2 Rootkits found on new system

1st time using Avast guys so excuse the inexperience.I have recently installed Windows 7 on a new computer and ran a full scan using Avast.To my surprise it has found 2 threats.

  1. C\Windows\AppCompat\Programs\RecentFileCache.bcf
  2. C:\Windows\System32\CodeIntegrity\bootcat.cache

Both have a High severity rating and status is shown for both as

Threat:Rootkit:system modification

If anybody could shed any light on this i would appreciate it.

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see

alternatives
Jotti`s malware scan http://virusscan.jotti.org/en
VirSCAN http://virscan.org/

Tried using Virustotal but on looking for files

AppComPat

I am told i don’t have permission to open the file and to contact the owner or administrator

System32

Can’t find the file at all.

Is it worth running the scan again or scanning with Malwarebytes Anti-Malware

Apologies

you may run a quick scan with malwarebytes…and remeber to update before you do
post log if anything is found

then this

I have PM`d essexboy so he can have a look at this…

Nothing found with Malwarebytes

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 20:32:14

20:32:14.803 OS Version: Windows x64 6.1.7600
20:32:14.803 Number of processors: 1 586 0x602
20:32:14.804 ComputerName: HEAVEN-PC UserName: Heaven
20:32:15.488 Initialize success
20:32:16.561 AVAST engine defs: 11080700
20:32:23.692 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000054
20:32:23.700 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 152627MB BusType: 3
20:32:25.714 Disk 0 MBR read successfully
20:32:25.719 Disk 0 MBR scan
20:32:25.727 Disk 0 Windows 7 default MBR code
20:32:25.740 Service scanning
20:32:27.050 Modules scanning
20:32:27.057 Disk 0 trace - called modules:
20:32:27.079 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:32:27.089 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80026bd060]
20:32:27.096 3 CLASSPNP.SYS[fffff880018b743f] → nt!IofCallDriver → [0xfffffa8002468e40]
20:32:27.102 5 ACPI.sys[fffff88000f54781] → nt!IofCallDriver → \Device\00000054[0xfffffa800246c6a0]
20:32:27.373 AVAST engine scan C:\Windows
20:32:28.858 AVAST engine scan C:\Windows\system32
20:33:13.281 AVAST engine scan C:\Windows\system32\drivers
20:33:16.756 AVAST engine scan C:\Users\Heaven
20:33:53.872 AVAST engine scan C:\ProgramData
20:33:57.367 Scan finished successfully
20:35:27.905 Disk 0 MBR has been saved successfully to “C:\Users\Heaven\Documents\MBR.dat”
20:35:27.909 The log file has been saved successfully to "C:\Users\Heaven\Documents\aswMBR.txt

I have those files on my windows 7 and Avast has not said a word about them

Are you experiencing any strange behaviour ?

No not really,the computer has only been up and running since last Thursday although Windows Explorer did shut down and restart earlier for no apparent reason…As well as Avast i have Malwarebytes and SpywareBlaster installed,am using Windows own firewall at the moment and use Google Chrome as my browser.

Are you still getting the alerts ?

No they appeared after a full scan,the avast icon in the system tray shows system secured,just wondering if i should do another scan?

I say run TDSSKiller and/or Hitman Pro to check for rootkits just to be safe.

I would say running hitman pro and just to be safe to be a contradiction. There have been many cases that essexboy can attest to were hitman pro has caused major problems in deleting an important file.

Could you run another full scan please to see if they re-appear, as I have my doubts about the detection

Ran a full scan using Avast and a quick scan using Malwarebytes today and nothing found.Assume it is all ok.Cheers for the assistance.

No problem, if it reappears let us know