DavidR
28
From what I see, you don’t have the default XP MBR code, that can be down to a few things:
You have a Dell, or Acer or other manufacturers system, which has a hidden partition used for recovery of the system back to factory default and needs a custom MBR to access that. What type of system do you have ?
It could mean that you do have a rootkit but not one immediately recognised. Had the avast scan worked then it might have thrown some light on if this was an older variant of the TDL rootkit.
This will require further analysis by a malware removal specialist and/or the use of other analysis/removal tools.
You could enable a boot time scan. From the avastUI, Scan Computer, Boot-time Scan, Schedule Now button and reboot.
Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.
Don’t take any deletion action, probably best just to select No Action in the actions list. This will at the very least generate the above report and see what if anything it finds. You could increase the heuristic sensitivity to High, Uncheck the Scan for PUPS and Unpack archive files, this will speed up the boot-time scan, see image.