trojan downloader:win32/cutwail.ba HELP!

CorneliusM

Religiously Free
Power User
Local time
7:42 AM
Messages
120
Location
Edinburgh
Microsoft Security Essentials discovered this trojan virus today and three times it said I needed to restart to clean computer yet, it never leaves and is caught again on returning to Desktop.
I've looked this up on Microsoft KB and that document says to keep MSSE up to date however, the problem is, I cannot update from MSSE nor the site itself.
In fact, any links to sites which show promise of removing it- I click on and I'm told I have no internet connection, though I do have a connection and Google Chrome just says there's an error going to the site, I've tried downloading a couple of antivruses and they fail to download or update to start their scans.

I really don't know what the hell I can do apart from reinstall windows though I'm worried about doing that now as my Windows Activation reset to the "30 days to activate" (my copy of Windows 7 Ultimate is genuine and activated at Christmas) so I'm concerned I might reinstall Windows 7 and my key becoming invalid.
I hope there is some way of removing this trojan downloader:win32/cutwail.ba so I can get my computer back, I removed the files it left in system32 folder and my user folder but as for the registry files the KB says it left, there's nothing there. The advice then says don't try to remove anything but, use Microsoft Security Essentials or any antivirus to do it.

If anyone knows how to deal with this problem, I would really appreciate the help!
Thank you!
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Did you used the full scan option in MSE?

I can try to put the MS Kb890830 removal tool in a zip files...But you might have the same probs downloading? Which OS have you, x32 or x64?
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]Ivy Bridge Core i5 3570K (Delidded)G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)Asus Dual-RX480-O4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
Did you used the full scan option in MSE?

I can try to put the MS Kb890830 removal tool in a zip files...But you might have the same probs downloading?

Hi, yes i ran a full scan with MSE though nothing has been discovered this time.

I'll give it a try, I think the virus is simply blocking me from visiting well known sites that can help me. Cheers man!
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Delete the pirated software that you downloaded, as the virus is in side the download.

Than run MSE full scan.
 

My Computer My Computer

At a glance

ME/XP/Vista/Win7
OS
ME/XP/Vista/Win7
Did you used the full scan option in MSE?

I can try to put the MS Kb890830 removal tool in a zip files...But you might have the same probs downloading?

Hi, yes i ran a full scan with MSE though nothing has been discovered this time.

I'll give it a try, I think the virus is simply blocking me from visiting well known sites that can help me. Cheers man!

I'm not allowed to upload more than 8,0Mb...

so try those links:
x64:Download details: Windows Malicious Software Removal Tool x64
x32:Download details: Windows Malicious Software Removal Tool

Run the tool for a full scan, the trojan is listed in the tool (see screenshot):
 

Attachments

  • Capture.PNG
    Capture.PNG
    37.8 KB · Views: 123

My Computer My Computer

At a glance

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]Ivy Bridge Core i5 3570K (Delidded)G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)Asus Dual-RX480-O4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
Delete the pirated software that you downloaded, as the virus is in side the download.

Than run MSE full scan.

I don't have pirated software but, I did remove the .exe's for one for activating Office 2010 called Keygen.Microsoft.Office.2010.45057.exe which has been removed as MSE discovered the problem.
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Did you used the full scan option in MSE?

I can try to put the MS Kb890830 removal tool in a zip files...But you might have the same probs downloading?

Hi, yes i ran a full scan with MSE though nothing has been discovered this time.

I'll give it a try, I think the virus is simply blocking me from visiting well known sites that can help me. Cheers man!

I'm not allowed to upload more than 8,0Mb...

so try those links:
x64:Download details: Windows Malicious Software Removal Tool x64
x32:Download details: Windows Malicious Software Removal Tool

Run the tool for a full scan, the trojan is listed in the tool (see screenshot):

Couldn't download but, my friend's got it on a memory stick so I'm running a full scan from that now
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
The keygen is an activation tool to use Office without paying for it thus pirating. If you used the keygen, then that could be where the virus came from. You should probably uninstall Office as well as the keygen could have infected files in Office.

If you want a free Office program, get OpenOffice it is a very good alternative to Microsoft Office: OpenOffice.org - The Free and Open Productivity Suite
 

My Computer My Computer

At a glance

Win7 Home Premium 64xIntel Core 2 Duo P7450 / 2.13 GHz (2.29 with ...4 GB PC-6400 Hyundai (2X2) at 800MhzNVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS G60-RBBX05
OS
Win7 Home Premium 64x
CPU
Intel Core 2 Duo P7450 / 2.13 GHz (2.29 with Extreme Turbo)
Memory
4 GB PC-6400 Hyundai (2X2) at 800Mhz
Graphics Card(s)
NVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Monitor(s) Displays
16" LED Backlit
Screen Resolution
1366 x 768 on laptop 1600x1050 max res on 22" external mon
Hard Drives
OCZ Agility 3 60GB SSD / 320 GB - Serial ATA-150 - 7200 rpm
PSU
6-cell Lithium ion { lasts 1.5 hours }
Case
ASUS G60 Laptop
Keyboard
Chicklet type back-lit (white light) keyboard
Mouse
Logitech G9 Laser Mouse 3200dpi and 1000 reports per minute
Internet Speed
Comcast 8.60mb/s up - 3.11mb/s down
Antivirus
MSE
Browser
Firefox
Other Info
General mid-budget gaming Comp. Low batterylife - High FrameRates - currently overheating problems :(

2nd Rig: Case: Rosewill BLACKHAWK Gaming ATX Mid Tower Computer Case

Mobo: GIGABYTE GA-990FXA-UD3
CPU: AMD FX-6200 Zambezi 3.8GHz (4.1GHz Turbo)
Heatsink: COOLER MASTER V8 CPU Cooler
RAM: Patriot Viper 3 8GB (2 x 4GB) 240-Pin DDR3 SDRAM 1866 (PC3 15000)
GPU: SAPPHIRE Radeon HD 6850 1GB 2
Delete the pirated software that you downloaded, as the virus is in side the download.

Than run MSE full scan.

I don't have pirated software but, I did remove the .exe's for one for activating Office 2010 called Keygen.Microsoft.Office.2010.45057.exe which has been removed as MSE discovered the problem.

Did you used that keygen to activate the Trial version? No big matter, but not really in the rules....that's why MSE listed to remove that KeyGen.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]Ivy Bridge Core i5 3570K (Delidded)G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)Asus Dual-RX480-O4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
The keygen is an activation tool to use Office without paying for it thus pirating. If you used the keygen, then that could be where the virus came from. You should probably uninstall Office as well as the keygen could have infected files in Office.

If you want a free Office program, get OpenOffice it is a very good alternative to Microsoft Office: OpenOffice.org - The Free and Open Productivity Suite

Okay I'll uninstall Office 2010 now and MRT is still scanning so I'll restart after the scan, thank you. Funny enough I came across OpenOffice after the problem!
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
The keygen is an activation tool to use Office without paying for it thus pirating. If you used the keygen, then that could be where the virus came from. You should probably uninstall Office as well as the keygen could have infected files in Office.

If you want a free Office program, get OpenOffice it is a very good alternative to Microsoft Office: OpenOffice.org - The Free and Open Productivity Suite

Delete the pirated software that you downloaded, as the virus is in side the download.

Than run MSE full scan.

I don't have pirated software but, I did remove the .exe's for one for activating Office 2010 called Keygen.Microsoft.Office.2010.45057.exe which has been removed as MSE discovered the problem.

Did you used that keygen to activate the Trial version? No big matter, but not really in the rules....that's why MSE listed to remove that KeyGen.

Yeah I used it but I didn't think it would be infecting the Office installation at all, from now on I'm paying for products if I have to! I hope it works, the MRT's been scanning for an hour now.
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Would a system restore work? My friend's just given me a copy of AVG Rootkit too to try that, he thinks it could be that.
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.

That said, CorneliusM, let's take a closer look and see if we can help with the 30-day issue. That is likely what is causing problems with MSE.

Please download CKScanner from here.

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


In addition, please download WVCheck and save it to the desktop.


  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
A lesson learned.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32 bitIntel(R) Pentium(R) 4 CPU 3.00GHz2.50 GB RAMNVIDIA GeForce 7600 GS
Computer Manufacturer/Model Number
Home built
OS
Windows 7 Ultimate 32 bit
CPU
Intel(R) Pentium(R) 4 CPU 3.00GHz
Motherboard
ASUS P4P800-VM Motherboard Chipset: Intel 865G + ICH5
Memory
2.50 GB RAM
Graphics Card(s)
NVIDIA GeForce 7600 GS
Sound Card
SoundMax Integrated Digital Audio (Chip)
Monitor(s) Displays
ViewSonic VX 1962 wm
Screen Resolution
1680 X 1050
Hard Drives
Seagate Barracuda 7200.10 80 GB
ST380215A ATA Device 18.6 GB
Western Digital "My Book" external hard drive 750 GB
Cooling
Fan based
Keyboard
Microsoft Comfort Curve Keyboard 2000 v10 USB
Mouse
Logitec optic USB
Internet Speed
3.01 Mb/s download 0.64 Mb/s upload
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.

That said, CorneliusM, let's take a closer look and see if we can help with the 30-day issue. That is likely what is causing problems with MSE.

Please download CKScanner from here.

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


In addition, please download WVCheck and save it to the desktop.


  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.

Hi Corrine, Thanks for the links, this is the WVCheck results:

Windows Validation Check
Log Created On: 2309_01-07-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-07-01 12:12:31
Last Success Time for Update Download: 2010-07-01 01:24:25
Last Success Time for Update Installation: 2010-07-01 01:25:11


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - 34b7e222e81fafa885f0c5f2cfa56861


-------- End of File, program close at 2311_01-07-2010 --------

And this is the CKfiles results:


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-3.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-4.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-5.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-6.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2-7.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\cracks2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-10.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-11.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-12.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-13.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-14.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-15.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-16.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-17.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-18.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-19.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-2.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-20.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-21.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-22.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-23.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-24.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-25.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-26.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-27.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-28.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-29.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-3.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-30.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-31.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-32.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-33.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-34.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-35.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-36.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-37.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-38.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-39.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-4.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-40.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-41.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-42.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-43.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-44.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-45.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-46.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-47.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-48.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-49.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-5.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-50.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-51.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-52.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-53.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-54.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-6.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-7.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-8.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar-9.gbr
c:\program files\gimp-2.0\share\gimp\2.0\brushes\pretty cuts\pretty_cuts_and_cracks_45x_by_basstar.gbr
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
c:\users\cornelius\.gimp-2.6\patterns\cracked.pat
c:\users\cornelius\photoshop cs5\photoshop cs5\presets\brushes\anodyne-stock_cracks.abr
c:\users\cornelius\photoshop cs5\photoshop cs5\presets\brushes\crack_it_up_by_flapdrol21.abr
c:\users\cornelius\photoshop cs5\ps brushes\anodyne_stock_cracks.zip
scanner sequence 3.ZZ.11
----- EOF -----

Just uninstalling Office 2010 now, too.
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Did you used that keygen to activate the Trial version? No big matter
I disagree. To those of us who spend a considerable amount of our time cleaning infected computers, piracy is a big matter. It is also a primary factor in the high price of software licenses.

One day or another people get caught...search thing doesn't last very long!
I've the right to tell it in a certain way, but not the right to forbid it. :)

My apologize...
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]Ivy Bridge Core i5 3570K (Delidded)G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)Asus Dual-RX480-O4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
Okay with Office 2010 removed it all seems gone. I can update MSE again and give Windows Updates the chance for me to hide what they offer me again :p

I really have do appreciate every body's help on this, like Carl said- I won't be doing that again!

Also, Trend Micro Housecall spotted a hidden file and removed it so chances are this thing is gone but I'm still gonna run some Anti-rootkit software to double check everything!
 
Last edited:

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Hi, CorneliusM.

I am not seeing a question about your copy of Windows 7 being valid. However, with the 30-day issue, I suggest you telephone activate. This is for the U.K. Microsoft UK - Licensing and includes an option to e-mail or telephone for assistance.

In addition to Office, it appears you also have pirated versions of Gimp, ImageLine and Photoshop.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
Hi, CorneliusM.

I am not seeing a question about your copy of Windows 7 being valid. However, with the 30-day issue, I suggest you telephone activate. This is for the U.K. Microsoft UK - Licensing and includes an option to e-mail or telephone for assistance.

In addition to Office, it appears you also have pirated versions of Gimp, ImageLine and Photoshop.

Weird, it does say my Windows 7 is Validated in the system information and I got my box and product key with me, if ever it changes and asks, I installed it over christmas. Gimp and Imageline are both legal versions too I got Gimp from the site and, FruityLoops from their site so I don't know why it would think their illegal :(
 

My Computer My Computer

At a glance

windows 7 Home Premium 64 BitAMD V1402GBATI Mobility Radeon HD 4250
Computer Manufacturer/Model Number
Hp Compaq CQ56 156SA
OS
windows 7 Home Premium 64 Bit
CPU
AMD V140
Memory
2GB
Graphics Card(s)
ATI Mobility Radeon HD 4250
Sound Card
Realtek
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Hitachi
Mouse
Wireless LG
Internet Speed
Finger-licking good
Other Info
Windows 7 Home Premium Pre-Installed.
Old Machine: HP Pavilion DV6 1120sa (R.I.P)
Good catch Corrine on the other software! The keygen programs prey on people wanting to get something for free. and are hosted at sites that allow such things. This is the shadier side of the internet. They are a perfect opportunity to get a virus and they have a program they know they can hide in.....the program you want the keygen for.
 

My Computer My Computer

At a glance

Win7 Home Premium 64xIntel Core 2 Duo P7450 / 2.13 GHz (2.29 with ...4 GB PC-6400 Hyundai (2X2) at 800MhzNVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS G60-RBBX05
OS
Win7 Home Premium 64x
CPU
Intel Core 2 Duo P7450 / 2.13 GHz (2.29 with Extreme Turbo)
Memory
4 GB PC-6400 Hyundai (2X2) at 800Mhz
Graphics Card(s)
NVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Monitor(s) Displays
16" LED Backlit
Screen Resolution
1366 x 768 on laptop 1600x1050 max res on 22" external mon
Hard Drives
OCZ Agility 3 60GB SSD / 320 GB - Serial ATA-150 - 7200 rpm
PSU
6-cell Lithium ion { lasts 1.5 hours }
Case
ASUS G60 Laptop
Keyboard
Chicklet type back-lit (white light) keyboard
Mouse
Logitech G9 Laser Mouse 3200dpi and 1000 reports per minute
Internet Speed
Comcast 8.60mb/s up - 3.11mb/s down
Antivirus
MSE
Browser
Firefox
Other Info
General mid-budget gaming Comp. Low batterylife - High FrameRates - currently overheating problems :(

2nd Rig: Case: Rosewill BLACKHAWK Gaming ATX Mid Tower Computer Case

Mobo: GIGABYTE GA-990FXA-UD3
CPU: AMD FX-6200 Zambezi 3.8GHz (4.1GHz Turbo)
Heatsink: COOLER MASTER V8 CPU Cooler
RAM: Patriot Viper 3 8GB (2 x 4GB) 240-Pin DDR3 SDRAM 1866 (PC3 15000)
GPU: SAPPHIRE Radeon HD 6850 1GB 2
Back
Top