You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- Correcting malware?
Computer Security & Viruses/Correcting malware?
Advertisement
Question
QUESTION: Brian, I had to get you this way because it said I had too many foolow-ups. Question before I re-reun the program. I removed peoplepc toolbar and Webshot tool bar. I still have Webshot desktop since I use that for my screen saver and wallpaper. I cah use something else if you recommend I get rid of Webshots all together. Thank
ANSWER: Hi Patty
I'll leave it for you to decide. Webshots.scr (the screensaver file) is able to connect to Internet and record inputs. Therefore the technical security rating is 18% dangerous, according to http://www.file.net/process/webshots.scr.html
That being said, many people use it and have no problem with the slight security risk. So like I said, it's up to you.
Brian
---------- FOLLOW-UP ----------
QUESTION: Morning, I changed my screensaver and wallpaper to something else and removed my ICON for webshot, but when I went to remove it from my control panel... it wouldn't remove..it just stayed there. I tried removing some other non-essential files and those worked. Is that strange? Anyway, here is the log I ran after that. I didn't have the blue screen at all last night, but I got it twice this morning. Am I suppose to hit the PrtSc button to get a copy of that? You have been great Brian.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:57 AM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PeoplePC\ISP7230\Browser\Bartshel.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\PROGRA~1\PeoplePC\ISP7230\Browser\PPShared.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP7230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AV360RemovalTool] C:\Program Files\AV360RemovalTool\AV360RemovalTool.exe -boot
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; PeoplePal 3.0)" -"http://mplayer31.slingo.com/shockscreen2.asp?shost=mplayer31.slingo.com&sport=15
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://login.coderedweb.com/CFIDE/classes/CFJava.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O18 - Protocol: bw+0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A8178489-B8D3-4F79-A293-547B3C316EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
--
End of file - 22531 bytes
ANSWER: Hi Patty
According to your log file, PeoplePC and Webshots are still running. Before we attempt another way to uninstall them, I'd like for you to run a program called ComboFix which may help with the blue screens, and also will remove leftover malware entries.
Please download ComboFix from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to your desktop.
Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. You should now press the number 1 key and then press the enter key to continue. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. ComboFix may also restart your computer. Do not intervene. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. It will then display the log file automatically for you. Copy that log, along with a new HJT log here to me.
Brian
---------- FOLLOW-UP ----------
QUESTION: Hi Brian! I am sure you have to be extremely busy, I didn't know if you wanted me to do anything else. I did finally get Webshots removed ( I hope) My laptop is running great as far as I can tell. Boy it was sure screwed up. I can't thank you enough for all your help and knowledge. I only hope you are making "big bucks" in the business sector. You should be. Thanks again. Patty
Hi Patty
As long as everything is running fine again, then we can leave it at that. If you are getting the blue screens again, run the ComboFix program I mentioned and send me the log. You are most welcome, and thank you for the kind words. With my luck, if I made the "big bucks", I'd probably wind up investing it with Madoff. I'm much happier this way:-)
Cheers!
Brian
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.