14:20:58:859 3976	TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
14:20:58:862 3976	================================================================================
14:20:58:862 3976	SystemInfo:

14:20:58:862 3976	OS Version: 6.1.7600 ServicePack: 0.0
14:20:58:862 3976	Product type: Workstation
14:20:58:862 3976	ComputerName: E8400
14:20:58:862 3976	UserName: Sebastian
14:20:58:862 3976	Windows directory: I:\Windows
14:20:58:862 3976	Processor architecture: Intel x86
14:20:58:862 3976	Number of processors: 2
14:20:58:862 3976	Page size: 0x1000
14:20:58:862 3976	Boot type: Normal boot
14:20:58:862 3976	================================================================================
14:20:58:864 3976	UnloadDriverW: NtUnloadDriver error 2
14:20:58:864 3976	ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:20:58:872 3976	wfopen_ex: Trying to open file I:\Windows\system32\config\system
14:20:58:872 3976	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:20:58:872 3976	wfopen_ex: Trying to KLMD file open
14:20:58:872 3976	wfopen_ex: File opened ok (Flags 2)
14:20:58:874 3976	wfopen_ex: Trying to open file I:\Windows\system32\config\software
14:20:58:874 3976	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:20:58:874 3976	wfopen_ex: Trying to KLMD file open
14:20:58:874 3976	wfopen_ex: File opened ok (Flags 2)
14:20:58:874 3976	Initialize success
14:20:58:874 3976	
14:20:58:874 3976	Scanning	Services ...
14:20:59:064 3976	Raw services enum returned 476 services
14:20:59:072 3976	
14:20:59:072 3976	Scanning	Kernel memory ...
14:20:59:072 3976	Devices to scan: 2
14:20:59:072 3976	
14:20:59:074 3976	Driver Name: iaStor
14:20:59:074 3976	IRP_MJ_CREATE                      : 8B27D92E
14:20:59:074 3976	IRP_MJ_CREATE_NAMED_PIPE           : 81CEE447
14:20:59:074 3976	IRP_MJ_CLOSE                       : 8B27D92E
14:20:59:074 3976	IRP_MJ_READ                        : 81CEE447
14:20:59:074 3976	IRP_MJ_WRITE                       : 81CEE447
14:20:59:074 3976	IRP_MJ_QUERY_INFORMATION           : 81CEE447
14:20:59:074 3976	IRP_MJ_SET_INFORMATION             : 81CEE447
14:20:59:074 3976	IRP_MJ_QUERY_EA                    : 81CEE447
14:20:59:074 3976	IRP_MJ_SET_EA                      : 81CEE447
14:20:59:074 3976	IRP_MJ_FLUSH_BUFFERS               : 81CEE447
14:20:59:074 3976	IRP_MJ_QUERY_VOLUME_INFORMATION    : 81CEE447
14:20:59:074 3976	IRP_MJ_SET_VOLUME_INFORMATION      : 81CEE447
14:20:59:074 3976	IRP_MJ_DIRECTORY_CONTROL           : 81CEE447
14:20:59:074 3976	IRP_MJ_FILE_SYSTEM_CONTROL         : 81CEE447
14:20:59:074 3976	IRP_MJ_DEVICE_CONTROL              : 8B27AB28
14:20:59:074 3976	IRP_MJ_INTERNAL_DEVICE_CONTROL     : 8B277988
14:20:59:074 3976	IRP_MJ_SHUTDOWN                    : 81CEE447
14:20:59:074 3976	IRP_MJ_LOCK_CONTROL                : 81CEE447
14:20:59:074 3976	IRP_MJ_CLEANUP                     : 81CEE447
14:20:59:074 3976	IRP_MJ_CREATE_MAILSLOT             : 81CEE447
14:20:59:074 3976	IRP_MJ_QUERY_SECURITY              : 81CEE447
14:20:59:074 3976	IRP_MJ_SET_SECURITY                : 81CEE447
14:20:59:074 3976	IRP_MJ_POWER                       : 8B2729D6
14:20:59:074 3976	IRP_MJ_SYSTEM_CONTROL              : 8B271D68
14:20:59:074 3976	IRP_MJ_DEVICE_CHANGE               : 81CEE447
14:20:59:074 3976	IRP_MJ_QUERY_QUOTA                 : 81CEE447
14:20:59:074 3976	IRP_MJ_SET_QUOTA                   : 81CEE447
14:20:59:077 3976	I:\Windows\system32\drivers\iaStor.sys - Verdict: 1
14:20:59:077 3976	
14:20:59:077 3976	Driver Name: iaStor
14:20:59:077 3976	IRP_MJ_CREATE                      : 8B27D92E
14:20:59:077 3976	IRP_MJ_CREATE_NAMED_PIPE           : 81CEE447
14:20:59:077 3976	IRP_MJ_CLOSE                       : 8B27D92E
14:20:59:077 3976	IRP_MJ_READ                        : 81CEE447
14:20:59:077 3976	IRP_MJ_WRITE                       : 81CEE447
14:20:59:077 3976	IRP_MJ_QUERY_INFORMATION           : 81CEE447
14:20:59:077 3976	IRP_MJ_SET_INFORMATION             : 81CEE447
14:20:59:077 3976	IRP_MJ_QUERY_EA                    : 81CEE447
14:20:59:077 3976	IRP_MJ_SET_EA                      : 81CEE447
14:20:59:077 3976	IRP_MJ_FLUSH_BUFFERS               : 81CEE447
14:20:59:077 3976	IRP_MJ_QUERY_VOLUME_INFORMATION    : 81CEE447
14:20:59:077 3976	IRP_MJ_SET_VOLUME_INFORMATION      : 81CEE447
14:20:59:077 3976	IRP_MJ_DIRECTORY_CONTROL           : 81CEE447
14:20:59:077 3976	IRP_MJ_FILE_SYSTEM_CONTROL         : 81CEE447
14:20:59:077 3976	IRP_MJ_DEVICE_CONTROL              : 8B27AB28
14:20:59:077 3976	IRP_MJ_INTERNAL_DEVICE_CONTROL     : 8B277988
14:20:59:077 3976	IRP_MJ_SHUTDOWN                    : 81CEE447
14:20:59:077 3976	IRP_MJ_LOCK_CONTROL                : 81CEE447
14:20:59:077 3976	IRP_MJ_CLEANUP                     : 81CEE447
14:20:59:077 3976	IRP_MJ_CREATE_MAILSLOT             : 81CEE447
14:20:59:077 3976	IRP_MJ_QUERY_SECURITY              : 81CEE447
14:20:59:077 3976	IRP_MJ_SET_SECURITY                : 81CEE447
14:20:59:077 3976	IRP_MJ_POWER                       : 8B2729D6
14:20:59:077 3976	IRP_MJ_SYSTEM_CONTROL              : 8B271D68
14:20:59:077 3976	IRP_MJ_DEVICE_CHANGE               : 81CEE447
14:20:59:077 3976	IRP_MJ_QUERY_QUOTA                 : 81CEE447
14:20:59:077 3976	IRP_MJ_SET_QUOTA                   : 81CEE447
14:20:59:079 3976	I:\Windows\system32\drivers\iaStor.sys - Verdict: 1
14:20:59:079 3976	
14:20:59:079 3976	Completed
14:20:59:079 3976	
14:20:59:079 3976	Results:
14:20:59:079 3976	Memory objects infected / cured / cured on reboot:	0 / 0 / 0
14:20:59:079 3976	Registry objects infected / cured / cured on reboot:	0 / 0 / 0
14:20:59:082 3976	File objects infected / cured / cured on reboot:	0 / 0 / 0
14:20:59:082 3976	
14:20:59:082 3976	fclose_ex: Trying to close file I:\Windows\system32\config\system
14:20:59:082 3976	fclose_ex: Trying to close file I:\Windows\system32\config\software
14:20:59:082 3976	KLMD(ARK) unloaded successfully