 at 10:41:35.77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2260173
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\Users\Asus\AppData\Roaming\searchprotect"
    Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\swag_bucks"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Failed to delete: [Folder] "C:\Program Files (x86)\searchprotect"
    Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\smartbar
    Failed to delete: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    Successfully deleted the following from C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\prefs.js

    user_pref("CT2260173.1000082.isPlayDisplay", "true");
    user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
    user_pref("CT2260173.1000234.TWC_TMP_city", "STOCKBRIDGE");
    user_pref("CT2260173.1000234.TWC_TMP_country", "US");
    user_pref("CT2260173.1000234.TWC_country", "UNITED STATES");
    user_pref("CT2260173.1000234.TWC_locId", "USGA0538");
    user_pref("CT2260173.1000234.TWC_location", "Stockbridge, GA");
    user_pref("CT2260173.1000234.TWC_region", "US");
    user_pref("CT2260173.1000234.TWC_temp_dis", "f");
    user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
    user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"56°F\",\"temperatureClear\":\"56°F\",\"highTemperature\":\"6 4°F\",\"lowTemperature\":\"39
    user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    user_pref("CT2260173.FF19Solved", "true");
    user_pref("CT2260173.FirstTime", "true");
    user_pref("CT2260173.FirstTimeFF3", "true");
    user_pref("CT2260173.UserID", "UN42062467072460616");
    user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
    user_pref("CT2260173.addressUrlXPETakeover", "true");
    user_pref("CT2260173.autoDisableScopes", -1);
    user_pref("CT2260173.defaultSearch", "false");
    user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\" :true,\"getMainFrameUrl\":true,\"get
    user_pref("CT2260173.enableAlerts", "always");
    user_pref("CT2260173.enableFix404ByUser", "FALSE");
    user_pref("CT2260173.enableSearchFromAddressBar", "true");
    user_pref("CT2260173.firstTimeDialogOpened", "true");
    user_pref("CT2260173.fixPageNotFoundError", "true");
    user_pref("CT2260173.fixPageNotFoundErrorByUser", "true");
    user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
    user_pref("CT2260173.fixUrls", true);
    user_pref("CT2260173.installDate", "6/3/2013 9:05:56");
    user_pref("CT2260173.installId", "dm");
    user_pref("CT2260173.installType", "conduitnsisintegration");
    user_pref("CT2260173.isCheckedStartAsHidden", true);
    user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
    user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    user_pref("CT2260173.keyword", "true");
    user_pref("CT2260173.lastVersion", "10.14.65.43");
    user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
    user_pref("CT2260173.migrateAppsAndComponents", true);
    user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fus-mg6.mail.yahoo.com%2Fneo%2Flaunch%3F.rand%3D5csapj8ojjckr\",\"EB
    user_pref("CT2260173.openThankYouPage", "true");
    user_pref("CT2260173.openUninstallPage", "true");
    user_pref("CT2260173.revertSettingsEnabled", "false");
    user_pref("CT2260173.search.searchAppId", "128848965243869715");
    user_pref("CT2260173.search.searchCount", "2");
    user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
    user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
    user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
    user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
    user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
    user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
    user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362578782894");
    user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1362970498713");
    user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362578781742");
    user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1362943903760");
    user_pref("CT2260173.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363005465871");
    user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362578781703");
    user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1362943903884");
    user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1362943903663");
    user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1362943903908");
    user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362578781639");
    user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1363005467629");
    user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1362943904403");
    user_pref("CT2260173.settingsINI", true);
    user_pref("CT2260173.shouldFirstTimeDialog", "false");
    user_pref("CT2260173.smartbar.CTID", "CT2260173");
    user_pref("CT2260173.smartbar.Uninstall", "0");
    user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
    user_pref("CT2260173.startPage", "false");
    user_pref("CT2260173.toolbarBornServerTime", "6-3-2013");
    user_pref("CT2260173.toolbarCurrentServerTime", "11-3-2013");
    user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363011081312,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
    user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
    user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
    user_pref("smartbar.originalSearchAddressUrl", "");
    Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\minidumps [7 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 03/11/2013 at 11:02:18.16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #44

    radman3d,

    MyWebSearch, to my understanding is powered by Conduit, which shows on the report.

    It also comes bundled with other stuff.

    When you download programs, keep an eye on the fine print, or on an occassional item that is checked...
    It might be a Gotcha!!
      My Computer


  5. Posts : 94
    Windows 7 64 Home
       #45

    I saw conduit on the report. Not sure where it came from. I try to catch all those that are checked and uncheck them. One may have slipped by. I will have to be more vigilant for now on. Thanks for the help, cottonball.
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #46

    Glad to help!

    Good luck, radman3d!!
      My Computer


 
Page 5 of 5 FirstFirst ... 345

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:15.
Find Us