Virus removal.

Resize this responsive page!

Download and run Hijack This and submit log to webuser forum.

Farbar will take a long time to scan if you have several hard drives!

From the information you have supplied there is no obvious indication of a rootkit, that does not mean your system is clean as rootkits are designed to be well hidden.
Group Policy has been amended by some type of infection, continue as follows and see how we make out...
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
Next,

Download Malwarebytes Anti-Malware to your desktop.


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here *EXTRA NOTES*


Post the log in next reply please...

OK, I`d like to have another try at running Combofix, as follows please :-

Delete any version of ComboFix you have on your Desktop. Download a fresh copy from either of the following links:

want you to run FRST one more time, it may ask to update when you open the tool that you previously downloaded, if so agree to the update.

Ensure all boxes are checkmarked under "Whitelist" and only "Addition.txt" is checkmarked under "Optional Scan"

Then select "Scan" two logs will be produced. Please ensure you post both logs in full.
zip them up and attach if they exceed forum character limits....

Next,

I`ve had to zip up fixlist.txt as it exceeded forum charater limits for an attachment....

Download attached fixlist.zip Unzip the file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download
Malwarebytes Anti-Malware to your desktop.


Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:


Download OTL from any of the following links and save to your desktop.

Reboot your PC when the uninstalls complete...

Next, OTL:-

Re-Run http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.pngby double left click, Vista and Widows 7 users accept UAC alert. if applicable.

Code:

:OTL

DRV - [2013/08/11 18:10:23 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)

DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)

:Files

C:\Windows\System32\drivers\gfibto.sys

C:\Windows\System32\drivers\gfiark.sys

:Commands

[emptytemp]

[CREATERESTOREPOINT]

[Reboot]


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.
When the main interface opens change the Standard Registry box to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

Post those logs, give an update on any remaining issues or concerns...

Run the following to clean up tools etc...


Next,

O