Over 1 million tech questions and answers.

[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

Q: [SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

I am constantly receiving the following two error messages via Symantec Endpoint Protection:-[SID: 23615] HTTPS Tidserv Request 2 detected. Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe[SID: 23621] HTTP Tidserv Request detected. Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exeI have ran a Symantec Endpoint Protection Full Scan, that results in the scan being Clean. I have also ran a MalwareBytes AntiMalware scan, that also results in the scan being clean. I have the Windows Standard Firewall enabled. I also seem to be getting redirected alot when using IE8.0, especially when searching in Google or Bing.I have included the DDS and Attach Logs, but unfortunately I am unable to attach the ark.txt log as everytime I have tried to run the GMER the scan gets so far before automatically restarting my computer.I look forward to your response and would like to thank you in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by ldcoxon at 10:14:37.43 on 12/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3567.1991 [GMT 1:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Program Files\LANDesk\Shared Files\residentagent.exeC:\Program Files\Olympus\DeviceDetector\DM1Service.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\LANDesk\LDClient\LocalSch.EXEC:\WINDOWS\system32\cba\pds.exeC:\Program Files\LANDesk\LDClient\tmcsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Kontiki\KService.exeC:\Program Files\LANDesk\LDClient\policy.client.invoker.exeC:\PROGRA~1\LANDesk\LDClient\collector.exeC:\Program Files\LANDesk\LDClient\amtmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\LANDesk\LDClient\softmon.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\system32\ams_ii\hndlrsvc.exeC:\WINDOWS\system32\MsgSys.EXEC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Kontiki\KHost.exeC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\CyberLink\PCM4Everio\EverioService.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exeC:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\Alcatel_PIMphony\aocphone.exeC:\Program Files\Wallpapers from MSN\Wallpaper_tray.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Common Files\Teleca Shared\logger.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exeC:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exeC:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Windows Live\Mail\wlmail.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\ldcoxon.BRAYBRAY\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Settings,ProxyServer = 192.168.242.8:8080uInternet Settings,ProxyOverride = <local>;*.localBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No FileTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\ldcoxon.braybray\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [kdx] c:\program files\kontiki\KHost.exe -alluRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hiddenuRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytraymRun: [IgfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /traymRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [4oD] "c:\program files\kontiki\KHost.exe" -allmRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exemRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /hmRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXEmRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"mRun: [kdx] "c:\program files\kontiki\KHost.exe" -allmRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptionsmRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startupmRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststartmRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXEdRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\ldcoxo~1.bra\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exeStartupFolder: c:\docume~1\ldcoxo~1.bra\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\docume~1\ldcoxo~1.bra\startm~1\programs\startup\pimphony.lnk - c:\program files\alcatel_pimphony\aocphone.exeStartupFolder: c:\docume~1\ldcoxo~1.bra\startm~1\programs\startup\wallpa~1.lnk - c:\docume~1\ldcoxo~1.bra\applic~1\microsoft\installer\{fe5116bb-e6ec-4a90-a9be-0ea9694a387c}\_9E0F0F06357E3387336FE9.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector\DirectrecConfig.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeuPolicies-explorer: DisallowRun = 1 (0x1)mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)mPolicies-system: EnableLUA = 0 (0x0)IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: ricoh.co.uk\eserviceDPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100223143429DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226658979804DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://www-ks:9090/clientpkg/jre-6u14-windows-i586.exeDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://maxspielmann.uk.photo-online.com/public/java/Aurigma/ImageUploader4.cabTCP: {A0874D76-07A8-4B06-9BCF-8862016D7732} = 192.168.242.8Notify: igfxcui - igfxdev.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"============= SERVICES / DRIVERS ===============R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-11-29 155648]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-23 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-23 108392]R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2009-1-9 118784]R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2009-1-9 983040]R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2009-1-9 331776]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-23 2477304]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-9-8 36608]R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2009-1-9 11904]R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2009-1-9 3328]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-22 38224]R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2009-1-9 3712]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100411.019\NAVENG.SYS [2010-4-12 84912]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100411.019\NAVEX15.SYS [2010-4-12 1324720]S3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-11-22 14639]S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2009-6-16 22988]S3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-6-16 10193]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [2008-5-19 23888]S3 DSSUSB1;DSSUSB1 Device;c:\windows\system32\drivers\dssusb1.sys [2010-1-18 39071]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-7 24576]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-4-9 137344]S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]=============== Created Last 30 ================2010-04-12 09:03:48 0 ----a-w- c:\documents and settings\ldcoxon.braybray\defogger_reenable2010-04-09 13:23:48 0 ----a-w- c:\windows\DbgOut.INI2010-04-09 10:04:12 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys2010-04-09 10:04:12 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys2010-04-09 10:04:10 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys2010-04-09 10:04:10 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys2010-04-09 10:03:47 8192 ----a-w- c:\windows\system32\drivers\changer.sys2010-04-09 10:03:47 8192 ----a-w- c:\windows\system32\dllcache\changer.sys2010-04-09 09:26:46 0 d-----w- c:\windows\Globalization2010-04-09 09:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaMusic2010-04-09 09:25:13 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys2010-04-09 09:25:13 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys2010-04-09 09:25:13 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys2010-04-09 09:25:12 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll2010-04-09 09:25:12 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys2010-04-09 09:25:12 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys2010-04-09 09:25:12 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll2010-04-07 11:09:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf2010-04-07 10:59:32 0 d-----w- c:\docume~1\ldcoxo~1.bra\applic~1\Teleca2010-04-07 10:59:14 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC2010-04-07 10:59:11 0 d-----w- c:\program files\common files\Teleca Shared2010-04-07 10:59:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca2010-04-07 10:57:52 24576 ----a-w- c:\windows\system32\drivers\androidusb.sys2010-04-07 10:57:48 0 d-----w- c:\program files\Spirent Communications2010-04-07 10:57:43 0 d-----w- c:\program files\HTC2010-04-07 10:57:01 0 d-----w- c:\windows\Downloaded Installations2010-04-06 16:26:05 0 d-----w- c:\program files\iPod2010-04-06 16:26:00 0 d-----w- c:\program files\iTunes2010-04-06 16:26:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-04-06 16:19:45 0 d-----w- c:\program files\Bonjour2010-04-06 15:36:38 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-03-31 09:31:48 864 ----a-w- C:\PlotandPublishLog.CSV2010-03-31 09:28:26 0 d-----w- c:\docume~1\ldcoxo~1.bra\applic~1\Autodesk2010-03-31 09:27:34 462864 ----a-w- c:\windows\system32\d3dx10_37.dll2010-03-31 09:27:34 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll2010-03-31 09:27:33 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll2010-03-31 09:27:19 0 d-----w- c:\windows\Logs2010-03-31 09:24:09 0 d-----w- C:\install2010-03-26 16:27:48 3262 ----a-r- C:\SESM_8BB91D22B3BF4E7EA5AF08B908FDC760.exe2010-03-19 16:25:45 137000 ----a-w- c:\windows\system32\msmapi32.ocx2010-03-19 16:25:44 0 d-----w- c:\program files\Picture Resize2010-03-19 16:25:44 0 d-----w- c:\docume~1\ldcoxo~1.bra\applic~1\Bidgood Svcs2010-03-17 20:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-03-17 20:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts==================== Find3M ====================2010-04-12 05:00:23 5888 ----a-w- c:\windows\system32\drivers\dmload.sys2010-04-12 05:00:23 5888 ----a-w- c:\windows\system32\dllcache\dmload.sys2010-04-06 15:36:22 410984 ----a-w- c:\windows\system32\deploytk.dll2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-18 09:06:12 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-03-18 09:06:12 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-03-18 09:06:12 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-03-18 09:06:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-03-04 13:54:40 206168 ----a-r- c:\windows\fonts\NokiaStandard Multi.TTF2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll2010-02-25 09:24:37 87608 ----a-w- c:\docume~1\ldcoxo~1.bra\applic~1\inst.exe2010-02-25 09:24:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys2010-02-25 09:24:37 47360 ----a-w- c:\docume~1\ldcoxo~1.bra\applic~1\pcouffin.sys2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-17 22:53:13 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe2008-11-13 08:56:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111320081114\index.dat============= FINISH: 10:16:35.51 ===============

RELEVANCY SCORE 200
Preferred Solution: [SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: [SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected.

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

Read other 3 answers
RELEVANCY SCORE 330.8

My computer was infected with trojan this morning, I ran Symantec Endpoint Protection 11, it deleted couple file.Now I am constantly the following two error messages via Symantec Endpoint Protection address line:-[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.I ran the Symantec Endpoint Protection Full Scan come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance.I have pasted and attached the logs that I believe I need to for you to assist .Please advise if I need to do anything else at this moment to helpThanksBarryDDS (Ver_09-06-26.01) - NTFSx86 Run by clejstiege at 15:28:03.94 on Tue 06/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.411 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exesvchost.exeC:\Program Files... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected, Unable to resolve Infection

hi,Your post is a few days old if you still need help simply reply to my post.

Read other 1 answers
RELEVANCY SCORE 317.6

I had Symantec Endpoint Protection on my laptop

Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search

[SID: 23615] HTTPS Tidserv Request 2 detected.
[SID: 23621] HTTP Tidserv Request detected.
Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.

Please can reply ASAP.
Thank you in advance

RPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try renaming it. To... Read more

Read other 3 answers
RELEVANCY SCORE 317.6

I had Symantec Endpoint Protection on my laptopNow I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.Please can you tell is this is virus and if it is please can you help me to remove it from my laptop.Please can reply ASAP.Thank you in advanceRPRathnam

A:[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. PLease Help

As quietman7 has replied here i've taken the liberty of locking this thread to avoid multiple Helpers working on the same problem.

Read other 1 answers
RELEVANCY SCORE 317.6

I seem to have been initially infected with a virus that presented as Antispyware Soft. I ran Malwarebytes Anti-Malware 1.46 which removed and deleted avsuit and avsoft Rogue Antivirus Suite and Trojan Fraudpack. Re-Ran Malwarebytes Anti-Malware 1.46 which found no infected areas. I had Symantec Endpoint Protection V10 which did not pick-up any issues. Upgraded to V11.0 and ran a full scan still no issues. Now I am constantly the following two error messages via Symantec Endpoint Protection - Especially when I do a google/yahoo search (I don not get the error when going to a web address directly from the address line:-[SID: 23615] HTTPS Tidserv Request 2 detected. [SID: 23621] HTTP Tidserv Request detected. I ran the Symantec Endpoint Protection Full Scan & MalwareBytes AntiMalware scan, both come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance. I have pasted and attached the logs that I believe I need to for you to assist . Please advise if I need to do anything else at this moment to help Thanks GrantDDS (Ver_10-03-17.01) - NTFSx86 Run by Grant Beaumont at 16:01:11.40 on Wed 19/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2266 [GMT 10:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-C... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 10 answers
RELEVANCY SCORE 244

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 244

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 236.8

Hello, I was reading a post similar in nature (found here ) but I wanted to post my Malwarebytes log here to see if the steps I need to take are slightly different. CODEMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4354Windows 5.1.2600 Service Pack 3Internet Explorer 6.0.2900.55127/26/2010 4:55:03 PMmbam-log-2010-07-26 (16-55-03).txtScan type: Quick scanObjects scanned: 177319Time elapsed: 11 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 31Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 5Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\winapp.winsafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\winapp.winsafe.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323... Read more

A:SID: 23615 HTTPS Tidserv Request 2 detected

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 45 answers
RELEVANCY SCORE 227.2

Found similar topic ref 317723, and I was hoping I could get some help with my own issue. i went ahead and performed the scans recommended in that topic.

OTL.txt:

OTL logfile created on: 9/17/2010 4:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

Removed mis placed OTL log.

A:SID: 23615 HTTPS Tidserv Request 2 detected, Symantec Endpoint notification message

Heelo, Iwould like you to try something here or we will move to the proper log forum.You are running Norton??Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_ti... Read more

Read other 8 answers
RELEVANCY SCORE 205.2

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 204.4

For about a month I have received Tidserv Request Detected notices from my symantec virus protection. They sporadically pop up throughout the day. Nothing is being detected on my virus scans. Not sure all the damage this causes but at the very least, my webpages are being redirected on many of my internet searches. I've had the I.S Department at my organization look into it and their suggestion was removing toolbars. I have removed a couple toolbars (Ask.com, yahoo, vuze). I haven't removed all at this point because many of them make my day to day work more efficient. I've also used the free versions Malware Bytes, Spyware Search & Destroy, and Ad-aware to remove but no luck. So I'm hoping you can help me with this issue. I have followed your "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help" guidelines. I did have issues with GMER. It instantly took my CPU Usage to 100% and crashed many, many, many times. Honestly, I never got through a complete scan. In my follow up attempts, I tried to scan in sections to see if it would reduce CPU Usage but it did not. I was able to save a log that I believed captured everything before it crashed. I am running Microsoft Windows XP Professional Version 2002, Service Pack 3. DDS (Ver_10-03-17.01) - NTFSx86 Run by jdbyrd at 13:43:31.77 on Tue 08/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.... Read more

A:SID 2365, SID 23621 Tidserv Request Detected Problem

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 19 answers
RELEVANCY SCORE 203.6

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit."An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE""An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE""An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"etc..Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Trice at 9:02:51.75 on Tue 05/25/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Lexmark 2600 Series\lxdnmon.exe... Read more

A:Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 11 answers
RELEVANCY SCORE 203.6

I viewed the Preparation Guide thread. I unfortunately have no way of backing up my files so I'm unfortunately all by myself here. I have a tendency to get viruses a lot and it just baffles me that these programs don't really protect you from the serious stuff. I download quite a lot. I only have basic cable at the moment so if it's not on Hulu, I download it. I also download shows for music video making (hobby of mine) and once in a great while, I get something. I use Norton Security Suite. I've heard it's a horrible program. I've only had the computer for a couple days before I got something. And this all started when Norton notified me that Auto-Protect has detected "Trojan.FakeAV!gen35". Risk Category "Heuristic Virus". Norton says it blocked it but I'm guessing it didn't. Surprise surprise. It says the location of the file name is "c:\documents and settings\administrator\local settings\application data\hwtglcvvq\uxmqbtvtssd.exe". I checked that folder but there is nothing there. But this was just the beginning.After that, I got another notification "2933463.0332615147.exe detected by SONAR". It's been Quarantined. Says it was fully removed even though it gives me the option of restoring it. ? After I got a similar notification "8811cf6b.exe detected by SONAR". Same thing. I got these three within minutes of one another on the 20th of... Read more

A:Trojan.FakeAV!gen35, HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 201.6

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 201.6

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 200

Norton 360 has been continually notifying us of intrusion attempts as of late (since about 2 days ago, started almost immediately when Norton's SONAR detected suspicious activity from a file called "fwdd.exe" and quaratined it). Risk names: HTTPS Tidserv Request 2 and HTTP Tidserv Request. We were also redirected when clicking a Google search result (which I believe is a guaranteed sign of malware). Upon looking these symptoms up, we found that they were most likely the result of a rootkit. Any and all help is appreciated to remove this malware, the more explanation of how to get rid of it the better, since this is our first time having to do this. Thank you.Logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by Loozah at 16:05:09.75 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.615 [GMT -7:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Adobe\Photos... Read more

A:HTTPS Tidserv Request 2 and HTTP Tidserv Request Intrusion Attempts

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 12 answers
RELEVANCY SCORE 200

I see various HTTPS Tidserv Request 2 and HTTP Tidserv Request attempts being blocked by my Norton 360."Network traffic from zz87jhfda88.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE."Norton 360 doesn't find the trojan, but there are suspicious files found by GMER.This was after going to Wired to read an article and as some banner ads loaded, Norton started finding some other trojans and viruses being downloaded to my system. Even though Java had been upgraded to version 20, I think the older version code was still somewhere in the path, as I saw the Java splash screen on the Java startup. The alerts come more often when using Google or Yahoo search.I'm sure ComboFix will take care of it, but wanted a second opinion first.Thanks for your help.I've attached the attach.txt and ark.txt files and here is the log from DDS.txt.DDS (Ver_10-03-17.01) - NTFSx86 Run by KyleVogt at 12:12:31.37 on Wed 05/19/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1809 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\... Read more

A:Norton 360 Blocking HTTPS Tidserv Request 2 & HTTP Tidserv Request

Hello,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 3 answers
RELEVANCY SCORE 195.2

Problem:A few days ago my computer was attacked. Norton detected and blocked several downloaders and trojans, however I am having lingering issues with something trying to hijack my browser. Norton appears to be detecting and containing the attacks for now, but full scans from both norton and malware bytes have brought up nothing.As requested I have the DDS log, but I was unable to successfully scan with GMER. I tried 4 times, and my computer froze twice, and BSOD twice.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Aaron Smith at 23:42:19.71 on Sat 07/10/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1852 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Belkin\F5D7050v3\Belkinwcui.exeC:\WINDOWS\system32\RUNDLL32.EXEC: ... Read more

A:problem with HTTPS Tidserv Request 2 and HTTP Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 195.2

First of all, thanks in advance to those willing to help.A couple of days ago, I was infected with Antimalware Doctor, and XP Antimalware (I think those were the names). I am pretty sure I took care of those. Meanwhile, every time I use Mozilla Firefox, I have a notification from Norton 360 stating that "A recent attempt to attack your computer was blocked." When I look at it in more detail, Norton tells me the risk name is either HTTP Tidserv Request or HTTPS Tidserv Request 2. In addition to the constant attacks, I am redirected when clicking on google links and random tabs open in Firefox to random websites as well.-If the Risk name is HTTP Tidserv Request the application path is \DEVICE\HARDDISKVOLUME2\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE-If the Risk name is HTTPS Tidserv Request 2 the application path is \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEIn addition to that, Norton 360 has blocked or quarantined the following within the past couple of days:Spyware.KeyloggerTrojan.GenTrojan.FakeAVAntiVirus2010Here is the DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:45:47.12 on Fri 04/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.291 [GMT -6:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}===... Read more

A:HTTP Tidserv Request/HTTPS Tidserv Request 2 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 191.2

Hey there. I keep getting stuff like this:[SID: 23615] HTTPS Tidserv Request 2 detected.So just a bit of a background. The fake windows security center somehow became installed on my computer. I managed to resolve that through Malwarebytes, which got rid of vma.exe and a couple other trojans. I currently have windows xp firewall enabled and have received clean complete scans from Norton, Spybot, SuperAntiSpyware, and Malwarebytes (all most updated) so I have no clue what's going on. However, this thing pops up constantly. Moreover, I get redirected to random places while in IE esp. but rarely in firefox. I can't run GMER or it blue screens and crashes my computer. So I got just DDS and HijackThis logs. Thanks in advance:DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 19:10:11.83 on Wed 04/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.798 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============c:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\sy... Read more

A:HTTPS Tidserv Request 2 detected

Here's the complete log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 19:10:11.83 on Wed 04/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.798 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============c:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\PROGRA~1\PHAROS~1&... Read more

Read other 15 answers
RELEVANCY SCORE 188.8

I have Norton Suite and about 2 weeks ago I started get these messages: Below is just a few of them from the norton's log file and the DDS.TXT. I have ran a full scan on the computer and the registry and Norton's didn't find any problems. Looking up these message and reading other post on this site, I see it is a issue I need to resolve.

Thanks
Madlad



NORTON LOG
Date & Time,Risk,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Attacker URL,Category
6/8/2010 4:20 PM,High,An intrusion attempt by zz87jhfda88.com was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"zz87jhfda88.com (91.212.226.59, 443)","MY-P/C (192.168.0.103, 4840)",91.212.226.59 (91.212.226.59),"TCP, https",,
6/8/2010 3:50 PM,High,An intrusion attempt by zz87jhfda88.com was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"zz87jhfda88.com (91.212.226.59, 443)","MY-P/C (192.168.0.103, 4817)",91.212.226.59 (91.212.226.59),"TCP, https",,
6/8/2010 3:20 PM,High,An intrusion attempt by 19js810300z.com was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"19js810300z.com (91.212.226.67, 443)","MY-P/C (192.168.0.103, 4793)",91.212.226.67 (91.212.226.67),"TCP, https",,
6/8/2010 2:36 PM,High,An intrusion attempt by n1mo661s6cx0.com was blocked.,Blocked,No Action Required,HTTP Tidserv Request,"n1mo661s6cx0... Read more

A:HTTPS Tidserv Request : Intrusion Detected

Hello madlad01,

If you still require assistance, I'd like to see a current log. Please run dds.scr again, post a fresh dds.txt and we'll get started.

Read other 1 answers
RELEVANCY SCORE 188.8

Hi, I have Norton Internet Security and MalwareBytes on my laptop. It started on Tues. June 15, my Norton has been popping up alerts with message that says "A recent attack has been blocked." When I click on view details, it gives me the definition that it is a HTTPS Tidserv Request 2, and gives me the attacking computer, destination address, and source address details. This alert comes out every few minutes, so I began to worry. After the alerts came, my laptop seems to be running slower, I can clearly hear the fan running much louder than usual and feel higher heat. After using the laptop for 15 minutes, my laptop froze, I could only move the cursor. I tried doing the ctrl+alt+delete to close the programs but it also did not show up. In the end, I just had to press the power button longer to shut it down. I did a full scan with MalwareBytes and there was nothing found. I also did a full scan with Norton and it also did not find anything. After that, I went ahead and followed the preparation guide for CD Emulation, DDS, and GMER. I attached the Attache.txt file and Ark.txt file with this post and this is the DDS.txt log I got:DDS (Ver_10-03-17.01) - NTFSx86 Run by hp owner at 21:12:46.20 on Tue 06/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.423 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Inter... Read more

A:HTTPS Tidserv Request 2 Detected/ Infected

GreetingsOne or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:... Read more

Read other 22 answers
RELEVANCY SCORE 187.2

HiI downloaded a zipped file and mistakenly clicked on an exe file, at that time my NIS 2010's antivirus was disabled but intrusion prevention (firewall) was on. The intrusion prevention started giving warnings and by the time I enabled my antivirus it was too late. Now NIS keeps on giving me warnings about preventing a possible attack but is not able to remove the source. Please find attached my recent NIS history. The errors are under "Category: Intrusion Prevention"I Also ran combofix because somebody else had done in the symantec forum and his problems were solved. I did not use the recovery console option. After the scan the problem is still there.Please find attached the combofix log also.Also find attached DDS and GMER logsApart from that nothing funny has occurred so far. One other thing, but very old that whenever I change anything in msconfig I get a warning saying I do not have admin permission though I am the only user and have the said privileges. The settings are saved when I restart.

A:HTTP Tidserv Request & HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 187.2

Hello! I have been receiving alerts from my Norton 360 very often whenever I am online about Intrusion attempts blocked, it says:An intrusion attempt by 873hgf7xx60.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXEThanks for everything- You guys are the bleep. Here is the DDS scan:DDS (Ver_10-03-17.01) - NTFSx86 Run by Geoff at 14:11:30.07 on Wed 04/14/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2341 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:&#... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 187.2

Please help me remove this virus. I've done the suggested preparation steps, but GMER is still not done scanning. It's been going for 18 hours! Is that normal? I'll post what I have so far.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 16:53:59.31 on Mon 05/24/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1392 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explor... Read more

A:HTTP Tidserv Request and HTTPS Tidserv Request 2

Hi kingwanabee,Welcome to BC Malware Removal (VTSMR) forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. You may stop GMER from running if it is still running.Please download Malwarebytes' Anti-Malware from one of these locations:malwarebytes.orgmajorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows direc... Read more

Read other 14 answers
RELEVANCY SCORE 187.2

I have been infected with some malware, and i cannot go online now, as everytime I am online my Norton Internet Security detects and blocks an attempted intrusion. Norton says the threat name is HTTP Tidserv Request, HTTPS Tidserv Request 2 followed by some IP address.Norton has not blocked or quarantined anything that i know of following several scans. I have turned of my wireless and have not connected for some days now. Any help in resolving this issue would be much appreciated!I have attached the DDS and GMER Logs as stated. Thank you very much DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kavinraj1 at 13:27:47.76 on Tue 06/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.494 [GMT 1:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\sys... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.One or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain ... Read more

Read other 6 answers
RELEVANCY SCORE 186.8

Hello,Recently when I am on the internet, especially when I try a google search, I get a message from Symantec saying "HTTP Tidserv Request detected".A couple of days ago I was infected with AntiSpyware Soft, a fake spyware removal tool. I removed AntiSpyware Soft by downloading STOPzilla, but since then I have been getting these Tidserv Request notifications.I really appreciate your time and any help you could provide with this. Please find the DDS log below.Thank you for your help,DaveDDS (Ver_10-03-17.01) - NTFSx86 Run by Dave at 12:51:34.79 on Fri 05/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.1726 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system... Read more

A:HTTP Tidserv Request Detected

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

Read other 9 answers
RELEVANCY SCORE 184.8

Hello,Symantec has teen telling me every 10-15 minutes that "HTTPS Tidserv 2 request detected. Traffic is blocked from IP xxxx.xxxx from 10:00am to 10:15am." I'm using Firefox, and sometimes it would open up a new tab to an advertisement web page. I've been able to run DDS and generate 2 logs DDS.txt and attach.txt. However, I couldn't run GMER. It would keep running for 2-3 hours and then freeze. My computer becomes really slow after a while. I've been researching online and understand that this is a TDL3 rookit. However, I don't know how to remove it. Would you please take a look and let me know what I should do?Thank you,HaiDDS (Ver_10-03-17.01) - NTFSx86 Run by Hai at 23:00:23.09 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.157 [GMT -7:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\... Read more

A:Infected with TDL3 rookit/HTTPS Tidserv Request 2 detected

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 43 answers
RELEVANCY SCORE 182.8

Hi,Please someone help me, everytime I search for something online I keep getting this message from Norton: http tidserv request detected. Please help me clean my laptop...I have ran the DDS Tool..DDS (Ver_10-03-17.01) - NTFSx86 Run by sysadmin at 4:18:26.78 on Mon 04/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.595 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour... Read more

A:http tidserv request detected everytime I search

Good evening. Please download and run HAMeb_check.exe and post the contents of the resulting log.

Read other 12 answers
RELEVANCY SCORE 182

Please help. My computer is constantly being attacked (HTTP Tidserv Request & HTTPS Tidserv Request 2). I do not know how to keep this from happening. I've been letting others use my laptop (my first mistake), and about a week ago this all started happening. Needless to say, I'm concerned as I don't know how much damage these attacks can do. My Norton Anti-Virus/Internet Security has been blocking the attacks, but they come constantly from several attacking IP addresses and URLS. Below please find my dds.txt and attached my attach.txt and gmerlog.log as instructed. Thank you in advance for your assistance, and I look forward to hearing from someone.DDS (Ver_10-03-17.01) - NTFSx86 Run by MY NAME at 20:01:23.87 on Wed 08/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.132 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Progra... Read more

A:HTTP Tiderv Request & HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 2 answers
RELEVANCY SCORE 182

Norton Internet Security has been reporting that it blocks an intrusion attempt from a variety of addresses and reports the risk name as either HTTP Tidserv Request or HTTPS Tiderv 2 Request. I get a few unrequested webpages, but the main symptom is the warning messages from Norton. In attempting to fix the problem myself, I learned that I can not boot to Safe Mode because my system hangs at amdagp.sys and returns to the "how would you like your computer to boot" screen. I think this is an unrelated problem, but thought I'd mention it.Thanks! I appreciate your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ann Nymous at 23:19:25.80 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi... Read more

A:http tidserv request and https tidserv2 request

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 16 answers
RELEVANCY SCORE 174.8

Norton 360 indicates I am continually getting intrusion attempts and "firewall activities". Tidserv Request and https Tidserv Request 2. Per instructions, ran dds and gmer, logs follow. Need help, have not previously heard of rootkits. Thanks, in advance! DDS (Ver_10-03-17.01) - NTFSx86 Run by Joe at 21:51:27.15 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Linksys\Linksys Updater\bin\L... Read more

A:infected with rootkit tidserv request and https tidserv request 2

Hi joemck,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 13 answers
RELEVANCY SCORE 172.4

Hi There,I have symantec endpoint protection version 11.0.4202.75 in my PC,A messages popping up continuously when I do Google search and it says SID:23615 HTTP TidServ Request detected.Also there are same sort of other messages popping up which show a certain IP address are blocked with TidServ request 2 detected.Just now,when I was writing this message a message comes up showsIP address 91.188.60.21 blocked with the time .Also,Sometime when I try to open a certain web site(not always) e.g. www.kijiji.com .It does not open any pages and at the left bottom corner google.analytic.com lines show and screen remains blank forever. I am using Mozila Firefox 3.6.8.There were Internet explore windows also opening up itself after a certain interval of time .usually it was after 5-6 mins a web browser window opened up in IE .even I didn't click on Internet explorer.because I usually use Mozilla. --------------------------------------------------------------------------------------------------------------------------------------------Here's my text from DDS file--------------------------------------------------------------------------------------------------------------------------------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by Compugen at 21:56:10.51 on Sun 08/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.492 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enable... Read more

A:[SID : 23621]HTTP TidServe request Detected

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 4 answers
RELEVANCY SCORE 167.2

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 167.2

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 164.4

Hi, Firstly thank you for all this stuff you do to help us out. I have used (read) this board to resolve PC issues very successfully in the past. BUT today I seam to have a really problem - Norton AV is reporting "Risk Name: HTTP Tidserv request 2" and "Risk Name: HTTP Tidserv request". Obviously I need to get this thing out.I've followed the thread Might have a TDL3 virus discussing how to resolve this and followed the listed actions.Quick note of what I did 1 - Recovery is already running 2 - Ran OTL (per instructions in above thread) - I've attached the log3 - Ran Defogger4 - Ran ComboFix (renamed to brc0488CF.exe) - realised after I hadn't turn off Norton - I've attached the 1st log "brc0488cf 1st run"5 - Disconnected from the network & Turned Off Norton Virus and Firewall.6 - Ran ComboFix again - attached is the 2nd log "brc0488cf 2nd run"7 - Enabled Norton Agian, connected to network8 - Tried to restart Firefox and got a message that a registry item maked for deletion was attempted to be modified? Firefox did not start.9 - rebooted the computer.10 - restarted firefox (was slow in coming up)11 - Still getting warnings from Norton This is obviously a tough one... Please HelpI'm willing to reformat etc, but only if its the "final solution"Many thanksRobertEDIT - I can't see the files I uploaded? Will try again..Oh I see how it works now
 OTL.Txt   84.23KB
  6 downloads
 Extras.Txt   31.74KB
  3 downloads
 br... Read more

A:HTTP Tidserv request & Tidserv request 2 infection

Hello and welcome to Bleeping ComputerPlease refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs... Read more

Read other 16 answers
RELEVANCY SCORE 163.2

Howdy, let me first say THANK YOU to this forum, and the folks that post help. I have used this forum in the past to help my neighbors, and the information has been helpful. Unfortunately, it is now apparently my turn, as my wife's computer is infected.The StoryYesterday (4/8), my wife comes in my office claiming that her computer is in trouble. When I get there, I see that she has windows coming and going, and it appears that she is infected with Antimalware Doctor (appreg70700.exe). I also notice that Norton 360 is not currently running, now sure why it had stopped, but thought I'd mention it.What I didAfter finding the application that was causing the problems, I killed it, and installed a recommended program, Malwarebyte's Anti-Malware. It found several issues, and I followed the cleaning process. I also found registry entries for Antimalware Doctor (using regedit), and removed them. Furthermore, I removed it from the start-up entries. Also, I installed and ran SuperAntispyware, but it only found 3 cookies that were problems.Current IssueI then got Norton 360 running again (updated defs, ran a new scan, etc). Norton isn't finding any issues. However, going through the logs, I am finding multiple entries for:QUOTEHIGH - An intrusion attempt by 61.21.20.132 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXENorton Risk Name: HTTPS Tidserv Request 2Other IP that it lists is 112.121.181.26And,... Read more

A:Tidserv Trojan Infection? (HTTPS Tidserv Request 2)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 49 answers
RELEVANCY SCORE 162.4

I have noticed that my Symantec Endpoint antivirus gets upset when I do a google search a balloon pops up (from the symantec tray icon) to tell me that it has blocked traffic that it says is
[SID:23621] tidserv
and sometimes i get a pop up balloon saying
[SID:23615] HTTPS Tidserv request 2 Detected

The logs of the events are below:
6/22/2010 6:19:34 PM Intrusion Prevention Critical Incoming TCP 91.212.226.67 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 1 6/22/2010 6:18:30 PM 6/22/2010 6:18:30 PM

6/22/2010 6:18:07 PM Intrusion Prevention Critical Outgoing TCP 91.212.226.178 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 2 6/22/2010 6:16:43 PM 6/22/2010 6:17:03 PM
I have run a scan with symantec and malwarebytes (free version) and superantispyware (free edition). The first scans produced hits that didn't necessarily match the tidserv issue. I have also run the scans with the computer in safemode. Since then, all three scans come up clean as well as another software that I downloaded named "Exterminate It!" Exterminate it!'s website described files and registry entries i should delete to get rid of any tidserv trojans, but all of the described files and registry entries were not present.

Symantec continued to complain during my web browsing, so I spent a serious amount of time... Read more

A:Tidserv Request detected

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 3 answers
RELEVANCY SCORE 160.4

Hi, I recently got a virus on my computer at work. I clicked on a link in an email that appeared to be from my sister's email address. Turns out she was attacked by a hacker and what I clicked on was this trojan or virus. This was part of that facebook trojan that people we're reporting where you get a message from someone you know telling you to check out this video they found with you in it. Now IE freezes, search engine results sometimes redirect me to other sites, and pop-ups occur frequently. Since this is my work computer, a wipe and reinstall is a last resort. I can login as an adminstrator if I need to (I had to to run DDS and GMER). The email I provided is my personal email so feel free to send me a message anytime. However, the computer is at work so I will only be able to perform the tasks I am asked during normal business hours 8-5 central time Mon thru Fri. I am also having trouble posting the DDS log to this site. It keeps giving me a "No internet connection detected" when I try to post the entire log. That's why you only see a partial one. I also have the same problem when I try to upload the DDS.txt file. DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 8:34:38.62 on Mon 05/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1420 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec End... Read more

A:Tidserv and Tidserv2 Request Detected

Hello crum23 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be ... Read more

Read other 19 answers
RELEVANCY SCORE 160

This keeps popping up on my Norton 360 and I have no idea what to do. Is it a site trying to hack into my computer? I followed a few advices on this site but it keeps popping up...GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-22 21:15:53Windows 6.1.7600 Running: cycsd3fr.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\fwddrfoc.sys---- System - GMER 1.0.15 ----SSDT 869C3048 ZwAlertResumeThreadSSDT 86260048 ZwAlertThreadSSDT 86AD0FC0 ZwAllocateVirtualMemorySSDT 85FAD480 ZwAlpcConnectPortSSDT 86950048 ZwAssignProcessToJobObjectSSDT 86ACC210 ZwCreateMutantSSDT 86ACEBA8 ZwCreateSymbolicLinkObjectSSDT 86ACF398 ... Read more

A:HTTPS TIDSERV REQUEST and TIDSERV REQUEST2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 159.6

Hello, i would appreciate it very much if i could get some assistance with my problem.About 2 weeks ago my norton internet security started to throw up the alert that it blocked http tidserv request.Then the alerts became more frequent, and my google search results started being redirected elsewhere.As per the instructions, i have included the DDS and GMER logs below.thanks.===============================DDS (Ver_10-03-17.01) - NTFSx86 Run by Bouncer at 21:16:05.46 on Mon 05/31/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1204 [GMT -6:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\WI... Read more

A:How can i remove http tidserv request - tidserv trojan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen pro... Read more

Read other 12 answers
RELEVANCY SCORE 156.8

Hello. I would like your help to remove a Backdoor Trojan. On May 25,2010 I started receiving attempted intrusion attack notifications from Norton 360. These notifications can occur at random times. However, the notifications always occur when I execute an internet search from Google, Norton or Bing. I have contacted Symantec technical support and was told that my computer was not infected. However, after researching on the web, I see that many other users are having the same issue. Also, Symantec notifications indicate that it is a serious threat. NOTE: Recently I sent a web page using IE to my wife's email, and now she is having the same issue. She has Norton antivirus supplied by Comcast on her laptop. I suspect I may have infected her laptop. Norton history logs indicate that Norton is blocking the following intrusion attacks:- identified by Norton 360 as "HTTP Tidserv Request" from url 7gafd33ja90a.com at ip addresses 85.12.46.155, 85.12.46.159 and url j00k877x.cc at ip address 192.212.226.130 - identified by Norton 360 as "HTTP Tidserv Request 2" from ip addresses 91.212.226.67 and 202.157.171.207.NOTES: - I have Norton 360 Firewall. Do I still need to activate the MS Windows Firewall as stated in the Preparation Guide? - Cannot run GMER logs. Each time I try after approximateloy 35 minutes of scanning system reboots.DDS logsDDS (Ver_10-03-17.01) - NTFSx86 Run by John Wild at 22:42:15.80 on Wed 06/09/2010Internet Expl... Read more

A:HTTP Tidserv Request & Tidserv 2 attacks

Hi JOHNCWILD1,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum.If the issue is not resolved please update me on the current condition of your computer and post the following log.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.1 -n 1 -w 1000 >nulstart mbr.logGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: dirlook.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate look.bat on the desktop. It should look like this: Double-click to run it.A notepad opens, copy and paste the content (log.txt) to your reply.

Read other 13 answers
RELEVANCY SCORE 156

I believe my computer has become infected with this malware. The symptoms yesterday were continues messages from Norton about blocking various attacks. Trojan Horse was mentioned in one of the entries, also. I attempted to clean these off myself. The steps I took: I noticed I had around 30 tasks in windows scheduler that ran every 15 minutes. I deleted those. According to the event log, windows security center was disabled so I renabled that. I checked the registry files where I was familiar with looking and didn't see anything unusual. Today, the symptoms are redirects in IE 8 to different websites than clicked, about every 30 minutes another block by Norton for HTTPS tidserv request or HTTPS tidserv request 2, I can not make changes in MSCONFIG even though I'm logged in as administrator, and the computer will not boot in safe mode or safe mode with networking.Attaching the attach.txt and ark.log files.From the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Brian at 22:32:26.64 on Sat 04/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.202 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k ne... Read more

A:https tidserv request and request 2 infection

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 20 answers
RELEVANCY SCORE 156

I managed to infect my machine with Antimalware Doctor, and managed to remove it as soon as I had realized what had happened. After getting Norton up and running again, I noticed these new warnings soon after, for HTTPS Tidserv Request / Request 2 intrusion attempts on svchost.exe and chrome.exe. Norton complains of these intrusion attempts every 10 minutes.Attempting to create this post through either Chrome or IE keeps failing. I am creating this post through another machine.Any help in getting rid of this issue would be greatly appreciated! Thanks in advance.DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by karunp at 8:27:18.43 on Sun 07/25/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1226 [GMT -4:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Cobian Backup 10\cbVSCService.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Fil... Read more

A:Help removing HTTPS Tidserv Request / Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 150.8

Hello, I recently got infected with a trojan call the "Antivirus live" or something similar. I removed it by installing Malwarebytes' Anti-Malware.However since then I have been getting a pop up warning from Symantec Endpoint Protection about Tidserv requests. The pop ups have the following message:[SID: 23621] HTTP Tidserv request detectedandTraffic from I.P address xx.xxx.xxx.xx is blocked from (time of traffic) to (current time)[SID: 23615] HTTPS Tidserv request 2 detectedI also have problems with Google searching, as it keep on redirecting me to random webpages, so I assume I have also been infected with the Google redirect trojan.I then ran numerous full system scans by Symantec Endpoint Protection and Malwarebytes' Anti-Malware, but found no infected files.Then last night I got infected with trojans called "security center" and "desktop security 2010", I ran Malwarebytes' Anti-Malware and got rid of them but they keep coming backSo my problem is that I am still infected with the Tidserv request, Tidserv request 2 trojans,Google redirect and constantly being attacked by Desktop Security 2010 and Security Center However my laptop is still functioning so there is no problem accessing the internet or doing work on it.I have followed the preparation guide fully. I turned on my firewall (because the previous trojans attack turned it off).I ran the DDS and gmer scan and have attached the reports below.DDSDDS (Ver_10-03-17.01) - NTFSx86... Read more

A:Infected with Tidserv request, Tidserv request 2 and google redirect

Hi lamba105, and welcome to Bleeping Computer.I suggest you uninstall IOBit's Advanced SystemCare 3 - that company stole Malwarebytes? Intellectual Property ... Your choice...Please run the following scan:Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Post the log from ComboFix when you've accomplished that.

Read other 19 answers
RELEVANCY SCORE 147.2

Hello im a complete computer dunce and really need some help.my norton has been telling me that it keeps blocking traffic or something. its says soemthing like HTTPS tidserve request blocked.While searching google i found this website and am hoping you can help me.I am currently on my moms laptop and have my laptops wireless switched off (friends advice)I have scanned with Norton, AVG, malebytes (or something like that) windows malicous software removal tool.Only AVG came up with anything and this didnt solve the problem.I have run DDS and tried to run GMER but it stops runnign and crashes.here is the DDS report.DDS (Ver_10-03-17.01) - NTFSx86 Run by Currys at 22:32:53.32 on 22/04/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.1790.1103 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32&#... Read more

A:HTTPS Tidserv request

Ok this should be a more simple request. i have decided to wipe everything off there and make it a fresh laptop.I no longer have any of the CDs for this laptop though.Is there a way to reformat and re-install without CDs?Or shall i buy a new install CD?

Read other 3 answers