Rootrepeal raport dedect mbr rootkit in removal harddisck

In one user account was problems with outlook attachment,If user want open attaches in word she has popup that says access denied,Yesterday I scan with superantyspyware and malwarebytes and everything was ok after that.Today same problem.Now I scan with rootrepeal and combofix and rootrepeal detected rootkit mbr in removal disk E.
In ie8 temporary files was yesterday only possible way delete cookies in safe mode.Normal mode won't delete cookies for user account who have problems.
And there is files in temporary files folder like res//ieframe.dll/dnserror.htm and other many that start with res and is .dll files.Today I delete them in normal node and thats was ok.(deleted in normal mode).
I attach 2 files rootrepeal and combofix raports.
thanks and sorry my bad english.

 

Welcome to MajorGeeks.

Download the MBR Rootkit Detector to your desktop.

Go to Start > Run then copy and paste the following red text into the Open field:

Code:

[B][COLOR=Red]"%userprofile%\desktop\mbr.exe" -f[/COLOR][/B]

Next, double click on the mbr.exe file.

When mbr.exe is finished it will create a log on your desktop.

Save that log file to attach in your next reply.



Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.



Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

After clicking Fix checked, exit HJT.



Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please attach the ESET Online Scan Log




Now run a new scan with MGtools and attach the log. Using MGtools



Next post please attach:

• mbr log
• ESET log
• New MGtools log