aswMBR Scan Results (NOT URGENT)

What does this mean? Does anyone know how to read this? Just wondering.
aswMBR scan on Windows 7. 64 bit.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 17:49:07

17:49:07.768 OS Version: Windows x64 6.1.7600
17:49:07.768 Number of processors: 4 586 0x502
17:49:07.768 ComputerName: DWNSTRS UserName: Owner
17:49:09.063 Initialize success
17:49:13.134 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000059
17:49:13.134 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
17:49:15.256 Disk 0 MBR read error 0
17:49:15.256 Disk 0 MBR scan
17:49:15.256 Disk 0 unknown MBR code
17:49:15.271 MBR BIOS signature not found 0
17:49:15.271 Service scanning
17:49:16.410 Disk 0 trace - called modules:
17:49:16.410 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:49:16.426 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8005cc2060]
17:49:16.426 3 CLASSPNP.SYS[fffff8800181743f] → nt!IofCallDriver → [0xfffffa80058dbd30]
17:49:16.441 5 ACPI.sys[fffff88000e8b781] → nt!IofCallDriver → \Device\00000059[0xfffffa80058db670]
17:49:16.457 Scan finished successfully
17:49:51.682 Disk 0 MBR has been saved successfully to “C:\Users\Owner\Desktop\MBR.dat”
17:49:51.682 The log file has been saved successfully to “C:\Users\Owner\Desktop\aswMBR.txt”

It is clean

Essentially the it hasn’t found an MBR Rootkit only an unknown MBR, which in its own right doesn’t mean you have an MBR rootkit.

Can happen if you have an OEM system like a Dell or HP, etc. (?) where they may have a custom/unique MBR to cater for their use of a recovery partition.

Why id you feel you needed to run aswMBR ?

Okay, I know it is clean. What do you mean by they? I have an HP w/ 64 bit Win7 with a recovery partition. And why did I run a rootkit scan? It can’t hurt, right? My question was more about what the result mean specifically…

HP may have a unique MBR so that you can boot into the recovery partition so that you can do a factory restore. That is one reason why it might be considered an unknown MBR code.

Personally I would never want my system restored to factory defaults, as it came out of HP, everything that you installed after getting the PC, windows updates, settings, etc. would be lost and that would be a right royal pain in the rear.

Using drive imaging software provides a better solution, you can run it weekly, etc. and it makes an exact copy of your drive/partition at the time.

Personally I see no purpose in running the aswMBR scan it isn’t a general anti-rootkit scanner but more a specific tool to look for MBR rootkits. Avast does a standard anti-rootkit scan 8 minutes after boot and a limited rootkit scan as part of the Quick or Full System Scans.

So there shouldn’t be any need to run the aswMBR.exe tool unless there is a suspicion of there being an MBR rootkit, usually this would be on the suggestion of one of the helpers in the forum.

That is what I got. Thanks for answering my question even before I asked it.

Everything else looks clean, unless I missed something :slight_smile:

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software Run date: 2011-07-04 21:33:00 ----------------------------- 21:33:00.093 OS Version: Windows x64 6.1.7601 Service Pack 1 21:33:00.093 Number of processors: 1 586 0x602 21:33:00.094 ComputerName: xxxxxxxx UserName: xxxxxx 21:33:01.236 Initialize success 21:33:01.580 AVAST engine defs: 11070401 21:33:05.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix641Port0Path0Target0Lun0 21:33:05.315 Disk 0 Vendor: Seagate_ CC45 Size: 305245MB BusType: 1 21:33:07.330 Disk 0 MBR read successfully 21:33:07.336 Disk 0 MBR scan [b]21:33:07.343 Disk 0 unknown MBR code[/b] 21:33:07.349 Service scanning 21:33:08.189 Disk 0 trace - called modules: 21:33:08.201 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll ahcix64.sys 21:33:08.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d47660] 21:33:08.217 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Scsi\ahcix641Port0Path0Target0Lun0[0xfffffa8004559050] 21:33:09.520 AVAST engine scan C:\Windows 21:52:55.173 Disk 0 MBR has been saved successfully to "C:\Users\xxxxxx\Desktop\MBR.dat" 21:52:55.173 The log file has been saved successfully to "C:\Users\xxxxxx\Desktop\aswMBR.txt"

To me it looks clear other that an unknown MBR, which could well be related to your Dell.

Normally if it were malicious there are other indications in the report, with other ‘Unknown’ entries in the report.

That is what I figured after your reading your comments that I quoted.

Thanks for the confirm :slight_smile:

I have 2 dell computers and get the same results.
Nothing suspicious just the hidden recovery partition. :slight_smile:

Thanks. It is strange that there are three replys from today because the was from May 19th ;D. I am not using a Dell, it looks like there is some confusion because I am talking about an HP in this instance and yes it is an OEM-type system. I think it was in one of the earlier posts. I did not think this was an infection, I just wanted to know what it meant. Thank you for your help.