SystemDir.explorer and SystemDir.regedit infected

Sory for this new topic which is the same as
http://www.GeekPolice.net/virus-spyware-malware-removal-f11/systemdirexplorer-and-systemdirregedit-infected-t5557-15.htm
but i can not contact staff members becouse i dont have posts on this forum. I am n00b

I have the same problem as mister on above link but i can not find explorer.exe and regedit.exe in System32 folder, even if i checked radioi button in Folder options - View - Show hidden files and folders and even if i move checked sign from Hide protected system files (Recomended).

Antirootkit software can not find nothing. I have windows vista 64bit. Since that "viruses" or something apered I am having freezes of my computer after that I must restart Os. I am desperate and i dont know what to do. Can u help?

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Ty for reply.
I tried to put 2 logs in 2 posts but again i get: The posted message is too big.
So i put these 2 files in .rar file which can be downloaded on folowing link:
http://download778.mediafire.com/ocfmt99z0ADg/dmzitugmmjo/Desktop.rar
I hope this is ok, if not plz let me know.

And I must report next information which i get yesterday.
The author of Bazooka scaner said that Bazooka does not suport 64bit Vista which can be seen from his email.

Hello Ivanko,

Sorry for delay.

I see that you are running a 64-bit operating system. I think that Bazooka is giving you a false alarm here, since it has never been tested on 64-bit systems. Another user reported a similar issue some weeks ago, and he also ran a 64-bit system. Sorry about that.

My current focus these days is on another application called FreeFixer. It's also dedicated to find and remove malware. FreeFixer does not support the 64-bits yet, but really close to having the 64-bit version ready. Should be released next week.

/Roger

Hello.
Please upload the logs to rapidshare instead, MF is slow for me.

http://rapidshare.com/files/378550598/Desktop.rar.html
ty

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.4.2010 8:07:35
mbam-log-2010-04-22 (08-07-35).txt

Scan type: Quick scan
Objects scanned: 104933
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Just this in log but 8 threats are founded! )))

The same problem again. After ESET scan i put my Kaspersky Internet security 2010 to full scan and system freeze happened again. Becouse of that freeze i can not do scan with Kespersky. Are there somo more scans that I can do?

Maybe it is not the virus, maybe it is hardware problem. I said that becouse I was unable to put win7 on my comp. On coputer service they tested all components, all but motherboard - and they said that problem is probaly in motherboard. It si Assus ROG Striker. And since first day i get this motherboard, the onboard sound card is not working, i can hear but i can not talk and i was forced to buy new sound card. So maybe the problem is in motherboard. Are there some software that can test motherboard?

Hello.
What processor does this machine have? x64 bit machines usually have AMD Athlons.

Intel Core 2 Quad 2,4

I sucided to run complete scan with Kaspersky IS 2010 Resecue cd which boot to linux gui and runs complete scan. After whole night scan he founded some trojan. The block or freeze of system hapened again this morning.

But in C or sistem disk i have Program files (x86) not x64?

Did Kaspersky remove the malware?

yes

Still having problems now?

The "freeze" of system or windows after which i have to press restart button on my comp case still happening - but not so often as before. I will run complete scan with Kaspersky again and i don't see any other thing that i can do. Thank u very much for help!

Here is the present situation.
I have virus which was on my exterlnad WD disk or on my other 2 incoumputer disks.

When i buy kasperski is 2010 i never run complete scan becouse i consider my comp safe.

First time i tried scan - comp freezed and i must done restart.

I booted from kaspersky rescue disk into isolinux and run scan of all disk - but not for the exterland wd disk.

Now that exterlnal wd disk is formated and detached from computer and power sorce. Now i have only 2 incomputer disks.

Now, for some reason I can not boot from kaspersky rescue disk?!!
If i can only do that and run a complete scan i would be finaly safe or i would know for sure that i have bad component in my comp.

Can u help me to boot into kaspersky rescue disk?
My laptop can not boot to kaspersky rescue disk too. I dont know, may be image file is corupted and kaspersky lab will corect that. Or i dont know no more..

Hello.
Are you able to format the machine as a last resort?

One disk i can kill - but the other disk is full of important 5 year to colect data.
But to return Macromedia master colection, nero 10, office 10, mw2, email aconts all that trouble is too much job. Not to mention returning complete other non system disk from example exterlan wd disk 250gb of data. Becouse of that I am trying to fight this. That kaspersky scan is my only and last option before THE BIG KILL - but, for some reason, the f cd can not boot - never mind that he booted last time without the problem. I hate computers..