Hi,
Very similar/almost identical issue to user here
Except I haven’t been successful in removing the infection/rootkit or fixing Avast.
I ran Farbar Recovery Scan Tool just now so…
I’ve attached FRST.txt and Addition.txt – are there any other logs you will need to help me get fixed like Chris?
Cheers,
E
You have a lot of torrents so the culprit is probably in there somewhere
Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that
Thanks for your help.
I’ve ran the attached fixlist via FRST and the log is attached.
Having read what fixed the other user’s problem: can I get your thoughts on whether
HKU\S-1-5-21-1206204329-845824297-1454209633-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1206204329-845824297-1454209633-1000\...\MountPoints2: {9c82ee7f-0c0d-11e1-9480-7071bc139e84} - E:\autorun.exe
C:\Users\Speirs\IP_Log_Data.js
C:\Users\Speirs\Network_Meter_Data.js
should be ran in addition to what you’ve written?
What Essex says is what should be done. That is another fix for a completely different system. Don’t run it
Was this meant to be a torrent?
2014-04-09 14:08 - 2013-01-25 04:18 - 00002281 _____ () C:\Users\Speirs\Downloads\RUN ORIGINS.cmd
If so, that’s not any type of MP3 file.
Of course, I was merely asking. I’ve ran precisely what was provided nothing more. Apologies if it seemed like I was disregarding anyone’s help, I am appreciative of it.
My system has now rebooted with Avast running so I’m using the opportunity to update it. Anything else I need to do?
Furthermore, from the Fixlog.txt attached in the previous post should I be concerned about:
C:\Users\Speirs\AppData\Local\Temp\FXSAPIDebugLogFile.txt The process cannot access the file because it is being used by another process.========= RD /S /Q %TEMP% =========
C:\Users\Speirs\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
========= End of CMD: =========
No, to my knowledge that’s a .cmd file I wrote to launch an ArmA 2 mod “DayZ Origins”.
Okay, listen to Essex. Was just wondering since it was in Downloads folder along with your torrents.
http://www.fbi.gov/scams-safety/peertopeer
^^
Reading above on why you shouldn’nt torrent
Edit:
Computer Hacking: Peer-to-Peer networks also have been abused by hackers. Because these systems potentially expose your computer and files to millions of other users on the network, they also expose your computer to worms and viruses. In fact, some worms have been specifically written to spread by popular Peer-to-Peer networks. Also, if Peer-to-Peer software is not properly configured, you may be unknowingly opening up the contents of your entire hard drive for others to see and download your private information
The file move problem was related to an Avast file so I have no qualms about that 
How is the computer running now ? You should also be able to run MBAM as well
Hi,
Thanks to that Fixlist both MBAM and Avast are working and I’m running quick scans as we speak… in the event that a rootkit has caused this - what would be my next course of action be as I don’t think Avast is very good at scanning for rootkits.
I saw no indication of a rootkit there, but we can use a different tool just to be sure
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[]Select LOP and Purity
[]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
Thanks, I’ve ran OTL with the settings provided, I’ve attached OTL.txt but it didn’t create an Extras.txt for some reason?
EDIT: I’m going to re-run OTL.
OK that looks clean, any further problems ?
I re-ran OTL and this time a CMD window popped up something about S A:L /C so I closed it and OTL resumed per normal should I’ve left it running? Regardless I’ve attached the missing Extras.txt alongside the new OTL.txt. Also, I’ve double checked both times I had the netsvcs part of the custom scan entered into the bottom box in OTL but both times it’s mysteriously missing after the scan has completed? Not sure if that’s something to just ignore though…?
No further problems, thank you for your assistance in resolving my issue. One thing, from the original FRST.txt should anything be done about the HKU\S-1-5-21-1206204329-845824297-1454209633-1000.…\MountPoints2: {9c82ee7f-0c0d-11e1-9480-7071bc139e84} - E:\autorun.exe
thing that popped up?
OTL.txt (couldn’t add both in previous post as there is a 512kb combined file limit)
The command window was OTL running a check on junctions
The mountpoint relates to your CD drive
As OTL runs through the commands they are deleted from the script
All looks good now
In that case methinks I will send you on your merry way
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 