aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software Run date: 2012-01-17 13:51:53 ----------------------------- 13:51:53.534 OS Version: Windows x64 6.1.7601 Service Pack 1 13:51:53.535 Number of processors: 1 586 0x170A 13:51:53.536 ComputerName: CATHY-PC UserName: Cathy 13:51:56.412 Initialize success 13:52:35.677 AVAST engine defs: 12011700 13:53:13.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:53:13.025 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3 13:53:13.041 Disk 0 MBR read successfully 13:53:13.044 Disk 0 MBR scan 13:53:13.050 Disk 0 Windows 7 default MBR code 13:53:13.050 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63 13:53:13.081 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855 13:53:13.097 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226080 MB offset 25382700 13:53:13.097 Service scanning 13:53:14.500 Modules scanning 13:53:14.523 Disk 0 trace - called modules: 13:53:14.578 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 13:53:14.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800324b060] 13:53:14.927 3 CLASSPNP.SYS[fffff88001d7143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800227f050] 13:53:16.577 AVAST engine scan C:\Windows 13:53:20.106 AVAST engine scan C:\Windows\system32 13:53:31.302 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp] 13:55:13.926 AVAST engine scan C:\Windows\system32\drivers 13:55:28.761 AVAST engine scan C:\Users\Cathy 13:57:25.427 File: C:\Users\Cathy\AppData\Roaming\Microsoft\Protect\Credentials\taskhostt.exe **INFECTED** Win32:Malware-gen 13:57:41.205 File: C:\Users\Cathy\AppData\Roaming\svchost.exe **INFECTED** Win32:VB-URL [Trj] 13:58:06.379 AVAST engine scan C:\ProgramData 14:01:18.164 Scan finished successfully 14:04:54.531 Disk 0 MBR has been saved successfully to "C:\Users\Cathy\Desktop\MBR.dat" 14:04:54.537 The log file has been saved successfully to "C:\Users\Cathy\Desktop\aswMBR.txt"