ZA Reg Rootkit???


  1. buchu70
    Posts : 2
    win7 64bit
       New #1

    ZA Reg Rootkit???


    cannot access the internet using any browser, need some help, see capture below:

    Code:
    Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0x8007043c
Windows Product Key: *****-*****-87RQK-DDGYV-BM8T3
Windows Product Key Hash: 4qqvruHcuJ9MaD5l11/CgVkW74c=
Windows Product ID: 00426-066-9919095-86181
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {64D526A9-0D64-46D2-9ECC-9CE91ABA54B1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: E:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64D526A9-0D64-46D2-9ECC-9CE91ABA54B1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BM8T3</PKey><PID>00426-066-9919095-86181</PID><PIDType>5</PIDType><SID>S-1-5-21-1979100600-2380601096-212897003</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Qosmio X505</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.90   </Version><SMBIOSVersion major="2" minor="6"/><Date>20101210000000.000000+000</Date></BIOS><HWID>A8A13D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8007043C' to display the error text.
Error: 0x8007043C 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:25:2013 19:42
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x8007043c
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAgAAAAAABAABAAEAona6WWzD8EsgERSJkk3omYDh6jcuMxHLdlY=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   PTLTD     APIC  
  FACP   INTEL   CALPELLA
  HPET   INTEL   CALPELLA
  BOOT   PTLTD   $SBFTBL$
  MCFG   INTEL   CALPELLA
  SLIC   TOSQCI  TOSQCI00
  DMAR   INTEL   CP_FIELD
  SSDT   PmRef  CpuPm
      My Computer
    Quote Quote

  3. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #2

    Did you create the output you posted in safe mode?

    In command prompt:
    Code:
    ipconfig
    post output

    DHCP client service has been started?
    DNS client service has been started?
      My Computer
    Quote Quote

  4. buchu70
    Posts : 2
    win7 64bit
    Thread Starter
       New #3

    Yes, the output is from safe mode.

    DHCP and DNS services are running. I stopped and restarted each with the same results.
    I can ping any website from a normal boot, web browsers do not connect to anything.

    What show i try and post is necessary?

    thanks.
      My Computer
    Quote Quote

  6. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #4

    buchu70

    Run RogueKiller

    RogueKiller Download

    Click on Download now

    Save to the Desktop.

    Close all windows and browsers

    Right click RogueKiller choose Run as Administrator

    Press: SCAN

    Provide the RKreport.txt (Mode: Scan) in your reply.
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #5

    buchu70,

    Let's see if we can get Internet access once again...

    Please download Farbar Service Scanner to a computer with Internet access.
    Place the downloaded file on a USB pendrive.

    Next, go to the infected computer.
    Save to the Desktop.
    Double-click the program to run it.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply. <<--


    Is there a reason for posting the MGADiag tool output in your initial post?
    Last edited by cottonball; 23 Apr 2013 at 22:36.
      My Computer
    Quote Quote

  8. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #6

    Windows updates works?
    Some download program works?
    Email client works?
      My Computer
    Quote Quote

 

  Related Discussions
RootKit&TrojanViruses
in System Security

I have a Gateway computer, 64 bit, DX4822-01, with Intel pentium E5300 Dual Core, 2.6GHZ each, 6GB ram, and 1TB HDD, running Windows 7 Home Premium x 64 bit. I've been getting a red warning on my screen that says I have (1) a Rootkit.Sirefef.spy and (2) a Trojan.fakAV-Download viruses. I've had...
I think I have a rootkit
in System Security

I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do? I am in the middle of a semester right now and have a...
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
rootkit
in System Security

i heard rootkits cant install themselves on 64 bit OS'S, is this true?
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 15:59.
Find Us