Note: I sent gentle_breeze here due to what I believe are a few issues in his HJT log (see Post #4).

Thanks - Prof :wave:

After starting up my computer and logging on I am able to use it for about 15 - 20 minuets. After that I am not able to open any programs and any programs that are open stop working. When i try double clicking on a shortcut i get an error sound and i am not able to open the start menu either. I have done a scan with norton and also spyware blaster but nothing has shown up. Can anyone here assist me with this problem? I use my computer for my work and also for shool therefore this is a very big problem for me. I would appreciate any assistance.
Thank you

Gentle

What does your CPU temperature look like?

You might want to try a pass or two of Memtest-86 (http://www.short-media.com/download.php?dc=58) as well. :)

EDIT: While you're at it, post a HijackThis (http://www.short-media.com/download.php?dc=69&p=3) log, too.

what does it say?

does it say that it cant create an instance of fileProxy? Just a hunch. I had an hp do this exact same thing, and I couldnt find anything wrong with it, so I just did an overlay, which was kind of sloppy way to fix it, but it was free, so he didnt have much room to complain.

Hello, thanks for your reply.

I downloaded the Memtest-86 but i wasnt sure how to open it. Would it be possible for you to explain how i can run the test step by step? i would appreciate it.

I also dont know what a CPU is :(

and i didnt see anything about a file proxy

I was able to geta hjt log though :)

Logfile of HijackThis v1.99.1
Scan saved at 12:22:22 AM, on 8/30/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\gltauhgn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\HEDAYA~1\LOCALS~1\Temp\winmhxee.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HEDAYA~1\LOCALS~1\Temp\winkwnkv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1150929268
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [gltauhgn] C:\WINDOWS\System32\gltauhgn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gltauhgn] C:\WINDOWS\System32\gltauhgn.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138871248811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139114827968
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O21 - SSODL: IEFilter - {27E95370-8474-4A62-99C2-7FF5C2F4B36D} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



I would appreciate any help

thanks

Gentle

Hello, thanks for your reply.

I downloaded the Memtest-86 but i wasnt sure how to open it. Would it be possible for you to explain how i can run the test step by step? i would appreciate it.
Do you have a floppy drive? Making a bootable floppy is the simplest way. If you don't have that type of drive you can also make a bootable cdrom. Tell me which would be easier for you to make and use and we'll go from there. :)

But...

I also dont know what a CPU is...
Central Processing Unit, as in Athlon 2400+, Pentium 4 3.2, etc. If they get too hot you can have freezing problems

But...

I was able to geta hjt log though :)
I keep saying "But..." because the place I'd recommend that you start is with a few fishy items in your HijackThis log. I'm going to send this thread over to the crack SVT Team in our world famous Spyware/Virus/Trojan Discussion Forum (http://www.short-media.com/forum/forumdisplay.php?f=57). My guess is that you have something making unauthorized use of your computer, making it unresponsive when you want to use it.

Help is on the way. :thumbsup:

Gentle_Breeze,

There are somethings that need removing and we can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Hi Trojan,

I tried to install the Service Pack 1a for Windows XP but i was not able to as my "version of windows is not genuine.
:(.

Is there any other way to protect my computer?

I also have a floppy drive but i dont know how to make a bootable floppy.

My computer seems to be lasting for about 10 minuts now before i have to reboot.

Do you want me to post another hjt log?

I would appreciate any help

thanks

gentle

Yes, there is a simple work around for that.

go to your control panel, and then switch to classic view, and open up the automatic updates panel. and switch it to full automatic. This will download all critical updates and install them regardless; which includes the service packs. I hope this helps you out. It may take some time, cause you are most likely behind, and may have to install quite a few updates.

Hi Airborn,

So I have doen what you said. I selected the automatic updates option and i set the time for 11:00pm (45 minuets from now).

Is there anything I should do in the meantime? or should I just wait till im updated and then post a new hjt log?

Thx

Gentle

gentle_breeze,

I'm sorry to say I will not be helping you, since your copy of Windows is not legit.

The reasons for this are:
1) It is against the Forum Policy
2) It is unethical for me to help you.

If, however, you purchase a legit copy of Windows, I will be more than willing to help you with your malware problems.

Hi Trojan,

I understand your point. But i should mention that i bought this computer used and i guess this is what i ended up with.

If i purchase a new legit version of windows is it possible for me to transfer and/or save the existing files that are on my computer now?


thx

gentle

If you save your files onto a floppy/CD/DVD/removable disk, you should be able to transfer them over a legit copy of Windows.

Ok Trojan, Im going to try and save some of my files on to a disc and then i will get a new copy of windows. Would you be able to assist me with replacing the old version with the new one? Also, where can i purchase a copy of windows? do i have to do it online? or can i get it at computer stores?

thx for the help

Gentle

Hi gentle,

I'm happy to hear your going to purchase a new copy of Windows. :thumbsup:

To get the best help, I suggest starting a new thread in the Windows Forum where someone will help you get everything sorted. When you create your forum, ask where you can get a new Windows CD from. :)

Good Luck! :)

Gentle, I'm sorry to hear that you were ripped off by the person who sold you the computer. If it's any help, I believe that Microsoft has a plan to allow you to buy a legitimate license.

No matter what you do, having a sound backup plan is always a good idea. This Backup Strategy (http://www.short-media.com/review.php?r=309) might prove useful. (Shameless plug - I wrote it. :D )

Best of luck. :)

If you click on the windows genuine advantage thing, microsoft will allow you to convert your key to a legitimate one for $149 (don't quote me on that price, but I think it's close) This is a good price for a full retail version of Win XP Home

This is a bargain because you don't need to wipe and reinstall your machine, and then you can go on to fix your problems.

Thanks for all your help and suggestions. I think what you guys are doing (helping people and not asking for anything in return) is great.

Keep up the great work and good luck!;)

Gentle