Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A HTTPS Tidserv Request 2 message keeps popping up.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 22nd, 2010, 8:15 am

Hi Cypher, the Norton scan came up with nothing other than a cookie, which it cleaned up. I'm hoping this is good news :) does this mean I do not have to worry about running GMER with the usual account? Thanks.
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am
Advertisement
Register to Remove

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 22nd, 2010, 11:17 am

Hi BASS in SPACE.
HTTPS Tidserv is a rootkit infection known as TDSS but up to now there is no evidence of it in you're logs so far.
Just to be sure lets run gmer again on you're usual account from the instructions below, run it in safe mode if you have problems in normal mode.



  • Double click the u0vmid37.exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 24th, 2010, 2:54 am

Hi cypher, I cannot run the GMER scan. Each time after about 15 minutes through the scan, the computer will restart itself. I have been doing it in safe mode as well, in the usual account I log in with.
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 24th, 2010, 5:25 am

Hi.
Any more alerts from Norton?
Ok lets try a different scanner.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 25th, 2010, 6:40 pm

Hi cypher, there are no more alerts from Norton. However, I do keep getting this one error message around each time I boot up the computer around the time I started trying to run the GMER scan. It says "Steam.exe (main exception): Bad field - extends past end of blob". Any thoughts? Thanks for your time :) Here's the RKUnHooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF9D6000 C:\WINDOWS\System32\nv4_disp.dll 4530176 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.31 )
0xB93EB000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 3928064 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.31 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xADB2C000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100524.048\NAVEX15.SYS 1343488 bytes (Symantec Corporation, AV Engine)
0xB5F4B000 C:\WINDOWS\system32\drivers\sthda.sys 1130496 bytes (SigmaTel, Inc., NDRC)
0xBA5D3000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5967000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xB5AFD000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5A9F000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB9233000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5CA5000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2D55000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB056F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xB5EF8000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA68A000 SYMEFA.SYS 323584 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB5925000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xB1E5A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5C71000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xB9291000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBA779000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB361C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xBA5A6000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xABF03000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5B6D000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9366000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xB5BBA000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA723000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB5C4B000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB93B2000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5D6D000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA9EDF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB92E9000 C:\WINDOWS\system32\DRIVERS\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB938E000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB932F000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB5B98000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB930D000 C:\WINDOWS\system32\DRIVERS\StudioPro.sys 139264 bytes (e2eSoft, VCam Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA6EB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA749000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5EDA000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB59E2000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xBA58C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBA70B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB58E5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xBA673000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB92D2000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5C36000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xB387F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xADB18000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100524.048\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB9352000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB93D7000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5CFE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBA660000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBA6D9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xBA768000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB92C1000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBAA08000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBAAB8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBAA98000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBAAF8000 C:\WINDOWS\system32\DRIVERS\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBAAC8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4B34000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA9B8000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA988000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA8E8000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBAA88000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBAB08000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBAAD8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA8C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA918000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB97CA000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBAAA8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA8B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBAB18000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA8A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA958000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB983A000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA938000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBAAE8000 C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys 40960 bytes (Eugene V. Muzychenko, Kernel-mode WDM driver)
0xBA8D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA998000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBAA78000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA928000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB97EA000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9CFF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA8F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB97FA000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBAC80000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBABA0000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xBAC88000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xBABD0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBAB68000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBABC8000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBAB28000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBAC90000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xBAB78000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBAB70000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBAB98000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBAC30000 C:\WINDOWS\System32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xBAB40000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBAC70000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBAC78000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBAB30000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBAB88000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBAB90000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBAB80000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBABD8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9D3A000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB3334000 C:\WINDOWS\System32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xBA533000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBACB8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA547000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBAD74000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBAD78000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBAD54000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8607000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBAD84000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBAE02000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBADAC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBAE16000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBADFE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBADA8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBAE04000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBAE28000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBAE06000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBAE08000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBAE10000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBADAA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBAFC7000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBAF5F000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBAFBA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBAEF4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBAE70000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100524.048\vscanmsx.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tagfiles\20100525.018.sst
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tagfiles\20100525.019.sst
!-->[Hidden] C:\Documents and Settings\LSM\Application Data\skypePM\2010-05-26-0.ezlog
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Application Data\Microsoft\Messenger\zhen_hann@hotmail.com\SharingMetadata\veronica226hk@hotmail.com\DFSR\Staging\CS{E5628EC0-AB65-1633-4B03-497FC879E736}\76\49-{3B6A2D7F-AA54-45CF-B0F0-B995FF9526EC}-v576-{FFF9A195-56A3-49C0-9624-C6C12FF26C94}-v49-Downloaded.frx.frx
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Temporary Internet Files\Content.IE5\16EBJI1Z\adConfigCz[1].xml
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Temporary Internet Files\Content.IE5\ER944TO2\adConfigSlv[1].xml
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Temporary Internet Files\Content.IE5\FLVCRTJT\adConfigIn[1].xml
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Temporary Internet Files\Content.IE5\WJ9JXEBA\adConfigDeu[1].xml
!-->[Hidden] C:\Documents and Settings\LSM\Local Settings\Temporary Internet Files\Content.IE5\WJ9JXEBA\updates[1].xml
!-->[Hidden] C:\Hann Boy\music\Anime+games\[Nipponsei]_Tengen_Toppa_Gurren_Lagann_BEST_SOUND\[Nipponsei] Tengen Toppa Gurren Lagann BEST SOUND\CD2\10 - Rap wa Kan no Tamashii da! Onore wo Shinjite Ten wo Yubi Sasu Dotou no Otoko. Kamina-sama no Theme wo Mimi no Ana KappoJ
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D518, Type: Inline - RelativeJump 0x80504518-->805044E6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D550, Type: Inline - RelativeJump 0x80504550-->805044F9 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D5D8, Type: Inline - RelativeJump 0x805045D8-->805045EF [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D61C, Type: Inline - RelativeJump 0x8050461C-->80504681 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D634, Type: Inline - RelativeJump 0x80504634-->80504602 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D690, Type: Inline - RelativeJump 0x80504690-->80504692 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7A4, Type: Inline - RelativeJump 0x805047A4-->805047F8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7C0, Type: Inline - RelativeJump 0x805047C0-->80504824 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D860, Type: Inline - RelativeJump 0x80504860-->805048A7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[2016]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2016]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2016]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2016]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2016]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2016]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2016]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[4872]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 26th, 2010, 5:39 am

Hi.
"Steam.exe (main exception): Bad field - extends past end of blob"

I found This if you wish to try it but as far as i can tell that error is not malware related.
Im still concerned that norton reported HTTPS Tidserv in the first place so lets run one more scan to be sure.
Question... when i asked you to run TDSSKiller did you run it more than once by any chance?



  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.


Disable Norton 360

  • Right-click the Norton 360 icon in the system tray and select Open Tasks and
    Settings Window.

  • On the right side, under Settings, click on Change advanced settings.
  • Next, click on the Virus & Spyware Protection Settings.
  • Uncheck Turn on Auto-Protect and select Apply.
  • You will be asked to select a time for Norton to reactivate.
  • Choose Until I turn it back on.
  • Note: Don't forget to Re-enable it after the fix


Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • ComboFix.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 27th, 2010, 10:40 am

Hi cypher, I only ran TDSSKiller once by leaving it running overnight and then posting the results the next morning. The computer seems to be doing fine, other than sometimes taking a very long time to end non-responsive programs. Thanks for your time again :) Here's the ComboFix log:

ComboFix 10-05-26.03 - LSM 28-May-10 0:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2431 [GMT 10:00]
Running from: c:\documents and settings\LSM\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\jestertb.dll
c:\windows\system32\Vb40032.dll
c:\windows\twain_16.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-22 04:32 . 2010-05-22 04:32 503808 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-251cb5c7-n\msvcp71.dll
2010-05-22 04:32 . 2010-05-22 04:32 61440 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-50b66d6f-n\decora-sse.dll
2010-05-22 04:32 . 2010-05-22 04:32 499712 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-251cb5c7-n\jmc.dll
2010-05-22 04:32 . 2010-05-22 04:32 348160 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-251cb5c7-n\msvcr71.dll
2010-05-22 04:32 . 2010-05-22 04:32 12800 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-50b66d6f-n\decora-d3d.dll
2010-05-20 10:18 . 2010-05-20 10:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-05-20 10:17 . 2010-05-20 10:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-16 03:05 . 2010-05-16 03:05 -------- d-----w- c:\program files\ESET
2010-05-16 02:52 . 2010-05-16 02:52 503808 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63e1b415-n\msvcp71.dll
2010-05-16 02:52 . 2010-05-16 02:52 499712 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63e1b415-n\jmc.dll
2010-05-16 02:52 . 2010-05-16 02:52 348160 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63e1b415-n\msvcr71.dll
2010-05-16 02:52 . 2010-05-16 02:52 61440 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-285ccf73-n\decora-sse.dll
2010-05-16 02:52 . 2010-05-16 02:52 12800 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-285ccf73-n\decora-d3d.dll
2010-05-16 02:52 . 2010-05-16 02:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-15 13:15 . 2010-05-15 13:15 -------- d-----w- C:\_OTM
2010-05-15 13:11 . 2010-05-15 13:12 -------- d-----w- c:\program files\ERUNT
2010-05-15 04:17 . 2010-05-15 04:18 -------- d-----w- C:\rsit
2010-05-15 03:41 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 03:41 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 03:41 . 2010-05-15 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 05:57 . 2010-05-09 05:57 388096 ----a-r- c:\documents and settings\LSM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-09 05:57 . 2010-05-15 13:22 -------- d-----w- c:\program files\Trend Micro
2010-05-07 08:18 . 2010-05-07 08:20 -------- d-----w- c:\documents and settings\LSM\Local Settings\Application Data\nuweraaxy
2010-05-06 11:56 . 2002-08-29 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2010-05-06 11:56 . 2002-08-29 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-05-06 11:56 . 2002-08-29 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2010-05-06 11:56 . 2002-08-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-05-06 11:56 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2010-05-06 11:56 . 2002-08-29 12:00 6144 ----a-w- c:\windows\system32\kbd101a.dll
2010-05-06 11:56 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2010-05-06 02:16 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\LSM\Application Data\Mozilla\Firefox\Profiles\sdj6xcqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-06 02:16 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\LSM\Application Data\Mozilla\Firefox\Profiles\sdj6xcqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-06 02:16 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\LSM\Application Data\Mozilla\Firefox\Profiles\sdj6xcqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-05-06 02:16 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\LSM\Application Data\Mozilla\Firefox\Profiles\sdj6xcqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-01 14:51 . 2001-08-17 03:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2010-05-01 14:51 . 2001-08-17 03:12 11008 ----a-w- c:\windows\system32\drivers\BrUsbMdm.sys
2010-05-01 14:51 . 2001-08-17 03:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2010-05-01 14:51 . 2001-08-17 03:12 10368 ----a-w- c:\windows\system32\drivers\BrUsbScn.sys
2010-05-01 14:51 . 2008-04-13 19:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-01 14:51 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-30 01:44 . 2008-04-14 01:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-30 01:44 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-30 01:44 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-04-30 01:44 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 14:14 . 2007-02-01 01:53 -------- d-----w- c:\documents and settings\LSM\Application Data\Skype
2010-05-27 14:05 . 2009-05-18 13:21 -------- d-----w- c:\documents and settings\LSM\Application Data\skypePM
2010-05-27 07:42 . 2007-02-07 04:37 -------- d-----w- c:\documents and settings\LSM\Application Data\AdobeUM
2010-05-26 23:37 . 2008-12-24 22:34 -------- d-----w- c:\program files\Steam
2010-05-26 23:29 . 2008-07-02 05:30 -------- d-----w- c:\documents and settings\LSM\Application Data\ICQ
2010-05-20 08:18 . 2010-01-19 10:53 -------- d-----w- c:\documents and settings\LSM\Application Data\PC Suite
2010-05-16 02:57 . 2007-02-01 01:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-16 02:53 . 2007-03-02 07:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 02:48 . 2007-03-02 07:12 -------- d-----w- c:\program files\Java
2010-05-15 12:53 . 2007-02-16 06:16 -------- d-----w- c:\program files\ICQToolbar
2010-05-15 03:37 . 2007-10-28 02:41 -------- d-----w- c:\program files\CCleaner
2010-05-10 10:19 . 2007-02-01 02:28 92648 ----a-w- c:\documents and settings\LSM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 15:52 . 2009-11-11 00:32 79488 ----a-w- c:\documents and settings\LSM\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-24 11:55 . 2007-02-01 02:36 -------- d-----w- c:\program files\Winamp
2010-04-24 04:37 . 2010-04-23 10:13 -------- d-----w- c:\program files\Tiger Gaming
2010-04-21 06:17 . 2007-02-01 01:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 06:17 . 2010-04-21 06:17 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-04-21 06:17 . 2010-04-21 06:17 -------- d-----w- c:\documents and settings\LSM\Application Data\FLEXnet
2010-04-21 06:16 . 2010-04-21 06:16 -------- d-----w- c:\program files\Common Files\Wintertree
2010-04-21 06:15 . 2010-04-21 06:15 -------- d-----w- c:\program files\MYOB
2010-04-21 06:15 . 2010-04-21 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-20 15:21 . 2010-04-20 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-04-20 15:18 . 2010-04-20 15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-04-20 15:07 . 2010-01-19 10:48 -------- d-----w- c:\program files\Nokia
2010-04-20 15:04 . 2010-01-20 07:47 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-20 15:01 . 2010-04-20 15:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-20 14:59 . 2010-04-20 14:59 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-20 14:59 . 2010-04-20 14:59 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-20 14:59 . 2010-01-19 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-04-09 01:03 . 2007-12-21 08:22 -------- d-----w- c:\program files\wgens170
2010-03-16 10:14 . 2010-03-16 10:14 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-11 07:17 . 2010-04-20 14:59 64164264 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\NokiaOviSuite2Installer.exe
2010-03-11 07:17 . 2010-02-15 14:13 64164264 ----a-w- c:\documents and settings\LSM\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-19 10:00 . 2009-07-19 09:47 6621696 ----a-w- c:\program files\etax2009_1.msi
2008-02-08 12:45 . 2008-01-29 00:52 17 ----a-w- c:\program files\streampeer.cfg
2007-04-04 07:20 . 2007-04-02 10:49 5567752 ----a-w- c:\program files\InstallCollapseII.exe
2006-07-05 04:38 . 2007-08-23 10:04 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 02:07 . 2007-08-23 10:04 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-06-10 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-06-10 36864]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hann Boy\\Warcraft III\\w3l.exe"=
"c:\\Hann Boy\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1513:UDP"= 1513:UDP:garena

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [02-Feb-10 5:48 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [02-Feb-10 5:48 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [02-Feb-10 5:48 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [29-Oct-09 8:37 AM 329592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [02-Feb-10 5:47 PM 117640]
R2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys [05-Jan-09 11:49 AM 120320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06-Jan-10 12:51 PM 102448]
R3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [05-Jan-09 11:49 AM 38784]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09-Feb-10 11:34 PM 135664]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [04-Feb-07 6:14 PM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [04-Feb-07 6:14 PM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [04-Feb-07 6:14 PM 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [04-Feb-07 6:14 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [02-May-10 12:51 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [02-May-10 12:51 AM 10368]
S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [01-Feb-07 11:53 AM 14074]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\LSM\LOCALS~1\Temp\THC748.tmp --> c:\docume~1\LSM\LOCALS~1\Temp\THC748.tmp [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11-May-05 1:12 PM 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11-May-05 1:12 PM 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11-May-05 1:12 PM 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11-May-05 1:12 PM 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11-May-05 1:12 PM 77072]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ERASERUTILDRV11010
*Deregistered* - EraserUtilDrv11010
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 13:34]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 13:34]

2010-05-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/def ... .yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LSM\Application Data\Mozilla\Firefox\Profiles\sdj6xcqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-farstone - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-StreamPeer - c:\program files\StreamPeer\StreamPeer.exe
AddRemove-Final Fantasy VII - c:\program files\Square Soft
AddRemove-GOM Player - c:\hann boy\GomPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 00:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\LSM\LOCALS~1\Temp\THC748.tmp"
.
Completion time: 2010-05-28 00:34:40
ComboFix-quarantined-files.txt 2010-05-27 14:34

Pre-Run: 19,781,500,928 bytes free
Post-Run: 19,884,191,744 bytes free

- - End Of File - - 94B3148B0DC0E4BB1A78BD1F157CF4F4
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 27th, 2010, 11:26 am

Hi BASS in SPACE.
The computer seems to be doing fine.


your latest set of logs appear to be clean! :)
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.



Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Dakeyras » May 28th, 2010, 11:54 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware