Page 4 of 9 FirstFirst 12345678 ... LastLast
Results 31 to 40 of 88

Thread: PWS:win32/zbot.gen!AC after downloading Free File Opener

  1. #31
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    a few days ago, MS told me I dont have a genuine copy, and I have never had a message tell me that in all the years. This message now pops up regularly.
    Lets see what the following can tell us:

    1. MGADiag


      • Please download MGADiag by clicking here and save it to your desktop.
      • Double click the icon on your desktop.
      • Push
      • Push
      • Go to Start -> Run and type in "Notepad"
      • Go to Edit -> Paste in notepad.
      • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
      • Copy and paste that log here.


    2. CKScanner


      • Download CKScanner by askey127 from here and save it to your Desktop.
      • Double click CKScanner.exe then click on Search For Files.
      • When the cursor hourglass disappears, click Save List To File.
      • A message box will verify the file saved.
      • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply


      Please post both logs in your next reply.

    Proud Graduate of the WTT Classroom

  2. #32
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hello JonTom,

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Validation Control not Installed
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
    Windows Product Key Hash: 6994t4LQCbvkXhtNbqQCL4+auQs=
    Windows Product ID: 76487-OEM-2211906-00107
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {A3ED1712-C52B-4C8D-9C33-11B6FC0D18F7}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.5.540.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3ED1712-C52B-4C8D-9C33-11B6FC0D18F7}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BKVRW</PKey><PID>76487-OEM-2211906-00107</PID><PIDType>2</PIDType><SID>S-1-5-21-3694052557-2359500833-1512941615</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>1871F1G</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>70ET57WW (1.17 )</Version><SMBIOSVersion major="2" minor="33"/><Date>20050715000000.000000+000</Date><SLPBIOS>IBM CORPORATION,IBM CORPORATION</SLPBIOS></BIOS><HWID>24963207018400F2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>IBM Corporation</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 13FD5:IBM|14090:Lenovo
    Marker string from OEMBIOS.DAT: IBM CORPORATION,IBM CORPORATION

    OEM Activation 2.0 Data-->
    N/A

    Do I uninstall any of these progs I am downloading: or do we do that at the end? or keep them? I have been deleting the logs I have pasted, as there is a record on the forum.

    Not got an hour glass, will post this so can close window, to help scan. There are no instructions to shut down firewall and antivirus, so haven't.

  3. #33
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    so far it has come up with

    CK Scanner- Aditional Security Risks - These are not necessarily bad scanner sequence 3.RP.11.AJNAJV
    -----EOF-----

    dont know if that means its finished or whether I need to wait a couple of hours like I did last night?

    Please advise,

    thanks,
    sarah

  4. #34
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.AJNAJV
    ----- EOF -----

    I ran it again, and noticed the hourglass this time!!!

    and here is the result:

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.NVAAHT
    ----- EOF -----

    glad you know what it all means!!

    thakns,
    sarah

  5. #35
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Thank you for the logs.

    Do I uninstall any of these progs I am downloading: or do we do that at the end?
    Keep everything for now as we may need to run some of the scans again. I will let you know when (and how) to remove them.

    It does not appear that the copy of Windows you have has been validated.

    In order to receive assistance at this forum you must validate your Copy of Windows.


    1. Activation of Windows XP


      • Click Start, point to All Programs, Accessories, System Tools and then click Activate Windows. Alternatively you can click the Windows Activation icon in the notification area.
      • Click Yes, let's activate Windows over the Internet now.
      • Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.
      • Use one of the following methods:
      • If you want to register and activate Windows at the same time, click Yes, I want to register and activate Windows at the same time, click Read the Windows Registration Privacy Statement, click Back, click Next, type your contact information in the appropriate boxes in the registration form, and then click Next. An asterisk (*) appears next to required information.
      • If you only want to activate Windows, click No, I don't want to register now; let's just activate Windows, and then click Next.
      • The wizard establishes a connection with an activation server, and then processes the activation request.
      • When activation is completed and you receive the following message: You have successfully activated your copy of Windows, click OK.
      • More information and alternative methods of activations can be found here: http://support.microsoft.com/kb/307890


      Once your Windows has been validated please re-run MGADiag and post the log in your next reply.
    Proud Graduate of the WTT Classroom

  6. #36
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi JonTom,

    am completely confused . COuldn't follow your instructions because the last step wasn't available. Tried clicking on the tray icon and it wasn't available there either, and eventually got one of the options from the icon to work. The message said it was validating my copy and after a while a page came up that offered me some products. It said said ...because your copy is genuine or something however the icon in the tray is still saying it might not be genuine!!

    Last time I was on this site (no malware was found), none of this happened, so presumably I was helped without a validated copy? Also confused because on MS site it says I wont receive updates after 30 days without validating, yet been receiving them for years!!

    re-run MGAdiagnostics...

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
    Windows Product Key Hash: 6994t4LQCbvkXhtNbqQCL4+auQs=
    Windows Product ID: 76487-OEM-2211906-00107
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {A3ED1712-C52B-4C8D-9C33-11B6FC0D18F7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.5.540.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A3ED1712-C52B-4C8D-9C33-11B6FC0D18F7}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BKVRW</PKey><PID>76487-OEM-2211906-00107</PID><PIDType>2</PIDType><SID>S-1-5-21-3694052557-2359500833-1512941615</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>1871F1G</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>70ET57WW (1.17 )</Version><SMBIOSVersion major="2" minor="33"/><Date>20050715000000.000000+000</Date><SLPBIOS>IBM CORPORATION,IBM CORPORATION</SLPBIOS></BIOS><HWID>24963207018400F2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>IBM Corporation</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 13FD5:IBM|14090:Lenovo
    Marker string from OEMBIOS.DAT: IBM CORPORATION,IBM CORPORATION

    OEM Activation 2.0 Data-->
    N/A

    thanks
    sarah

  7. #37
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Your latest MGADiag log confirms that you have validated your Windows

    Lets continue:

    1. Please open OTL


      • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

        Code:
        :OTL
        PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
        
        :Files
        C:\Documents and Settings\1 Sarah\Application Data\Suyguvl
        C:\Documents and Settings\1 Sarah\Application Data\Amorh
        C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
        C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL
        C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL
        
        :Commands
        [purity]
        [emptytemp]
        [emptyflash]
        [start explorer]
        [Reboot]

      • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
      • Allow the program to run unhindered.
      • Your machine will re-start itself. This is normal.
      • A log will be created after your machine reboots. Please post the contents of the log in your next reply.


      Please post the OTL log that is produced after you run the fix along with a new OTL scan log.

      How is the machine running now?

    Proud Graduate of the WTT Classroom

  8. #38
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\Documents and Settings\1 Sarah\Application Data\Suyguvl folder moved successfully.
    C:\Documents and Settings\1 Sarah\Application Data\Amorh folder moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll moved successfully.
    C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.
    C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 1 Sarah
    ->Temp folder emptied: 1119366 bytes
    ->Temporary Internet Files folder emptied: 171112 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 61631001 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 759 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IT Support

    User: LocalService
    ->Temp folder emptied: 1983800 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 2974280 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1429471 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 284982 bytes

    Total Files Cleaned = 66.00 mb


    [EMPTYFLASH]

    User: 1 Sarah
    ->Flash cache emptied: 0 bytes

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: IT Support

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 03292012_095442

    Files\Folders moved on Reboot...
    C:\Documents and Settings\1 Sarah\Local Settings\Temp\~DF4095.tmp moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\startupCache\startupCache.4.little moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\urlclassifier3.sqlite moved successfully.
    C:\WINDOWS\temp\vtclrg41.tmp moved successfully.
    File\Folder C:\WINDOWS\temp\ZLT046e8.TMP not found!

    Registry entries deleted on Reboot...

    will check how computer is running now...

  9. #39
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    A sign came up saying that Avira is out of date. just tried to update Avira to 2012 version, and it says I need to uninstall the following:

    spybot V1.6
    check point antiphishing
    malwarebytes
    AVG

    I dont use the last two - except when you ask me to use Malwarebytes.

    I have cancelled the installation, and am hoping you are happy to advise me here.

    thanks!
    sarah

  10. #40
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Am unsure how to answer your question: how is the computer running now.

    It didn't have any visable signs of having a trojan, so I cannot check for that.

    I have had problems with it running slowly for ages. The HD is full, and I dont know why. It is too full to run defrag.

    Perhaps you could be more specific?

    thanks,
    sarah

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •