Infected- My system is telling me that "successfully blocked a potentially malicious website...

[KIMO]

• Began having problem with websites appearing without request on my desktop PC
  
• Tried to refresh my Malebytes free service to disinfect
  
• I believe it was a "trojan sirefef.bv" that was initial problem.
  
• When unsuccessful I purchased the full version for both my desktop and laptop.
  
• It seems like I have a virous that is working from the inside making requests to strange IP addresses. Malware is now blocking access. Every few seconds a bubble pops up in bottom righthand corner of windows w/ sound notifying me that "outgoing" request has been blocked.
  
• I would liketo get the core problem resolved by having the virous removed completely
  
• Can anyne help?
  
• 
  
• 
  
• Text File from DDS.txt------
  

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 15:49:06 on 2012-04-09

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2013.1124 [GMT -6:00]

.

AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ebay.com/

uInternet Settings,ProxyOverride = *.local;<local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

uRun: [iomega Automatic Backup] c:\program files\iomega\iomega automatic backup\ibackup.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"

mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Device Detector] "c:\program files\common files\acd systems\en\DevDetect.exe" -autorun

mRun: [PDFHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe

mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe

mRun: [Nuance PDF Converter Professional 7-reminder] "c:\program files\nuance\pdf professional 7\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf converter professional 7\ereg\Ereg.ini"

mRun: [iomega Automatic Backup 1.0.1] c:\program files\iomega\iomega automatic backup\ibackup.exe

mRun: [CMS] "c:\program files\cms\exe\Open.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: vectorvest.com\www

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278436702906

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A984E219-AE95-4EDF-AB2C-C29EECFD95AE} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-23 652360]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2010-7-25 134944]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2010-1-4 111312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-23 20464]

S2 avfilter;ZDPSp50;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]

S2 GV600_4;RVIEG01;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 mcafeeframework;Rdpdd;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 mcupdmgr.exe;Dvd43llh;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 mcvsrte;Mhndrv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 nod32krn;NPPTNT;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 pavagente;W2acehid;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 S3GIGP;Dlcf_device;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 SbieDrv;RushTopDevice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 Slpsvdr;Pimsgss;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 vetefile;Wm;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S2 vetmonnt;S616mdm;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-23 1684736]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-6 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]

S3 TED200S5;TED200S5 NDIS Protocol Driver;c:\windows\system32\drivers\TED200S5.sys [2005-9-23 17536]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-05 18:17:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-05 18:16:30 -------- d-----w- c:\documents and settings\user\application data\Luaf

2012-04-05 18:16:30 -------- d-----w- c:\documents and settings\user\application data\Irgualm

2012-03-28 19:14:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Akamai

.

==================== Find3M ====================

.

2012-02-28 16:25:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 15:49:59.92 ===============

Attach 4.9.12 .pdf

[Maniac]

Hello KIMO and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall ALOT Toolbar, because is adware.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!