Can I stop Windows XP phoning home every day?

AirCooledHeaven

Normally when I boot my PC I can access my email client (Eudora) right away, as soon as the icon appears on the desktop, even if the hard disk is still whirring away doing other startup related stuff. Since yesterday if I click on the icon straight away I get a white screen with just the minimise/restore/close bar at the top and 'Eudora (not responding)' displayed on the left. If I wait for 60 seconds it suddenly bursts into life. It does this without fail every reboot. So the last time I tried it I also brought up task manager to look at the running processes. There is a process wgatray.exe running and it disappears from the process list at the same time eudora bursts into life. Now if I understand it wgatray is part of windows genuine advantage phoning home to check my product key against a blacklist of pirated keys?? So if wgatray is the culprit why has it started doing this since yesterday? Secondly how can I stop it running and holding up my startup (if I stop the process manually before the 60 seconds is up it just starts again). Any ideas most welcome.

ps I've run malwarebytes, AVG and spybot, and nothing found. I do have a legit version of XP so I'm not trying to circumnavigate WGA, but surely it doesn't have to run every day?

The only thing I can think of that I did before this started was to accept and install a java update, but I don't see how it could have triggered these prolems?

leseul

Not a good idea to interfere with WGA, however...

1) What firewall are you using?

2) When you start your PC, open task manager and see what resources wgatray is using. WGA tool is designed not to inhibit use in any way, so if it's using excessive resources or having to replicate itself, it could point to another underlying problem, such as blocked ports or incorrect or out of date drivers.

3) Download and run this: http://go.microsoft.com/fwlink/?linkid=52012 and post the output.

4) Post a hijack this report

AirCooledHeaven

Can you see anything that should't be there or doesn't need to be there? Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:20, on 22/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG8\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Mark\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG8\avgwdsvc.exe
C:\Program Files\Cisco VPN Client\cvpnd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG8\avgrsx.exe
C:\PROGRA~1\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco VPN Client\vpngui.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261140439031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261140429656
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6346 bytes