Shortcut virus - location: cmd (C:\Windows\System32)

Having the same problem and I followed all instructions. Here are my logs

Let me know what problems remain after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...\Run: [System.vbs] => C:\Users\AM1830\AppData\Local\Temp\System.vbs [0 2014-10-12] () <===== ATTENTION HKLM\...\Run: [8e3bc91142bd8d798a10a1667ae4d2be] => .. [0 2014-09-29] () HKLM\...\Run: [Service.vbs] => C:\Users\AM1830\AppData\Local\Temp\Service.vbs [18807 2014-09-18] () <===== ATTENTION HKLM\...\Run: [fabdc80301791922b9ccab8df2d8c776] => C:\Users\AM1830\AppData\Local\Temp\svchost.exe [196608 2014-10-21] () <===== ATTENTION HKU\S-1-5-21-4196137331-2362706322-1372200030-1000\...\Run: [System.vbs] => C:\Users\AM1830\AppData\Local\Temp\System.vbs [0 2014-10-12] () <===== ATTENTION HKU\S-1-5-21-4196137331-2362706322-1372200030-1000\...\Run: [Service.vbs] => C:\Users\AM1830\AppData\Local\Temp\Service.vbs [18807 2014-09-18] () <===== ATTENTION HKU\S-1-5-21-4196137331-2362706322-1372200030-1000\...\Run: [8e3bc91142bd8d798a10a1667ae4d2be] => .. [0 2014-09-29] () HKU\S-1-5-21-4196137331-2362706322-1372200030-1000\...\Run: [fabdc80301791922b9ccab8df2d8c776] => C:\Users\AM1830\AppData\Local\Temp\svchost.exe [196608 2014-10-21] () <===== ATTENTION HKU\S-1-5-21-4196137331-2362706322-1372200030-1000\...\Run: [WindowsUpdater] => c:\Ufasoft\Coin\start.exe Startup: C:\Users\AM1830\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Service.vbs () Startup: C:\Users\AM1830\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.vbs () CHR Extension: (iLivid) - C:\Users\AM1830\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-10-04] S3 XDva415; \??\C:\Windows\system32\XDva415.sys [X] U3 awddruod; \??\C:\Users\AM1830\AppData\Local\Temp\awddruod.sys [X] 2014-09-22 06:04 - 2014-09-19 14:39 - 00020480 _____ () C:\Windows\system32\.tmp C:\Users\AM1830\AppData\Local\Temp\System.vbs C:\Users\AM1830\AppData\Local\Temp\Service.vbs C:\Users\AM1830\AppData\Local\Temp\svchost.exe EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Done

Copy and paste MCShield log or it can’t be read…

Tell how situation is now so essexboy can see when he is back

Oh, I’m sorry. Here

Ok that one is readable. :wink:

So is your problem solved?

Not really

I re-run everything and my problem is solved. Thanks for everything! ;D

What problems remain ?