Jump to content

E-POWER Utility HKDRV Driver is absent


Recommended Posts

have a friends laptop that I have researched how to find out if this is a virus or an absent driver and have not had luck so I hope someone can help.

When the Toshiba laptop boots up it has an error message:

E-POWER Utility

Initialization Error: HKDRV Driver is absent

I ran Malwarebytes and it comes up clean.

Tried to run Avira AntiVir Personal. When in safe mode and transferred off of a flash drive and copied onto laptop, it says: Setup requires the windows installer service in order to perform installation. This is currently disabled. Please enable this service in the computer management and start installation again.

Ran De-Frogger, it never rebooted the computer

Ran DDS but it just sat there for over 15 minutes, never ran so I didn't not get a log.

MBAM LOG

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

8/22/2011 12:12:37 PM

mbam-log-2011-08-22 (12-12-37).txt

Scan type: Quick scan

Objects scanned: 191643

Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

ROOT KIT:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-22 19:14:05

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A

Running: 3w1l1rg4.exe; Driver: C:\DOCUME~1\KYLEPH~1\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT 8A47EA70 ZwAlertResumeThread

SSDT 8A26DF88 ZwAlertThread

SSDT 8A2A28F0 ZwAllocateVirtualMemory

SSDT 8A2B2170 ZwAssignProcessToJobObject

SSDT 89DCC570 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB1149710]

SSDT 8A24A340 ZwCreateMutant

SSDT 8A26BA50 ZwCreateSymbolicLinkObject

SSDT 89BD5108 ZwCreateThread

SSDT 8A2A28B8 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB1149990]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB1149EF0]

SSDT 8A258FC0 ZwDuplicateObject

SSDT 8A286F38 ZwFreeVirtualMemory

SSDT 8A257D80 ZwImpersonateAnonymousToken

SSDT 8A252138 ZwImpersonateThread

SSDT 89DC76C8 ZwLoadDriver

SSDT 8A25B8D0 ZwMapViewOfSection

SSDT 8A23B508 ZwOpenEvent

SSDT 8A47EAA8 ZwOpenProcess

SSDT 8A253F88 ZwOpenProcessToken

SSDT 8A239648 ZwOpenSection

SSDT 8A257DB8 ZwOpenThread

SSDT 8A23FAD0 ZwProtectVirtualMemory

SSDT 8A23A878 ZwResumeThread

SSDT 8A253908 ZwSetContextThread

SSDT 8A292B78 ZwSetInformationProcess

SSDT 8A1CCE60 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB114A140]

SSDT 8A258F88 ZwSuspendProcess

SSDT 8A283120 ZwSuspendThread

SSDT 8A25AB58 ZwTerminateProcess

SSDT 8A24C4E8 ZwTerminateThread

SSDT 8A285AF0 ZwUnmapViewOfSection

SSDT 8A292F38 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 7C 804E26E8 8 Bytes JMP DF888A47

.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 8 Bytes [A8, EA, 47, 8A, 88, 3F, 25, ...]

? SYMDS.SYS The system cannot find the file specified. !

? SYMEFA.SYS The system cannot find the file specified. !

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9543900]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    HKDRV
    :filefind
    HKDRV


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    HKDRV
    :filefind
    HKDRV


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

LOG----->

SystemLook 30.07.11 by jpshortstuff

Log created at 12:37 on 28/08/2011 by Kyle Phillips

Administrator - Elevation successful

========== regfind ==========

Searching for "HKDRV"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E685AC11FE2690940ABCD111BC5E03BA]

"F1D407AD75DB7D54C8C2207E08AAF9AA"="C:\WINDOWS\system32\Drivers\hkdrv.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\0019]

"ReinstallString"="C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\hkdrv.inf"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EPOWER]

"ImagePath"="System32\Drivers\hkdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EPOWER]

"ImagePath"="System32\Drivers\hkdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EPOWER]

"ImagePath"="System32\Drivers\hkdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EPOWER]

"ImagePath"="System32\Drivers\hkdrv.sys"

========== filefind ==========

Searching for "HKDRV"

No files found.

-= EOF =-

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.