Solved System Check removal

It's so huge I can't even open damn thing on my computer.
Is there any part of that log which shows some actual infection?
 
Show me 10-15 lines of temporary files findings.
Then list anything what is NOT in temporary files.
 
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI4WIAG.js - archive JS-HTML
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI4WIAG.js/JSFile_1[0][70e] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI4WIAG.js/JSWrite_2[190] - OK
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI4WIAG.js/IFrame_3[a9] - OK
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI4WIAG.js - archive contains infected objects - moved
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js - probably infected with SCRIPT.Virus
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js - archive JS-HTML
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js/JSFile_1[0][dcf] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js/JSWrite_2[2be] - OK
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js/IFrame_3[e4] - OK
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js/IFrame_4[1d8] - OK
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI56RFI.js - archive contains infected objects - moved
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js - probably infected with SCRIPT.Virus
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js - archive JS-HTML
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js/JSFile_1[0][712] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js/JSWrite_2[19c] - OK
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js/IFrame_3[b4] - OK
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI5XHBP.js - archive contains infected objects - moved
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI6KWZW.js - probably infected with SCRIPT.Virus
C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI6KWZW.js - archive JS-HTML
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI6KWZW.js/JSFile_1[0][7d3] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LO5FSUO\GetAdCAI6KWZW.js/JSWrite_2[54] - OK
 
C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKK3O.js - archive JS-HTML
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKK3O.js/JSFile_1[0][7d6] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKK3O.js/JSWrite_2[1a9] - OK
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKK3O.js/IFrame_3[c3] - OK
C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKK3O.js - archive contains infected objects - moved
C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKP0R.js - probably infected with SCRIPT.Virus
C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKP0R.js - archive JS-HTML
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKP0R.js/JSFile_1[0][72c] - probably infected with SCRIPT.Virus
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKP0R.js/JSWrite_2[1a4] - OK
>C:\Documents and Settings\Mary\DoctorWeb\Quarantine\GetAdCA7WKP0R.js/IFrame_3[bc] - OK
 
Yeah the only other things that don't say "ok" are things like archive ZLIB, archive JS-HTML, archive BASE64, packed by FLY-CODE, packed by BINARYRES and a couple others but they're all say "archive" something or "packed by" something
 
Did you allow Dr. Web to fix all findings?

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
    [/b]
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
When it found the first object and asked if I wanted to cure it I clicked "yes to all". But I haven't done anything since then, didn't delete or move anything.
 
RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Mary [Admin rights]
Mode: Scan -- Date: 02/22/2012 15:44:08

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe -> KILLED [TermProc]
[SUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe -> KILLED [TermProc]
[SUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤
[SUSP PATH] winupd.job : C:\Users\Mary\AppData\Local\Temp:winupd.exe -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 8e95ba475d310b3c4162741c9557d42b
[BSP] 7421173970e4901fbac72c90fd066b1f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Ok. A RK_Quaratine folder popped on the desktop along with the .txt file. Are the objects it found taken care of or do I manually need to do anything? And also what do I do about the objects that DrWeb found?
 
I opened up DrWeb and all I can do is re-scan. There doesn't seem to be an archive to select when I run the program. It did say that DrWeb will clean any infected file and whatever couldn't be cleaned will be put in quarantine which there is a quaratine folder with the objects.
 
I'm still worried about that first Kaspersky scan, because it found 9 infections and I was never able to neutralize anything. I re-scanned but my computer messed up and it only had enough time to find one of the infections which was a trojan and I neutralized that one. Should I try to run Kaspersky one more time?
 
Ok Kaspersky finished. It didn't find anything. I looked at the log and basically looked for the same stuff I did with the RogueKiller report and couldn't find anything, I figured I'd scan it over because it's bigger than the RK log, lol. One question I have about Kaspersky, does the "Disinfect" and "Delete if disinfection fails" actions automatically neutralize/disinfect any objects found?
 
Back