Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Yet another with Win32/Small.CA virus detected


05 Sep 2013   #1

Windows 7 Pro 32bit
 
 
Yet another with Win32/Small.CA virus detected

I keep getting the annoying message to remove the Win32/Small.CA virus in the message centre, but if I click on the link given, my computer goes off and sulks and never seems to find the message.

I've run Malwarebytes, BitDefender and before I changed to BitDefender Total Security, I had and ran Sophos AV and I've still got the darn message.

Any guidance appreciated.


My System SpecsSystem Spec
.

05 Sep 2013   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
05 Sep 2013   #3

Windows 7 Pro 32bit
 
 

Thanks Jacee,

Here we go:- (Part 1)
Quote:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by David at 18:26:28 on 2013-09-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3071.1099 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Program Files\Zentimo\ZentimoService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\PrintDisp.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Abelssoft Backup\Backup.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\GO!Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\David\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Firetrust\MailWasher\MailWasherPro.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Program Files\Auction Sentry 4\AuctionSentry.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
BHO: Disabled:{724d43a9-0d85-11d4-9908-00400523e39a} - <orphaned>
BHO: Disabled:{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Disabled:{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - <orphaned>
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Disabled:{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Disabled:{B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OMEA] c:\program files\go!suite\deployment\functions\{aa58f999-6d97-42c2-a69f-8cc04d18d944}\OMEA.exe
mRun: [BootNaMir] c:\program files\wondershare\time freeze\BootSP.exe
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicdisc.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwasherpro.lnk - c:\program files\firetrust\mailwasher\MailWasherPro.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSecurityTab = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\david\appdata\roaming\speckie\bin32\Speckie32.dll
Trusted Zone: blank
Trusted Zone: clonewarsadventures.com
Trusted Zone: desktop
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{122E73FA-E100-4984-984D-BFF1AA4921C3} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{441DDDD1-1497-48FC-8FE1-F46BD0569067} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{7B79E702-DC62-412F-AD11-B7ABDD8535D6} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C90575FE-E3BA-4E38-939E-8A16C8CFF80F} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C90575FE-E3BA-4E38-939E-8A16C8CFF80F} : DHCPNameServer = 192.168.1.1 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\acaptuser32.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\1bjpo402.default-1365761907426\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101714.dll
FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-19 12:46; ffpwdman@bitdefender.com; c:\program files\bitdefender\bitdefender\ffpwdman
FF - ExtSQL: 2013-08-31 17:13; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\users\david\appdata\roaming\mozilla\firefox\profiles\1bjpo402.default-1365761907426\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
.
Continued below


Attached Files
File Type: txt attach.txt (23.9 KB, 0 views)
My System SpecsSystem Spec
.


05 Sep 2013   #4

Windows 7 Pro 32bit
 
 

Part 1 awaiting moderator approval?

Part 2:
Quote:
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-9-4 640560]
R0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\drivers\eLock2burnerlockdriver.sys [2010-1-14 22560]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-1-22 77696]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-9-4 162976]
R0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [2013-9-3 33896]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-1-5 57312]
R0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [2013-9-3 28648]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2012-1-22 84544]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-9-4 78144]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2013-9-4 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-9-4 72704]
R1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys [2011-1-7 11648]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_56758.sys [2013-8-21 330960]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-8-19 148688]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2011-11-14 277576]
R2 ASLSvc;Acer SmartBoot Service;c:\program files\acer\acer smartboot\ASLSvc.exe [2010-1-14 417792]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2010-9-23 13696]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\drivers\eLock2FSCTLDriver.sys [2010-1-14 87072]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2010-1-14 24576]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-11-18 255744]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc --> c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc [?]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2012-9-5 69632]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-8-19 1435928]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2013-9-4 81704]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2013-7-20 5120]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-8-29 4308320]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-9-4 54424]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2012-6-14 1177536]
R2 WebCamHelper;WebCamHelper;c:\progra~1\av webcam morpher\WebCamHelper.sys [2011-9-10 2688]
R2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [2013-6-28 121600]
R2 ZentimoService;Zentimo Assistant;c:\program files\zentimo\ZentimoService.exe [2011-12-12 259072]
R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvidv.sys [2010-9-19 285952]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-9-4 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-9-4 490144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-14 274984]
R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [2010-9-19 99968]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2010-12-31 734312]
R3 VCam_WDM;e2eSoft VCam;c:\windows\system32\drivers\VCam_WDM.sys [2012-12-25 104376]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-6-4 17792]
R3 vdrive;vdrive;c:\windows\system32\drivers\vdrive.sys [2011-1-7 34176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2012-4-15 1068216]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf_pc.sys [2013-9-4 96160]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-9-4 66832]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2010-10-24 103720]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-9-14 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-9-14 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-19 36640]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-8-19 97008]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-8-19 222416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-18 14848]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-18 49664]
S3 v3core;v3core;c:\windows\system32\drivers\v3core.sys [2010-9-14 270720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-9-4 68344]
S4 gfi_backup_mcs;GFI Backup Management Console Service;c:\program files\gfi\gfi backup administration console\backupmcs.exe [2010-4-27 99840]
S4 GFIBackupAdministrationConsole;GFI Backup Administration Console;c:\program files\gfi\gfi backup administration console\apache\bin\httpd.exe [2010-7-22 24645]
S4 GFIBckBAtt;GFI Backup Attendant Service;c:\progra~1\gfi\gfibac~3\GFIBInst.exe [2011-7-13 945520]
S4 GFIBckBSched;GFI Backup Scheduler Service;c:\progra~1\gfi\gfibac~3\GFIBSC~1.EXE [2011-7-13 2613616]
S4 GFIBckDiskImage;GFI Backup DiskImage;c:\progra~1\gfi\gfibac~3\diskimage\win32\oodiag.exe [2011-7-13 2699264]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-9-4 95232]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S4 Realtek11nCU;Realtek11nCU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2011-3-30 36864]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-1-14 240160]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\jgsoft\editpadpro6\EditPadPro.exe" "%1"
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-05 12:44:00 -------- d-----w- c:\windows\ERUNT
2013-09-04 11:11:37 794392 ----a-w- c:\programdata\1378290538.bdinstall.bin
2013-09-04 10:38:09 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-09-04 10:38:08 78144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2013-09-04 10:38:08 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-09-04 10:37:59 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-09-04 10:37:59 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-09-04 10:37:59 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-09-04 10:31:34 -------- d-----w- c:\users\david\appdata\roaming\Bitdefender
2013-09-04 10:29:16 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-09-04 10:29:14 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-04 09:21:55 255995 ----a-w- c:\programdata\1378286392.bdinstall.bin
2013-09-04 09:18:28 -------- d-----w- C:\Sophos103
2013-09-03 11:07:08 21464 ----a-w- c:\windows\system32\NaBootMir.exe
2013-09-03 11:06:40 37016 ----a-w- c:\windows\system32\drivers\FolderHK.sys
2013-09-03 11:06:40 33896 ----a-w- c:\windows\system32\drivers\HKDirFlt.sys
2013-09-03 11:06:40 28648 ----a-w- c:\windows\system32\drivers\MirDisk.sys
2013-09-03 11:06:40 -------- d-----w- c:\program files\Wondershare
2013-09-02 10:46:06 49935 ----a-w- c:\programdata\1378118679.bdinstall.bin
2013-09-02 10:37:16 848725 ----a-w- c:\programdata\1378117318.bdinstall.bin
2013-09-02 10:33:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-09-02 10:33:28 -------- d-----w- c:\programdata\BDLogging
2013-09-02 10:33:15 511328 ----a-w- c:\windows\capicom.dll
2013-09-02 10:22:18 -------- d-----w- c:\programdata\Bitdefender
2013-09-02 10:22:15 -------- d-----w- c:\program files\Bitdefender
2013-09-02 10:21:58 -------- d-----w- c:\users\david\appdata\roaming\QuickScan
2013-09-02 10:12:51 -------- d-----w- c:\program files\common files\Bitdefender
2013-09-01 07:40:21 -------- d-----w- c:\programdata\Balls
2013-08-31 16:32:18 -------- d-----w- c:\users\david\appdata\local\Halvar Information
2013-08-31 09:05:52 -------- d-----w- c:\program files\Wise
2013-08-31 08:40:17 -------- d-----w- c:\programdata\Islands
2013-08-29 21:56:53 -------- d-sh--w- C:\Boot
2013-08-29 20:51:53 -------- d-----w- c:\users\david\appdata\roaming\SUPERAntiSpyware.com
2013-08-29 17:24:56 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-29 17:03:26 208896 ----a-w- c:\windows\MBR.exe
2013-08-29 17:03:25 256000 ----a-w- c:\windows\PEV.exe
2013-08-29 17:03:24 98816 ----a-w- c:\windows\sed.exe
2013-08-29 17:02:50 -------- d-s---w- C:\ComboFix
2013-08-29 16:32:52 -------- d-----w- c:\users\david\appdata\roaming\FolderSync
2013-08-29 16:32:48 -------- d-----w- c:\users\david\appdata\roaming\OutlookSync
2013-08-29 16:31:13 -------- d-----w- c:\users\david\appdata\roaming\OTi
2013-08-29 16:20:45 -------- d-----w- c:\program files\GO!Suite
2013-08-28 06:06:20 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce059028-7dc4-4f80-9017-a5786c165865}\mpengine.dll
2013-08-26 12:12:29 -------- d-----w- c:\users\david\appdata\roaming\Hornil
2013-08-26 12:12:27 -------- d-----w- c:\program files\Hornil
2013-08-25 19:53:10 -------- d-----w- c:\users\david\appdata\local\SCE
2013-08-24 10:35:41 -------- d-----w- c:\users\david\IOption
2013-08-24 09:41:11 -------- d-----w- c:\programdata\clonehdd
2013-08-23 07:32:52 -------- dc----w- c:\users\david\appdata\local\MigWiz
2013-08-22 20:30:21 -------- d-----w- c:\users\david\appdata\roaming\MoonriseInteractive
2013-08-21 13:40:39 -------- d-----w- c:\users\david\appdata\roaming\iPubsoft
2013-08-19 10:50:13 -------- d-----w- c:\program files\WinMerge
2013-08-19 10:01:36 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-08-19 09:10:54 -------- d-----w- c:\program files\Firetrust
2013-08-15 06:52:57 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 06:51:30 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 06:51:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 06:51:30 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 06:51:30 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 06:49:56 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 06:49:55 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 06:49:55 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 06:48:25 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 06:46:55 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 06:43:57 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 06:42:22 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M ====================
.
2013-09-03 09:24:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2013-08-21 09:28:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 09:28:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-01 11:51:58 32459 ----a-w- c:\programdata\1375357889.bdinstall.bin
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 10:16:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-12 21:50:38 114 ----a-w- c:\windows\Printdir.bat
2013-06-12 20:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-12 20:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 20:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 18:28:55.20 ===============
My System SpecsSystem Spec
05 Sep 2013   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I see you've used Combofix: 2013-08-29 17:02:50 -------- d-s---w- C:\ComboFix

Please go to C:\qoobox and/or C:\QooBox\combofix-quarantine-files.txt
copy and paste the .txt log for me to see.
My System SpecsSystem Spec
05 Sep 2013   #6

Windows 7 Pro 32bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
I see you've used Combofix: 2013-08-29 17:02:50 -------- d-s---w- C:\ComboFix

Please go to C:\qoobox and/or C:\QooBox\combofix-quarantine-files.txt
copy and paste the .txt log for me to see.
Right, Don't remember downloading or running this, but no text files in any folders in C:\QooBox and no txt files at all in QooBox directory, just mainly empty folders: BackEnv, LastRun, Quarantine, Test & TestC. Only files are in BackEnv and they are all dat files.
My System SpecsSystem Spec
05 Sep 2013   #7

Windows 7 Home Premium
 
 

Dragonride,

Can you use the Snipping Tool to obtain a capture of the Action Center notification:

How to Use the Snipping Tool in Vista and Windows 7
How to Use the Snipping Tool in Vista

Can you click on 'problem details' in the warning, and also provide a capture?

Last, in Action Center > Security
What does it say underneath: Virus Protection
My System SpecsSystem Spec
06 Sep 2013   #8

Windows 7 Pro 32bit
 
 
for cottonball

Action Center Notification:



Click on link, resulting Non-reponsive AC:



Action Center Security:



Clicking on the View Message Details button returns me to the second image.
My System SpecsSystem Spec
06 Sep 2013   #9

Windows 7 Home Premium
 
 

Thanks for providing the images.

The following program should pick up the event that occurred on 30August2013.

The Event Viewer tool (VEW) by Vino Rosso is free and can help look at system event logs for error messages and other information that may be pertinent.
 
: VEW download:
http://images.malwareremoval.com/vino/VEW.exe
Save to the Desktop
Right-click the icon on the Desktop (VEW.exe), and select: Run as Administrator
Click Allow at the User Account Control (UAC) prompt.

At the VEW program console:
In the Select log to query section, check:
Application
System

In the Select type to list section, check:
Critical (not XP)
Error
Warning

In the Number or date of events section, check:
Number of events
Type 20 in the 1 -20 box

Now, press the Run button.

A Notepad report opens on the Desktop when the program is done.

Please post it in your reply.


Also, download Farbar Service Scanner
Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
06 Sep 2013   #10

Windows 7 Pro 32bit
 
 

I seem to have rather a number of events since the 30/8

Quote:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/09/2013 14:27:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/09/2013 09:50:21
Type: Error Category: 0
Event: 2001 Source: Microsoft Office 14
Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?.

Log: 'Application' Date/Time: 06/09/2013 09:49:57
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: OUTLOOK.EXE, version: 14.0.6131.5000, time stamp: 0x509b1020 Faulting module name: spCapBtn.dll_unloaded, version: 0.0.0.0, time stamp: 0x51fa250c Exception code: 0xc0000005 Fault offset: 0x023b0b44 Faulting process id: 0x1544 Faulting application start time: 0x01ceaae58a71e760 Faulting application path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path: spCapBtn.dll Report Id: b0077156-16d9-11e3-a15d-90fba684c135

Log: 'Application' Date/Time: 06/09/2013 05:47:26
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1358 Start Time: 01ceaac3c9b11448 Termination Time: 40 Application Path: C:\Windows\explorer.exe Report Id: cc02b26e-16b7-11e3-9dc8-90fba684c135

Log: 'Application' Date/Time: 06/09/2013 05:41:52
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11cc Start Time: 01ceaac2a5c9adb5 Termination Time: 33 Application Path: C:\Windows\Explorer.EXE Report Id: 02c577d9-16b7-11e3-9dc8-90fba684c135

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/09/2013 09:51:13
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\David\AppData\Local\Microsoft\Outlook\archive (1).pst (error=0x8134081f). If this error continues, contact Microsoft Support.

Log: 'Application' Date/Time: 05/09/2013 15:16:31
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-392035571-2704842777-1394014257-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/09/2013 06:54:01
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 06:54:01
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/4040352340/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 06:54:01
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 06:54:01
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/4040352340/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 06:53:24
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SBRE

Log: 'System' Date/Time: 06/09/2013 06:53:23
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 06/09/2013 06:53:22
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk5\DR5.

Log: 'System' Date/Time: 06/09/2013 06:53:21
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The XAMPP Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 06/09/2013 06:53:15
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 06/09/2013 06:53:09
Type: Error Category: 0
Event: 24620 Source: Microsoft-Windows-BitLocker-Driver
Encrypted volume check: Volume information on \\?\Volume{d9751ffb-476c-11df-bd9e-806e6f6e6963} cannot be read.

Log: 'System' Date/Time: 06/09/2013 06:53:09
Type: Error Category: 0
Event: 24620 Source: Microsoft-Windows-BitLocker-Driver
Encrypted volume check: Volume information on \\?\Volume{d9751ffa-476c-11df-bd9e-806e6f6e6963} cannot be read.

Log: 'System' Date/Time: 06/09/2013 05:35:17
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 05:35:17
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/4040352340/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 05:35:16
Type: Error Category: 0
Event: 14349 Source: Microsoft-Windows-WMPNSS-Service
A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 05:35:16
Type: Error Category: 0
Event: 14353 Source: Microsoft-Windows-WMPNSS-Service
A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/4040352340/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Log: 'System' Date/Time: 06/09/2013 05:33:02
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SBRE

Log: 'System' Date/Time: 06/09/2013 05:33:02
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 06/09/2013 05:32:59
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The XAMPP Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 06/09/2013 05:32:53
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 06/09/2013 05:32:38
Type: Error Category: 0
Event: 24620 Source: Microsoft-Windows-BitLocker-Driver
Encrypted volume check: Volume information on \\?\Volume{d9751ffb-476c-11df-bd9e-806e6f6e6963} cannot be read.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/09/2013 06:53:24
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&2C5E86A3&0&058F63636476&0#.

Log: 'System' Date/Time: 06/09/2013 06:53:05
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 06/09/2013 06:52:33
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/09/2013 06:14:43
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/09/2013 06:14:43
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\Rtlihvs.dll

Log: 'System' Date/Time: 06/09/2013 05:33:03
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&2C5E86A3&0&058F63636476&0#.

Log: 'System' Date/Time: 06/09/2013 05:32:19
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 06/09/2013 05:31:49
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/09/2013 21:15:58
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/09/2013 21:15:56
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\Rtlihvs.dll

Log: 'System' Date/Time: 05/09/2013 20:56:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&2C5E86A3&0&058F63636476&0#.

Log: 'System' Date/Time: 05/09/2013 20:55:55
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/09/2013 20:55:25
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/09/2013 17:44:37
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/09/2013 17:44:37
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\Rtlihvs.dll
And the FSS Log:
Quote:
Farbar Service Scanner Version: 05-09-2013
Ran by David (administrator) on 06-09-2013 at 14:29:12
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-15 07:48] - [2013-07-06 06:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-15 07:51] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 10:57] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
Reply

 Yet another with Win32/Small.CA virus detected




Thread Tools



Similar help and support threads for2: Yet another with Win32/Small.CA virus detected
Thread Forum
Win32/Small.CA virus removal System Security
Solved Virtool win32 Obfuscator.xz detected System Security
win32/Small.CA virus System Security
How can I be sure if I am still infected with "Win32/Small.CA" virus". System Security
Win 7 Action Center reports pc is infected with win32/Small.ca trogan System Security
Win32:Small-CHC[Trj] System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:11 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33