Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Bck/Tdss.BC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Bck/Tdss.BC

Unread postby John Simmons » May 31st, 2009, 4:53 pm

Please can you help me remove the virus identified by Truprevent
Panda as Bck/Tdss.BC. Further information given is:
globalroot\systemroot\system32\UACajlidvipfylnkqu.dll
symptons include task manager being disabled "by your system
administrator"; also not working is defrag.
The worst symptom is that the log-in process stops with the
wallpaper and no icons. I have no choice but to switch off
and switch on again using a different user account.
To keep going I have created many new accounts.

I attach my HJT notepad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:49, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,C:\WINDOWS\system32\twext.exe,
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 http://www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 http://www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 http://www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 http://www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 http://www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 http://www.ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 cahoot.com
O1 - Hosts: 82.146.46.170 http://www.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 http://www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 http://www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 myonlineaccounts3.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 http://www.myonlineaccounts3.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 http://www.bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 bcol.barclaycard.co.uk
O1 - Hosts: 82.146.46.170 http://www.bcol.barclaycard.co.uk
O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 http://www.businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 http://www.capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 service.citicards.co.uk
O1 - Hosts: 82.146.46.170 http://www.service.citicards.co.uk
O1 - Hosts: 82.146.46.170 mbna.co.uk
O1 - Hosts: 82.146.46.170 http://www.mbna.co.uk
O1 - Hosts: 82.146.46.170 cardsonline-consumer.com
O1 - Hosts: 82.146.46.170 http://www.cardsonline-consumer.com
O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 http://www.partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 http://www.esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 citibank.co.uk
O1 - Hosts: 82.146.46.170 http://www.citibank.co.uk
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 http://www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 http://www.welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 http://www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 http://www.welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 http://www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 http://www.new.egg.com
O1 - Hosts: 82.146.46.170 firstdirect.com
O1 - Hosts: 82.146.46.170 http://www.firstdirect.com
O1 - Hosts: 82.146.46.170 halifax-online.co.uk
O1 - Hosts: 82.146.46.170 http://www.halifax-online.co.uk
O1 - Hosts: 82.146.46.170 icicibank.co.uk
O1 - Hosts: 82.146.46.170 http://www.icicibank.co.uk
O1 - Hosts: 82.146.46.170 online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 http://www.online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 http://www.online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 http://www.online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 moneybookers.com
O1 - Hosts: 82.146.46.170 http://www.moneybookers.com
O1 - Hosts: 82.146.46.170 olb2.nationet.com
O1 - Hosts: 82.146.46.170 http://www.olb2.nationet.com
O1 - Hosts: 82.146.46.170 online.sainsburysbank.co.uk
O1 - Hosts: 82.146.46.170 http://www.online.sainsburysbank.co.uk
O1 - Hosts: 82.146.46.170 scotwest.co.uk
O1 - Hosts: 82.146.46.170 http://www.scotwest.co.uk
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 http://www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 http://www.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 home.americanexpress.com
O1 - Hosts: 82.146.46.170 http://www.home.americanexpress.com
O1 - Hosts: 194.165.4.145 oneaccount.se
O1 - Hosts: 194.165.4.145 oneaccountser
O1 - Hosts: 194.165.4.145 oneaccbank.co
O1 - Hosts: 194.165.4.145 online-busine
O1 - Hosts: 194.165.4.145 oneaccountban
O1 - Hosts: 194.165.4.145 eggbank.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: 272329 helper - {437A43D5-E5C3-4959-BBD0-F2BFB1EDC6FD} - C:\WINDOWS\system32\sysloc\sysloc.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: MS extension - {7C7EFE99-C71F-48b8-8CC8-BA506CA76A33} - xagkf32.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {65494014-3377-4CB7-B3E6-6354D7D0E3C6} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {9EA6FF57-163E-4558-AB7A-88E8FE317225} - http://www.bt.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5226502421
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templat ... rol013.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bw+0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {20D75006-BF29-4E87-B6A4-EC50D64D7871} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\psimsvc.exe
John Simmons
Active Member
 
Posts: 1
Joined: May 31st, 2009, 2:21 pm
Top
Advertisement
Register to Remove

Re: Bck/Tdss.BC

Unread postby Sharagoz » June 3rd, 2009, 2:37 pm

Hello John Simmons
I can see already from your first log posted that there is only one sensible thing to do here: reformat the hard drive and reinstall the operating system.
The reason is this:
Your computer has been infected by a banker trojan / keylogger together with a rootkit.

A banker trojan is designed to steal credit card numbers and login information for online banking services.
The info you gave also indicate that this infection has come together with a rootkit. A rootkit is specially designed to hide other infections, and is the most difficult type of infection to remove because the stealth functionalty it uses can make it very difficult to uncover.

The combination of a password stealing / keylogging trojan and a rootkit makes it too risky to attempt cleaning the computer. You need to backup your data and then reinstall the machine.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computer.
  • Back up all your important data, like documents, pictures, email, etc.
  • If you have ever used this computer for shopping, banking, or any other financial transactions, then:
    Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
  • Then have hard drive wiped clean and reinstall everything. If you dont know how to do this yourself, get help from a friend or send your machine to a computer repair shop

Do not change your passwords from the infected computer as the trojan will be able to get all the new passwords and transaction records.

Here's a collection of articles you may want to read:
How do I respond to possible identity theft, or to someone stealing my credit card or bank account number?
When should I do a reformat and reinstallation of my OS?
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

I'm sorry to be the bearer of bad news.
Should you have any questions feel free to ask.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway
Top

Re: Bck/Tdss.BC

Unread postby NonSuch » June 9th, 2009, 2:48 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 538 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index