Over 1 million tech questions and answers.

HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

Q: HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\Tablet.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Documents and Settings\Owner\Local Settings\Application Data\ikmpbcvmv\vxjfxqutssd.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Documents and Settings\Owner\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = www.mytelus.comuSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/uInternet Settings,ProxyServer = proxy.library.ubc.ca:8000uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dllBHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [pkfdwwsu] c:\documents and settings\owner\local settings\application data\ikmpbcvmv\vxjfxqutssd.exemRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exemRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exemRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEmRun: [IgfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXEmRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /ConsumermRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exemRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [pkfdwwsu] c:\documents and settings\owner\local settings\application data\ikmpbcvmv\vxjfxqutssd.exedRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXEIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: blogger.com\wwwDPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.proxy.lib.sfu.ca/lib/sfu/support/plugins/ebraryRdr.cabDPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabDPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cabDPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cabDPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabDPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exeDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: GoToAssist - c:\program files\citrix\gotoassist\607\G2AWinLogon.dllNotify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mitymtgp.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.gateway.com/FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\videoegg\loader\2663\npvideoegg-loader.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 198256]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 165488]R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-1-10 177264]R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-26 822424]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070425.033\NAVENG.Sys [2007-4-25 77688]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070425.033\NavEx15.Sys [2007-4-25 852824]R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]S2 gupdate1ca1fd0bab22098;Google Update Service (gupdate1ca1fd0bab22098);c:\program files\google\update\GoogleUpdate.exe [2009-8-17 133104]S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-1-10 67184]S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79472]S3 Protditnt;Protditnt; [x]S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-12-10 198368]=============== Created Last 30 ================2010-06-07 21:47:59 0 ----a-w- c:\documents and settings\owner\defogger_reenable2010-05-26 05:41:03 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-10 23:25:15 0 d-----w- c:\program files\Citrix2010-05-10 23:24:59 103784 ----a-w- c:\documents and settings\owner\GoToAssistDownloadHelper.exe==================== Find3M ====================2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe1996-10-31 08:11:00 418 ----a-w- c:\program files\FILE_ID.DIZ============= FINISH: 15:02:00.71 ===============GMER Log:GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-07 18:31:49Windows 5.1.2600 Service Pack 2Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdrpoc.sys---- System - GMER 1.0.15 ----SSDT 860AC4D0 ZwConnectPortSSDT 86859438 ZwOpenProcessSSDT 861153D0 ZwOpenThread---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\asc3550.sys entry point in ".rsrc" section [0xF7A33494]init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6D563BF]? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0312000A .text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0313000A .text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 01C7000C .text C:\WINDOWS\System32\svchost.exe[1388] USER32.dll!GetCursorPos 77D4BD76 5 Bytes JMP 012E000A .text C:\WINDOWS\System32\svchost.exe[1388] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0741000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 011C000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 011D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 011B000C ---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)Device -> \Driver\atapi \Device\Harddisk0\DR0 830CFEC5---- Processes - GMER 1.0.15 ----Library C:\DOCUME~1\Owner\LOCALS~1\Temp\B95.tmp (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936] 0x00DE0000 Library C:\WINDOWS\TEMP\CA6.tmp (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936] 0x01020000 Library C:\WINDOWS\TEMP\14B0.tmp (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936] 0x01260000 ---- Files - GMER 1.0.15 ----File C:\WINDOWS\system32\drivers\asc3550.sys suspicious modificationFile C:\WINDOWS\system32\drivers\atapi.sys suspicious modification---- EOF - GMER 1.0.15 ----I cannot attach my Attach.txt log for some reason. Is it required at this point? Any kind of assistance would be greatly appreciated!Thanks,Alison

RELEVANCY SCORE 200
Preferred Solution: HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 17 answers
RELEVANCY SCORE 234.8

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 234.8

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 228.4

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 228.4

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 224.8

I viewed the Preparation Guide thread. I unfortunately have no way of backing up my files so I'm unfortunately all by myself here. I have a tendency to get viruses a lot and it just baffles me that these programs don't really protect you from the serious stuff. I download quite a lot. I only have basic cable at the moment so if it's not on Hulu, I download it. I also download shows for music video making (hobby of mine) and once in a great while, I get something. I use Norton Security Suite. I've heard it's a horrible program. I've only had the computer for a couple days before I got something. And this all started when Norton notified me that Auto-Protect has detected "Trojan.FakeAV!gen35". Risk Category "Heuristic Virus". Norton says it blocked it but I'm guessing it didn't. Surprise surprise. It says the location of the file name is "c:\documents and settings\administrator\local settings\application data\hwtglcvvq\uxmqbtvtssd.exe". I checked that folder but there is nothing there. But this was just the beginning.After that, I got another notification "2933463.0332615147.exe detected by SONAR". It's been Quarantined. Says it was fully removed even though it gives me the option of restoring it. ? After I got a similar notification "8811cf6b.exe detected by SONAR". Same thing. I got these three within minutes of one another on the 20th of... Read more

A:Trojan.FakeAV!gen35, HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 224.8

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit."An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE""An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE""An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"etc..Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Trice at 9:02:51.75 on Tue 05/25/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Lexmark 2600 Series\lxdnmon.exe... Read more

A:Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 11 answers
RELEVANCY SCORE 221.2

Norton 360 has been continually notifying us of intrusion attempts as of late (since about 2 days ago, started almost immediately when Norton's SONAR detected suspicious activity from a file called "fwdd.exe" and quaratined it). Risk names: HTTPS Tidserv Request 2 and HTTP Tidserv Request. We were also redirected when clicking a Google search result (which I believe is a guaranteed sign of malware). Upon looking these symptoms up, we found that they were most likely the result of a rootkit. Any and all help is appreciated to remove this malware, the more explanation of how to get rid of it the better, since this is our first time having to do this. Thank you.Logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by Loozah at 16:05:09.75 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.615 [GMT -7:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Adobe\Photos... Read more

A:HTTPS Tidserv Request 2 and HTTP Tidserv Request Intrusion Attempts

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 12 answers
RELEVANCY SCORE 221.2

I see various HTTPS Tidserv Request 2 and HTTP Tidserv Request attempts being blocked by my Norton 360."Network traffic from zz87jhfda88.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE."Norton 360 doesn't find the trojan, but there are suspicious files found by GMER.This was after going to Wired to read an article and as some banner ads loaded, Norton started finding some other trojans and viruses being downloaded to my system. Even though Java had been upgraded to version 20, I think the older version code was still somewhere in the path, as I saw the Java splash screen on the Java startup. The alerts come more often when using Google or Yahoo search.I'm sure ComboFix will take care of it, but wanted a second opinion first.Thanks for your help.I've attached the attach.txt and ark.txt files and here is the log from DDS.txt.DDS (Ver_10-03-17.01) - NTFSx86 Run by KyleVogt at 12:12:31.37 on Wed 05/19/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1809 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\... Read more

A:Norton 360 Blocking HTTPS Tidserv Request 2 & HTTP Tidserv Request

Hello,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 3 answers
RELEVANCY SCORE 216

My computer was infected with trojan this morning, I ran Symantec Endpoint Protection 11, it deleted couple file.Now I am constantly the following two error messages via Symantec Endpoint Protection address line:-[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.I ran the Symantec Endpoint Protection Full Scan come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance.I have pasted and attached the logs that I believe I need to for you to assist .Please advise if I need to do anything else at this moment to helpThanksBarryDDS (Ver_09-06-26.01) - NTFSx86 Run by clejstiege at 15:28:03.94 on Tue 06/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.411 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exesvchost.exeC:\Program Files... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected, Unable to resolve Infection

hi,Your post is a few days old if you still need help simply reply to my post.

Read other 1 answers
RELEVANCY SCORE 215.2

First of all, thanks in advance to those willing to help.A couple of days ago, I was infected with Antimalware Doctor, and XP Antimalware (I think those were the names). I am pretty sure I took care of those. Meanwhile, every time I use Mozilla Firefox, I have a notification from Norton 360 stating that "A recent attempt to attack your computer was blocked." When I look at it in more detail, Norton tells me the risk name is either HTTP Tidserv Request or HTTPS Tidserv Request 2. In addition to the constant attacks, I am redirected when clicking on google links and random tabs open in Firefox to random websites as well.-If the Risk name is HTTP Tidserv Request the application path is \DEVICE\HARDDISKVOLUME2\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE-If the Risk name is HTTPS Tidserv Request 2 the application path is \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEIn addition to that, Norton 360 has blocked or quarantined the following within the past couple of days:Spyware.KeyloggerTrojan.GenTrojan.FakeAVAntiVirus2010Here is the DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:45:47.12 on Fri 04/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.291 [GMT -6:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}===... Read more

A:HTTP Tidserv Request/HTTPS Tidserv Request 2 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 215.2

Problem:A few days ago my computer was attacked. Norton detected and blocked several downloaders and trojans, however I am having lingering issues with something trying to hijack my browser. Norton appears to be detecting and containing the attacks for now, but full scans from both norton and malware bytes have brought up nothing.As requested I have the DDS log, but I was unable to successfully scan with GMER. I tried 4 times, and my computer froze twice, and BSOD twice.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Aaron Smith at 23:42:19.71 on Sat 07/10/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1852 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Belkin\F5D7050v3\Belkinwcui.exeC:\WINDOWS\system32\RUNDLL32.EXEC: ... Read more

A:problem with HTTPS Tidserv Request 2 and HTTP Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 207.6

I am constantly receiving the following two error messages via Symantec Endpoint Protection:-[SID: 23615] HTTPS Tidserv Request 2 detected. Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe[SID: 23621] HTTP Tidserv Request detected. Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exeI have ran a Symantec Endpoint Protection Full Scan, that results in the scan being Clean. I have also ran a MalwareBytes AntiMalware scan, that also results in the scan being clean. I have the Windows Standard Firewall enabled. I also seem to be getting redirected alot when using IE8.0, especially when searching in Google or Bing.I have included the DDS and Attach Logs, but unfortunately I am unable to attach the ark.txt log as everytime I have tried to run the GMER the scan gets so far before automatically restarting my computer.I look forward to your response and would like to thank you in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by ldcoxon at 10:14:37.43 on 12/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3567.1991 [GMT 1:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\s... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 3 answers
RELEVANCY SCORE 207.6

I had Symantec Endpoint Protection on my laptop

Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search

[SID: 23615] HTTPS Tidserv Request 2 detected.
[SID: 23621] HTTP Tidserv Request detected.
Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.

Please can reply ASAP.
Thank you in advance

RPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try renaming it. To... Read more

Read other 3 answers
RELEVANCY SCORE 207.6

I had Symantec Endpoint Protection on my laptopNow I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.Please can reply ASAP.Thank you in advanceRPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

As quietman7 has replied here i've taken the liberty of locking this thread to avoid multiple Helpers working on the same problem.

Read other 1 answers
RELEVANCY SCORE 207.6

I seem to have been initially infected with a virus that presented as Antispyware Soft. I ran Malwarebytes Anti-Malware 1.46 which removed and deleted avsuit and avsoft Rogue Antivirus Suite and Trojan Fraudpack. Re-Ran Malwarebytes Anti-Malware 1.46 which found no infected areas. I had Symantec Endpoint Protection V10 which did not pick-up any issues. Upgraded to V11.0 and ran a full scan still no issues. Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search (I don not get the error when going to a web address directly from the address line:-[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. I ran the Symantec Endpoint Protection Full Scan & MalwareBytes AntiMalware scan, both come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance. I have pasted and attached the logs that I believe I need to for you to assist . Please advise if I need to do anything else at this moment to help Thanks GrantDDS (Ver_10-03-17.01) - NTFSx86 Run by Grant Beaumont at 16:01:11.40 on Wed 19/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2266 [GMT 10:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-C... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 10 answers
RELEVANCY SCORE 206.4

Hello! I have been receiving alerts from my Norton 360 very often whenever I am online about Intrusion attempts blocked, it says:An intrusion attempt by 873hgf7xx60.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXEThanks for everything- You guys are the bleep. Here is the DDS scan:DDS (Ver_10-03-17.01) - NTFSx86 Run by Geoff at 14:11:30.07 on Wed 04/14/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2341 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:&#... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 206.4

HiI downloaded a zipped file and mistakenly clicked on an exe file, at that time my NIS 2010's antivirus was disabled but intrusion prevention (firewall) was on. The intrusion prevention started giving warnings and by the time I enabled my antivirus it was too late. Now NIS keeps on giving me warnings about preventing a possible attack but is not able to remove the source. Please find attached my recent NIS history. The errors are under "Category: Intrusion Prevention"I Also ran combofix because somebody else had done in the symantec forum and his problems were solved. I did not use the recovery console option. After the scan the problem is still there.Please find attached the combofix log also.Also find attached DDS and GMER logsApart from that nothing funny has occurred so far. One other thing, but very old that whenever I change anything in msconfig I get a warning saying I do not have admin permission though I am the only user and have the said privileges. The settings are saved when I restart.

A:HTTP Tidserv Request & HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 206.4

I have been infected with some malware, and i cannot go online now, as everytime I am online my Norton Internet Security detects and blocks an attempted intrusion. Norton says the threat name is HTTP Tidserv Request, HTTPS Tidserv Request 2 followed by some IP address.Norton has not blocked or quarantined anything that i know of following several scans. I have turned of my wireless and have not connected for some days now. Any help in resolving this issue would be much appreciated!I have attached the DDS and GMER Logs as stated. Thank you very much DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kavinraj1 at 13:27:47.76 on Tue 06/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.494 [GMT 1:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\sys... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.One or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain ... Read more

Read other 6 answers
RELEVANCY SCORE 206.4

Please help me remove this virus. I've done the suggested preparation steps, but GMER is still not done scanning. It's been going for 18 hours! Is that normal? I'll post what I have so far.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 16:53:59.31 on Mon 05/24/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1392 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explor... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hi kingwanabee,Welcome to BC Malware Removal (VTSMR) forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. You may stop GMER from running if it is still running.Please download Malwarebytes' Anti-Malware from one of these locations:malwarebytes.orgmajorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows direc... Read more

Read other 14 answers
RELEVANCY SCORE 204.8

Norton Internet Security has been reporting that it blocks an intrusion attempt from a variety of addresses and reports the risk name as either HTTP Tidserv Request or HTTPS Tiderv 2 Request. I get a few unrequested webpages, but the main symptom is the warning messages from Norton. In attempting to fix the problem myself, I learned that I can not boot to Safe Mode because my system hangs at amdagp.sys and returns to the "how would you like your computer to boot" screen. I think this is an unrelated problem, but thought I'd mention it.Thanks! I appreciate your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ann Nymous at 23:19:25.80 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi... Read more

A:http tidserv request and https tidserv2 request

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 16 answers
RELEVANCY SCORE 204.8

Please help. My computer is constantly being attacked (HTTP Tidserv Request & HTTPS Tidserv Request 2). I do not know how to keep this from happening. I've been letting others use my laptop (my first mistake), and about a week ago this all started happening. Needless to say, I'm concerned as I don't know how much damage these attacks can do. My Norton Anti-Virus/Internet Security has been blocking the attacks, but they come constantly from several attacking IP addresses and URLS. Below please find my dds.txt and attached my attach.txt and gmerlog.log as instructed. Thank you in advance for your assistance, and I look forward to hearing from someone.DDS (Ver_10-03-17.01) - NTFSx86 Run by MY NAME at 20:01:23.87 on Wed 08/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.132 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Progra... Read more

A:HTTP Tiderv Request & HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 2 answers
RELEVANCY SCORE 198.4

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 198.4

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 183.6

Hi, Firstly thank you for all this stuff you do to help us out. I have used (read) this board to resolve PC issues very successfully in the past. BUT today I seam to have a really problem - Norton AV is reporting "Risk Name: HTTP Tidserv request 2" and "Risk Name: HTTP Tidserv request". Obviously I need to get this thing out.I've followed the thread Might have a TDL3 virus discussing how to resolve this and followed the listed actions.Quick note of what I did 1 - Recovery is already running 2 - Ran OTL (per instructions in above thread) - I've attached the log3 - Ran Defogger4 - Ran ComboFix (renamed to brc0488CF.exe) - realised after I hadn't turn off Norton - I've attached the 1st log "brc0488cf 1st run"5 - Disconnected from the network & Turned Off Norton Virus and Firewall.6 - Ran ComboFix again - attached is the 2nd log "brc0488cf 2nd run"7 - Enabled Norton Agian, connected to network8 - Tried to restart Firefox and got a message that a registry item maked for deletion was attempted to be modified? Firefox did not start.9 - rebooted the computer.10 - restarted firefox (was slow in coming up)11 - Still getting warnings from Norton This is obviously a tough one... Please HelpI'm willing to reformat etc, but only if its the "final solution"Many thanksRobertEDIT - I can't see the files I uploaded? Will try again..Oh I see how it works now
 OTL.Txt   84.23KB
  6 downloads
 Extras.Txt   31.74KB
  3 downloads
 br... Read more

A:HTTP Tidserv request & Tidserv request 2 infection

Hello and welcome to Bleeping ComputerPlease refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs... Read more

Read other 16 answers
RELEVANCY SCORE 182.4

Hello, i would appreciate it very much if i could get some assistance with my problem.About 2 weeks ago my norton internet security started to throw up the alert that it blocked http tidserv request.Then the alerts became more frequent, and my google search results started being redirected elsewhere.As per the instructions, i have included the DDS and GMER logs below.thanks.===============================DDS (Ver_10-03-17.01) - NTFSx86 Run by Bouncer at 21:16:05.46 on Mon 05/31/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1204 [GMT -6:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\WI... Read more

A:How can i remove http tidserv request - tidserv trojan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen pro... Read more

Read other 12 answers
RELEVANCY SCORE 178.8

Hello. I would like your help to remove a Backdoor Trojan. On May 25,2010 I started receiving attempted intrusion attack notifications from Norton 360. These notifications can occur at random times. However, the notifications always occur when I execute an internet search from Google, Norton or Bing. I have contacted Symantec technical support and was told that my computer was not infected. However, after researching on the web, I see that many other users are having the same issue. Also, Symantec notifications indicate that it is a serious threat. NOTE: Recently I sent a web page using IE to my wife's email, and now she is having the same issue. She has Norton antivirus supplied by Comcast on her laptop. I suspect I may have infected her laptop. Norton history logs indicate that Norton is blocking the following intrusion attacks:- identified by Norton 360 as "HTTP Tidserv Request" from url 7gafd33ja90a.com at ip addresses 85.12.46.155, 85.12.46.159 and url j00k877x.cc at ip address 192.212.226.130 - identified by Norton 360 as "HTTP Tidserv Request 2" from ip addresses 91.212.226.67 and 202.157.171.207.NOTES: - I have Norton 360 Firewall. Do I still need to activate the MS Windows Firewall as stated in the Preparation Guide? - Cannot run GMER logs. Each time I try after approximateloy 35 minutes of scanning system reboots.DDS logsDDS (Ver_10-03-17.01) - NTFSx86 Run by John Wild at 22:42:15.80 on Wed 06/09/2010Internet Expl... Read more

A:HTTP Tidserv Request & Tidserv 2 attacks

Hi JOHNCWILD1,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum.If the issue is not resolved please update me on the current condition of your computer and post the following log.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.1 -n 1 -w 1000 >nulstart mbr.logGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: dirlook.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate look.bat on the desktop. It should look like this: Double-click to run it.A notepad opens, copy and paste the content (log.txt) to your reply.

Read other 13 answers
RELEVANCY SCORE 174.4

Norton 360 indicates I am continually getting intrusion attempts and "firewall activities". Tidserv Request and https Tidserv Request 2. Per instructions, ran dds and gmer, logs follow. Need help, have not previously heard of rootkits. Thanks, in advance! DDS (Ver_10-03-17.01) - NTFSx86 Run by Joe at 21:51:27.15 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Linksys\Linksys Updater\bin\L... Read more

A:infected with rootkit tidserv request and https tidserv request 2

Hi joemck,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 13 answers
RELEVANCY SCORE 169.6

Norton Internet Security keeps reporting that it has blocked the Tidsev Request and the attacker URL (above). Especially when I do a Google search in Firefox. But then I get redirected each time I click a search result itemIn preparation for this post I ran GMER. Weird things started gobbling up CPU like winlogon and lsass at 50% each, so the GMER scan took about 20 hours.Thanks in advance for your help!DDS (Ver_10-10-10.01) - NTFSx86 Run by Ilse at 13:53:41.46 on 09/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2167 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r211990\stacsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Progr... Read more

A:HTTP Tidserv Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 14 answers
RELEVANCY SCORE 169.6

Hello,This started a two days ago. The symptoms are almost exactly the same as the ones in http://www.bleepingcomputer.com/forums/t/311466/http-tidserv-request/. It also matches the symptoms in Symantec's page on Backdoor.Tidserv. Whenever a search is attempted on Google, Yahoo or Bing, Norton pops up the same alert as in the other thread, but the website name it attempts to contact changes randomly. It says the request for that site originated from IEXPLORE.EXE; at random times SVCHOST.EXE was also blocked from accessing a similar site.The computer is running Windows XP Professional Service Pack 3.I have tried Symantec's removal instructions on their site, including replacing atapi.sys, advapi32.dll and ndis.sys with the same files from the XP CD. However, the files this was supposed to have created (mostly with TDSS in its name) don't exist. On the day of the original infection there was a fake antivirus program on the computer, too, and it blocked any applications saying the file was infected. That one was fixed with system restore. According to Symantec, Tidserv can also install other malware on the computer, which is where I assume this came from.The gmer log seems incomplete so I'm running it again. It seems to crash quite often, and Norton's CPU usage jumps to two 50% processes while running gmer.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Tim Rao at 23:54:14.51 on Fri 21/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.260... Read more

A:HTTP Tidserv Request

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 13 answers
RELEVANCY SCORE 169.6

Hi, I'm running Windows XP, Norton Internet Security 2010, and a Linksys router. The past three days I've been getting notices from Norton "A recent attempt to attack your computer was blocked". In the Norton history log the Risk name is: HTTP Tidserv Request. I'm not sure what to do next. Norton scans don't find anything. The attacks occur several per hour. I'm now keeping the computer disconnected from the internet until resolved. Please advise. Thanks, Jim

A:HTTP Tidserv Request

Hello, Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download li... Read more

Read other 25 answers
RELEVANCY SCORE 169.6

Here is a link to my previous post, which I was asked to include in my post: http://www.bleepingcomputer.com/forums/topic319829.htmlI continue to get a Norton intrusion notice at least once every ten minutes that has been BLOCKED. It says "An intrusion attempt by (several different computer sources) xxxxx.com was blocked. Application path \device\harddiskvolume1\windows\system32\scvhost.exe" Additionally, I saw that one moderator (syler) expressed concerns about banking and doing other personally business on a computer, after being supposedly cleaned http://www.bleepingcomputer.com/forums/t/319381/http-tidserv-request-blocked-by-norton-internet-security-2010/ , this course concerns me as I pay bills online and do work that requires my SS# when signing in. But since the attack is being blocked I am uncertain of how much of a concern this should be. My computer is a Fujitsu: Lifebook. I am running Windows XP or the one before that computer is about 4 years old. I also have Norton 360. Risk name: "HTTPS Tidserv Request 2"I am not being redirected to other webpages as some have stated. Just have the Norton Warning alerting me when on the internet.I also have a list of the attacking computers and the ISP numbers. Which I can provide if it could be of any help to me or just the issue at large. Here are my LogsDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 12:51:39.95 on Fri 05/28/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.103... Read more

A:HTTP Tidserv Request 2

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.=======================================P2P Warning:Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yo... Read more

Read other 18 answers
RELEVANCY SCORE 169.6

Hello, norton started two days ago with a pop up telling me that an intrusion attempt was made but blocked. it keeps coming up. the risk name is HTTP tidserv request. please help. thank youEDIT: Moved from Malware Removal Logs to Am I Infected ~ Hamluis.

A:http tidserv request

Hello and welcome.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 3 answers
RELEVANCY SCORE 169.6

it redirects to sites I'm not searching for expecailly in google also mmy norton keeps poping up with a message saying i have it.
i tried TDSSKiller and got

registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

also malwarebytes isnt picking it up either!

please help!!! asap!! i wanna get rid of it!

A:HTTP Tidserv Request !!!!

Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes t... Read more

Read other 8 answers
RELEVANCY SCORE 169.6

(I apologise in advance if this is not submitted in the appropriate place.)

I'm using Norton Antivirus 2010 (Windows XP HE SP3) and am receiving notifications that several "intrusion attempts" at mostly random intervals (but always when cycling between web pages).

Norton and MBAM both reported a number of trojans/registry infections which were all subsequently deleted on reboot.

I've now done 3 scans with both MBAM and Norton which are all returning no results but I'm still receiving these "attack" notifications and am wondering what to do.

Many thanks for reading and I hope to hear from you soon.

A:HTTP Tidserv Request

Hello and welcome.Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 4 answers
RELEVANCY SCORE 169.6

Ok, 1st time posting.

But also having issue with HTTP tidserv request being detected by norton.

looks like responses are individual per computer.

Can you help me?

Thx!

Add'l information:
running windows vista

A:HTTP tidserv request

Hi, Moved you to your own topic. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to ... Read more

Read other 9 answers
RELEVANCY SCORE 169.6

Well for some days now i get a notification from norton that an attempt on my computer has been blocked (or something along those lines). I have done a full scan and nothing comes up.

So can someone help me remove this malware :S

DDS LOG is attached

I tried the gmer log thing twice and both times my computer crashed :S

A:HTTP Tidserv Request with log

Hello BhavirWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found here:
Right click on the .rar file and choose extract files.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

Read other 3 answers
RELEVANCY SCORE 169.6

Hi,I hope you can help me please....On Friday 21st May 2010 I started to get Norton 360 alerts popping up alerting me as follows:"An Intrusion attempt by <various>.com was blocked. Application path\ DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"The Risk Name was identified as "HTTP Tidserv Request"These alerts would pop up regularly particulary when doing Google searches.I ran a full Norton 360 scan but found nothing and also a BitDefender scan with the same result. I done some research on the Internet about HTTP Tidserv and rootkits and, before discovering the Bleeping Computer forum, I read about Combofix. I consequently downloaded a copy and ran it.It detected rootkit activity on my PC and it seems to have fixed the problem now as the Norton warning messages have completely vanished. I have kept the Combofix.log that was generated just in case. The only issue I had with Combofix was that I needed to reinstall Norton 360 afterwards as the auto-protect feature wouldn't turn on.Although the problem seems to have been fixed, I do not wish to be complacent and so I am wondering if you would be able to double-check that my PC is now rootkit free. I apologise for jumping the gun and running Combofix before being specifically instructed to do so and I hope this won't prevent you from being able to assist me.The information you need follows below.Many thanks in advance for your help.Kind regards... Read more

A:HTTP Tidserv request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 18 answers
RELEVANCY SCORE 169.6

hello im in need of some help removing a problem, everytime i access the internet, i get a notification from norton 360 saying it has stopped some funny network traffic that matches a known attack signature. it says an http tidsrv request was attempted from my computer. if someone can help me remove this bothersome problem before it does some real damage i would appreciate it.

A:http tidserv request

Hello and welcome.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 6 answers
RELEVANCY SCORE 169.6

Hello,

Last week I was surfing the google looking up information on the game Aion when suddenly a popup appeared and it showed that something was downloading. I have popup blocker on, but apparently it didn't matter. Within minutes, various issues occurred and I immediately went to windows to use onecare. It removed 23 viruses and over 200 spyware. I followed up using malwarebytes' anti-malware which found a few others onecare did not and removed them. I bought norton antivirus which found 1 virus and removed many cookies.

I thought all was well but then every few minutes Norton says: An intrusion attempt by 91.212.226. (some other random number) was blocked. The titles of the attack are either Http Tidserv Request 1 or 2. Sometimes (including this site) I'll get redirected to an ad site. Sometimes the internet will disconnect. I considered wiping the drive except when I've read other threads for those who have done this, they still have the issue on their computer. That's really a last option. I've seen both on this site and other sites such as bleepingcomputer that after a long series of tools, people seem to have cleared themselves of this problem. I haven't tried any of these tools since they usually say not to without an experts suggestion. I have, however, run the GMER (which took two tries, first time it froze my computer and I had to manually restart). I also did the DDS and have the attach file.

I'm really at my wits end with this and any help would be great... Read more

A:http tidserv request 1 & 2

Hello and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

--------------------------------------------

I am sorry to tell you that one or more of the identified infections is a backdoor trojan / rootkit .

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

-------------------------------------------

Please note that these fixes ar... Read more

Read other 19 answers
RELEVANCY SCORE 169.6

Hello everyone this is my first thread and I'm in need of some help! I keep getting a pop up from my (expired) Norton Antivirus which reads something like: A recent attack on your computer was blocked. When I click it, it gives me the Http Tidserv Request as the culprit. I've run Mbam and nothing shows up. I ran Spybot which revealed a myriad of results, one of them being Virtumonde. Anyhow; I was wondering if anyone could help or give me some direction as to where to go. *sigh* this is what I get for letting my 14 year old cousin use my computer

A:Http Tidserv Request

Hello ,Let's see if we can clean this up and then we'll get you an Antivirus'Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your deskt... Read more

Read other 13 answers
RELEVANCY SCORE 169.6

I am having a problem that does not seem to be quite like the other tidserv request issues others are having here. Starting about a day ago, I am receiving frequent notices from my Norton 360 that "an intrusion attempt" has been blocked. The details provided state that it is a HTTP Tidserv Request following the path:

\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

I am running Windows XP and Norton 360. After a Norton scan failed to turn up anything, I installed Spybot Search and Destroy and ran a few scans between restarts. Those fixed some adware but the notices continued. Following that, I installed Advanced SystemCare3 which fixed some registry errors for me but also could not identify the origin of these attacks. Doing a search on Tidserv attacks, it seems that I have a trojan that is attempting to contact a site to relay some sort of information. I have no idea what to do next, so I looked for a place where people who understand computers could help me.

Here I am.

I installed Hijack This and ran a scan/log, which reads thusly:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\V... Read more

A:HTTP Tidserv Request

Hello JohnnyDet and welcome to Tech Support Guy. Iíll be happy to look over your log and help you with your issues. It will be very helpful if you follow these guidelines:
Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please follow my instructions carefully and in the order they are posted.
Any underlined text in my posts indicates a clickable link.
You should print any instructions I give you for ease of use and reference.
If you have any questions at all, please stop and ask before proceeding.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the con... Read more

Read other 1 answers
RELEVANCY SCORE 169.6

Today I started get the follwoing message from my Norton. I googled on it and it aprears to be root kit activity. Not sure how to het rid of it. Any help is appreciated. Thanks in Advance.

This wariing pops up every time open up explorer or switch sites.

Norton Messages ( sample),

An intrusion attempt by 91.216.73.59 was blocked.

Risk Name - HTTP Tidserv Request
Attacking computer: 91.216.73.59, 80
Attacker URL: starts with 91jjak4555j.com
Source address: 91.216.73.59
Traffic Description: TCP, www-http

Thanks
Bala

A:HTTP Tidserv Request

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 169.6

My Norton 360 keeps telling me it has blocked an intrusion and a couple of errant search windows have opened. I believe it comes from a couple of different IP addresses and the application it is targeting changes but are usually in the system directory. I looked thru the preparation guide and posting the following... all help really, really appreciated!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Byron at 14:31:52.24 on Sun 06/27/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.971 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:&... Read more

A:HTTP Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 169.6

Problem: Every time I do a search using google, yahoo, etc. my Norton blocks an intrusion attempt by HTTP Tidserv Request or HTTP Tidserv Request 2. I am also prevented from shutting down/restarting windows. Attempted Fixes: I've run Norton Full system scan in and not in safe mode as well as malwarebytes, they each removed some files, but the infection still remains. I have turned off system restore, run the diskcleanup tool on windows. The scans, using either program (even in safe mode) now come up clean, however, I'm still receiving messages from Norton. DDS Report:DDS (Ver_10-03-17.01) - NTFSx86 Run by Jason at 2:07:22.53 on Sun 05/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2497 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:�... Read more

A:HTTP Tidserv Request

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 16 answers
RELEVANCY SCORE 169.6

Hello,The computer that I'm trying to fix had a number of infections that I believe I have removed with Norton, Malwarebytes, Windows Live and ComboFix.But I am still seeing Norton 360 regularly alert me that it has blocked HTTP Tidserv Request and HTTPS Tidserv Request. It appears to happen everytime I do a Google search in Firefox and click a link and other times as well but I don't know what triggers it. While Norton says no further action is needed, I'm wondering what it means that I'm getting these? And is there action that I should take?Here's the ComboFix log.Thanks,CometfurComboFix 10-06-03.01 - Dad 06/04/2010 13:23:50.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.1122 [GMT -7:00]Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exeAV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\The Peach\Application Data\Microsoft\Internet Explorer\lleod150c:\documents and settings\The Peach\Application Data\Microsoft\Internet Explorer\wmharun.logc:\windows\Downloaded Program Files\Install.infc:\windows\system32\_000008_.tmp.dllc:\windows\syst... Read more

A:HTTP Tidserv Request

Hi cometfur,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Your computer is infected. If the issue is not resolved please update me on the current condition of your computer. Also do the following:Please go to start => Run => Copy and paste the bold line in the run-box and click OK: "C:\Qoobox\Add-Remove Programs.txt"A text file opens up, copy and paste the content to your reply.

Read other 3 answers