[Indigo]

Logfile of HijackThis v1.99.1
Scan saved at 12:52:52 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

[Advertisements]

What kinds of problems are you having? Your log looks pretty clean.

[coachwife6]

What kinds of problems are you having? Your log looks pretty clean.

[Indigo]

Hi, well I'm having alot of what they call popunders? I don't know that much about these pesty popunders, have updated to the new version of FF which was suppose to fix the popunders. I have a very extensive blocked cookie list on both IE, FF, and in my Win patrol program. I also have my task scheduler disabled, along with every program I can think of except my anti-virus program, windows security, for auto updates. I prefer to do them myself and keep as little as possible running on my computer. With that said, there is something that seems to start and stop often. I try to check the task manager but seems that my eyes just aren't quick enough to see which one it is.

Also I have been trying to find information on the 020 Winlogon Notify: igfxsrvc.dll, seems that some say it's needed and some say take it out. Others have taken it out with no ill effects to there systems. Again that would be a leap of faith for me???? And after just getting this system back up and running after a full crash last week, I'm not so sure it's something I want to do without more information on this process.
Seems that it's suppose to be something necessary for Dell computers, which I have a compaq, so I'm confused.
Any guidance you can offer would be greatly appreciated!!!!
Thanks
indigo

[coachwife6]

I would turn off system restore and clean out your temp. files. See if that helps. The only things that I see that may be considered questionable are the window blinds and fast load entries you have. They aren't necessary, but you might like having them. It's worth a shot.

[Indigo]

Thanks for all your help Coachwife 6!!!

What I have found out is that the "igfxsrvc.dll" is related to Intel Graphics, still
waiting to see if this is a necessary process, but I'm leaning towards yes.

The other thing that was suggested to me was to delete the Webshots one that relates to:
*****************************
04 - Startup: Webshots.Ink = c:\Program Files\Webshots\Launcher.exe

Description:
launcher.exe is an executable belonging to many applications including Webshots- a Windows desktop downloader, Uinterface Mouselaunch- a file and application initiator, and also a hardware interface for Samsung products. Note: launcher.exe is an advertising program by Intercort Systems. This process monitors your browsing habits and distributes the data back to the author's servers for analyses. This also prompts advertising popups. This program is a registered security risk and should be removed immediately. Please see additional details regarding this process
*******************************
The Credit for this information goes to "Tank" on another forum board. I will tell you that after I deleted all of my Webshots (and there was alot of it everywhere, hidden and in regedit) that my system was working much better. Infact I can't say if this had anything to do with it or not, but after I took it all out, re-started, then I ran my CCleaner, Spywareblaster, and AVG, I had updates come through for all of these programs. I check my Spywareblaster and AVG at least 3 times a day and had checked both just one hour prior to deleting Webshots. Again I can't say if that really had anything to do with it or not, but it's a bit suspicious at best.

And yes whenever I delete programs or do anything of volumn on my system, I do go through and delete all the necessary things, also I clean my system restore points along with my Event Viewer logs. I have my Java Cache disabled, as there is some kind of Java Virus around and it apparently hides in the Java Cache. I try to have very little Caching and clean these out often through Windows Explorer. The longer I'm on Win XP home, the more I am using my Windows Explorer for cleaning, rather then trust the Windows search, a prime example of this is if you do a search for desktop.ini's, those boogers are hidden by design and very hard to find unless you do a DOS search or download a third party program to find them. A DOS search can yeild over 200 of those boogers, while a windows search may yield 2 or more. At any rate, whatever you find via the windows search you can bet when it comes to desktop.ini's there are double the amount hidden.

Thanks again for you help, it's greatly appreciated!!

The more I learn, the less I understand! lol

Indigo