Colexity777 and espeak911 virus

[REDACTED]

So, I'm sure I can't say anything that hasn't been said already. I am working on this computer for a friend and don't know what happened to get it to this state, but I have full functionality after a few modifications and unistallations, but I still get the Avast! warning regarding those two websites from a svchost.exe file. I have a decent amount of CPU usage despite no programs actively working. I would love some help figuring out how to stop this from occurring.

[essexboy]

Hi, I would like to get a second opinion on the MBR

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-18\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ->  No File
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
FF Extension: No Name - C:\Documents and Settings\Administrator.TROJAN-CE93127E\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2015-02-18]
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

FINALLY

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system  and Use KSN to scan objects , then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please copy and paste its contents on your next reply.

[REDACTED]

The AdwCleaner is listed as S2 because I've ran that scan a few times in trying to solve this problem myself.

[essexboy]

Run TDSSKIller again and this time select delete for the following :

\Device\Harddisk0\DR0 - detected TDSS File System ( 1 )

Once done could you let me know how the system is behaving

[REDACTED]

Well, Avast popups went crazy with quarantine items, but I haven't seen any of the original problem alerts. So far, so good. Thanks for your help. If anything pops up later, I'll be sure to keep in touch.

[Pondus]

Thanks for your help. If anything pops up later, I'll be sure to keep in touch.

Essexboy is not finish yet .... he will remove the tools used   

[essexboy]

Let me know when you are happy and I will remove my tools and tidy up