aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-13 20:47:50 ----------------------------- 20:47:50.091 OS Version: Windows x64 6.1.7601 Service Pack 1 20:47:50.091 Number of processors: 4 586 0x503 20:47:50.091 ComputerName: HOME UserName: 20:47:56.643 Initialize success 20:48:00.980 AVAST engine defs: 11111200 20:48:02.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:48:02.742 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 11 20:48:02.742 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP6T1L0-9 20:48:02.742 Disk 1 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3 20:48:04.802 Disk 0 MBR read successfully 20:48:04.802 Disk 0 MBR scan 20:48:04.817 Disk 0 MBR:Alureon-I [Rtk] 20:48:04.817 Disk 0 TDL4@MBR code has been found 20:48:04.817 Disk 0 Windows 7 default MBR code found via API 20:48:04.817 Disk 0 MBR hidden 20:48:04.817 Disk 0 MBR [TDL4] **ROOTKIT** 20:48:04.833 Disk 0 trace - called modules: 20:48:04.833 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004d74254]<< 20:48:04.833 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c9f790] 20:48:04.848 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004bc9940] 20:48:04.848 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c77680] 20:48:04.864 \Driver\atapi[0xfffffa800467f060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004d74254 20:48:11.510 AVAST engine scan C:\Windows 20:48:25.846 AVAST engine scan C:\Windows\system32 20:50:38.260 AVAST engine scan C:\Windows\system32\drivers 20:50:54.464 AVAST engine scan C:\Users\Matthew Abrahamson 20:58:41.007 AVAST engine scan C:\ProgramData 20:59:55.417 Scan finished successfully 21:00:49.731 Disk 0 MBR has been saved successfully to "C:\Users\Matthew Abrahamson\Desktop\MBR.dat" 21:00:49.741 The log file has been saved successfully to "C:\Users\Matthew Abrahamson\Desktop\aswMBR3.txt"