So, I’m sure I can’t say anything that hasn’t been said already. I am working on this computer for a friend and don’t know what happened to get it to this state, but I have full functionality after a few modifications and unistallations, but I still get the Avast! warning regarding those two websites from a svchost.exe file. I have a decent amount of CPU usage despite no programs actively working. I would love some help figuring out how to stop this from occurring.

Hi, I would like to get a second opinion on the MBR

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-18\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess? BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} FF Extension: No Name - C:\Documents and Settings\Administrator.TROJAN-CE93127E\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2015-02-18] EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

The AdwCleaner is listed as S2 because I’ve ran that scan a few times in trying to solve this problem myself.

Run TDSSKIller again and this time select delete for the following :

\Device\Harddisk0\DR0 - detected TDSS File System ( 1 )

Once done could you let me know how the system is behaving

Well, Avast popups went crazy with quarantine items, but I haven’t seen any of the original problem alerts. So far, so good. Thanks for your help. If anything pops up later, I’ll be sure to keep in touch.

Thanks for your help. If anything pops up later, I'll be sure to keep in touch.

Let me know when you are happy and I will remove my tools and tidy up