21:29:24.0099 0x0dc8 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46 21:29:30.0292 0x0dc8 ============================================================ 21:29:30.0292 0x0dc8 Current date / time: 2021/03/30 21:29:30.0292 21:29:30.0292 0x0dc8 SystemInfo: 21:29:30.0292 0x0dc8 21:29:30.0292 0x0dc8 OS Version: 6.1.7601 ServicePack: 1.0 21:29:30.0292 0x0dc8 Product type: Workstation 21:29:30.0292 0x0dc8 ComputerName: COMPAQ-PC 21:29:30.0292 0x0dc8 UserName: Compaq 21:29:30.0292 0x0dc8 Windows directory: C:\Windows 21:29:30.0292 0x0dc8 System windows directory: C:\Windows 21:29:30.0292 0x0dc8 Processor architecture: Intel x86 21:29:30.0292 0x0dc8 Number of processors: 2 21:29:30.0292 0x0dc8 Page size: 0x1000 21:29:30.0292 0x0dc8 Boot type: Safe boot with network 21:29:30.0292 0x0dc8 CodeIntegrityOptions = 0x00000000 21:29:30.0292 0x0dc8 ============================================================ 21:29:32.0570 0x0dc8 KLMD registered as C:\Windows\system32\drivers\08944917.sys 21:29:32.0570 0x0dc8 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.17514, osProperties = 0x0 21:29:32.0820 0x0dc8 System UUID: {254BB4A6-F76D-8B6E-CFCF-CA4D4D242370} 21:29:33.0397 0x0dc8 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:29:33.0428 0x0dc8 ============================================================ 21:29:33.0428 0x0dc8 \Device\Harddisk0\DR0: 21:29:33.0444 0x0dc8 MBR partitions: 21:29:33.0444 0x0dc8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:29:33.0444 0x0dc8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 21:29:33.0444 0x0dc8 ============================================================ 21:29:33.0537 0x0dc8 C: <-> \Device\Harddisk0\DR0\Partition2 21:29:33.0553 0x0dc8 ============================================================ 21:29:33.0553 0x0dc8 Initialize success 21:29:33.0553 0x0dc8 ============================================================ 21:29:49.0449 0x0900 KLMD registered as C:\Windows\system32\drivers\99006676.sys 21:29:51.0274 0x0900 Deinitialize success