[koko_crunch]

Looking good Macedon.

Now for some housekeeping and one final scan to make sure we didn't any.

First,

Please seriously consider removing

µTorrent
PPMate Network TV 2.0.0.40
UUSee НшВзµзКУ [4.4.1102.18]
UUSee ІҐ·ЕІејю»щґЎ°ь 4.4.0.69
.

Want to know why? They can be used to exploit vulnerabilities making them security threats to your system.
Read the articles from the following links below to learn more.

The Dangers of P2P File Sharing
The Dangers of Peer-to-Peer (P2P) File Sharing
The Dangers of P2P Networks


If you wish to proceed with the removal,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

µTorrent
PPMate Network TV 2.0.0.40
UUSee НшВзµзКУ [4.4.1102.18]
UUSee ІҐ·ЕІејю»щґЎ°ь 4.4.0.69

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\uTorrent
C:\Program Files\PPMate
C:\Program Files\uusee

next,

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

then,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Finally,

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

[Advertisements]

Ok Koko.

First of all i didnt uninstalled E-torent. Hope you dont mind as i havent used it last week since we talked. Out of precaution i will consider uninstalling it later.

I did uninstalled the ppmate and uusee programs though, along with combofix.

Considering ATF cleaner i allready had it installed after i read the "How to post on this forum" thread. I understand that the sweeping is to allow faster scanning. But since i ran the cleaner three days ago and had some difficulties putting together my bookmarks, i only cleaned the "main" option and not firefox again.

And finally the log from ActiveScan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-03 17:48:40
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Process.exe
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00224391 adware/startpage.amb Adware No 0 Yes No c:\documents and settings\vangel ivanov\favorites\online games
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Vangel Ivanov\Desktop\Flash_Disinfector.exe[nircmd.exe]
00861842 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCheck.exe
00863965 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaValidate.exe
00864649 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCrack.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Reboot.exe
02377451 Adware/SaveNow Adware No 0 No No F:\System&Utilities\Software\Utilities\bsplayer227.958_clip.exe[AdVantageSetup.exe]
02917987 Generic Malware Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\2) XP-sp2 and Server 2003\iNGEn_XPsp2.exe
02960480 Trj/Qhost.IB Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\1) Windows XP SP2 V2.1\iNGEn_XPsp2_v2.1.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

[Macedon]

Ok Koko.

First of all i didnt uninstalled E-torent. Hope you dont mind as i havent used it last week since we talked. Out of precaution i will consider uninstalling it later.

I did uninstalled the ppmate and uusee programs though, along with combofix.

Considering ATF cleaner i allready had it installed after i read the "How to post on this forum" thread. I understand that the sweeping is to allow faster scanning. But since i ran the cleaner three days ago and had some difficulties putting together my bookmarks, i only cleaned the "main" option and not firefox again.

And finally the log from ActiveScan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-03 17:48:40
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Process.exe
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00224391 adware/startpage.amb Adware No 0 Yes No c:\documents and settings\vangel ivanov\favorites\online games
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Vangel Ivanov\Desktop\Flash_Disinfector.exe[nircmd.exe]
00861842 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCheck.exe
00863965 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaValidate.exe
00864649 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCrack.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Reboot.exe
02377451 Adware/SaveNow Adware No 0 No No F:\System&Utilities\Software\Utilities\bsplayer227.958_clip.exe[AdVantageSetup.exe]
02917987 Generic Malware Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\2) XP-sp2 and Server 2003\iNGEn_XPsp2.exe
02960480 Trj/Qhost.IB Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\1) Windows XP SP2 V2.1\iNGEn_XPsp2_v2.1.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

[koko_crunch]

Macedon,

Your copy of Windows is not legitimate. We are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitimate copies of Windows.

Thank you for understanding.

This topic is closed.