[rloya99]

i did an update onmy computer then an icon showed up (a star on the bottom the computer) saying u are a victim of counterfeiting now every time turn computer it there a way a to get rid of that

[Wolfeymole]

Sounds to me like your systems infested with spyware Rloya.

Read the instructions below, run the tools and get back to us.

Your computer could be infected with Malware.

• Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
  It is a combination of the words malicious and software.
  The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

• Required Cleanup Steps
  1. Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled
  2. Run a Temporary file and cache cleaner (ATF)
  3. Run 2 Anti-Malware scanners (Listed Below)
  4. Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below)
  5. Clear out old System Restore points
  6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested.

The reason to run multiple scanners is to ensure that no single scanner is missing something.
The time it takes will vary depending on your system and your internet connection speed.
Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.
The ESET online scan should take between 1 to 3 hours.
In most cases, these scans will suffice to clean and disinfect your computer.
Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page
To keep this guide printer-friendly, use your cursor to highlight the contents below.
From your browser select File - Print and in the printer dialog box under "Print range"
click the Selection choice to print out these instructions for removal of malware.

____________________________________________

STEP 1

• Disable Spybot Search & Destroys' TEA TIMER: (if installed, if not go to Step 2)
  1. Run Spybot-S&D in Advanced Mode.
  2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  3. On the left hand side, Click on Tools
  4. Then click on the Resident Icon in the List
  5. Uncheck "Resident TeaTimer" and OK any prompts.
  6. Restart your computer.

__________________________________________________

STEP 2

• Follow these instructions carefully.
• Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware.
• When you run ATF-Cleaner, check the items as shown below for Main.
• For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
• NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
• Then click on "Empty Selected".

.

__________________________________________________

STEP 3

• Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com
  • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
  • You do not have to send them your e-mail address, just click next.
  • You can leave the automated check for updates on.
  • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
  • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
  • On the Top Left select the Scan your computer button.
  • Make sure there is a CHECK MARK on all Fixed Drives.
  • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.

__________________________________________________

STEP 4

• Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download)
  • Accept all defaults for the installer
  • Allow the program to update the definitions
  • Click on the Quick Scan and click Next.
  • If any items are found allow it to clean them and then Reboot your computer.

__________________________________________________

STEP 5

• Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner
  • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
  • If your computer is running Window's Vista, then you must first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu.
  • Accept the terms and click "Start".
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
  • Click "Start" to begin the scan.
  • When completed restart your computer

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

If required this is the download link for TrendMicro™ HijackThis™
Unless instructed to by the Technician helping you then do not download this tool.

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.
Please follow the instructions here
How to turn off and turn on System Restore in Windows XP
How to turn off and turn on System Restore in Windows Vista

[BeeCeeBee]

Quote:

i did an update onmy computer

Are you referring to Windows updates from Microsoft or some other form of "üpdate?"

[Wolfeymole]

Before you do the malware aspect read this.

WGA Diagnostic Tool


Please follow this WGA troubleshooting procedure:

• Download and install the WGA Diagnostic Tool: WGA Diagnostic Tool
• This is a direct download
• Click Run and Run again
• Click Continue
• Please be patient it takes a few seconds to run.
• Click Copy
• Next open Notepad, in the empty pane right click and select Paste

Post what it says back here.

[rloya99]

Diagnostic Report (1.7.0110.1):
-----------------------------------------
WGA Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-BPQBY-F4R3R-TVBTH
Windows Product Key Hash: 1ZQXver03SDhUBgLCKvTUeqjfpI=
Windows Product ID: 55274-642-7769785-23471
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {5563E7AA-903D-4408-AA5B-CA69EB973D60}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 8
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_FA827CE6-153-8007007e_FA827CE6-180-8007007e
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5563E7AA-903D-4408-AA5B-CA69EB973D60}</UGUID><Version>1.7.0110.1</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TVBTH</PKey><PID>55274-642-7769785-23471</PID><PIDType>1</PIDType><SID>S-1-5-21-1801674531-1580436667-1957994488</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP OmniBook PC </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>FA.M1.03</Version><SMBIOSVersion major="2" minor="3"/><Date>19991130000000.000000+000</Date></BIOS><HWID>AE1B0D00018400C6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: FC0C:Compaq Computer Corporation|13E68:Compaq Computer Corporation|13E68:Compaq Computer Corporation|FC0C:Hewlett-Packard Company|8BC2:Semp Toshiba Informatica Ltda|8BC2:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A

[Wolfeymole]

It sounds like someone has installed an illegal version of Windows XP.

Read this for further details.

Error message when you install Windows XP Service Pack 1 (SP1) or Service Pack 2 (SP2): "The product key used to install Windows is invalid"