Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ZA Reg Rootkit???

23 Apr 2013   #1
buchu70

win7 64bit
 
 
ZA Reg Rootkit???

cannot access the internet using any browser, need some help, see capture below:

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x8007043c
Windows Product Key: *****-*****-87RQK-DDGYV-BM8T3
Windows Product Key Hash: 4qqvruHcuJ9MaD5l11/CgVkW74c=
Windows Product ID: 00426-066-9919095-86181
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {64D526A9-0D64-46D2-9ECC-9CE91ABA54B1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: E:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64D526A9-0D64-46D2-9ECC-9CE91ABA54B1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BM8T3</PKey><PID>00426-066-9919095-86181</PID><PIDType>5</PIDType><SID>S-1-5-21-1979100600-2380601096-212897003</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Qosmio X505</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.90   </Version><SMBIOSVersion major="2" minor="6"/><Date>20101210000000.000000+000</Date></BIOS><HWID>A8A13D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8007043C' to display the error text.
Error: 0x8007043C 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:25:2013 19:42
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x8007043c
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAgAAAAAABAABAAEAona6WWzD8EsgERSJkk3omYDh6jcuMxHLdlY=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   PTLTD     APIC  
  FACP   INTEL   CALPELLA
  HPET   INTEL   CALPELLA
  BOOT   PTLTD   $SBFTBL$
  MCFG   INTEL   CALPELLA
  SLIC   TOSQCI  TOSQCI00
  DMAR   INTEL   CP_FIELD
  SSDT   PmRef  CpuPm



My System SpecsSystem Spec
.

23 Apr 2013   #2
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Did you create the output you posted in safe mode?

In command prompt:
Code:
ipconfig
post output

DHCP client service has been started?
DNS client service has been started?
My System SpecsSystem Spec
23 Apr 2013   #3
buchu70

win7 64bit
 
 

Yes, the output is from safe mode.

DHCP and DNS services are running. I stopped and restarted each with the same results.
I can ping any website from a normal boot, web browsers do not connect to anything.

What show i try and post is necessary?

thanks.
My System SpecsSystem Spec
.


23 Apr 2013   #4
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

buchu70

Run RogueKiller

RogueKiller Download

Click on Download now

Save to the Desktop.

Close all windows and browsers

Right click RogueKiller choose Run as Administrator

Press: SCAN

Provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
23 Apr 2013   #5
cottonball

Windows 7 Home Premium
 
 

buchu70,

Let's see if we can get Internet access once again...

Please download Farbar Service Scanner to a computer with Internet access.
Place the downloaded file on a USB pendrive.

Next, go to the infected computer.
Save to the Desktop.
Double-click the program to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply. <<--


Is there a reason for posting the MGADiag tool output in your initial post?
My System SpecsSystem Spec
24 Apr 2013   #6
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Windows updates works?
Some download program works?
Email client works?
My System SpecsSystem Spec
Reply

 ZA Reg Rootkit???




Thread Tools





Similar help and support threads
Thread Forum
Removing Rootkit
I scanned all of my drives with avast and it found one result, a rookit. When I try to remove it I get an error, saying that access is denied. How can I remove the rootkit properly? I'm aware that a common solution to this problem is to just wipe the drive, but I don't want to do that. The rootkit...
System Security
I think I have a rootkit
I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do? I am in the middle of a semester right now and have a...
System Security
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
Potential Rootkit
Hi, hopefully I've put this in the correct forum section, anyway I've just done a scan on a family members laptop with the latest version of Hitman Pro & its picked up a rootkit infection, the file is amstream.dll located in C:\Windows\System32, I've had a quick look at the file & uploaded it to...
System Security
rootkit
i heard rootkits cant install themselves on 64 bit OS'S, is this true?
System Security
Rootkit, Fix It and MSE Final?
Hi I am reading about these on the net and would like advice regarding them? Which is the best Anti-Rootkit software? Do I need it? And the Fix It package from MS, its Beta, so should I use it now? Any problems? MSE Final, I read here that there seems to be some issues?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:49.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App