Hi there
No, problem... The Rootkits were located in
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\_Setup.dll
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.dat
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.exe
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.ico
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sysplog.dll
c:\windows\system32\sysplog2.dll
c:\windows\system32\twext.exe
Here is the log foy Sysprot
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 9ADF5000
Module End: 9AE00000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9AC00000
Module End: 9AC09000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 9AC09000
Module End: 9AC1A000
Hidden: Yes
Module Name: \??\C:\Users\voodoo\AppData\Local\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: 9CF1F000
Module End: 9CF2A000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\downloads\temp mp3\Alice Ortt\01 12 Etudes d'exe´cution transcendante, S.139_ No.1 Pre´lude (Presto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\02 12 Etudes d'exe´cution transcendante, S.139_ No.2 Molto vivace.flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\03 12 Etudes d'exe´cution transcendante, S.139_ No.3 Paysage (Poco adagio).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\04 12 Etudes d'exe´cution transcendante, S.139_ No.4 Mazeppa (Presto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\05 12 Etudes d'exe´cution transcendante, S.139_ No.5 Feux follets (Allegretto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\06 12 Etudes d'exe´cution transcendante, S.139_ No.6 Vision (Lento).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\07 12 Etudes d'exe´cution transcendante, S.139_ No.7 Eroica (Allegro).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\08 12 Etudes d'exe´cution transcendante, S.139_ No.8 Wilde Jagd (Presto furioso).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\09 12 Etudes d'exe´cution transcendante, S.139_ No.9 Ricordanza (Andantino).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\10 12 Etudes d'exe´cution transcendante, S.139_ No.10 Allegro agitato molto.flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\11 12 Etudes d'exe´cution transcendante, S.139_ No.11 Harmonies du soir (Andantino).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\12 12 Etudes d'exe´cution transcendante, S.139_ No.12 Chasse neige (Andante con moto).flac
Status: Hidden
Object: C:\My Documents\My Pictures\Helium Music Manager\Album Pictures\Jeno Jandó, piano - FRANZ LISZT_ Complete Piano Music, Vol. 12 - Hungarian Rhapsodies, Volume 1 _ Jeno Jandó.jpg
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied
Object: C:\Users\voodoo\AppData\Local\FLVService\YouTube - ?Chopin 24 Preludes Op 28, No 8??.bin
Status: Hidden
Object: C:\Users\voodoo\Downloads\????????????!_2.mp4
Status: Hidden
Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied
.
No, problem... The Rootkits were located in
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\_Setup.dll
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.dat
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.exe
c:\programdata\Tarma Installer\{7514BBA2-951B-45A0-BA2B-CA259968C9ED}\Setup.ico
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sysplog.dll
c:\windows\system32\sysplog2.dll
c:\windows\system32\twext.exe
Here is the log foy Sysprot
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 9ADF5000
Module End: 9AE00000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9AC00000
Module End: 9AC09000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 9AC09000
Module End: 9AC1A000
Hidden: Yes
Module Name: \??\C:\Users\voodoo\AppData\Local\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: 9CF1F000
Module End: 9CF2A000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\downloads\temp mp3\Alice Ortt\01 12 Etudes d'exe´cution transcendante, S.139_ No.1 Pre´lude (Presto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\02 12 Etudes d'exe´cution transcendante, S.139_ No.2 Molto vivace.flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\03 12 Etudes d'exe´cution transcendante, S.139_ No.3 Paysage (Poco adagio).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\04 12 Etudes d'exe´cution transcendante, S.139_ No.4 Mazeppa (Presto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\05 12 Etudes d'exe´cution transcendante, S.139_ No.5 Feux follets (Allegretto).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\06 12 Etudes d'exe´cution transcendante, S.139_ No.6 Vision (Lento).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\07 12 Etudes d'exe´cution transcendante, S.139_ No.7 Eroica (Allegro).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\08 12 Etudes d'exe´cution transcendante, S.139_ No.8 Wilde Jagd (Presto furioso).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\09 12 Etudes d'exe´cution transcendante, S.139_ No.9 Ricordanza (Andantino).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\10 12 Etudes d'exe´cution transcendante, S.139_ No.10 Allegro agitato molto.flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\11 12 Etudes d'exe´cution transcendante, S.139_ No.11 Harmonies du soir (Andantino).flac
Status: Hidden
Object: C:\downloads\temp mp3\Alice Ortt\12 12 Etudes d'exe´cution transcendante, S.139_ No.12 Chasse neige (Andante con moto).flac
Status: Hidden
Object: C:\My Documents\My Pictures\Helium Music Manager\Album Pictures\Jeno Jandó, piano - FRANZ LISZT_ Complete Piano Music, Vol. 12 - Hungarian Rhapsodies, Volume 1 _ Jeno Jandó.jpg
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied
Object: C:\Users\voodoo\AppData\Local\FLVService\YouTube - ?Chopin 24 Preludes Op 28, No 8??.bin
Status: Hidden
Object: C:\Users\voodoo\Downloads\????????????!_2.mp4
Status: Hidden
Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied
.