Windows 7: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

Well, the scan finished. Nothing super interesting except the thing at the bottom.

SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/19/2013 at 02:08 AM



Application Version : 5.6.1014

Core Rules Database Version : 10149
Trace Rules Database Version: 7961

Scan type : Complete Scan
Total Scan Time : 00:11:19

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 71812
Registry threats detected : 0
File items scanned : 55253
File threats detected : 15

Adware.Tracking Cookie
.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
3DStats.com - Professional Website statistics in real time [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Rootkit.Agent/Gen
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE

Did you delete the results and restart ?

Did you update before scanning ?

Yes I updated before starting and yes I restarted after deleting the things it found (except for a few cookies related to my microsoft support session).

Lets take a look with this software



Farbar Tool

Download Farbar Recovery Scan Tool from below on a non infected PC
For 32-bit (x86) systems
Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems
Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter


The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
Now press the Search button
When the search is complete, search.txt will also be written to your USB
Type exit and reboot the computer normally
Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

You could also try to run this program

Download AdWareCleaner AdwCleaner Download

AdwCleaner Download to your desktop
Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Click on Search button.

Upload the log with your reply

I'm afraid I don't have a flash drive, but I'm trying the AdwCleaner. Just wondering, but this is probably the 7th...8th? adware/malware scanner I've used since I started investigating the issue. Can I just skip..straight to the best one? Haha; I'm just not sure why I'm being led through a series of ineffective programs. :/

Alright, so I used adwCleaner program, and here's the log!

Run the AdwCleaner once more this time click on delete . When it asks to restart please do so .

Alrighty. I have deleted the files and here is the report.

I apologize if I am giving you the run around to remove this sucker .

Can you give me a screen shot of this please

Open up the registry . Click on button type in REGEDIT in the search box and press Enter once REGEDIT shows up in the start menu under Programs (1) . Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

And

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNOnce

Haha, if it stops the interminable blue screens, you don't have to apologize for anything. I would in fact buy you many virtual beers. Here are the screen caps you asked for.