Virus removal.

Resize this responsive page!

Download and run Hijack This and submit log to webuser forum.

Download Farbar Recovery Scan Tool and save it to your desktop.     
Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Farbar will take a long time to scan if you have several hard drives!

From the information you have supplied there is no obvious indication of a rootkit, that does not mean your system is clean as rootkits are designed to be well hidden.
Group Policy has been amended by some type of infection, continue as follows and see how we make out...
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
Next,

Download Malwarebytes Anti-Malware to your desktop.


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads/...displaylang=en
64 Bit version:
https://www.microsoft.com/downloads/...displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter
notepad c:\windows\debug\mrt.log

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*


Post the log in next reply please...

OK, I`d like to have another try at running Combofix, as follows please :-

Delete any version of ComboFix you have on your Desktop. Download a fresh copy from either of the following links:

Link 2

Before you save it to the Desktop Make sure to rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and type this command exactly as shown or use copy/paste:

"%userprofile%\desktop\sega.com" /killall /nombr Tap enter or select OK.

See if it will run successfully now. Stop it after half an hour of no activity.

Post the log in next reply,

want you to run FRST one more time, it may ask to update when you open the tool that you previously downloaded, if so agree to the update.

Ensure all boxes are checkmarked under "Whitelist" and only "Addition.txt" is checkmarked under "Optional Scan"

Then select "Scan" two logs will be produced. Please ensure you post both logs in full.
zip them up and attach if they exceed forum character limits....

Next,

I`ve had to zip up fixlist.txt as it exceeded forum charater limits for an attachment....

Download attached fixlist.zip Unzip the file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes Anti-Malware to your desktop.


Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART Installer during the process)

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.


When the scan is complete


If threats were found

 BSOD was caused by bdselfpr.sys, that is BitDefender self protection driver.

Probably best option is to uninstall then reinstall BitDefender. There is a removal tool available here: http://www.bitdefender.com/support/H...ender-333.html

Always best to fully remove the program before the reinstall. before you do that run this please:

Thanks for the log, fully remove BitDefender with the instructions from the link I posted. Re-install when complete.

Run the following when complete and post bothe logs, they will be excessive so zip and attach if required...

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert)

Reboot your PC when the uninstalls complete...

Next, OTL:-

Re-Run http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.pngby double left click, Vista and Widows 7 users accept UAC alert. if applicable.

Code:

:OTL

DRV - [2013/08/11 18:10:23 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)

DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)

:Files

C:\Windows\System32\drivers\gfibto.sys

C:\Windows\System32\drivers\gfiark.sys

:Commands

[emptytemp]

[CREATERESTOREPOINT]

[Reboot]


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.
When the main interface opens change the Standard Registry box to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

Post those logs, give an update on any remaining issues or concerns...

Run the following to clean up tools etc...


Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

MORE VIRUS REMOVAL TIPS