riskinvader

You need to tell me exactly what is being reported. The log from Kaspersky or the full path.

 

You have got to be kidding. That log indicates that virtually every program you have is infected, including your security tools, your internet files and even MGTools.

Run this:
http://www.superantispyware.com/onlinescan.html

There is no log that can be saved, so you will have to tell me what it finds.

 

Tracking cookies are not really an issue. Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore ato create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!

 

Frankly I have never seen that message after un - installing Combo! That is the usual message you get when you download it and try to run it on a badly infected system. It doesn't always mean you have that infection. But it is always a bad sign. Most interesting. Do tell me of any issues that might arise.

 

Yes and this system may be infected with Virut based on the system file sizes. Unless there is really something drastically different for this language of Windows. Thus a reinstall may still be necessary.

It may be a good idea to scan a few system files (like those listed below) at http://www.virustotal.com/

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\services.exe

 

Then it may be okay but those scans are not perfect and it is alarming that ComboFix would detect its program as being modified by Virut. It is never wrong about checking its own file for being modified so this is still quite suspicious. However none of the files from MGtools had their file sizes change. If they had been, you would definitely have had Virut. The problem is that just because they have not been changed, does not mean you do not have Virut. It could just be that the infection has not modified them yet (that is if you even have an infection). Also what is troublesome is that your Kaspersky log also stated many system files and other programs on your PC had problems. It gave the below for many many files:

rilevato: riskware Invader

You could try redownloading the new version of ComboFix from our cleaning procedure and running ComboFix again and see if it still complains of being compromised. It still seems more probably that you have an infection that is modifying files.

There are way too many for us to check but a few others in addition to what I already gave you are the below:

C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\proquota.exe
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\termsrv.dll
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\winlogon.exe

 

That may have been the best course of action. Hope all is working fine now.

 

If it were a Virut infection, it would cause instability. It would be nice if you downloaded the current version of MGtools and run it. Then attach the new MGlogs.zip file. We can then look at your file sizes and see how they look now.