Avast's Malicious Url blocked messages, google redirects driving me crazy

I tried following some of the steps suggested in the other threads regarding the Avast “malicious url blocked” messages but I am hitting some walls.

The aswMBR.exe that I downloaded looks different than the one shown in the instructions on the other threads. for example, there is a drop down menu on what to scan (Quickscan, C drive, … or none). Also, the Fix button is greyed out.

I AM a current Avast subscriber and everytime I run a full system scan and it finds a rootkit that says will remove upon reboot, I still get the annoying “malicious url blocked” messages not long after. It is like every few seconds. Another time, immediately after the boot time scan reboot, before doing anything else (launchin browser, or whatever), I will run the full system scan again and it still comes up with the same viruses that it supposedly deleted from the previous scan along with the rootkit that it can’t delete until I reboot.

I also get redirects from google and/or I will see the correct url in the address bar but the page will be blank with a regantular box that contains some strange web address ex: (http://worksource.us) and the page just stays that way unless i click on the reload current page button on the address bar. It does this with most search results except a few. I use Mozilla Firefox and I have the Scripts add-on thing but allowing the page still doesn’t prevent the redirect problem. I’d prefer using the Explorer (version 6) but I also get redirects and plus, there is no longer any sound when I go to sites like Youtube whereas Firefox is fine.

I also had invisible audio ads and I think this started when I installed Super antispyware (which I installed thinking it might solve the redirect problem) and after I uninstalled it, the ads no longer happened. Ending the iexplore.exe (when I didn’t even have IE open)process in the task manager temporarily ended the problem but I would hear it again not long after. So I’m glad I’m not having audio ad problems anymore but the blocked messages and redirects are driving me insane.

Just FYI: I didn’t have anti virus software for a few months after my AVG subscription ended and then I had a huge system crash the end of May, the kind where you can’t even get to your desktop and a box tells you that you must purchase something to fix this problem. Luckily I had another Windows login set up for a guest when the computer starts up and that’s when I installed and paid for Avast and got online to see how to start up computer in Safe Mode (but I didn’t know which one to choose: with networking, without, and i think there was one more choice). But anyway, long story short, a lot of my icons were gone in my own Windows and I did a lot of reading on how to “unhide” the stuff. I tried restoring but it was never quite the same.

Can someone help me to sort out my poorly explained mess?

Thanks !

can you post the aswMBR log

ok,a tdss rootkit.try this and tell me whether this cured it or not:

*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i1116.photobucket.com/albums/k567/com155/kastdsskiller.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i1116.photobucket.com/albums/k567/com155/kastdsskiller1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i1116.photobucket.com/albums/k567/com155/kastdsskiller-1.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Thank you both for the replies. I’ve attached the most recent log…

I’m going to install and run the Kapersky in a short while.

You are infected>
07:03:59.281 File: C:\WINDOWS\system32\drivers\volsnap.sys INFECTED Win32:Alureon-PS

Open aswMBR and choose the option “FIX”.
Then scan again and post the new log.

What if the “Fix” is greyed out? And only the “FixMBR” is clickable? (I was going to do that one time but it warned me that it was going to reformat or something to that effect so I was afraid to do that).

Oh, and should I disable Antivirus and turn off system restore before I do the “fix”?

Open aswMBR,let it finish the scan,when it finish the scan and show the infection,THEN click FIX.You don’t need to disable your AV.

Ok, sorry to repeat myself but I can’t click “Fix” because it is greyed out while the “FixMBR” is not…can someone tell me what is the difference?

FixMBR writes and replaces the infected MBR with a clean mbr(standard mbr code).
What is your OS?32 or 64 bits?
As far as i know alureon doesn’t infect the mbr,actually some variants may do but i don’t know so i wouldn’t run FIXMBR.
Edit:A variant called Alureon-DOS infects the MBR.However running FIXMBR option on 64 bits system can cause crash.

Please follow the instructions here and post the log>http://support.kaspersky.com/faq/?qid=208283363
Or follow com’s155 post.

This is a TDL 3 infection - run with TDSSKiller ;D

yes, I think I will do that. I was a little scared to do the FixMBR just yet so the TDSSKiller sounds like the less risky option to try. Here is my laptop specs, maybe this tells what kind of bit my OS is?

Memory Size 512 MB (now 2G since I had more memory installed)
Memory Type JEDEC 200-pin DDR-SODIMM for PC1600/PC2100/PC2700
Package 200-pin SODIMM, 1.27-inch height
Speed 333 MHz
Refresh Auto and self refresh capability, 4069 refresh cycle/64 ms
Supply Voltage 2.5 V
Configuration 640 KB conventional RAM, 128 KB BIOS shadow
Parity Support No parity bit supported

I don’t know if I should start another new thread but can someone tell me why when I download the Adobe flash player that a certain website tells me to, and restart the computer, I still can’t view the content and it keeps telling me again that I need to download the Flash Player? I downloaded and installed without any problem (seemingly) so I don’t know why this is happening.

OK, here is the log…upon reboot and launching Firefox, I got the “malicious url blocked” almost instantly (and I was just going to Yahoo.com as always) and also a msg from Avast that I have the Volsnap virus again and asking me to delete or ingore again. As usual, I choose delete and it always tells me it can only delete by doing a boot time scan and do I want to restart.

Sigh…I do use the Safezone browsing thru Avast but things just seem slower and some things I can’t access. Plus I still get those alerts even in this mode. I would just do a factory reformat if I had the original disc but I lost that years ago.

2011/07/15 00:57:40.0966 1856 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/15 00:57:42.0967 1856 ================================================================================
2011/07/15 00:57:42.0967 1856 SystemInfo:
2011/07/15 00:57:42.0967 1856
2011/07/15 00:57:42.0967 1856 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/15 00:57:42.0967 1856 Product type: Workstation
2011/07/15 00:57:42.0967 1856 ComputerName: HEEYA
2011/07/15 00:57:42.0967 1856 UserName: Owner
2011/07/15 00:57:42.0967 1856 Windows directory: C:\WINDOWS
2011/07/15 00:57:42.0967 1856 System windows directory: C:\WINDOWS
2011/07/15 00:57:42.0967 1856 Processor architecture: Intel x86
2011/07/15 00:57:42.0967 1856 Number of processors: 1
2011/07/15 00:57:42.0967 1856 Page size: 0x1000
2011/07/15 00:57:42.0967 1856 Boot type: Normal boot
2011/07/15 00:57:42.0967 1856 =

continued…

===============================================================================
2011/07/15 00:57:47.0873 1856 Initialize success
2011/07/15 00:57:54.0155 0424 ================================================================================
2011/07/15 00:57:54.0155 0424 Scan started
2011/07/15 00:57:54.0155 0424 Mode: Manual;
2011/07/15 00:57:54.0155 0424 ================================================================================
2011/07/15 00:57:56.0452 0424 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/15 00:57:56.0545 0424 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/15 00:57:56.0624 0424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/15 00:57:56.0670 0424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/15 00:57:56.0733 0424 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/15 00:57:56.0795 0424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/15 00:57:56.0889 0424 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/15 00:57:56.0983 0424 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/15 00:57:57.0061 0424 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/15 00:57:57.0108 0424 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/15 00:57:57.0155 0424 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/15 00:57:57.0202 0424 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/15 00:57:57.0249 0424 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/15 00:57:57.0389 0424 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/15 00:57:57.0436 0424 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/15 00:57:57.0499 0424 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/15 00:57:57.0624 0424 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/15 00:57:57.0733 0424 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/15 00:57:57.0842 0424 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/15 00:57:57.0889 0424 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/15 00:57:57.0952 0424 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/15 00:57:58.0014 0424 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/15 00:57:59.0452 0424 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/15 00:57:59.0546 0424 aswFW (e87019bdb5a06a096d7cec7aacd0ee40) C:\WINDOWS\system32\drivers\aswFW.sys
2011/07/15 00:57:59.0671 0424 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/15 00:57:59.0749 0424 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
2011/07/15 00:57:59.0827 0424 aswNdis2 (07ff8c2ba038764cdeb4ffd1331ad29c) C:\WINDOWS\system32\drivers\aswNdis2.sys
2011/07/15 00:57:59.0874 0424 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/15 00:57:59.0936 0424 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/15 00:58:00.0046 0424 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\

still continued:

system32\drivers\aswSP.sys
2011/07/15 00:58:00.0280 0424 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/15 00:58:00.0358 0424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/15 00:58:00.0468 0424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/15 00:58:00.0655 0424 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/15 00:58:00.0827 0424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/15 00:58:00.0999 0424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/15 00:58:01.0139 0424 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/15 00:58:01.0233 0424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/15 00:58:01.0358 0424 CAMCAUD (80eb55b615ed0f669a28a96fefd4603f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/07/15 00:58:01.0421 0424 CAMCHALA (ad1d8debdb1df8682e374e0cd1638c1b) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/07/15 00:58:01.0483 0424 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/15 00:58:01.0530 0424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/15 00:58:01.0624 0424 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
2011/07/15 00:58:01.0686 0424 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/15 00:58:01.0749 0424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/15 00:58:01.0843 0424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/15 00:58:01.0968 0424 Cdr4_xp (681a83e2b0ae8ab723a98a42edb7629a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/07/15 00:58:02.0093 0424 Cdralw2k (8732a257f57aaa718f0c587cf5d0b430) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/07/15 00:58:02.0171 0424 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/15 00:58:02.0264 0424 cdudf_xp (65a9c15050c06829c8d907dbd39c13e1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/07/15 00:58:02.0405 0424 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/15 00:58:02.0483 0424 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/15 00:58:02.0546 0424 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/15 00:58:02.0640 0424 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/15 00:58:03.0999 0424 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/15 00:58:04.0061 0424 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/15 00:58:04.0171 0424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/15 00:58:04.0327 0424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/15 00:58:04.0405 0424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/15 00:58:04.0468 0424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/15 00:58:04.0530 0424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/15 00:58:04.0608 0424 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/15 00:58:04.0655 0424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/15 00:58:04.0874 0424 DVDVRRdr_xp (668ffa03397aa70aae3bff2c81775a59) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/07/15 00:58:04.0937 0424 dvd_2K (240ea965412f5db3a6e587700c1fe4ea) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/07/15 00:58:05.0030 0424 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
2011/07/15 00:58:05.0140 0424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/15 00:58:05.0218 0424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/15 00:58:05.0280 0424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/15 00:58:05.0343 0424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/15 00:58:05.0437 0424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/15 00:58:05.0499 0424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/15 00:58:05.0562 0424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/15 00:58:05.0671 0424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/15 00:58:05.0765 0424 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/15 00:58:05.0827 0424 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/15 00:58:05.0937 0424 HSFHWATI (a32f20830996d61d862311f138870a0c) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2011/07/15 00:58:06.0218 0424 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/07/15 00:58:06.0358 0424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/15 00:58:06.0483 0424 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/15 00:58:06.0655 0424 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/15 00:58:06.0718 0424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/15 00:58:06.0843 0424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/15 00:58:06.0905 0424 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/15 00:58:06.0952 0424 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/15 00:58:07.0030 0424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/15 00:58:07.0077 0424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/15 00:58:07.0155 0424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/15 00:58:07.0234 0424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS
\system32\DRIVERS\ipsec.sys
2011/07/15 00:58:07.0296 0424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/15 00:58:07.0374 0424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/15 00:58:07.0421 0424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/15 00:58:07.0484 0424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/15 00:58:07.0609 0424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/15 00:58:07.0905 0424 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/15 00:58:07.0968 0424 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/15 00:58:08.0062 0424 mmc_2K (26a06fb2315ad15613420054107be520) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/07/15 00:58:08.0124 0424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/15 00:58:08.0265 0424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/15 00:58:08.0312 0424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/15 00:58:08.0359 0424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/15 00:58:08.0421 0424 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/15 00:58:08.0484 0424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/15 00:58:08.0593 0424 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/15 00:58:08.0780 0424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/15 00:58:08.0859 0424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS

\system32\drivers\MSKSSRV.sys
2011/07/15 00:58:08.0921 0424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/15 00:58:08.0968 0424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/15 00:58:09.0046 0424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/15 00:58:09.0124 0424 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/15 00:58:09.0218 0424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/15 00:58:09.0296 0424 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/15 00:58:09.0343 0424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/15 00:58:09.0406 0424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/15 00:58:09.0499 0424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/15 00:58:09.0593 0424 neokdss (a739c53edf41368ac7a796db95cfe211) C:\WINDOWS\system32\Drivers\neokdss.sys
2011/07/15 00:58:09.0656 0424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/15 00:58:09.0843 0424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/15 00:58:09.0937 0424 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/15 00:58:09.0984 0424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/15 00:58:10.0062 0424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/15 00:58:10.0187 0424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/15 00:58:10.0249 0424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/15 00:58:10.0312 0424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/15 00:58:10.0406 0424 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/15 00:58:10.0484 0424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/15 00:58:10.0546 0424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/15 00:58:10.0718 0424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/15 00:58:10.0765 0424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/15 00:58:10.0874 0424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/15 00:58:10.0937 0424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/15 00:58:11.0124 0424 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/15 00:58:11.0265 0424 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/15 00:58:11.0421 0424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/15 00:58:11.0468 0424 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/15 00:58:11.0546 0424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/15 00:58:11.0609 0424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/15 00:58:11.0703 0424 pwd_2k (55b943f509ed863b86e685aee1445890) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/07/15 00:58:11.0749 0424 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/15 00:58:11.0828 0424 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/15 00:58:11.0874 0424 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/15 00:58:11.0921 0424 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/15 00:58:11.0968 0424 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/15 00:58:12.0046 0424 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/15 00:58:12.0374 0424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/15 00:58:12.0453 0424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 00:58:12.0531 0424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/15 00:58:12.0562 0424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/15 00:58:12.0609 0424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/15 00:58:12.0671 0424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/15 00:58:12.0749 0424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/15 00:58:12.0828 0424 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/15 00:58:12.0921 0424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/15 00:58:13.0124 0424 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/15 00:58:13.0359 0424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/15 00:58:13.0453 0424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/15 00:58:13.0531 0424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/15 00:58:13.0656 0424 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/15 00:58:13.0750 0424 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/15 00:58:13.0859 0424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/15 00:58:13.0921 0424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/15 00:58:14.0031 0424 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/15 00:58:14.0296 0424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/15 00:58:14.0375 0424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/15 00:58:14.0500 0424 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/15 00:58:14.0562 0424 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/15 00:58:14.0625 0424 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/15 00:58:14.0671 0424 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/15 00:58:14.0765 0424 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/15 00:58:14.0859 0424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 00:58:15.0093 0424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 00:58:15.0234 0424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 00:58:15.0312 0424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 00:58:15.0375 0424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 00:58:15.0500 0424 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/15 00:58:15.0578 0424 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/15 00:58:15.0703 0424 UDFReadr (e3f66ac25ac2a0b7fda19df4651def82) C:\WINDOWS\system32\drivers\UDFReadr.sys
2011/07/15 00:58:15.0922 0424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 00:58:16.0015 0424 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/15 00:58:16.0109 0424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 00:58:16.0328 0424 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/15 00:58:16.0375 0424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 00:58:16.0453 0424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 00:58:16.0515 0424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 00:58:16.0578 0424 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/15 00:58:16.0640 0424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/15 00:58:16.0687 0424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 00:58:16.0750 0424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 00:58:16.0922 0424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 00:58:17.0000 0424 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/15 00:58:17.0047 0424 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/15 00:58:17.0093 0424 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 00:58:17.0109 0424 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/15 00:58:17.0125 0424 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/15 00:58:17.0187 0424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 00:58:17.0281 0424 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/15 00:58:17.0406 0424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 00:58:17.0547 0424 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/15 00:58:17.0890 0424 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 00:58:18.0094 0424 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 00:58:18.0281 0424 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/07/15 00:58:18.0359 0424 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/07/15 00:58:18.0406 0424 Boot (0x1200) (721545867655d71e23427f93f7dadcc1) \Device\Harddisk0\DR0\Partition0
2011/07/15 00:58:18.0437 0424 Boot (0x1200) (31fef3c3c6f88dd25df20cb93a518dab) \Device\Harddisk0\DR0\Partition1
2011/07/15 00:58:18.0453 0424 ================================================================================
2011/07/15 00:58:18.0453 0424 Scan finished
2011/07/15 00:58:18.0453 0424 ================================================================================
2011/07/15 00:58:18.0500 3748 Detected object count: 1
2011/07/15 00:58:18.0500 3748 Actual detected object count: 1
2011/07/15 00:59:36.0645 3748 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 00:59:36.0645 3748 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/15 00:59:37.0270 3748 Backup copy not found, trying to cure infected file…
2011/07/15 00:59:37.0270 3748 Cure success, using it…
2011/07/15 00:59:37.0364 3748 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/15 00:59:37.0364 3748 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/15 00:59:57.0521 2936 Deinitialize success

For the future, should you need to do anything like this, it is easier to attach the file to the ‘one’ post. This saves you having to break it over many posts, it is also easier to read for whoever happens to be following the process.

When you Reply, click on the Additional Options text and that allows you to attach .txt or .log files up to 200KB in size.

So based on your last section of the report, you now need to reboot to clear the infected file.

If you haven’t done that do so, if you have rebooted are you still getting the symptoms ?

2011/07/15 00:58:18.0500 3748 Detected object count: 1 2011/07/15 00:58:18.0500 3748 Actual detected object count: 1 2011/07/15 00:59:36.0645 3748 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/15 00:59:36.0645 3748 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025 2011/07/15 00:59:37.0270 3748 Backup copy not found, trying to cure infected file.. 2011/07/15 00:59:37.0270 3748 Cure success, using it.. 2011/07/15 00:59:37.0364 3748 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot 2011/07/15 00:59:37.0364 3748 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure 2011/07/15 00:59:57.0521 2936 Deinitialize success
This is the most important part, volsnap is now cured