aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-22 16:35:06
-----------------------------
16:35:06.609    OS Version: Windows 5.1.2600 Service Pack 3
16:35:06.609    Number of processors: 2 586 0x404
16:35:06.609    ComputerName: UBANGIE  UserName: 
16:35:07.687    Initialize success
16:36:44.546    AVAST engine defs: 12012201
16:37:02.046    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:02.046    Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
16:37:02.062    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
16:37:02.062    Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
16:37:02.078    Disk 0 MBR read successfully
16:37:02.078    Disk 0 MBR scan
16:37:02.109    Disk 0 MBR:Pihar-C [Rtk]
16:37:02.109    Disk 0 TDL4@MBR code has been found
16:37:02.125    Disk 0 Windows XP default MBR code found via API
16:37:02.125    Disk 0 MBR hidden
16:37:02.140    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       39 MB offset 63
16:37:02.156    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       305125 MB offset 80325
16:37:02.171    Disk 0 MBR [TDL4]  **ROOTKIT**
16:37:02.187    Disk 0 trace - called modules:
16:37:02.203    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xabbf5ff0]<<
16:37:02.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a743ab8]
16:37:02.218    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x88ac5190]
16:37:02.234    \Driver\00001563[0x88aec760] -> IRP_MJ_CREATE -> 0xabbf5ff0
16:37:03.171    AVAST engine scan C:\WINDOWS
16:37:13.562    AVAST engine scan C:\WINDOWS\system32
16:39:12.875    AVAST engine scan C:\WINDOWS\system32\drivers
16:39:23.718    File: C:\WINDOWS\system32\drivers\mrxsmb.sys  **INFECTED** Win32:Smadow [Rtk]
16:39:31.796    AVAST engine scan C:\Documents and Settings\Sherman
16:54:33.734    AVAST engine scan C:\Documents and Settings\All Users
16:57:30.250    Scan finished successfully
17:02:09.562    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat"
17:02:09.578    The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt"