Shortcut virus - location: cmd (C:\Windows\System32). PLEASE HELP.

URGENT

Hello.

My System got infected with same virus.

Attaching the files herewith (As per your instructions). Only thing is GMER not running completely. Tried downloading many times.

Please provide for a solution asap.

Deva

Only thing is GMER not running completely. Tried downloading many times.
We dont need that log at the moment

you need to copy and paste MCShield log or we can`t read it (forum issue)

it will be some hours wait before malware team is online …

Hi could you zip the C:\FRST folder for me once the fix has run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2008431979-603701700-1537223396-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvceupeo.exe <===== ATTENTION U3 ugloypog; \??\C:\Users\Meena\AppData\Local\Temp\ugloypog.sys [X] 2010-11-21 02:59 - 2010-11-21 02:59 - 99287808 ___SH () C:\ProgramData\msvceupeo.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Hi,

I ran the whole thing as mentioned.

Please find attached the logs.


MC log

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:51:05 PM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

2/29/2016 3:51:05 PM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

2/29/2016 3:51:05 PM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:53:10 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:53:27 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

I:\Removable Drive (8GB).lnk - Malware > Deleted. (16.02.29. 15.53 Removable Drive (8GB).lnk.409496; MD5: e318266f9ae16eaeebe46fdcf141d966)

Resetting attributes: I:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 1sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:54:15 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:55:03 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 3:55:54 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 4:16:22 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 4:27:45 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

2/29/2016 5:11:08 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/1/2016 9:25:09 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/1/2016 9:25:10 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/1/2016 9:25:10 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/1/2016 3:52:04 PM > Drive H: - scan started (UUI ~7372 MB, FAT32 flash drive )…

H:\UUI (8GB).lnk - Malware > Deleted. (16.03.01. 15.58 UUI (8GB).lnk.412960; MD5: c2130818c00621092099abeeb2ac3d66)

Resetting attributes: H:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 6min 30sec ::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/1/2016 5:30:27 PM > Drive H: - scan started (UUI ~7372 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/2/2016 9:23:18 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/2/2016 9:23:19 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/2/2016 9:23:19 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/2/2016 10:13:08 AM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

I:\Removable Drive (8GB).lnk - Malware > Deleted. (16.03.02. 10.13 Removable Drive (8GB).lnk.230999; MD5: 810ad31d59ede95b04048b70393e1559)

Resetting attributes: I:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 2sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/2/2016 10:16:31 AM > Drive H: - scan started (M7730889468 ~15260 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/3/2016 10:00:37 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/3/2016 10:00:38 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/3/2016 10:00:38 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/4/2016 9:24:45 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/4/2016 9:24:45 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/4/2016 9:24:45 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/4/2016 11:40:51 AM > Drive H: - scan started (08870093681 ~14932 MB, FAT32 flash drive )…

H:\08870093681 (16GB).lnk - Malware > Deleted. (16.03.04. 11.40 08870093681 (16GB).lnk.879116; MD5: 899ec21a7177bab068c5b02a32805d1e)

Resetting attributes: H:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 1sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/4/2016 11:42:33 AM > Drive H: - scan started (08870093681 ~14932 MB, FAT32 flash drive )…

H:\08870093681 (16GB).lnk - Malware > Deleted. (16.03.04. 11.42 08870093681 (16GB).lnk.116024; MD5: e7c7f5b6039a97aebd500da57b5f109d)

Resetting attributes: H:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 1sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/4/2016 4:23:04 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

I:\Removable Drive (8GB).lnk - Malware > Deleted. (16.03.04. 16.23 Removable Drive (8GB).lnk.612286; MD5: ec468ddcb6d9f26691c19f5f76805fcb)

Resetting attributes: I:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 10sec :::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/4/2016 4:54:08 PM > Drive F: - scan started (UUI ~7372 MB, FAT32 flash drive )…

F:\UUI (8GB).lnk - Malware > Deleted. (16.03.04. 16.54 UUI (8GB).lnk.935620; MD5: 4ff3df6cb760fb71aed11e2310815d46)

Resetting attributes: F:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 55sec :::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/7/2016 9:36:27 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/7/2016 9:36:28 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/7/2016 9:36:28 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/7/2016 12:29:21 PM > Drive I: - scan started (no label ~7549 MB, FAT32 flash drive )…

I:\Removable Drive (8GB).lnk - Malware > Deleted. (16.03.07. 12.29 Removable Drive (8GB).lnk.64160; MD5: 08a7a0fd1f48f60b6372d6de82eda46d)

Resetting attributes: I:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 9sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/7/2016 2:49:03 PM > Drive H: - scan started (08870093681 ~14932 MB, FAT32 flash drive )…

H:\08870093681 (16GB).lnk - Malware > Deleted. (16.03.07. 14.49 08870093681 (16GB).lnk.504910; MD5: 5a6644180c51bbe84b9ab865313f014d)

Resetting attributes: H:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 14sec :::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/8/2016 9:21:04 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/8/2016 9:21:04 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/8/2016 9:21:04 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/8/2016 9:31:39 AM > Drive H: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/8/2016 9:33:03 AM > Drive H: - scan started (no label ~7549 MB, FAT32 flash drive )…

H:\Removable Drive (8GB).lnk - Malware > Deleted. (16.03.08. 09.33 Removable Drive (8GB).lnk.319302; MD5: 305273ea77f4e17e902d8cf1534122a5)

Resetting attributes: H:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 9sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<

3/8/2016 9:38:19 AM > Drive C: - scan started (no label ~234 GB, NTFS HDD )…

=> The drive is clean.

3/8/2016 9:38:19 AM > Drive D: - scan started (no label ~117 GB, NTFS HDD )…

=> The drive is clean.

3/8/2016 9:38:20 AM > Drive E: - scan started (no label ~70 GB, NTFS HDD )…

=> The drive is clean.

3/8/2016 9:38:20 AM > Drive H: - scan started (no label ~7549 MB, FAT32 flash drive )…

=> The drive is clean.

How is the computer now ?