aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software Run date: 2012-01-22 16:35:06 ----------------------------- 16:35:06.609 OS Version: Windows 5.1.2600 Service Pack 3 16:35:06.609 Number of processors: 2 586 0x404 16:35:06.609 ComputerName: UBANGIE UserName: 16:35:07.687 Initialize success 16:36:44.546 AVAST engine defs: 12012201 16:37:02.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:37:02.046 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3 16:37:02.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0 16:37:02.062 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3 16:37:02.078 Disk 0 MBR read successfully 16:37:02.078 Disk 0 MBR scan 16:37:02.109 Disk 0 MBR:Pihar-C [Rtk] 16:37:02.109 Disk 0 TDL4@MBR code has been found 16:37:02.125 Disk 0 Windows XP default MBR code found via API 16:37:02.125 Disk 0 MBR hidden 16:37:02.140 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63 16:37:02.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325 16:37:02.171 Disk 0 MBR [TDL4] **ROOTKIT** 16:37:02.187 Disk 0 trace - called modules: 16:37:02.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xabbf5ff0]<< 16:37:02.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a743ab8] 16:37:02.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x88ac5190] 16:37:02.234 \Driver\00001563[0x88aec760] -> IRP_MJ_CREATE -> 0xabbf5ff0 16:37:03.171 AVAST engine scan C:\WINDOWS 16:37:13.562 AVAST engine scan C:\WINDOWS\system32 16:39:12.875 AVAST engine scan C:\WINDOWS\system32\drivers 16:39:23.718 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk] 16:39:31.796 AVAST engine scan C:\Documents and Settings\Sherman 16:54:33.734 AVAST engine scan C:\Documents and Settings\All Users 16:57:30.250 Scan finished successfully 17:02:09.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat" 17:02:09.578 The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt" aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software Run date: 2012-01-23 21:18:23 ----------------------------- 21:18:23.796 OS Version: Windows 5.1.2600 Service Pack 3 21:18:23.796 Number of processors: 2 586 0x404 21:18:23.796 ComputerName: UBANGIE UserName: 21:18:25.171 Initialize success 21:37:34.828 AVAST engine defs: 12012301 21:52:22.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:52:22.890 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3 21:52:22.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0 21:52:22.906 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3 21:52:22.906 Disk 0 MBR read successfully 21:52:22.921 Disk 0 MBR scan 21:52:23.000 Disk 0 MBR:Pihar-C [Rtk] 21:52:23.015 Disk 0 TDL4@MBR code has been found 21:52:23.015 Disk 0 Windows XP default MBR code found via API 21:52:23.031 Disk 0 MBR hidden 21:52:23.031 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63 21:52:23.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325 21:52:23.078 Disk 0 MBR [TDL4] **ROOTKIT** 21:52:23.078 Disk 0 trace - called modules: 21:52:23.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x894be49f]<< 21:52:23.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a745ab8] 21:52:23.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8959af18] 21:52:23.125 \Driver\iastor[0x8960c030] -> IRP_MJ_CREATE -> 0x894be49f 21:52:24.984 AVAST engine scan C:\WINDOWS 21:52:34.484 AVAST engine scan C:\WINDOWS\system32 21:54:31.781 AVAST engine scan C:\WINDOWS\system32\drivers 21:54:38.953 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk] 21:54:46.875 AVAST engine scan C:\Documents and Settings\Sherman 22:06:43.828 AVAST engine scan C:\Documents and Settings\All Users 22:10:15.359 Scan finished successfully 22:36:00.093 Disk 0 MBR read successfully 22:36:00.109 Disk 0 MBR:Pihar-C [Rtk] 22:36:00.109 Disk 0 TDL4@MBR code has been found 22:36:00.125 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63 22:36:00.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325 22:36:00.171 Disk 0 fixing MBR ... 22:36:00.187 Disk 0 MBR restored successfully 22:36:00.203 Verifying disinfection 22:36:10.250 Infection fixed successfully - please reboot ASAP 22:36:33.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat" 22:36:33.281 The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt"