Virus: winlogon.exe & explore.exe

[lchg]

I do not believe my drive has a partition.  The computer make is Lenovo.  Should I go ahead and run MBRCheck.exe again?

[essexboy]

Yes please I would like to look at the boot sector

[lchg]

Dump.txt is attached along with new MBRCheck file that was generated.

[essexboy]

The reason I ask is if I reset the MBR and you have a recovery partition you may not be able to access it.  I would hate to do that and leave you stuck with no way to repair the system..  Do you have windows discs ?

[lchg]

I honestly don't know about the partition.  Sorry to be so ignorant.  Can I verify if there is a recovery partition?  Yes, I have Lenovo recovery CDs for Windows Vista that came with the computer (I guess it does not matter the computer runs XP?)

[essexboy]

Could you reboot the computer and when the boot screen appears press F11 and see if that produces a recovery option

[lchg]

Sorry, mulitasking right now.  I will reboot.

[essexboy]

Sorry, mulitasking right now.  I will reboot.

Been there done that - then messed up 

[lchg]

Story of my life - especially the messed up part! Yes, a Lenovo "Rescuse and Recovery 4" screen appears up hitting F11 on reboot.

[essexboy]

In that case I do not wish to mess with the MBR as it may make matters worse..  As it stands now this beastie has resisted all my tools so mayhap a re-install would be in order

What are your thoughts on that ?  I can assist if required and I have a tutorial that may be of use

[lchg]

I was afraid it would come to a reinstall.  If you don't mind, please pass along the tutorial and hopefully I can avoid wasting more of your time.  Do you think reinstall should be be done ASAP?  The virus appears to be more of an annoyance than harmful.  It appears to just be redirecting searches, which is not critically important.

[essexboy]

Although it appears minor unfortunately it will try to download other malware, which your av may not recognise

Tutorial link http://www.geekstogo.com/forum/topic/173729-reformat-and-install-of-windows/

By the way you are not wasting my time - you are keeping me out of truble 

[lchg]

Thanks, I will give it a shot.

[essexboy]

OK if you need any assistance just shout

[lchg]

Sorry, back again.  Quick update and question.  I ran the Dr. Web Cure It again in Windows safe mode.  The infected files were "cleaned" and I rebooted back to safe mode again.  Ran another scan and the computer still showed as clean.  So I did a standard reboot, retrieved my email and ran various programs/software.  The computer still shows as clean.  HOWEVER, I have not gone out to the internet via Internet Explorer.  I assumed rebooting the machine is what reinfected the computer.  Is it possible going to the internet (or doing a search) would re-initiate the virus or do you think I am clear?