Windows action center has told me to "remove the Win32/Small.CA virus from your computer".
Since then my computer has blue screened many times, usually about 2 minutes after boot.
When I try to run scans with Kaspersky 2011 and MRT they are stopped for some reason (guessing the virus).
I have used scanned with , tdsskiller, ComboFix, Malwarebytes, ESET, windows defender, HitmanPro and SuperAntiSpyware. All of these find nothing.
Seems I'm a late catcher of this virus with a few posts on this around December 2011, but haven't seen any solutions. Some talk about this being a false positive but with the amount of crashes that I'm getting.... bit dubious?
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
I have not yet looked at your log but the error code: 0x0000001e indicates that Windows has detected that the processor is attempting to process an unkown or invalid instruction. This is most often due to a hardware driver. The driver must eitheir be reinstalled or updated. It causes a memory dump.
In your case, you should check video card, sound card, and printer driver as well as any other hardware you may have connected.
Please remember that all of your drivers should be compatible with your OS.
My first study of the log does not show obvious malware but there is a possible W32/Heuristic-210!Eldorado trojan. I wish however to go about this with prudence.
1. I would like you to go to search for this file: pev.exe and tell me what the properties are.
2. I would like you to delete all of the antivirus applications you have recently downloaded except the one you have paid for. More than one antivirus application will cause conflicts, not detect malware or cause false alerts.
3. On your desktop, ZHP Diag created ZHP Fix. Launch ZHP Fix and click on the large X.
4. Copy and paste the following lines which are redundant and obsolete processes or orphean keys:
I may be repeating myself but when you installed ZHP Diag, three icons were created on your desktop: ZHP Diag, ZHP Fix and MRB Check.
I meant to use ZHP Fix. Double click it, at the top you will see a large H which stands for helper or hospital or hip hip hip hurrah.
The pev.exe in C:\combofix is probably in a quarantine file.
The pev.exe in C:\windows is the one I am interested in and which is 80% chance of malware. I would like to know everything that is said under the tab "version".
After you have run ZHP Fix, I would like to know if the state of your machine is healthy. Delete the previous ZHP Diag log from your machine and send me a new one for verification and further instructions.
P.S. Please, don't ha ha, this is serious stuff and I'm driving...entering a tunnel... catch you later
Now, you mention that you do not have Internet. I am not an Internet connection or configuration expert but a virus security contributor.
Nonetheless, I don't know what kind of Internet connection you priviledge. I have noted a few items which may ring bells to you or guide you to restore it.
1. You are using a proxy. (You can stop the use of a proxy in your Internet settings)
2. Seems that you have installed Wifi.
3. Google Chrome often creates connection problems
4. You Internet Explorer control panel has been deactivated.
Please delete Eset Online scanner as well as any other antivirus applications you may have installed except your Kaspersky which an excellent antivirus suite. (None are 100% proof)
Let me know about your internet connection. I am keeping your log on file for 3 days, in case you need my help again.