essexboy - Thank you very much for your replay.
it worked - active partition has moved to the system 200m.
avast defenitions has errors, so i puting the log without it.
how do we preceed?
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-16 00:33:55
00:33:55.859 OS Version: Windows 5.1.2600
00:33:55.859 Number of processors: 1 586 0x170A
00:33:55.859 ComputerName: MiniXP-929 UserName: SYSTEM
00:33:55.859 Initialze error 1 Incorrect function.
00:33:59.625 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
00:33:59.625 Disk 0 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 3
00:33:59.671 Disk 0 MBR read successfully
00:33:59.671 Disk 0 MBR scan
00:33:59.671 Disk 0 Windows XP default MBR code
00:33:59.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:33:59.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225701 MB offset 409600
00:33:59.703 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12573 MB offset 462645248
00:33:59.718 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 488394752
00:33:59.718 Disk 0 scanning sectors +488397152
00:34:00.015 Disk 0 scanning X:\i386\system32\drivers
00:34:00.015 Service scanning
00:34:00.515 Modules scanning
00:34:00.765 Disk 0 trace - called modules:
00:34:00.812 NTKRNLMP.EXE CLASSPNP.SYS disk.sys IASTOR8.SYS HALAACPI.DLL
00:34:00.812 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x897a5468]
00:34:00.812 3 CLASSPNP.SYS[f7647fd7] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0x8a7b1028]
00:34:00.812 Scan finished successfully
00:34:11.984 Disk 0 MBR has been saved successfully to “X:\Documents and Settings\Default User\Desktop\MBR.dat”
00:34:11.984 The log file has been saved successfully to “X:\Documents and Settings\Default User\Desktop\aswMBR.txt”
Hey
partition was deleted successfully in mini-xp.
now im back in win7. otl logs are attached.
system is ok. malwarebytes didnt find anything. avast is still scanning.
should i preform any more steps?
only one problem with windows update 80070005. do you think its related to the rootkit?