Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Rootkit/Malware identification and/or removal
Message
<blockquote data-quote="Enigmas" data-source="post: 702987" data-attributes="member: 68936"><p>TDSSKiller Report returned no threats:</p><p></p><p>09:59:44.0703 0x05a8 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02</p><p>09:59:44.0703 0x05a8 UEFI system</p><p>09:59:51.0932 0x05a8 ============================================================</p><p>09:59:51.0932 0x05a8 Current date / time: 2018/01/06 09:59:51.0932</p><p>09:59:51.0932 0x05a8 SystemInfo:</p><p>09:59:51.0932 0x05a8 </p><p>09:59:51.0932 0x05a8 OS Version: 10.0.15063 ServicePack: 0.0</p><p>09:59:51.0932 0x05a8 Product type: Workstation</p><p>09:59:51.0932 0x05a8 ComputerName: STUDIOR4KUHD</p><p>09:59:51.0932 0x05a8 UserName: RecoveryAdmin</p><p>09:59:51.0932 0x05a8 Windows directory: C:\WINDOWS</p><p>09:59:51.0932 0x05a8 System windows directory: C:\WINDOWS</p><p>09:59:51.0932 0x05a8 Running under WOW64</p><p>09:59:51.0932 0x05a8 Processor architecture: Intel x64</p><p>09:59:51.0932 0x05a8 Number of processors: 4</p><p>09:59:51.0932 0x05a8 Page size: 0x1000</p><p>09:59:51.0932 0x05a8 Boot type: Normal boot</p><p>09:59:51.0932 0x05a8 CodeIntegrityOptions = 0x00000001</p><p>09:59:51.0932 0x05a8 ============================================================</p><p>09:59:52.0042 0x05a8 KLMD registered as C:\WINDOWS\system32\drivers\62374121.sys</p><p>09:59:52.0042 0x05a8 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19</p><p>09:59:52.0260 0x05a8 System UUID: {3F9BCC7E-292B-D31F-72FD-D5FEE23F4B34}</p><p>09:59:52.0776 0x05a8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</p><p>09:59:52.0776 0x05a8 Drive \Device\Harddisk0\DR0 - Size: 0x6FC86D6000 ( 447.13 Gb ), SectorSize: 0x200, Cylinders: 0xE401, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</p><p>09:59:52.0776 0x05a8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'</p><p>09:59:52.0776 0x05a8 ============================================================</p><p>09:59:52.0776 0x05a8 \Device\Harddisk1\DR1:</p><p>09:59:52.0776 0x05a8 MBR partitions:</p><p>09:59:52.0776 0x05a8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0:</p><p>09:59:52.0776 0x05a8 GPT partitions:</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5D071003-882F-4260-869B-FB6A86CB1F86}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {862A81D1-CF88-4244-A9C1-04E94F6D6784}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3AFB849C-9C48-444F-BB93-5522BF96872E}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x37AD2285</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {933C2EF7-CB2A-4ED2-848F-E2B311FFE493}, Name: , StartLBA 0x37B5D000, BlocksNum 0x1EC000</p><p>09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6EA67A2F-88A5-4C0A-B93F-67656372B2ED}, Name: , StartLBA 0x37D49800, BlocksNum 0xF9800</p><p>09:59:52.0776 0x05a8 MBR partitions:</p><p>09:59:52.0776 0x05a8 \Device\Harddisk1\DR1:</p><p>09:59:52.0776 0x05a8 MBR partitions:</p><p>09:59:52.0776 0x05a8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000</p><p>09:59:52.0776 0x05a8 ============================================================</p><p>09:59:52.0776 0x05a8 C: <-> \Device\Harddisk0\DR0\Partition3</p><p>09:59:52.0792 0x05a8 D: <-> \Device\Harddisk1\DR1\Partition1</p><p>09:59:52.0792 0x05a8 ============================================================</p><p>09:59:52.0792 0x05a8 Initialize success</p><p>09:59:52.0792 0x05a8 ============================================================</p><p>10:00:00.0947 0x3720 KLMD registered as C:\WINDOWS\system32\drivers\19983337.sys</p><p>10:00:01.0729 0x3720 Deinitialize success</p></blockquote><p></p>
[QUOTE="Enigmas, post: 702987, member: 68936"] TDSSKiller Report returned no threats: 09:59:44.0703 0x05a8 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02 09:59:44.0703 0x05a8 UEFI system 09:59:51.0932 0x05a8 ============================================================ 09:59:51.0932 0x05a8 Current date / time: 2018/01/06 09:59:51.0932 09:59:51.0932 0x05a8 SystemInfo: 09:59:51.0932 0x05a8 09:59:51.0932 0x05a8 OS Version: 10.0.15063 ServicePack: 0.0 09:59:51.0932 0x05a8 Product type: Workstation 09:59:51.0932 0x05a8 ComputerName: STUDIOR4KUHD 09:59:51.0932 0x05a8 UserName: RecoveryAdmin 09:59:51.0932 0x05a8 Windows directory: C:\WINDOWS 09:59:51.0932 0x05a8 System windows directory: C:\WINDOWS 09:59:51.0932 0x05a8 Running under WOW64 09:59:51.0932 0x05a8 Processor architecture: Intel x64 09:59:51.0932 0x05a8 Number of processors: 4 09:59:51.0932 0x05a8 Page size: 0x1000 09:59:51.0932 0x05a8 Boot type: Normal boot 09:59:51.0932 0x05a8 CodeIntegrityOptions = 0x00000001 09:59:51.0932 0x05a8 ============================================================ 09:59:52.0042 0x05a8 KLMD registered as C:\WINDOWS\system32\drivers\62374121.sys 09:59:52.0042 0x05a8 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19 09:59:52.0260 0x05a8 System UUID: {3F9BCC7E-292B-D31F-72FD-D5FEE23F4B34} 09:59:52.0776 0x05a8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:59:52.0776 0x05a8 Drive \Device\Harddisk0\DR0 - Size: 0x6FC86D6000 ( 447.13 Gb ), SectorSize: 0x200, Cylinders: 0xE401, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:59:52.0776 0x05a8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 09:59:52.0776 0x05a8 ============================================================ 09:59:52.0776 0x05a8 \Device\Harddisk1\DR1: 09:59:52.0776 0x05a8 MBR partitions: 09:59:52.0776 0x05a8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0: 09:59:52.0776 0x05a8 GPT partitions: 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5D071003-882F-4260-869B-FB6A86CB1F86}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {862A81D1-CF88-4244-A9C1-04E94F6D6784}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3AFB849C-9C48-444F-BB93-5522BF96872E}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x37AD2285 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {933C2EF7-CB2A-4ED2-848F-E2B311FFE493}, Name: , StartLBA 0x37B5D000, BlocksNum 0x1EC000 09:59:52.0776 0x05a8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6EA67A2F-88A5-4C0A-B93F-67656372B2ED}, Name: , StartLBA 0x37D49800, BlocksNum 0xF9800 09:59:52.0776 0x05a8 MBR partitions: 09:59:52.0776 0x05a8 \Device\Harddisk1\DR1: 09:59:52.0776 0x05a8 MBR partitions: 09:59:52.0776 0x05a8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 09:59:52.0776 0x05a8 ============================================================ 09:59:52.0776 0x05a8 C: <-> \Device\Harddisk0\DR0\Partition3 09:59:52.0792 0x05a8 D: <-> \Device\Harddisk1\DR1\Partition1 09:59:52.0792 0x05a8 ============================================================ 09:59:52.0792 0x05a8 Initialize success 09:59:52.0792 0x05a8 ============================================================ 10:00:00.0947 0x3720 KLMD registered as C:\WINDOWS\system32\drivers\19983337.sys 10:00:01.0729 0x3720 Deinitialize success [/QUOTE]
Insert quotes…
Verification
Post reply
Top