20:48:31.0982 0x0278 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46 20:48:56.0599 0x0278 ============================================================ 20:48:56.0599 0x0278 Current date / time: 2021/02/07 20:48:56.0599 20:48:56.0599 0x0278 SystemInfo: 20:48:56.0599 0x0278 20:48:56.0599 0x0278 OS Version: 6.1.7601 ServicePack: 1.0 20:48:56.0599 0x0278 Product type: Workstation 20:48:56.0599 0x0278 ComputerName: USER-PC 20:48:56.0599 0x0278 UserName: User 20:48:56.0599 0x0278 Windows directory: C:\Windows 20:48:56.0599 0x0278 System windows directory: C:\Windows 20:48:56.0599 0x0278 Processor architecture: Intel x86 20:48:56.0599 0x0278 Number of processors: 2 20:48:56.0599 0x0278 Page size: 0x1000 20:48:56.0599 0x0278 Boot type: Normal boot 20:48:56.0599 0x0278 CodeIntegrityOptions = 0x00000000 20:48:56.0599 0x0278 ============================================================ 20:48:58.0939 0x0278 KLMD registered as C:\Windows\system32\drivers\58864846.sys 20:48:58.0939 0x0278 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.24545, osProperties = 0x0 20:48:59.0220 0x0278 System UUID: {4D2E3154-A3A6-BAD3-767C-D31378C506C0} 20:48:59.0594 0x0278 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:48:59.0594 0x0278 ============================================================ 20:48:59.0594 0x0278 \Device\Harddisk0\DR0: 20:48:59.0594 0x0278 MBR partitions: 20:48:59.0594 0x0278 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:48:59.0594 0x0278 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 20:48:59.0594 0x0278 ============================================================ 20:48:59.0641 0x0278 C: <-> \Device\Harddisk0\DR0\Partition2 20:48:59.0657 0x0278 ============================================================ 20:48:59.0657 0x0278 Initialize success 20:48:59.0657 0x0278 ============================================================ 20:50:06.0144 0x14b8 KLMD registered as C:\Windows\system32\drivers\91394302.sys 20:50:08.0094 0x14b8 Deinitialize success