IDP.Trojan Crpt.AQLW Issues

Their is no OS running on the F:/ drive, however it does seem to be infected with something as their is a $RECYCLE.BIN folder

mgadiag.txt


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE21
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TV7MC-7MV9J-KJ3TY
Windows Product Key Hash: lCbeR4W9iEXWpqMYUWEzLtdzIi8=
Windows Product ID: 00371-152-2839481-85843
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {28DB8098-55C5-4C0D-833E-906BF774C36D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Access 2007 - 100 Genuine
Microsoft Office Excel 2007 - 103 Blocked VLK
Microsoft Office PowerPoint 2007 - 103 Blocked VLK
Microsoft Office Publisher 2007 - 100 Genuine
Microsoft Office Outlook 2007 - 100 Genuine
Microsoft Office Word 2007 - 103 Blocked VLK
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{28DB8098-55C5-4C0D-833E-906BF774C36D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KJ3TY</PKey><PID>00371-152-2839481-85843</PID><PIDType>5</PIDType><SID>S-1-5-21-541655578-1006378361-3361530724</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-UD3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F6</Version><SMBIOSVersion major="2" minor="4"/><Date>20081114000000.000000+000</Date></BIOS><HWID>D1CC3907018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0015-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Access 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89384-707-0356806-63147</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0016-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Excel 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89385-707-0356806-63210</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0018-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office PowerPoint 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89400-707-0356806-63925</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0019-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Publisher 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89404-707-0356806-63595</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001A-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Outlook 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89399-707-0356806-63075</Pid><PidType>14</PidType></Product><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>437005356259D86</Val><Hash>G5Qjl2nuHEjAmcG9TDdU8SHIOkc=</Hash><Pid>89407-707-0356806-63723</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-152-283948-01-1033-7600.0000-3172009
Installation ID: 012843030550324256174432524860840414971714476816553442
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: KJ3TY
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/29/2012 9:35:50 AM

Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000003EFFF
Event Time Stamp: 5:27:2012 16:44
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\watadminsvc.exe
Tampered File: %systemroot%\system32\wat\watweb.dll
Tampered File: %systemroot%\system32\wat\npwatweb.dll
Tampered File: %systemroot%\system32\wat\watux.exe
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys
Tampered File: %systemroot%\system32\drivers\spldr.sys


HWID Data-->
HWID Hash Current: RAAAAAIABgABAAIAAgABAAAABQABAAEA6GGE2Wrw7+2ENAiFwo8MNUa85L+gRc5w4HmC3o3vKs9OEwbV1jCuJa8lRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT
SSDT PmRef CpuPm
 
wvcheck.txt

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0938_29-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2012-05-06 17:09:50
Last Success Time for Update Download: 2012-05-06 17:14:37
Last Success Time for Update Installation: 2012-05-06 17:21:34


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 10/10/2011 21:57:4
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 26/5/2011 15:20:40
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 26/5/2011 15:20:40
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 10/10/2011 21:57:4
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 1046_29-05-2012 --------
 
ckflies.txt


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\n3v games\ts12\userdata\backups\11-12-13\crackedmud\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-13\crackedmud\crackedmud.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-14\cb_crackedrock\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-14\cb_crackedrock\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\ballest dark.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\ballest dark.tga
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\bricks old daek.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\bricks old daek.tga
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\config.chump
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel bore cover 2t.im
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel cover red.texture.txt
c:\program files\n3v games\ts12\userdata\backups\11-12-27\tunnel prr 2 track stone concrete crack cover\tunnel cover red.tga
c:\program files\n3v games\ts12\userdata\backups\12-01-23\coal_bagging_hopper\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-01-26\crackers boxed on pallet\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-01-26\crackers boxed on pallet\icon.tga
c:\program files\n3v games\ts12\userdata\backups\12-01-27\m6ns_a\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\ballest dark.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\ballest dark.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old daek.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old daek.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\bricks old.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel bore cover 1t.im
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel cover red.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-13\tunnel prr 1t crack cover\tunnel cover red.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\preview.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-25\cracked_cement_a1\user_license.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\soil cracked 1.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 1\soil cracked 1.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\soil cracked 2.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 2\soil cracked 2.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\config.chump
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\normal.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\normal.tga
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\soil cracked 3.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-02-29\soil cracked 3\soil cracked 3.tga
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.texture
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.texture.txt
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 130544 28011 2\wooden_cracked_plank_7040207.tga
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 38793 270001 1\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\backups\12-03-06\kuid2 38793 270001 1\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-23\kuid 5204 21041\cb_crackedrock_brown.texture
c:\program files\n3v games\ts12\userdata\local\hash-32\kuid 5204 21024\cb_crackedrock.texture
c:\program files\n3v games\ts12\userdata\local\hash-32\kuid 5204 21024\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\local\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\local\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\original\hash-21\kuid 5204 21043\cb_crackedrock_ltbrown.texture
c:\program files\n3v games\ts12\userdata\original\hash-21\kuid 5204 21043\cb_crackedrock_ltbrown.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-32\kuid 5204 21024\cb_crackedrock.texture
c:\program files\n3v games\ts12\userdata\original\hash-32\kuid 5204 21024\cb_crackedrock.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.texture
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-40\kuid2 334896 1133 1\soil cracked 2.tga
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.texture
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-41\kuid2 334896 1132 1\soil cracked 1.tga
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.texture
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-43\kuid2 334896 1134 1\soil cracked 3.tga
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.texture
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-64\kuid2 93677 10700 2\cracked.tga
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-70\kuid2 65769 22222 1\cookiesheet_crackle_ofsq.tga
c:\program files\n3v games\ts12\userdata\original\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-93\kuid2 130544 15013 3\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1-normal.tga
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-9b\kuid2 453099 1179 1\cracked-cement-a1.tga
c:\program files\n3v games\ts12\userdata\original\hash-a9\kuid 2300 21007\crackedmud.texture
c:\program files\n3v games\ts12\userdata\original\hash-a9\kuid 2300 21007\crackedmud.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-ac\kuid2 130544 15002 6\m6-b_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-ac\kuid2 130544 15002 6\m6-b_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-ad\kuid2 130544 15003 6\m6-a_body\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-ad\kuid2 130544 15003 6\m6-a_body\cookiesheet_crackle_ofsq.texture.txt
c:\program files\n3v games\ts12\userdata\original\hash-fe\kuid2 117948 1163 2\cookiesheet_crackle_ofsq.texture
c:\program files\n3v games\ts12\userdata\original\hash-fe\kuid2 117948 1163 2\cookiesheet_crackle_ofsq.texture.txt
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\programdata\adobe\photoshop elements\6.0\locale\en_us\photo creations metadata\backgrounds\cracked paint.xml
c:\users\nathan\downloads\google_sketchup_pro_8___keygen_[misterpale].6337876.tpb.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.0.4811.incl.crack.serials.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.eng.crack.torrent
c:\users\nathan\downloads\conv3ds\photoshop extended 12.0 keygen + howto\howto generate a serial for photoshop extended 12.0 (cs5.x).pdf
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer.rar
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\googlesketchupprowen 8.0.4811.exe
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\readme.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\serials.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\crack\sketchup.exe
c:\users\nathan\music\itunes\itunes media\music\compilations\itunes holiday sampler\17 the nutcracker, op. 71, act 2_ ch.m4a
c:\windows.old\users\nathan\music\itunes\itunes music\mastodon\crack the skye\01 oblivion.m4a
scanner sequence 3.ZZ.11.TVAPVJ
----- EOF -----
 
Hi boatnerd06,

Thank you for the logs.

A number of issues will need to be addressed in order that I continue to assist you the malware issues on your computer.

Did you install the following software? If so, how did you come by this software?
Adobe Creative Suite 3 Master Collection

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Non-Genuine Office Product(s)

The following Microsoft software installations on your computer are non-genuine:

Microsoft Office Excel 2007
Microsoft Office PowerPoint 2007
Microsoft Office Word 2007

All have been installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, i.e. more installations of Windows using that key than is authorized.

Please refer to Safer-Networking's policy regarding the use of illegal Pirated/Warez/Cracked software below.
If you still want to receive assistance, please remove the illegal items from your computer. If you still need the software, you will need to get a legal version from a legitimate source.
If you advise that the illegal software has been removed and I find otherwise (- the tools we use can and will detect them), then I will be left no choice but to have this topic closed.
If further such findings occur afterwards, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Read this article to see if you qualify for the Genuine Office Offer.

The following freeware office suites are available as alternative options:

Step 2:
Cracked/Pirated Software Detected!

Checking through your logs I can detect that you have downloaded and installed cracked software on the computer.

c:\users\nathan\downloads\google_sketchup_pro_8___keygen_[misterpale].6337876.tpb.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.0.4811.incl.crack.serials.torrent
c:\users\nathan\downloads\[kat.ph]google.sketchup.pro.8.eng.crack.torrent
c:\users\nathan\downloads\conv3ds\photoshop extended 12.0 keygen + howto\howto generate a serial for photoshop extended 12.0 (cs5.x).pdf
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer.rar
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\googlesketchupprowen 8.0.4811.exe
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\readme.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\serials.nfo
c:\users\nathan\downloads\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer\crack\sketchup.exe

This may or may not be related to your computer issues, however, if you wish me to continue helping you, then you must remove both the keygen and crack files as well as the related programs.

May I draw your attention to THIS TOPIC.
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.
Click to expand...

Step 3:
Uninstall Programs

P2P Software Present!

IMPORTANT There are signs of a P2P (Peer-to-Peer) Related File Sharing Program installed on your computer.

vShare.tv plugin 1.3
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

In order to continue assisting you with your malware issues I will require you to uninstall the P2P software.

Registry Cleaners - Advisory

I notice that the Uniblue SpeedUpMyPC 2009 is installed on this computer. This product incorporates a Registry Cleaner function.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop.
Click to expand...
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

The decision whether or not to remove this program is yours.

Steering clear of such products in future will reduce your exposure to potential malware threats.

Please follow the instructions below to remove these programs:

  1. Select Start > Control Panel > Programs > Programs and Features.
  2. Under the Programs heading, click on Uninstall a program.
  3. Scroll down the list of installed programs and locate the following program:

    Uniblue SpeedUpMyPC 2009 <-- Opional Removal - see reasons provided above
    vShare.tv plugin 1.3

  4. Right-click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list.
  6. When finished Close the Control Panel window.
  7. Restart the computer to complete removal of the program.

Step 4:
Re-Run CKScanner

Please re-run CKScanner. Then Copy and Paste the contents of the ckfiles.txt log into your next reply.

Step 5:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of the DDS.txt and Attach.txt files into your next post.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Did you install the following software? If so, how did you come by this software?
    Adobe Creative Suite 3 Master Collection
  3. ckfiles.txt.
  4. DDS.txt.
  5. Attach.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
 
Well, I guess the option is going to have to be to close this topic as the programs which you have requested to be deleted are vital to my computing needs, and to purchase the versions directly from Microsoft and adobe would be prohibitively expensive. On the same note these programs in there present form have not caused the issue at hand. It is unfortunate that this assistance has come down to becoming a pseudo police force for Microsoft and Adobe but, I guess it is what it is.

Thank you

boatnerd06
 
Hi boatnerd06,

FYI, read the section of my last post regarding P2P Software. It will give you a clear indication of the root cause of why your system became infected.
Downloading and installing cracked software has definitely contributed to, if not directly caused, the infection of your computer.

This topic will now be closed.

Scolabar
 
You must log in or register to reply here.
Back
Top