FIRST TIME
05:24:01:644 3376 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
05:24:01:644 3376 ================================================================================
05:24:01:644 3376 SystemInfo:
05:24:01:644 3376 OS Version: 5.1.2600 ServicePack: 3.0
05:24:01:644 3376 Product type: Workstation
05:24:01:644 3376 ComputerName: ALEX
05:24:01:644 3376 UserName: The_Club
05:24:01:644 3376 Windows directory: C:\WINDOWS
05:24:01:644 3376 Processor architecture: Intel x86
05:24:01:644 3376 Number of processors: 1
05:24:01:644 3376 Page size: 0x1000
05:24:01:644 3376 Boot type: Normal boot
05:24:01:644 3376 ================================================================================
05:24:01:660 3376 UnloadDriverW: NtUnloadDriver error 2
05:24:01:660 3376 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
05:24:01:738 3376 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
05:24:01:738 3376 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:24:01:738 3376 wfopen_ex: Trying to KLMD file open
05:24:01:738 3376 wfopen_ex: File opened ok (Flags 2)
05:24:01:738 3376 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
05:24:01:738 3376 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:24:01:738 3376 wfopen_ex: Trying to KLMD file open
05:24:01:738 3376 wfopen_ex: File opened ok (Flags 2)
05:24:01:738 3376 Initialize success
05:24:01:738 3376
05:24:01:738 3376 Scanning Services ...
05:24:02:363 3376 Raw services enum returned 369 services
05:24:02:379 3376
05:24:02:379 3376 Scanning Kernel memory ...
05:24:02:379 3376 Devices to scan: 4
05:24:02:379 3376
05:24:02:379 3376 Driver Name: Disk
05:24:02:379 3376 IRP_MJ_CREATE : F76A1BB0
05:24:02:379 3376 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:24:02:379 3376 IRP_MJ_CLOSE : F76A1BB0
05:24:02:379 3376 IRP_MJ_READ : F769BD1F
05:24:02:379 3376 IRP_MJ_WRITE : F769BD1F
05:24:02:379 3376 IRP_MJ_QUERY_INFORMATION : 804F355A
05:24:02:379 3376 IRP_MJ_SET_INFORMATION : 804F355A
05:24:02:379 3376 IRP_MJ_QUERY_EA : 804F355A
05:24:02:379 3376 IRP_MJ_SET_EA : 804F355A
05:24:02:379 3376 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:24:02:379 3376 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:24:02:379 3376 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:24:02:379 3376 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:24:02:379 3376 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:24:02:379 3376 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:24:02:379 3376 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:24:02:379 3376 IRP_MJ_SHUTDOWN : F769C2E2
05:24:02:379 3376 IRP_MJ_LOCK_CONTROL : 804F355A
05:24:02:379 3376 IRP_MJ_CLEANUP : 804F355A
05:24:02:379 3376 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:24:02:379 3376 IRP_MJ_QUERY_SECURITY : 804F355A
05:24:02:379 3376 IRP_MJ_SET_SECURITY : 804F355A
05:24:02:379 3376 IRP_MJ_POWER : F769DC82
05:24:02:379 3376 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:24:02:379 3376 IRP_MJ_DEVICE_CHANGE : 804F355A
05:24:02:379 3376 IRP_MJ_QUERY_QUOTA : 804F355A
05:24:02:379 3376 IRP_MJ_SET_QUOTA : 804F355A
05:24:02:394 3376 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:24:02:394 3376
05:24:02:394 3376 Driver Name: Disk
05:24:02:394 3376 IRP_MJ_CREATE : F76A1BB0
05:24:02:394 3376 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:24:02:394 3376 IRP_MJ_CLOSE : F76A1BB0
05:24:02:394 3376 IRP_MJ_READ : F769BD1F
05:24:02:394 3376 IRP_MJ_WRITE : F769BD1F
05:24:02:394 3376 IRP_MJ_QUERY_INFORMATION : 804F355A
05:24:02:394 3376 IRP_MJ_SET_INFORMATION : 804F355A
05:24:02:394 3376 IRP_MJ_QUERY_EA : 804F355A
05:24:02:394 3376 IRP_MJ_SET_EA : 804F355A
05:24:02:394 3376 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:24:02:394 3376 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:24:02:394 3376 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:24:02:394 3376 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:24:02:394 3376 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:24:02:394 3376 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:24:02:394 3376 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:24:02:394 3376 IRP_MJ_SHUTDOWN : F769C2E2
05:24:02:394 3376 IRP_MJ_LOCK_CONTROL : 804F355A
05:24:02:394 3376 IRP_MJ_CLEANUP : 804F355A
05:24:02:394 3376 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:24:02:394 3376 IRP_MJ_QUERY_SECURITY : 804F355A
05:24:02:394 3376 IRP_MJ_SET_SECURITY : 804F355A
05:24:02:394 3376 IRP_MJ_POWER : F769DC82
05:24:02:410 3376 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:24:02:410 3376 IRP_MJ_DEVICE_CHANGE : 804F355A
05:24:02:410 3376 IRP_MJ_QUERY_QUOTA : 804F355A
05:24:02:410 3376 IRP_MJ_SET_QUOTA : 804F355A
05:24:02:410 3376 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:24:02:410 3376
05:24:02:410 3376 Driver Name: Disk
05:24:02:410 3376 IRP_MJ_CREATE : F76A1BB0
05:24:02:410 3376 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:24:02:410 3376 IRP_MJ_CLOSE : F76A1BB0
05:24:02:410 3376 IRP_MJ_READ : F769BD1F
05:24:02:410 3376 IRP_MJ_WRITE : F769BD1F
05:24:02:410 3376 IRP_MJ_QUERY_INFORMATION : 804F355A
05:24:02:410 3376 IRP_MJ_SET_INFORMATION : 804F355A
05:24:02:410 3376 IRP_MJ_QUERY_EA : 804F355A
05:24:02:410 3376 IRP_MJ_SET_EA : 804F355A
05:24:02:410 3376 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:24:02:410 3376 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:24:02:410 3376 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:24:02:410 3376 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:24:02:410 3376 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:24:02:410 3376 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:24:02:410 3376 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:24:02:410 3376 IRP_MJ_SHUTDOWN : F769C2E2
05:24:02:410 3376 IRP_MJ_LOCK_CONTROL : 804F355A
05:24:02:410 3376 IRP_MJ_CLEANUP : 804F355A
05:24:02:410 3376 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:24:02:410 3376 IRP_MJ_QUERY_SECURITY : 804F355A
05:24:02:410 3376 IRP_MJ_SET_SECURITY : 804F355A
05:24:02:410 3376 IRP_MJ_POWER : F769DC82
05:24:02:410 3376 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:24:02:410 3376 IRP_MJ_DEVICE_CHANGE : 804F355A
05:24:02:410 3376 IRP_MJ_QUERY_QUOTA : 804F355A
05:24:02:410 3376 IRP_MJ_SET_QUOTA : 804F355A
05:24:02:410 3376 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:24:02:410 3376
05:24:02:410 3376 Driver Name: atapi
05:24:02:410 3376 IRP_MJ_CREATE : F74A9B3A
05:24:02:410 3376 IRP_MJ_CREATE_NAMED_PIPE : F74A9B3A
05:24:02:410 3376 IRP_MJ_CLOSE : F74A9B3A
05:24:02:410 3376 IRP_MJ_READ : F74A9B3A
05:24:02:410 3376 IRP_MJ_WRITE : F74A9B3A
05:24:02:410 3376 IRP_MJ_QUERY_INFORMATION : F74A9B3A
05:24:02:410 3376 IRP_MJ_SET_INFORMATION : F74A9B3A
05:24:02:410 3376 IRP_MJ_QUERY_EA : F74A9B3A
05:24:02:410 3376 IRP_MJ_SET_EA : F74A9B3A
05:24:02:410 3376 IRP_MJ_FLUSH_BUFFERS : F74A9B3A
05:24:02:410 3376 IRP_MJ_QUERY_VOLUME_INFORMATION : F74A9B3A
05:24:02:410 3376 IRP_MJ_SET_VOLUME_INFORMATION : F74A9B3A
05:24:02:410 3376 IRP_MJ_DIRECTORY_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_FILE_SYSTEM_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_DEVICE_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_SHUTDOWN : F74A9B3A
05:24:02:410 3376 IRP_MJ_LOCK_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_CLEANUP : F74A9B3A
05:24:02:410 3376 IRP_MJ_CREATE_MAILSLOT : F74A9B3A
05:24:02:410 3376 IRP_MJ_QUERY_SECURITY : F74A9B3A
05:24:02:410 3376 IRP_MJ_SET_SECURITY : F74A9B3A
05:24:02:410 3376 IRP_MJ_POWER : F74A9B3A
05:24:02:410 3376 IRP_MJ_SYSTEM_CONTROL : F74A9B3A
05:24:02:410 3376 IRP_MJ_DEVICE_CHANGE : F74A9B3A
05:24:02:410 3376 IRP_MJ_QUERY_QUOTA : F74A9B3A
05:24:02:410 3376 IRP_MJ_SET_QUOTA : F74A9B3A
05:24:02:410 3376 Driver "atapi" infected by TDSS rootkit!
05:24:02:441 3376 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
05:24:02:441 3376 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 05:24:02:441 3376 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
05:24:02:441 3376 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
05:24:02:723 3376 vfvi6
05:24:02:863 3376 !dsvbh1
05:24:05:598 3376 dsvbh2
05:24:05:660 3376 fdfb2
05:24:05:660 3376 Backup copy found, using it..
05:24:05:723 3376 will be cured on next reboot
05:24:05:723 3376 Reboot required for cure complete..
05:24:05:723 3376 Cure on reboot scheduled successfully
05:24:05:723 3376
05:24:05:723 3376 Completed
05:24:05:723 3376
05:24:05:723 3376 Results:
05:24:05:723 3376 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
05:24:05:723 3376 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
05:24:05:723 3376 File objects infected / cured / cured on reboot: 1 / 0 / 1
05:24:05:723 3376
05:24:05:723 3376 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
05:24:05:723 3376 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
05:24:05:723 3376 UnloadDriverW: NtUnloadDriver error 1
05:24:05:723 3376 KLMD(ARK) unloaded successfully
SECOND TIME
05:27:09:671 3112 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
05:27:09:671 3112 ================================================================================
05:27:09:671 3112 SystemInfo:
05:27:09:671 3112 OS Version: 5.1.2600 ServicePack: 3.0
05:27:09:671 3112 Product type: Workstation
05:27:09:671 3112 ComputerName: ALEX
05:27:09:671 3112 UserName: The_Club
05:27:09:671 3112 Windows directory: C:\WINDOWS
05:27:09:671 3112 Processor architecture: Intel x86
05:27:09:671 3112 Number of processors: 1
05:27:09:671 3112 Page size: 0x1000
05:27:09:687 3112 Boot type: Normal boot
05:27:09:687 3112 ================================================================================
05:27:11:312 3112 UnloadDriverW: NtUnloadDriver error 2
05:27:11:312 3112 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
05:27:11:640 3112 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
05:27:11:640 3112 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:27:11:640 3112 wfopen_ex: Trying to KLMD file open
05:27:11:640 3112 wfopen_ex: File opened ok (Flags 2)
05:27:11:656 3112 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
05:27:11:656 3112 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:27:11:656 3112 wfopen_ex: Trying to KLMD file open
05:27:11:656 3112 wfopen_ex: File opened ok (Flags 2)
05:27:11:656 3112 Initialize success
05:27:11:656 3112
05:27:11:687 3112 Scanning Services ...
05:27:19:609 3112 Raw services enum returned 369 services
05:27:19:843 3112
05:27:19:843 3112 Scanning Kernel memory ...
05:27:19:843 3112 Devices to scan: 4
05:27:19:843 3112
05:27:19:843 3112 Driver Name: Disk
05:27:19:843 3112 IRP_MJ_CREATE : F76A1BB0
05:27:19:843 3112 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:27:19:843 3112 IRP_MJ_CLOSE : F76A1BB0
05:27:19:843 3112 IRP_MJ_READ : F769BD1F
05:27:19:843 3112 IRP_MJ_WRITE : F769BD1F
05:27:19:843 3112 IRP_MJ_QUERY_INFORMATION : 804F355A
05:27:19:843 3112 IRP_MJ_SET_INFORMATION : 804F355A
05:27:19:843 3112 IRP_MJ_QUERY_EA : 804F355A
05:27:19:843 3112 IRP_MJ_SET_EA : 804F355A
05:27:19:843 3112 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:27:19:843 3112 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:27:19:843 3112 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:27:19:843 3112 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:27:19:843 3112 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:27:19:843 3112 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:27:19:843 3112 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:27:19:843 3112 IRP_MJ_SHUTDOWN : F769C2E2
05:27:19:843 3112 IRP_MJ_LOCK_CONTROL : 804F355A
05:27:19:843 3112 IRP_MJ_CLEANUP : 804F355A
05:27:19:843 3112 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:27:19:843 3112 IRP_MJ_QUERY_SECURITY : 804F355A
05:27:19:843 3112 IRP_MJ_SET_SECURITY : 804F355A
05:27:19:843 3112 IRP_MJ_POWER : F769DC82
05:27:19:843 3112 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:27:19:843 3112 IRP_MJ_DEVICE_CHANGE : 804F355A
05:27:19:843 3112 IRP_MJ_QUERY_QUOTA : 804F355A
05:27:19:843 3112 IRP_MJ_SET_QUOTA : 804F355A
05:27:19:953 3112 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:27:19:953 3112
05:27:19:953 3112 Driver Name: Disk
05:27:19:953 3112 IRP_MJ_CREATE : F76A1BB0
05:27:19:953 3112 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:27:19:953 3112 IRP_MJ_CLOSE : F76A1BB0
05:27:19:953 3112 IRP_MJ_READ : F769BD1F
05:27:19:953 3112 IRP_MJ_WRITE : F769BD1F
05:27:19:953 3112 IRP_MJ_QUERY_INFORMATION : 804F355A
05:27:19:953 3112 IRP_MJ_SET_INFORMATION : 804F355A
05:27:19:953 3112 IRP_MJ_QUERY_EA : 804F355A
05:27:19:953 3112 IRP_MJ_SET_EA : 804F355A
05:27:19:953 3112 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:27:19:953 3112 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:27:19:953 3112 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:27:19:953 3112 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:27:19:953 3112 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:27:19:953 3112 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:27:19:953 3112 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:27:19:953 3112 IRP_MJ_SHUTDOWN : F769C2E2
05:27:19:953 3112 IRP_MJ_LOCK_CONTROL : 804F355A
05:27:19:953 3112 IRP_MJ_CLEANUP : 804F355A
05:27:19:953 3112 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:27:19:953 3112 IRP_MJ_QUERY_SECURITY : 804F355A
05:27:19:953 3112 IRP_MJ_SET_SECURITY : 804F355A
05:27:19:953 3112 IRP_MJ_POWER : F769DC82
05:27:19:953 3112 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:27:19:953 3112 IRP_MJ_DEVICE_CHANGE : 804F355A
05:27:19:953 3112 IRP_MJ_QUERY_QUOTA : 804F355A
05:27:19:953 3112 IRP_MJ_SET_QUOTA : 804F355A
05:27:19:968 3112 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:27:19:968 3112
05:27:19:968 3112 Driver Name: Disk
05:27:19:968 3112 IRP_MJ_CREATE : F76A1BB0
05:27:19:968 3112 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:27:19:968 3112 IRP_MJ_CLOSE : F76A1BB0
05:27:19:968 3112 IRP_MJ_READ : F769BD1F
05:27:19:968 3112 IRP_MJ_WRITE : F769BD1F
05:27:19:984 3112 IRP_MJ_QUERY_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_SET_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_EA : 804F355A
05:27:19:984 3112 IRP_MJ_SET_EA : 804F355A
05:27:19:984 3112 IRP_MJ_FLUSH_BUFFERS : F769C2E2
05:27:19:984 3112 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_DEVICE_CONTROL : F769C3BB
05:27:19:984 3112 IRP_MJ_INTERNAL_DEVICE_CONTROL : F769FF28
05:27:19:984 3112 IRP_MJ_SHUTDOWN : F769C2E2
05:27:19:984 3112 IRP_MJ_LOCK_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_CLEANUP : 804F355A
05:27:19:984 3112 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_SECURITY : 804F355A
05:27:19:984 3112 IRP_MJ_SET_SECURITY : 804F355A
05:27:19:984 3112 IRP_MJ_POWER : F769DC82
05:27:19:984 3112 IRP_MJ_SYSTEM_CONTROL : F76A299E
05:27:19:984 3112 IRP_MJ_DEVICE_CHANGE : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_QUOTA : 804F355A
05:27:19:984 3112 IRP_MJ_SET_QUOTA : 804F355A
05:27:19:984 3112 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
05:27:19:984 3112
05:27:19:984 3112 Driver Name: atapi
05:27:19:984 3112 IRP_MJ_CREATE : F74AA6F2
05:27:19:984 3112 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
05:27:19:984 3112 IRP_MJ_CLOSE : F74AA6F2
05:27:19:984 3112 IRP_MJ_READ : 804F355A
05:27:19:984 3112 IRP_MJ_WRITE : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_SET_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_EA : 804F355A
05:27:19:984 3112 IRP_MJ_SET_EA : 804F355A
05:27:19:984 3112 IRP_MJ_FLUSH_BUFFERS : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
05:27:19:984 3112 IRP_MJ_DIRECTORY_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_DEVICE_CONTROL : F74AA712
05:27:19:984 3112 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A6852
05:27:19:984 3112 IRP_MJ_SHUTDOWN : 804F355A
05:27:19:984 3112 IRP_MJ_LOCK_CONTROL : 804F355A
05:27:19:984 3112 IRP_MJ_CLEANUP : 804F355A
05:27:19:984 3112 IRP_MJ_CREATE_MAILSLOT : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_SECURITY : 804F355A
05:27:19:984 3112 IRP_MJ_SET_SECURITY : 804F355A
05:27:19:984 3112 IRP_MJ_POWER : F74AA73C
05:27:19:984 3112 IRP_MJ_SYSTEM_CONTROL : F74B1336
05:27:19:984 3112 IRP_MJ_DEVICE_CHANGE : 804F355A
05:27:19:984 3112 IRP_MJ_QUERY_QUOTA : 804F355A
05:27:19:984 3112 IRP_MJ_SET_QUOTA : 804F355A
05:27:20:031 3112 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
05:27:20:031 3112
05:27:20:046 3112 Completed
05:27:20:046 3112
05:27:20:046 3112 Results:
05:27:20:046 3112 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
05:27:20:046 3112 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
05:27:20:046 3112 File objects infected / cured / cured on reboot: 0 / 0 / 0
05:27:20:046 3112
05:27:20:046 3112 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
05:27:20:046 3112 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
05:27:20:046 3112 KLMD(ARK) unloaded successfully