trojan horse logs and notes tajv2005

[tajv2005]

ComboFix 09-04-04.01 - Administrator 2009-04-09 13:01:32.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1489 [GMT -4:00]
Running from: d:\backup of c drive aprl 6 2009\Documents and Settings\Desktop\ComboFix.exe
Command switches used :: d:\backup of c drive aprl 6 2009\Documents and Settings\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-03-09 to 2009-04-09  )))))))))))))))))))))))))))))))
.

2009-04-09 11:15 . 2009-03-09 15:06   64,160   --a------   c:\windows\system32\drivers\Lbd.sys
2009-04-09 11:13 . 2009-04-09 11:13   <DIR>   d--------   c:\program files\Lavasoft
2009-04-09 11:13 . 2009-04-09 11:13   <DIR>   d--h-c---   c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 14:47 . 2009-04-08 14:47   <DIR>   d--------   c:\program files\Trend Micro
2009-04-08 13:25 . 2009-04-08 13:25   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Viewpoint
2009-04-08 12:00 . 2009-04-08 20:32   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-04-08 12:00 . 2009-04-08 12:00   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-08 12:00 . 2009-04-08 20:32   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-08 11:41 . 2009-04-08 11:41   <DIR>   d--------   c:\program files\CCleaner
2009-04-08 09:30 . 2009-04-08 09:30   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 09:30 . 2009-04-08 09:30   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-07 14:04 . 2009-04-07 14:04   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Roxio
2009-04-07 14:03 . 2009-04-07 14:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Logitech
2009-04-07 14:03 . 2009-04-07 14:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\InstallShield
2009-04-07 14:03 . 2009-04-08 13:25   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\AOL
2009-04-07 10:57 . 2009-04-09 12:56   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\COMCASTTOOLBAR
2009-04-07 10:57 . 2009-04-07 10:57   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-06 12:54 . 2009-04-06 12:54   <DIR>   d--------   c:\program files\Common Files\SureThing Shared
2009-04-06 07:36 . 2009-04-06 07:36   <DIR>   d--------   c:\program files\NOTE  HP above  is for my mouse
2009-04-01 06:23 . 2009-04-01 06:23   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2009-03-25 18:40 . 2009-03-25 18:40   <DIR>   d--------   c:\program files\Photo Story 3 for Windows
2009-03-25 03:54 . 2009-03-25 10:46   <DIR>   d--------   c:\program files\MusicBar
2009-03-11 01:43 . 2004-08-03 19:56   221,184   --a------   c:\windows\system32\wmpns.dll
2009-03-11 01:06 . 2008-12-05 02:54   144,896   -----c---   c:\windows\system32\dllcache\schannel.dll
2009-03-09 16:12 . 2008-05-02 02:38   301,656   --a------   c:\windows\system32\BtCoreIf.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 15:13   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-08 18:45   ---------   d-----w   c:\program files\Java
2009-04-06 16:54   ---------   d-----w   c:\program files\Roxio
2009-04-06 16:54   ---------   d-----w   c:\program files\Common Files\Sonic Shared
2009-04-06 16:54   ---------   d-----w   c:\program files\Common Files\Roxio Shared
2009-04-06 16:50   ---------   d-----w   c:\documents and settings\All Users\Application Data\Roxio
2009-04-06 14:12   ---------   d-----w   c:\program files\Common Files\Real
2009-04-05 16:17   ---------   d-----w   c:\program files\Google
2009-04-05 16:13   ---------   d-----w   c:\program files\RegScrubXP
2009-04-05 16:08   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-31 22:08   ---------   d-----w   c:\program files\Creative
2009-03-19 11:52   ---------   d-----w   c:\program files\Common Files\Adobe
2009-03-09 20:12   ---------   d-----w   c:\program files\Common Files\Logitech
2009-03-09 20:11   ---------   d-----w   c:\program files\Common Files\Logishrd
2009-03-01 16:13   ---------   d-----w   c:\documents and settings\All Users\Application Data\McAfee.com
2009-02-17 15:11   ---------   d-----w   c:\program files\AOL 9.5
2009-02-17 13:59   ---------   d-----w   c:\program files\Common Files\AOL
2009-02-17 13:58   ---------   d-----w   c:\program files\Common Files\aolshare
2009-02-17 13:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-02-17 13:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-12 00:50   ---------   d-----w   c:\program files\AOL 9.1
2009-02-11 06:38   ---------   d-----w   c:\program files\service pack 3 overview downloads
2008-11-24 17:07   2,217   ----a-w   c:\program files\devicetable.log
2008-11-12 15:58   93,696   ----a-w   c:\program files\Freebie - Mary Stafford - How I use EFT with Kids.ppt
2008-11-10 05:17   379,392   ----a-w   c:\program files\subinacl.msi
2008-11-10 05:15   208,144   ----a-w   c:\program files\uninstall_flash_player.exe
2008-09-05 18:01   267,056   ----a-w   c:\program files\utorrent.exe
2008-08-25 17:05   930   ----a-w   c:\program files\reset_minimal.zip
2008-08-23 20:10   19,153,264   ----a-w   c:\program files\aaw2008.exe
2008-08-22 21:46   15,083,520   ----a-w   c:\program files\spybotsd160.exe
2008-08-21 10:17   25,740,144   ----a-w   c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-19 11:52   632,265   ----a-w   c:\program files\0pop-popup-killer-and-surf-washer.exe
2008-08-17 12:50   76   ----a-w   c:\program files\DVDPATH.TXT
2008-08-17 03:42   15,452,536   ----a-w   c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-16 22:56   24,049   ----a-w   c:\program files\System Mechanic_ Boost PC speed with new Tri-Active Registry Optimization.eml
2008-08-16 03:45   4,189,808   ----a-w   c:\program files\ComcastToolbar2_2.exe
2008-09-04 10:53   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-09_10.43.13.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-09 19:06:56   64,160   -c--a-w   c:\windows\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
+ 2009-04-09 17:04:43   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_1e8.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371C1609-EB05-4333-A09E-C607DB6BA749}]
2009-03-25 03:54   266240   --a------   c:\program files\MusicBar\bar\1.bin\MUSICBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EEDA966-CF59-49a1-845B-60B664694E5C}]
2009-03-25 03:54   61440   --a------   c:\program files\MusicBar\SrchAstt\1.bin\MZSRCAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"HostManager"="c:\program files\Common Files\AOL\1218857325\ee\AOLSoftware.exe" [2008-11-06 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-15 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-05-27 135168]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-08-16 684032]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MusicBar Plugin"="c:\progra~1\MusicBar\bar\1.bin\M2PLUGIN.DLL" [2009-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-06 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 18:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1218857325\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1218857325\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-09 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-16 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-16 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-16 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R3 HidMouse;HidMouse;c:\windows\system32\drivers\HidMouse.sys [2008-08-15 29184]
S2 gupdate1c993c493f3db38;Google Update Service (gupdate1c993c493f3db38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 MusicBarService;Music Bar Service;c:\progra~1\MusicBar\bar\1.bin\mzsvc.exe [2009-03-25 28758]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-01-30 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 20:12]

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 21:34]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{2490DAE9-5585-4789-B671-5653F94D9032}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9EEDA970-CF59-49a1-845B-60B664694E5C} - (no file)
Toolbar-{371C160B-EB05-4333-A09E-C607DB6BA749} - (no file)
WebBrowser-{371C160B-EB05-4333-A09E-C607DB6BA749} - (no file)


.
------- Supplementary Scan -------
.
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: aol.com\free
DPF: {C5D6B2AD-7C33-4AA5-A482-7DD116607625} - hxxp://ak.exe.imgfarm.com/images/nocache/musictoolbar/ei/MusicBarInitialSetup1.0.1.1.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 13:05:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
**************************************************************************
.
Completion time: 2009-04-09 13:09:23 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-09 17:09:19
ComboFix2.txt  2009-04-09 14:44:25

Pre-Run: 17,909,145,600 bytes free
Post-Run: 17,940,643,840 bytes free

227   --- E O F ---   2009-04-06 20:44:28

[tajv2005]

I only had viewpoint media player

all of a sudden my valid windows XP Pro is not valid !!!!!
my monitor is black !! and I am labeled !!
 
Windows XP Genuine Validation Results
 
This copy of Windows did not pass genuine validation.
The product key found on this computer was not assigned by Microsoft. View details
The Windows product key installed on this computer was not assigned by Microsoft. You may be a victim of counterfeit software. Learn more about getting genuine with the options below.

[evilfantasy]

We didn't remove anything that has to do with validation. Is this a legal copy of Windows?

Can you do a System Restore?

[tajv2005]

We didn't remove anything that has to do with validation. Is this a legal copy of Windows?

Can you do a System Restore?

like I said YES it is legal and always passes validation .

oh, yes, I can do system restore .

[evilfantasy]

OK if you need to then do a restore.

Or...

Go to How to Tell (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)

• In the upper left corner click the Validate Windows button.
  
• Be patient while the ActiveX loads, do not click on any links.
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  
• Enter your product key then click continue
  
• When it says "Validation Complete" please click Continue to return to your previous activity

.
How is it now?

[tajv2005]

evilfantasy, the restore pints available were the ones created by combofix.
I used the first one. It did not restore my validation.
So I reversed it just now.

I will right now do the steps you outlined .

[tajv2005]

It won't let me use my product key
!!


 ???Windows XP Genuine Validation Results
 
This copy of Windows did not pass genuine validation.
The product key found on this computer was not assigned by Microsoft

That is what I get !!

---
I found a place to put in my product key.
It says I have a corporate version and is blocked because it is for companies etc.
Some friend gave me a valid corporate disc. It always passes validation.
Why now? why now? why now? why now? what did combofix do???
I forgot I used it last year. My good disc is supposedly scratched. I remember, when installing the OS, some files could not be loaded. It is supposed to be valid !!!

[tajv2005]

I am under the impression because that is what this "friend" told me: all corporate discs can be used multiple times and on multiple machines.

This is what page I am on now. It will decide if files have been tampered with. Does that apply to combofix or any of the anti-malware tools and anti-virus tools?

Windows Product Key Update Tool Instructions
The steps below will help you use the Windows Product Key Update Tool to change your product key. Before running the Windows Product Key update tool, read all instructions to ensure that you understand how the tool works and what information is sent to Microsoft as a result of the update process. You may also wish to print this page before starting the update process.

Microsoft recommends creating a system restore point before any operating system changes.

The Windows Product Key Update Tool:
What it does

The Windows Product Key Update Tool will make changes to your Windows installation to update your product key. In addition, the product key update tool will scan a number of key Windows files to determine if they have been tampered with. If tampered files are discovered the product key update tool will alert you before continuing.

Information collected

Using the product key update tool results in information being sent to Microsoft. The information collected will not be used to identify or contact you. The information sent is standard Windows validation information as well as information related to the file tampering scan.

 I understand this tool will send the above information to Microsoft.
     Download To update your product key, follow these steps:
:

[tajv2005]

it refused my good product key.
was I uspposed to use the corporate key?

I tried both keys. Now I am on a chat with microsoft.

this is very enraging.

[tajv2005]

I took me until just now to resolve the validation issue.
I think something changed when combofix ran because now AVG told me it could not recognise my license number and I had AVG free installed. Now I have to install that again. It idid not say AVG free. But AVG free does get a license number. anyway, it must have been corrupted.

Microsoft took care of me ! So I am happy again but I was right to be afraid to install and use combo fix. It did something to my computer. I am not yellling or accusing. Before combo fix, my computer was valid and AVG was ok. After combo fix, it was not valid and AVG was affected too.
I do not understand.

[evilfantasy]

I am under the impression because that is what this "friend" told me: all corporate discs can be used multiple times and on multiple machines.

This is not true. You were using a pirated key but told me it was legit. You assumed and you were wrong! Not me.

I was right to be afraid to install and use combo fix. It did something to my computer.

Yes. It set your security settings back to the default and therefore tripped the validation tool. ComboFix was not the problem, your license key was. Many companies are making it harder and harder to run their software on pirated Windows installs. That's not my, ComboFix or Computer Hopes fault. It's yours!

Is that enough explanation? And here is a tip. Buy your software and that will never happen.

Sorry you deleted your account without waiting for a response. A thank you would have been nice but since we seem to be illegitimate in computer issues then I suppose you didn't think it necessary.

Good luck and safe surfing...

As this issue appears to be resolved this topic is closed. If you need it reopened then send me or another moderator a PM.

[evilfantasy]

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

[BaRR]

He did say that AVG was not functioning anymore, due to an invalid key. However, he was using AVG Free edition (as indicated by the log at the top of this page).

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

Therefore the only way his key could be invalid would be if they had gotten damaged or erased, because AVG free does use a product key, but it's automatically entered by the installer when you install the software.

In addition, if he used ComboFix incorrectly, he may have interrupted the cleaning process while it was accessing one of the windows files; I had this exact problem when I deleted some windows files several years back to "see what would happen." My valid windows key would not validate, the Microsoft employees decided I was using an illegal copy and ignored me. I ended up having to format the computer and make a fresh install, at which point the software did validate.

Unless he was lying, I'm thinking he just used the program improperly and managed to either delete his product keys and/or damage the validation software.

[tajv2005]

thankyou BaRR and I was not lying.  My computer was always valid. It is a matter of pride.  Microsoft knows what I did and they took care of me.

I used that corporate disc because I was told it was legal/valid and I believed that because windows always validated me and sent me automatic updates. I even installed SP3.

I also used it because my good OEM disc supposedly is scratched and when installing from it, I get messages saying such and such files can't be loaded.

Plus, the key microsoft had  listed for me is not the key for either disc.
What you said is right.

[evilfantasy]

Out of the ??thousands?? of times I have had users run ComboFix this is only the second time it caused an issue. While it is reliable there is a chance of failure when running ANY software.

We don't need to get into the key issue any more. If I thought you were lying I do have ways of finding out if it is legit or not. I didn't do that so I must believe you. I'm sure a raise of hands in the forums would show that a high percentage of users have had to re-validate Windows at least once. It's really not that uncommon.

Malware holds endless possibilities as to what it might do. Some is easy to fix and others take some time, trial and error...