Hello, good day may someone help me about my problem about reappearing shortcuts. when i search for its file location it tends to lead me to cmd C:windo\system32
please help me i dont know what to do about this. thank you!
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Then get the log which will be located under the logs tab on the main page
And post that
THEN
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
@essexboy here are the files. thank you for helping me. 
What shortcuts are missing ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Toolbar: HKU\S-1-5-21-1925235630-396606688-2794907606-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
@essexboy this is the fix log.
sir i tried to install avastfree anti-virus and it start to scan my laptop. it identified the virus as LNK [trj] something like this.
after restarting my laptop due to the process of the FRST64 tons of pop-ups with the said “LNK [trj]” scanned by avast.
OK lets look deeper
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
sir i use the combofix.exe but i thought that i disable my avast AV but didn’t. so a message pop out by the combofix.exe that i must disable the AV. i tried to uninstall the AV not knowing that there was a disable option to it. my laptop goes to blue screen and i had to restart my laptop. i didnt run the combofix.exe due to your direction. so i’m sending this message what will i do now sir? sorry for my bad grammar and my ignorance to this process. thank you.
No problem
Run Combofix again generally Avast will allow if to run
sir this the log file for the combofix.exe. what should i do now i didn’t do any action for now. whats next?
sir?
What problems do you have now ?
should i reboot my laptop now or is there other step i must take before i do that?
No reboot and let me know what problems remain
i don’t see the shortcuts anymore. i’m afraid that if i restart my laptop the AV will detect them again.
what is the next step should i take sir? thank you
No a reboot is need to finish off combofixes work
i had restart my computer but still tons of pop up from avast detecting that there are virus in my laptop
i have attach the an image of my virus vault sir.
what step will i take now sir?
This should stop it, don’t know how I missed it first time around
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-1925235630-396606688-2794907606-1001\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [792 2015-08-11] () HKU\S-1-5-21-1925235630-396606688-2794907606-1001\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk HKU\S-1-5-21-1925235630-396606688-2794907606-1001\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [750320 2015-06-29] (AutoIt Team) C:\GoogleChrome RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
sir here is the log of fixlist.txt. sir it said that it will automatically pop up as my laptop restart but i waited and it didnt. also sir i manage to put the fixlog.txt in the same folder as the one before. i think it overwrite the older one. what next sir thank you
OK can you confirm the alerts have now ceased
the alert had cease. thank you so much sir you a life savior 
THANK YOU SO MUCH!!! is it done now sir?
sir can i also do this to my flash drive that got infected by my laptop?