Over 1 million tech questions and answers.

HTTP Tidserv Requests

Q: HTTP Tidserv Requests

Lately I have been receiving frequent notices from my Norton 360 that "an intrusion attempt" has been blocked. The details provided state that it is a HTTP Tidserv Request following the path:

\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

I am running Windows Vista and Norton 360. After a Norton scan failed to turn up anything, I tried to use Malwarebyte's anti-malware, but that too failed to find anything.

Every time I try to use Google Chrome instead of Internet Explorer, Google Chrome doesn't respond. The frequent notices are annoying and Internet Explorer keeps going into offline mode.

Help would be greatly appreciated, I tried to do the scans requested by the forum, tell me if i've done anything wrong. Thank you in advance.

PS: some of the intusion attempts are HTTP Tidserv Requests 2 following the path:

\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:27, on 13/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\MCUI32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Users\Reverent Kafka\Desktop\8t9bgo3d.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0109&m=aspire_5735" target="_blank" class="wLink">http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0109&m=aspire_5735
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0109&m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Reverent Kafka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.632.0\ClickPotatoLiteSABHO.dll (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC6B539-A974-4090-A6F1-A23CF4D6801E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DC6B539-A974-4090-A6F1-A23CF4D6801E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\System32\irmon.dll,-2000 (Irmon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Tether - Unknown owner - D:\Program Files\Tether\TBService.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
--
End of file - 26596 bytes

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Reverent Kafka at 19:16:01.68 on 13/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.44.1036.18.3000.1246 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DllHost.exe
D:\Program Files\Tether\TBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\WSCStub.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Reverent Kafka\Desktop\8t9bgo3d.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Reverent Kafka\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0109&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0109&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\reverent kafka\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\revere~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.632.0\ClickPotatoLiteSABHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {5DC6B539-A974-4090-A6F1-A23CF4D6801E} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-6-23 77004]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-1-28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-1-28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-1-28 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110311.001\IDSvix86.sys [2011-3-12 353912]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-5-26 61424]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-5-13 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-13 234888]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-7-20 20376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-5-26 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-26 24576]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-19 47640]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-3-25 3622912]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-5-26 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 Tether;Tether;d:\program files\tether\TBService.exe [2011-3-12 52664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-11 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-1-28 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-1 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;c:\windows\system32\drivers\BCD2000.SYS [2010-11-8 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;c:\windows\system32\drivers\BCD2000WDM.SYS [2010-11-8 21632]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2009-12-31 92672]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-30 30192]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2009-12-31 137728]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\drivers\HDJMidi.sys [2009-12-31 98304]
S3 kx1avs;kx1avs;c:\windows\system32\drivers\kx1avs.sys [2009-12-7 35408]
S3 kx1usb;kx1usb;c:\windows\system32\drivers\kx1usb.sys [2009-12-7 276432]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2006-11-2 1083520]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2011-3-12 45608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-13 18:10:48 388096 ----a-r- c:\users\revere~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-13 18:10:47 -------- d-----w- c:\program files\Trend Micro
2011-03-13 17:07:10 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-13 17:07:02 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78273421-855d-465e-8991-f4756bf79c16}\mpengine.dll
2011-03-13 17:06:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-12 22:50:20 -------- d-----w- c:\users\revere~1\appdata\roaming\Tether
2011-03-12 22:48:39 45608 ----a-w- c:\windows\system32\drivers\qrkis.sys
2011-03-12 12:02:03 413696 ----a-r- c:\users\revere~1\appdata\roaming\microsoft\installer\{56d6a131-64cb-4cd2-bdd6-8b7c0b08328f}\BlackBerry.exe
2011-03-09 20:50:46 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 20:50:46 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 20:50:46 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 20:50:46 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 20:50:40 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 20:50:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 15:24:35 -------- d-----w- c:\program files\iPod
2011-03-08 15:02:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-08 15:02:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-08 15:02:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-08 15:02:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-08 15:02:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-08 15:02:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-08 15:02:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-02 21:28:04 -------- d-----w- c:\users\revere~1\appdata\roaming\Spotify
2011-03-02 21:28:04 -------- d-----w- c:\users\revere~1\appdata\local\Spotify
2011-02-24 16:10:18 413696 ----a-r- c:\users\revere~1\appdata\roaming\microsoft\installer\{94a615a8-960e-4b3f-86d6-a7c46030cc9e}\BlackBerry.exe
2011-02-24 15:16:36 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:15:48 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:15:48 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:15:46 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:15:39 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:15:39 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-24 15:15:32 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-24 15:15:32 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-24 15:15:32 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-24 15:15:32 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-24 15:15:32 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-24 15:15:30 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-24 15:14:48 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-24 15:14:29 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-24 15:14:28 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-24 15:14:27 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-24 15:14:27 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-24 15:14:26 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 15:14:25 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-17 22:32:56 -------- d-----w- c:\users\revere~1\appdata\roaming\Autograph
2011-02-17 17:51:10 -------- d-----w- c:\program files\common files\Autograph 3
.
==================== Find3M ====================
.
2011-01-23 02:09:55 256 ----a-w- c:\windows\system32\pool.bin
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD1600BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86704439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8670a7d0]; MOV EAX, [0x8670a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x822BCFEF] -> \Device\Harddisk0\DR0[0x858B2AC8]
3 CLASSPNP[0x82BDD745] -> ntkrnlpa!IofCallDriver[0x822BCFEF] -> [0x868AD478]
\Driver\atapi[0x866F0B78] -> IRP_MJ_CREATE -> 0x86704439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#5&128fa69d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:17:33.75 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Édition Familiale Basique
Boot Device: \Device\HarddiskVolume2
Install Date: 30/01/2009 23:15:22
System Uptime: 13/03/2011 17:31:25 (2 hours ago)
.
Motherboard: Acer | | CathedralPeak
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | U2E1 | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 1.544 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 11.618 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Tether Ethernet Adapter
Device ID: ROOT\ROOT&QRKIS\0000
Manufacturer: Tether
Name: Tether Ethernet Adapter
PNP Device ID: ROOT\ROOT&QRKIS\0000
Service: qrkis
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
AAC Decoder
Acer Arcade Deluxe
Acer Crystal Eye Webcam 2.0.8
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.0 - Français
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autograph 3.20
AutoUpdate
AviSynth 2.5
Battlefield Heroes
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9300 smartphone
BlackBerry Device Software v6.0.0 for the BlackBerry 9300 smartphone
Blender (remove only)
Bonjour
Call of Duty(R) 2
ClickPotato
Connect
Counter-Strike: Source
DATA BECKER Instant Photo Scanner
Design Tools - 2D Design V2 Demo
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EMEA02
eSobi v2
FreeOCR 3.0
GearDrvs
GIMP 2.6.11
Google Chrome
Google Desktop
Google SketchUp 6
Google Talk Plugin
H.264 Decoder
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IB Questionbank Chemistry Standard and Higher Level
IB Questionbank Mathematics Higher and Standard Level
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Junk Mail filter update
kuler
Launch Manager
LightScribe 1.4.142.1
LogMeIn
Magneto Software ICMP ActiveX Control
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Outlook Hotmail Connector 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MIDI Yoke
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MKV Splitter
MobileMe Control Panel
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
Native Instruments Traktor Kontrol X1 Driver
Norton 360
Norton Security Scan
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Octoshape Streaming Services
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Orion
PDF Settings CS4
PhotoNow!
Photoshop Camera Raw
PowerDirector
PPLive 1.9
PunkBuster Services
QuestBrowse 1.0 build 115
QuickFreedom 1.2.0
QuickTime
RealPlayer
Realtek USB 2.0 Card Reader
Sandlot Games Client Services 1.2.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShopperReports
Skype™ 4.1
Spotify
Steam
Suite Shared Configuration CS4
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
Synaptics Pointing Device Driver
Tether 1.4.3.7
TI Connect 1.6
TI NoteFolio Creator
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6d
Virtual DJ - Atomix Productions
VueScan
Vuze
Vuze Toolbar
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
.
==== End Of File ===========================

ark.txt:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-13 20:06:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 8t9bgo3d.exe; Driver: C:\Users\REVERE~1\AppData\Local\Temp\fwxciaoc.sys

---- System - GMER 1.0.15 ----
SSDT 879A29F0 ZwAlertResumeThread
SSDT 87422AA0 ZwAlertThread
SSDT 8733C788 ZwAllocateVirtualMemory
SSDT 86FDE740 ZwAlpcConnectPort
SSDT 879B4C68 ZwAssignProcessToJobObject
SSDT 8733A358 ZwCreateMutant
SSDT 879C6198 ZwCreateSymbolicLinkObject
SSDT 87465D88 ZwCreateThread
SSDT 8797C2F0 ZwDebugActiveProcess
SSDT 8733C8E0 ZwDuplicateObject
SSDT 879EB520 ZwFreeVirtualMemory
SSDT 8733AA10 ZwImpersonateAnonymousToken
SSDT 879EC178 ZwImpersonateThread
SSDT 870E1550 ZwLoadDriver
SSDT 8790A2A8 ZwMapViewOfSection
SSDT 8790A578 ZwOpenEvent
SSDT 879B4B88 ZwOpenProcess
SSDT 87369108 ZwOpenProcessToken
SSDT 879EB6F0 ZwOpenSection
SSDT 87322218 ZwOpenThread
SSDT 8790A828 ZwProtectVirtualMemory
SSDT 872D4D88 ZwResumeThread
SSDT 879C5110 ZwSetContextThread
SSDT 879A2A70 ZwSetInformationProcess
SSDT 879D9800 ZwSetSystemInformation
SSDT 879EB7B0 ZwSuspendProcess
SSDT 8790A020 ZwSuspendThread
SSDT 879ECDF8 ZwTerminateProcess
SSDT 879EBC50 ZwTerminateThread
SSDT 879ECA38 ZwUnmapViewOfSection
SSDT 8790A340 ZwWriteVirtualMemory
SSDT 879C6228 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 350 822B9974 8 Bytes [F0, 29, 9A, 87, A0, 2A, 42, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 822B9988 4 Bytes [88, C7, 33, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 370 822B9994 4 Bytes [40, E7, FD, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 822B99E8 4 Bytes [68, 4C, 9B, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 428 822B9A4C 4 Bytes [58, A3, 33, 87]
.text ...
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xBC9DE41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xBC9DF000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3676] ntdll.dll!NtProtectVirtualMemory 77C685D8 5 Bytes JMP 01F9000A
.text C:\Windows\Explorer.EXE[3676] ntdll.dll!NtWriteVirtualMemory 77C68F18 5 Bytes JMP 01FE000A
.text C:\Windows\Explorer.EXE[3676] ntdll.dll!KiUserExceptionDispatcher 77C69648 5 Bytes JMP 01F4000A
.text C:\Windows\Explorer.EXE[3676] SHELL32.dll!InitNetworkAddressControl + 2939 768F006C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamW 7769BD25 5 Bytes JMP 6B5A076D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamW 776B1FD5 5 Bytes JMP 6B5A06F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxParamA 776D80B2 5 Bytes JMP 6B5A0732 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!DialogBoxIndirectParamA 776D83DD 5 Bytes JMP 6B5A07A8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectA 776ED471 5 Bytes JMP 6B5A06B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectW 776ED56B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxIndirectW 776ED56B 5 Bytes JMP 6B5A066F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExA 776ED5D1 5 Bytes JMP 6B5A0635 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] USER32.dll!MessageBoxExW 776ED5F5 5 Bytes JMP 6B5A05FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3700] ole32.dll!OleLoadFromStream 76619794 5 Bytes JMP 6B5A096A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!LoadLibraryExW 764A30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!LoadLibraryW 764A361F 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!LoadLibraryA 764A9491 6 Bytes JMP 5F310F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!LoadResource 764C8213 6 Bytes JMP 5F250F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!FindResourceW 764C97C7 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!SizeofResource 764C97E5 6 Bytes JMP 5F220F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!GetProcAddress 764CB8B6 6 Bytes JMP 5F280F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!WriteFile 764CC906 6 Bytes JMP 5F460F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] kernel32.dll!CreateFileW 764CCC4E 6 Bytes JMP 5F430F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegCreateKeyExA 775DB5E7 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegSetValueExA 775DB8F1 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegSetValueExA + 4 775DB8F5 2 Bytes [35, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegQueryValueExA 775ED639 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegOpenKeyExW 775FF09D 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] ADVAPI32.dll!RegQueryValueExW 775FF79F 5 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] USER32.dll!DestroyWindow 776A14BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] USER32.dll!DestroyWindow + 4 776A14C0 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] USER32.dll!SetWindowLongW 776A1F35 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] USER32.dll!CreateWindowExW 776A3D67 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] USER32.dll!DispatchMessageW 776B0051 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] WININET.dll!GetUrlCacheEntryInfoExW 778181D3 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] WININET.dll!HttpSendRequestA 77820F35 6 Bytes JMP 5F400F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] WININET.dll!HttpOpenRequestA 778254E6 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5496] WININET.dll!InternetConnect

RELEVANCY SCORE 200
Preferred Solution: HTTP Tidserv Requests

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTTP Tidserv Requests

Help!

Read other 1 answers
RELEVANCY SCORE 92.8

I am running a Windows XP Pro on a Windows Server 2008 network. I am using Symantec Endpoint and Malware bytes for anti-virus/anti-malware protection. The network has a WSUS server pushing Windows updates out. Due to certain software on the computer, I can only use Internet Explorer 7 or Mozilla Firefox for internet browsing.I keep getting warnings from Symantec about HTTP TIDSERV requests. I have tried everything to remove it, but have been unsuccessful. So, I have followed the steps as best as I can. I ran the Defogger, I used DDS to get a log, and tried to run GMER, but GMER and I are having issues running. Please help!Here is my SSD Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by epainter at 8:54:45.81 on Thu 06/03/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2056 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Fil... Read more

A:HTTP TIDSERV requests

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 29 answers
RELEVANCY SCORE 90.8

Hello,

I must admit I ran combofix without guidance as written. My only defense is stress from unemployment, insomnia and a 5 month old.

I was recieving a number of HTTP Tidserv Requests blocks from Norton360; one ever 2 minutes or so. I googled it and found a tool and decided to try it without thuroughly eploring/researching. I am glad to report that I am no longer recieving these "computer threats;" however, Google will no longer load.

I appologize for my hastiness and would sincerely appreciate any assistance offered to me.

Sincerely,

Jon O.

A:Rapid Multiple HTTP Tidserv Requests

Hello again,

MY issue with google not loading properly has seemed to resolve itself. However, I would like to continue this adventure so to assure I do not miss any loose ends.

Thanks very much,

Jon

Read other 2 answers
RELEVANCY SCORE 90.8

Yesterday I was surfing the net when all of a sudden my Norton starts going crazy. It says that it quarantined or remove six high risk files. I thought that was the end of it and then I kept seeing a warning pop up that said: A recent attempt to attack your computer was blocked. I looked into it and I see this msg: Netword traffic from c36996639.cn/(insert a ton of random letters here) Matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE. So I closed my Google Chrome Browser and restarted my computer. Now Google Chrome is stuck at the loading screen and will not show any webpages. My IE8 works ok, however whenever I search for something, that message pops up from my Norton. If I open IE8 It pops up from my norton. If im working on my computer without a browser open then another message comes up on my Norton with the Risk Identified as HTTPS Tidserv Request 2 and that problem says its coming from my SVCHOST.EXE. I seem to be having problems with Java and Adobe Reader now. Thanks for the help. DDS (Ver_10-03-17.01) - NTFSx86 Run by Alex at 5:22:38.47 on Wed 04/21/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1404 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC: ... Read more

A:Infected with- HTTPS and HTTP Tidserv Requests

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 17 answers
RELEVANCY SCORE 85.2

My apologies in advance if I'm in the wrong place but I came across this site and am desperate for help. I'm not that great when it comes to tech issues but I've tried to do some of the things I've read here and I'm still in big trouble. Here's the story:

Yesterday I see a message from my Symantec saying that they found something. I've seen that before and usually run a scan with Symantec and then run Malwarebytes anti-malware and things get cleaned up. But not this time. Both programs found some stuff and cleaned it out but I'm having crazy problems now. First, if I try to turn my computer on normally, when it loads up windows i get a light blue screen and cursor and that's it. So I'm forced to reboot and get a screen offering me the option of safe mode, safe mode with network, log in under last stable time, and a few other options. I tried getting in to the safe mode but my username and password aren't accepted so I can't get in there. When I choose to log in using the last time things were stable I get in and all looks okay. For 2 seconds. Then I get found new hardware message popping up. I can't get rid of them unless I go into my system and disable or uninstall the hardware with question marks (there are like 20 of them listed, which weren't there before). And no matter what I do the new hardware message comes back the next time I reboot. I also get messages popping up from Symantec saying that I have an HTTP Tidse... Read more

Read other answers
RELEVANCY SCORE 73.2

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 72

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 72

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 67.6

Hello, i would appreciate it very much if i could get some assistance with my problem.About 2 weeks ago my norton internet security started to throw up the alert that it blocked http tidserv request.Then the alerts became more frequent, and my google search results started being redirected elsewhere.As per the instructions, i have included the DDS and GMER logs below.thanks.===============================DDS (Ver_10-03-17.01) - NTFSx86 Run by Bouncer at 21:16:05.46 on Mon 05/31/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1204 [GMT -6:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\WI... Read more

A:How can i remove http tidserv request - tidserv trojan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen pro... Read more

Read other 12 answers
RELEVANCY SCORE 67.2

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 67.2

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 66.4

Hello. I would like your help to remove a Backdoor Trojan. On May 25,2010 I started receiving attempted intrusion attack notifications from Norton 360. These notifications can occur at random times. However, the notifications always occur when I execute an internet search from Google, Norton or Bing. I have contacted Symantec technical support and was told that my computer was not infected. However, after researching on the web, I see that many other users are having the same issue. Also, Symantec notifications indicate that it is a serious threat. NOTE: Recently I sent a web page using IE to my wife's email, and now she is having the same issue. She has Norton antivirus supplied by Comcast on her laptop. I suspect I may have infected her laptop. Norton history logs indicate that Norton is blocking the following intrusion attacks:- identified by Norton 360 as "HTTP Tidserv Request" from url 7gafd33ja90a.com at ip addresses 85.12.46.155, 85.12.46.159 and url j00k877x.cc at ip address 192.212.226.130 - identified by Norton 360 as "HTTP Tidserv Request 2" from ip addresses 91.212.226.67 and 202.157.171.207.NOTES: - I have Norton 360 Firewall. Do I still need to activate the MS Windows Firewall as stated in the Preparation Guide? - Cannot run GMER logs. Each time I try after approximateloy 35 minutes of scanning system reboots.DDS logsDDS (Ver_10-03-17.01) - NTFSx86 Run by John Wild at 22:42:15.80 on Wed 06/09/2010Internet Expl... Read more

A:HTTP Tidserv Request & Tidserv 2 attacks

Hi JOHNCWILD1,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum.If the issue is not resolved please update me on the current condition of your computer and post the following log.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.1 -n 1 -w 1000 >nulstart mbr.logGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: dirlook.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate look.bat on the desktop. It should look like this: Double-click to run it.A notepad opens, copy and paste the content (log.txt) to your reply.

Read other 13 answers
RELEVANCY SCORE 65.6

Dear BC staff,Here's what happened so far: on Friday 13th 2010 (coincidence?) at exactly 6pm, Norton Internet Security 2010 (NIS) started to report connection requests and occurrences of several instances of "Downloader Harnig!gen1". Shortly afterwards I received numerous connection requests of the type "Tidserv", and since my research has indicated that this is a serious malware infection, I'd like to ask for your help.I've prepared this post to the best of my ability, but the first run of GMER took over 12 hrs and ended in an automatic reboot, I also lost my wireless connection during the scan. The attached log is the second scan, which went flawlessly.In the meantime, I continue to get warnings by NIS that various servers try to connect to my machine every few minutes.EDIT: My main HDD (C:) has also vanished from the disk management snap in in the Windows MMC. I can see it still in "My Computer", however...Any help would be very much appreciated,BenjiHere's the DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Benji at 22:17:35.61 on Sat 14.08.2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.770 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\... Read more

A:"Tidserv" connection requests reported by NIS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 64

I picked up the Security Essentials 2010 bug a week ago. I was able to delete it and reset all the changes it made to my system (wallpaper, task manager, etc.); but since then, Symentec Endpoint Protection has been blocking a lot of Tidserv requests and occasionally I am redirected when using Google. Another problem is that IE will start on its own once or twice a day. I have run MalWareBytes and rKill to no avail. Any help would be appreciated.PS:Windows XP ProfessionalVersion 2002 - Service Pack 3Symantec Endpoint Protection I am able to run DDS, but GMER blue screens and reboots my computer Therefore, I do not have the Ark.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by MMcGregor at 11:38:44.56 on Wed 05/19/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1276 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec AntiVirus\Smc.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exeC:\WINDOWS\S... Read more

A:Security Essentials 2010; Tidserv requests; IE redirects

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 12 answers
RELEVANCY SCORE 64

I picked up the Security Essentials 2010 bug a week ago. I was able to delete it and reset all the changes it made to my system (wallpaper, task manager, etc.); but since then, Symentec Endpoint Protection has been blocking a lot of Tidserv requests and occasionally I am redirected when using Google. Another problem is that IE will start on its own once or twice a day. I have run MalWareBytes and rKill to no avail. Any help would be appreciated.

PS:
Windows XP Professional
Version 2002 - Service Pack 3

Symantec Endpoint Protection

A:Security Essentials 2010; Tidserv requests; IE redirects

Hello and welcome. We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 2 answers
RELEVANCY SCORE 64

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 64

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 64

Hello. I was brought here through google search, when looking up information on a problem I am having which seems to be affecting people other than me as of late. I am running a Vaio Laptop on Vista Business, and I have been infected since last night with a stealth rootkit (?) which my antivirus software can't completely remove. I am receiving (blocked) HTTPS attacks from various IP's every 10-20 minutes, as informed by Norton Antivirus. HTTPS TidServ 2 affects SVCHOST.exe, and HTTP TidServ affects Firefox.exe. HTTP TidServ seems to respond when I open up Firefox, and whenever I start it up, Firefox usually informs me that it is restoring data from a crash (even though I shut it down legit on last use). Firefox is currently 3.6.3. Prior to this I did not have the most recent version of Java (Release 17), but since this problem, I have updated it to Release 20. Norton has removed several Trojans and a Downloader from the Java cache files, but I am still getting attacks, and Norton, Malwarebytes, and SuperAntiSpyware don't seem to be picking up on whatever program is sending out signals to my attackers. You guys have helped others with problems extremely similar to mine, so please look at my logs, and tell me what actions I can take to remove this nasty bug in my system. Any advice on how to deal with it would be much appreciated. Thank you.(Note that for my privacy, I have omitted references to my real name, but otherwise, everything in the logs is accu... Read more

A:HTTPS TidServ 2 / HTTP TidServ

Hi Aria, and welcome to Bleeping Computer. * Download the file TDSSKiller.zip and extract it into a folder on the infected PC. * Execute the file TDSSKiller.exe by double-clicking on it. * Wait for the scan and disinfection process to be over. * When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.

Read other 2 answers
RELEVANCY SCORE 62.8

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit."An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE""An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE""An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"etc..Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Trice at 9:02:51.75 on Tue 05/25/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Lexmark 2600 Series\lxdnmon.exe... Read more

A:Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 11 answers
RELEVANCY SCORE 62.8

I viewed the Preparation Guide thread. I unfortunately have no way of backing up my files so I'm unfortunately all by myself here. I have a tendency to get viruses a lot and it just baffles me that these programs don't really protect you from the serious stuff. I download quite a lot. I only have basic cable at the moment so if it's not on Hulu, I download it. I also download shows for music video making (hobby of mine) and once in a great while, I get something. I use Norton Security Suite. I've heard it's a horrible program. I've only had the computer for a couple days before I got something. And this all started when Norton notified me that Auto-Protect has detected "Trojan.FakeAV!gen35". Risk Category "Heuristic Virus". Norton says it blocked it but I'm guessing it didn't. Surprise surprise. It says the location of the file name is "c:\documents and settings\administrator\local settings\application data\hwtglcvvq\uxmqbtvtssd.exe". I checked that folder but there is nothing there. But this was just the beginning.After that, I got another notification "2933463.0332615147.exe detected by SONAR". It's been Quarantined. Says it was fully removed even though it gives me the option of restoring it. ? After I got a similar notification "8811cf6b.exe detected by SONAR". Same thing. I got these three within minutes of one another on the 20th of... Read more

A:Trojan.FakeAV!gen35, HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 62

I see various HTTPS Tidserv Request 2 and HTTP Tidserv Request attempts being blocked by my Norton 360."Network traffic from zz87jhfda88.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE."Norton 360 doesn't find the trojan, but there are suspicious files found by GMER.This was after going to Wired to read an article and as some banner ads loaded, Norton started finding some other trojans and viruses being downloaded to my system. Even though Java had been upgraded to version 20, I think the older version code was still somewhere in the path, as I saw the Java splash screen on the Java startup. The alerts come more often when using Google or Yahoo search.I'm sure ComboFix will take care of it, but wanted a second opinion first.Thanks for your help.I've attached the attach.txt and ark.txt files and here is the log from DDS.txt.DDS (Ver_10-03-17.01) - NTFSx86 Run by KyleVogt at 12:12:31.37 on Wed 05/19/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1809 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\... Read more

A:Norton 360 Blocking HTTPS Tidserv Request 2 & HTTP Tidserv Request

Hello,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 3 answers
RELEVANCY SCORE 62

Norton 360 has been continually notifying us of intrusion attempts as of late (since about 2 days ago, started almost immediately when Norton's SONAR detected suspicious activity from a file called "fwdd.exe" and quaratined it). Risk names: HTTPS Tidserv Request 2 and HTTP Tidserv Request. We were also redirected when clicking a Google search result (which I believe is a guaranteed sign of malware). Upon looking these symptoms up, we found that they were most likely the result of a rootkit. Any and all help is appreciated to remove this malware, the more explanation of how to get rid of it the better, since this is our first time having to do this. Thank you.Logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by Loozah at 16:05:09.75 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.615 [GMT -7:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Adobe\Photos... Read more

A:HTTPS Tidserv Request 2 and HTTP Tidserv Request Intrusion Attempts

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 12 answers
RELEVANCY SCORE 61.6

At work every bit of internet based traffic goes through our http proxy server. I am having issues getting a telnet connection through the proxy. I have been able to do it with putty, but I want to be able to do it with another client as putty leaves some to be desires for certain things.

Is there a peice of software, like a client or something of that sort that can direct outbound requests of programs like telnet or ftp through the http proxy? the Proxy requires our usernames and passwords so this would have to pass that information to it or work with that somehow. Any suggestions?
 

A:Routing Requests through http proxy

Nope. You need a SOCKS proxy. Your proxy may support it.
 

Read other 1 answers
RELEVANCY SCORE 60.4

My computer was infected with trojan this morning, I ran Symantec Endpoint Protection 11, it deleted couple file.Now I am constantly the following two error messages via Symantec Endpoint Protection address line:-[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.I ran the Symantec Endpoint Protection Full Scan come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance.I have pasted and attached the logs that I believe I need to for you to assist .Please advise if I need to do anything else at this moment to helpThanksBarryDDS (Ver_09-06-26.01) - NTFSx86 Run by clejstiege at 15:28:03.94 on Tue 06/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.411 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exesvchost.exeC:\Program Files... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected, Unable to resolve Infection

hi,Your post is a few days old if you still need help simply reply to my post.

Read other 1 answers
RELEVANCY SCORE 60.4

Problem:A few days ago my computer was attacked. Norton detected and blocked several downloaders and trojans, however I am having lingering issues with something trying to hijack my browser. Norton appears to be detecting and containing the attacks for now, but full scans from both norton and malware bytes have brought up nothing.As requested I have the DDS log, but I was unable to successfully scan with GMER. I tried 4 times, and my computer froze twice, and BSOD twice.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Aaron Smith at 23:42:19.71 on Sat 07/10/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1852 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Belkin\F5D7050v3\Belkinwcui.exeC:\WINDOWS\system32\RUNDLL32.EXEC: ... Read more

A:problem with HTTPS Tidserv Request 2 and HTTP Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 60.4

First of all, thanks in advance to those willing to help.A couple of days ago, I was infected with Antimalware Doctor, and XP Antimalware (I think those were the names). I am pretty sure I took care of those. Meanwhile, every time I use Mozilla Firefox, I have a notification from Norton 360 stating that "A recent attempt to attack your computer was blocked." When I look at it in more detail, Norton tells me the risk name is either HTTP Tidserv Request or HTTPS Tidserv Request 2. In addition to the constant attacks, I am redirected when clicking on google links and random tabs open in Firefox to random websites as well.-If the Risk name is HTTP Tidserv Request the application path is \DEVICE\HARDDISKVOLUME2\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE-If the Risk name is HTTPS Tidserv Request 2 the application path is \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEIn addition to that, Norton 360 has blocked or quarantined the following within the past couple of days:Spyware.KeyloggerTrojan.GenTrojan.FakeAVAntiVirus2010Here is the DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:45:47.12 on Fri 04/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.291 [GMT -6:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}===... Read more

A:HTTP Tidserv Request/HTTPS Tidserv Request 2 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 60

Three days ago I set up a new windows 8.1 laptop for a friend and everything was working properly. Now it is unable to access any web pages using http protocol, although there is no problem with https.

The problem occurs whichever browser is used (though they give different messages), IE says 'this page can't be displayed', firefox says, 'this page isn't redirecting properly' and chrome says 'this web page has a redirect loop'.

I've reset internet options. I've cleared everything I can think of clearing. I've tried with the (windows) firewall turned off. I've tried with the AV (Avast) turned off. I've even tried it in Safe mode with networking and always I get this same effect.

The event viewer shows nothing of interest. No updates seem to have been installed since it originally worked. I've scanned for malware and it's still totally clean.

I get the same effect when trying to access a site by IP address directly.

The network is slightly out of the ordinary in that a wireless access point connects by cable to the main router but even connecting directly to the main router shows the same problem and also no other computers (android tablet and windows 7 computer) show this behavior (though this is the only Windows 8 machine).

I've totally run out of ideas! Why is there a redirect being created in the first place? A simple test I run is to do a google search (that's fine because google is ... Read more

A:Solved: http requests produce a redirect loop

Read other 6 answers
RELEVANCY SCORE 58

I had Symantec Endpoint Protection on my laptop

Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search

[SID: 23615] HTTPS Tidserv Request 2 detected.
[SID: 23621] HTTP Tidserv Request detected.
Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.

Please can reply ASAP.
Thank you in advance

RPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try renaming it. To... Read more

Read other 3 answers
RELEVANCY SCORE 58

I had Symantec Endpoint Protection on my laptopNow I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.Please can reply ASAP.Thank you in advanceRPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

As quietman7 has replied here i've taken the liberty of locking this thread to avoid multiple Helpers working on the same problem.

Read other 1 answers
RELEVANCY SCORE 58

I seem to have been initially infected with a virus that presented as Antispyware Soft. I ran Malwarebytes Anti-Malware 1.46 which removed and deleted avsuit and avsoft Rogue Antivirus Suite and Trojan Fraudpack. Re-Ran Malwarebytes Anti-Malware 1.46 which found no infected areas. I had Symantec Endpoint Protection V10 which did not pick-up any issues. Upgraded to V11.0 and ran a full scan still no issues. Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search (I don not get the error when going to a web address directly from the address line:-[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. I ran the Symantec Endpoint Protection Full Scan & MalwareBytes AntiMalware scan, both come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance. I have pasted and attached the logs that I believe I need to for you to assist . Please advise if I need to do anything else at this moment to help Thanks GrantDDS (Ver_10-03-17.01) - NTFSx86 Run by Grant Beaumont at 16:01:11.40 on Wed 19/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2266 [GMT 10:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-C... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 10 answers
RELEVANCY SCORE 58

I am constantly receiving the following two error messages via Symantec Endpoint Protection:-[SID: 23615] HTTPS Tidserv Request 2 detected. Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe[SID: 23621] HTTP Tidserv Request detected. Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exeI have ran a Symantec Endpoint Protection Full Scan, that results in the scan being Clean. I have also ran a MalwareBytes AntiMalware scan, that also results in the scan being clean. I have the Windows Standard Firewall enabled. I also seem to be getting redirected alot when using IE8.0, especially when searching in Google or Bing.I have included the DDS and Attach Logs, but unfortunately I am unable to attach the ark.txt log as everytime I have tried to run the GMER the scan gets so far before automatically restarting my computer.I look forward to your response and would like to thank you in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by ldcoxon at 10:14:37.43 on 12/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3567.1991 [GMT 1:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\s... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 3 answers
RELEVANCY SCORE 58

Now like a lot of threads I have seen I am also having problems with http tidserv request and https tidserv requests.Norton Anti virus pops up the alerts that the attempts have been blocked, however Nortons didn't find anything when I ran a scan. Neither did spyware doctor or Mbam. I am at a loss and don't want to have to reformat and reinstall. I think I followed the directions completely and attached a file with the dds attach and the gmer logs.

A:http tidserv help

Hello,Your logs didn't attach. Please post them as a reply and I'll merge them to your initial post and then remove my reply so your topic won't get lost.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 58

I have been infected with some malware, and i cannot go online now, as everytime I am online my Norton Internet Security detects and blocks an attempted intrusion. Norton says the threat name is HTTP Tidserv Request, HTTPS Tidserv Request 2 followed by some IP address.Norton has not blocked or quarantined anything that i know of following several scans. I have turned of my wireless and have not connected for some days now. Any help in resolving this issue would be much appreciated!I have attached the DDS and GMER Logs as stated. Thank you very much DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kavinraj1 at 13:27:47.76 on Tue 06/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.494 [GMT 1:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\sys... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.One or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain ... Read more

Read other 6 answers
RELEVANCY SCORE 58

Please help me remove this virus. I've done the suggested preparation steps, but GMER is still not done scanning. It's been going for 18 hours! Is that normal? I'll post what I have so far.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 16:53:59.31 on Mon 05/24/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1392 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explor... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hi kingwanabee,Welcome to BC Malware Removal (VTSMR) forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. You may stop GMER from running if it is still running.Please download Malwarebytes' Anti-Malware from one of these locations:malwarebytes.orgmajorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows direc... Read more

Read other 14 answers
RELEVANCY SCORE 58

Hello! I have been receiving alerts from my Norton 360 very often whenever I am online about Intrusion attempts blocked, it says:An intrusion attempt by 873hgf7xx60.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXEThanks for everything- You guys are the bleep. Here is the DDS scan:DDS (Ver_10-03-17.01) - NTFSx86 Run by Geoff at 14:11:30.07 on Wed 04/14/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2341 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:&#... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 58

Hi, Firstly thank you for all this stuff you do to help us out. I have used (read) this board to resolve PC issues very successfully in the past. BUT today I seam to have a really problem - Norton AV is reporting "Risk Name: HTTP Tidserv request 2" and "Risk Name: HTTP Tidserv request". Obviously I need to get this thing out.I've followed the thread Might have a TDL3 virus discussing how to resolve this and followed the listed actions.Quick note of what I did 1 - Recovery is already running 2 - Ran OTL (per instructions in above thread) - I've attached the log3 - Ran Defogger4 - Ran ComboFix (renamed to brc0488CF.exe) - realised after I hadn't turn off Norton - I've attached the 1st log "brc0488cf 1st run"5 - Disconnected from the network & Turned Off Norton Virus and Firewall.6 - Ran ComboFix again - attached is the 2nd log "brc0488cf 2nd run"7 - Enabled Norton Agian, connected to network8 - Tried to restart Firefox and got a message that a registry item maked for deletion was attempted to be modified? Firefox did not start.9 - rebooted the computer.10 - restarted firefox (was slow in coming up)11 - Still getting warnings from Norton This is obviously a tough one... Please HelpI'm willing to reformat etc, but only if its the "final solution"Many thanksRobertEDIT - I can't see the files I uploaded? Will try again..Oh I see how it works now
 OTL.Txt   84.23KB
  6 downloads
 Extras.Txt   31.74KB
  3 downloads
 br... Read more

A:HTTP Tidserv request & Tidserv request 2 infection

Hello and welcome to Bleeping ComputerPlease refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs... Read more

Read other 16 answers
RELEVANCY SCORE 58

HiI downloaded a zipped file and mistakenly clicked on an exe file, at that time my NIS 2010's antivirus was disabled but intrusion prevention (firewall) was on. The intrusion prevention started giving warnings and by the time I enabled my antivirus it was too late. Now NIS keeps on giving me warnings about preventing a possible attack but is not able to remove the source. Please find attached my recent NIS history. The errors are under "Category: Intrusion Prevention"I Also ran combofix because somebody else had done in the symantec forum and his problems were solved. I did not use the recovery console option. After the scan the problem is still there.Please find attached the combofix log also.Also find attached DDS and GMER logsApart from that nothing funny has occurred so far. One other thing, but very old that whenever I change anything in msconfig I get a warning saying I do not have admin permission though I am the only user and have the said privileges. The settings are saved when I restart.

A:HTTP Tidserv Request & HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 57.6

Hi, I'm running Windows XP, Norton Internet Security 2010, and a Linksys router. The past three days I've been getting notices from Norton "A recent attempt to attack your computer was blocked". In the Norton history log the Risk name is: HTTP Tidserv Request. I'm not sure what to do next. Norton scans don't find anything. The attacks occur several per hour. I'm now keeping the computer disconnected from the internet until resolved. Please advise. Thanks, Jim

A:HTTP Tidserv Request

Hello, Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download li... Read more

Read other 25 answers
RELEVANCY SCORE 57.6

I've been getting alerts about this from Norton the past day or two after I downloaded a torrent. I've run Spybot and Malwarebytes but the problem keeps happening.DDS (Ver_10-03-17.01) - NTFSx86 Run by Alan at 11:16:25.15 on Tue 04/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1110 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:&... Read more

A:HTTP Tidserv Request

Hello ttiwguitar Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can... Read more

Read other 26 answers
RELEVANCY SCORE 57.6

Well for some days now i get a notification from norton that an attempt on my computer has been blocked (or something along those lines). I have done a full scan and nothing comes up.

So can someone help me remove this malware :S

A:HTTP Tidserv Request

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 57.6

Hello everyone this is my first thread and I'm in need of some help! I keep getting a pop up from my (expired) Norton Antivirus which reads something like: A recent attack on your computer was blocked. When I click it, it gives me the Http Tidserv Request as the culprit. I've run Mbam and nothing shows up. I ran Spybot which revealed a myriad of results, one of them being Virtumonde. Anyhow; I was wondering if anyone could help or give me some direction as to where to go. *sigh* this is what I get for letting my 14 year old cousin use my computer

A:Http Tidserv Request

Hello ,Let's see if we can clean this up and then we'll get you an Antivirus'Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your deskt... Read more

Read other 13 answers
RELEVANCY SCORE 57.6

(I apologise in advance if this is not submitted in the appropriate place.)

I'm using Norton Antivirus 2010 (Windows XP HE SP3) and am receiving notifications that several "intrusion attempts" at mostly random intervals (but always when cycling between web pages).

Norton and MBAM both reported a number of trojans/registry infections which were all subsequently deleted on reboot.

I've now done 3 scans with both MBAM and Norton which are all returning no results but I'm still receiving these "attack" notifications and am wondering what to do.

Many thanks for reading and I hope to hear from you soon.

A:HTTP Tidserv Request

Hello and welcome.Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 4 answers
RELEVANCY SCORE 57.6

My Norton 360 keeps telling me it has blocked an intrusion and a couple of errant search windows have opened. I believe it comes from a couple of different IP addresses and the application it is targeting changes but are usually in the system directory. I looked thru the preparation guide and posting the following... all help really, really appreciated!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Byron at 14:31:52.24 on Sun 06/27/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.971 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:&... Read more

A:HTTP Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 57.6

Hello, norton started two days ago with a pop up telling me that an intrusion attempt was made but blocked. it keeps coming up. the risk name is HTTP tidserv request. please help. thank youEDIT: Moved from Malware Removal Logs to Am I Infected ~ Hamluis.

A:http tidserv request

Hello and welcome.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 3 answers
RELEVANCY SCORE 57.6

Problem: Every time I do a search using google, yahoo, etc. my Norton blocks an intrusion attempt by HTTP Tidserv Request or HTTP Tidserv Request 2. I am also prevented from shutting down/restarting windows. Attempted Fixes: I've run Norton Full system scan in and not in safe mode as well as malwarebytes, they each removed some files, but the infection still remains. I have turned off system restore, run the diskcleanup tool on windows. The scans, using either program (even in safe mode) now come up clean, however, I'm still receiving messages from Norton. DDS Report:DDS (Ver_10-03-17.01) - NTFSx86 Run by Jason at 2:07:22.53 on Sun 05/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2497 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:�... Read more

A:HTTP Tidserv Request

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 16 answers
RELEVANCY SCORE 57.6

Hello!I've been getting numerous intrusion attempts on my machine that Norton Internet Security indicates are HTTP Tidserv Request 2 attacks. At some times they occur regularly at 5-10 minute intervals. I ran a full virus scan using Norton and then a spyware scan using Malwarebytes, both of which found infections and removed them. I have attached the Malwarebytes log as I removed/quarantined these files from the computer before running the requested scripts; if you want to see the Norton logs please let me know.I ran DDS as requested and the log is pasted below. However, I attempted to run GMER twice and my computer crashed to a BSOD both times. I just caught the tail end of the first BSOD, it mentioned something about a paging file. The second BSOD was generic and said Windows was being shut down to prevent against a serious error, something along those lines. I've attached screenshots of the two error report windows I got upon restarting after each BSOD for your reference (error1.jpg and error2.jpg respectively).I will note for some reason after the first BSOD incident my machine was running extraordinarily slow; Task Manager indicated two copies of ccSvcHst.exe, which I gather is associated with Norton, was taking up almost all of the CPU resources. I could not even get GMER to load all the way. Not sure if that's significant or not. I tried to restart at this point, but my machine hung up and I had to hard reboot; I did not have a problem after reboot unti... Read more

A:HTTP Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

Read other 15 answers