Initial Mbam log
Malwarebytes' Anti-Malware 1.42 Database version: 3443 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 12/28/2009 10:30:50 AM mbam-log-2009-12-28 (10-30-50).txt Scan type: Quick Scan Objects scanned: 132989 Time elapsed: 9 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\jmelick\Local Settings\Temp\DVWK.dll (Rootkit.MBR) -> Quarantined and deleted successfully. C:\Documents and Settings\jmelick\Local Settings\Temporary Internet Files\Content.IE5\EH6H68P9\eH9dd7896eV0100f070006Rf2e70b05102Td6e418dd201l0409Kcf9b95b3318J0b0006010 (Rootkit.MBR) -> Quarantined and deleted successfully.
After finding that I started looking around to see why it was still crashing, assuming I had got it outta there, then I found that thread. Here is my initial mbr.exe log.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x094FE9BD malicious code @ sector 0x094FE9C0 ! PE file found in sector at 0x094FE9D6 !
I assumed that it wasn't necessary to run the mbr.exe -f, since it was different than the other guys log, but I did anyway, for good measure. Got the exact same output as the first time, I then rebooted back to normal mode and am currently running ESET online scanner. I will post results when it is done, but I fear that I will not make it through a full scan since that mbr didn't actually fix anything... Anyone advise where to go next? I will continue to follow other thread posting results until I get a response.
Thanks in advance!
It should also be noted that I did run MBAM again, with nothing found.
Edited by plist, 29 December 2009 - 10:38 AM.