Windows 7: Virtool win32 Obfuscator.xz detected w/ MSE

Quadra,

Have you run the ESET scanner ? If so upload the log file please.

ADDED:



I saw that you uninstalled Daemon Tools and Power ISO . You might also want to run this little tool below .

SCSI Pass Through Direct (SPTD), which is a well known BSOD causer. Uninstall the program at first(which you did already) . Then download SPTD standalone installer and execute the downloaded file as guided below :
For 32-bit OS

For 64-bit OS

Double click to open it.

Click this button only: (look at image below )

@VistaKing ESET is still running it's at about 450k files scanned right now, seems to be scanning my C: too.

@LaybackBear Yes.

It scans the entire drive .

After the scan has completed do the steps I added HERE it will help you in the long run .

Just a follow-up. ESET is still running and I'm about to turn in for the night. So I'm gonna let it run overnight and last I checked it found 300 items, so yeah.... If I have time before work I'll post that list from ESET. If not it'll be later in the day tomorrow. Thanks again for all your assistance everyone.

Take your time we are here to help

Quadra,

Whenever you are ready, just attach the results.

Just make sure that the option Remove found threats is not checked. We need to make sure there are no crucial system files removed!

Sometimes scans take a Windows file in their sweep, and then there is a problem bigger than what you had before.

Will take a look at the results whe you provide them, and we'll go from there.

Hello again,

ESET finished up. Looked over the log and just wanted to point out there are a bunch of false-positive hits that look like this: E:\Users\Administrator\Desktop\tesv-Squall17.exe a variant of Win32/GameHack.BE application

These are modifications for the games I own. Other than that I don't really recognize the rest of this stuff.

@VistaKing About to start SPTD

Thanks again.


Edit: SPTD came back greyed out as you have depicted VistaKing.

Good the SPTD tool didn't find any left over files when you uninstalled daemon tools .

Quadra,

Please download CKScanner:
http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to your Desktop

Double-click CKScanner.exe, then, click: Search For Files
When a list appears, click: Save List To File
A message box verifies the file saved.

Double-click the CKFiles.txt on your Desktop, and copy/paste the contents in your reply.

Thanks.

@Cottonball Everytime I try to run CKScanner it does not respond. My mouse pointer turns into that aquamarine ring when a program doesn't respond. When I click on the CKScanner window it says "not responding." Is this one of those scans where I shouldn't touch the keyboard or mouse?

Edit: Managed to get it to work.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\dragon age 2\addins\da2_prc_eye\module\audio\vo\de-de\facialanimations\fxe_eye400_cave_crack.crf
c:\program files (x86)\dragon age 2\addins\da2_prc_eye\module\audio\vo\en-us\facialanimations\fxe_eye400_cave_crack.crf
c:\program files (x86)\dragon age 2\addins\da2_prc_eye\module\audio\vo\fr-fr\facialanimations\fxe_eye400_cave_crack.crf
c:\program files (x86)\dragon age 2\addins\da2_prc_eye\module\data\cln_eye400_cave_crack.crf
c:\program files (x86)\steam\steamapps\chaoz14\counter-strike source\cstrike\materials\sprites\store\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\chaoz14\counter-strike source\cstrike\materials\sprites\store\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_c_sound_wep_crack.pbo.acex_sm.bisign.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_c_sound_wep_crack.pbo.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_s_wep_crack.pbo.acex_sm.bisign.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_s_wep_crack.pbo.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo.acex_sm.bisign
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_s_wep_crack.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_s_wep_crack.pbo.acex_sm.bisign
c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg
scanner sequence 3.DK.11.AEAPTI
----- EOF -----