|
| ||
| Re: Persistent spyware problems, HJT log included. I am so frustrated! I too have *Microsoft update wstcl.exe on my computer since this morning. I have tried everything. System restore is disabled. I have the following in safe mode: NAV and deleted everything it found, run HJT and deleted all references, run regedit and deleted all references, stop the NT service as above, and unchecked wstcl.exe in msconfig startup. But it comes back every time. I downloaded silent runners and double-clicked per the instructions, but it only gave me notepad with information on the program, not an additional start program list file. I just don't know what else today. I searched google and newsgroups, but the only reference to this problem was found in this forum. I love and use Opera as much as possible. I'm dual booting running Win XP Pro sp1 in both partitions. I had Win98 in one partition until a couple of days ago, when I reformatted it and installed XP. Now,every time I boot up in one of my partitions, I get an open my documents list on my desktop. I have tried everything in google to fix it without success. I just can't keep up with this crap. I spend my life looking at task manager to see what's going on. I have set my security settings to try and keep from getting this stuff, but I never know where it comes from. I have gone to every site listed above and followed their directions. I would appreciate any help you can give me with this. Thanks. My HJT log: Logfile of HijackThis v1.99.1 Scan saved at 11:30:10 PM, on 2/24/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe G:\WINDOWS\System32\CTSvcCDA.exe G:\Program Files\Kaiser\VPN Client\cvpnd.exe G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe G:\Program Files\1208_Fiberlink\Fgrd.exe G:\WINDOWS\System32\mgabg.exe G:\Program Files\Norton AntiVirus\navapsvc.exe G:\Program Files\Norton Utilities\NPROTECT.EXE G:\Program Files\Norton AntiVirus\SAVScan.exe G:\Program Files\Speed Disk\nopdb.exe G:\WINDOWS\System32\svchost.exe G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe G:\WINDOWS\system32\ZONELABS\vsmon.exe G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe G:\WINDOWS\Explorer.EXE G:\WINDOWS\System32\wstcl.exe G:\DOCUME~1\Nancy\LOCALS~1\Temp\Rar$EX03.266\shutz.exe G:\WINDOWS\System32\PDesk\PDesk.exe G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE G:\Program Files\Common Files\Symantec Shared\ccApp.exe G:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\DS Clock\dsclock.exe G:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE D:\Program Files\SSC\SSC.EXE G:\Program Files\Winwall\Winwall.exe G:\Program Files\RoboMagic\WetSock\wetsock.exe G:\Program Files\Opera\opera.exe G:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-cast.com/9hour/?BC%3ARU%3A6QZeeQzQ= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,G:\WINDOWS\system32\userinit.exe, N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://weather.belointeractive.com/mycast/dev/portland/current_w_radar.jsp"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", false); user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1"); user_pref("prefs.converted-to-utf8", true); user_pref("signon.SignonFileName", "62274932.s"); user_pref("timebomb.first_launch_time" N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://weather.belointeractive.com/mycast/dev/portland/current_w_radar.jsp"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", false); user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1"); user_pref("prefs.converted-to-utf8", true); user_pref("signon.SignonFileName", "62274932.s"); user_pref("timebomb.first_launch_time" O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Shtz] G:\DOCUME~1\Nancy\LOCALS~1\Temp\Rar$EX03.266\shutz.exe O4 - HKLM\..\Run: [Ink Monitor] G:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Glide] glidew32.exe O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820" O4 - HKLM\..\Run: [NAV Agent] G:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] G:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [*Microsoft Update] wstcl.exe O4 - HKLM\..\RunServices: [*Microsoft Update] wstcl.exe O4 - HKCU\..\Run: [DS Clock] D:\Program Files\DS Clock\dsclock.exe O4 - HKCU\..\Run: [ShutdownTray] G:\Program Files\ShutdownTray\ShutdownTray.exe /start O4 - HKCU\..\Run: [Screen Saver Control] C:\unzipped\ScreenSaverControl\ScreenSaverControl.exe -quiet O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE" O4 - HKCU\..\Run: [*Microsoft Update] wstcl.exe O4 - Startup: QuickRun.LNK = G:\Program Files\Quickrun\QUICKRUN.EXE O4 - Startup: Winwall Autostart.lnk = G:\Program Files\Winwall\Winwall.exe O4 - Startup: Wetsock (2).lnk = G:\Program Files\RoboMagic\WetSock\wetsock.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = G:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Shortcut to SSC (2).lnk = D:\Program Files\SSC\SSC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kaiser VPN Client.lnk = G:\Program Files\Kaiser\VPN Client\ipsecdialer.exe O8 - Extra context menu item: &Google Search - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmtrans.html O8 - Extra context menu item: Translate Page - res://G:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - G:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://69.50.191.68/eb/be//T.CHM::/load.exe O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://R:\Bin\html\files\MotivePreQual.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O23 - Service: *Microsoft Update - Unknown owner - G:\WINDOWS\System32\wstcl.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Kaiser\VPN Client\cvpnd.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FGR Service - Fiberlink Communications Corporation - G:\Program Files\1208_Fiberlink\Fgrd.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - G:\WINDOWS\System32\mgabg.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - G:\Program Files\Speed Disk\nopdb.exe O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - G:\WINDOWS\system32\ZONELABS\vsmon.exe |
| ||
| Re: Persistent spyware problems, HJT log included. Have you tried this . Be sure to Check off Auto Fix on this site http://housecall.trendmicro.com/hous...start_corp.asp please run this one also to be sure . http://www.pandasoftware.com/actives..._principal.htm Also do the following . Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example C:\WINDOWS\Temp\ C:\Temp\ C:\Documents and Settings\username\Local Settings\Temp\ Also delete your Temporary Internet Files, be sure to also select delete all offline content. |
| ||
| Re: Persistent spyware problems, HJT log included. Hi, I did all you suggested, but no go. I was glad to get rid of a lot of junk though and learned an amazing amount while dealing with this program. I build and maintain my relatives and neighbors computers, so I'm sure it will come in handy in the future. This is a good forum to bookmark. Ended up repairing my XP installation and that fixed everything including the My Documents window opening at start up. I unplugged my DSL connection, put everything to high security, reinstalled SP1, Zone Alarm Pro trial, and NAV. Only problem is my son's account is still not working, so am in the process of transferring some of his user settings and programs to a new account. I like being able to do that. I'm now trying to find the right balance to block out the amazing amount of crap out there and still be able to install programs and browse. I am really impressed with XP's ability to do a repair. I have done this twice in the last few days. I did not lose any data, but had to do a small amount of reinstalling. Thanks for your help. Still have to figure out whether I want to buy ZA pro or go with the free program, or try something else. Good thing I love to research. Take care, Nancy |
| ||
| Re: Persistent spyware problems, HJT log included. check the software tools link in my signature it leats to a very good site/fourm also . |
| ||
| Re: Persistent spyware problems, HJT log included. Quote:
The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example: This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.): Download signed ActiveX controls -- Prompt Download unsigned ActiveX controls -- Disable Initialize and script ActiveX controls not marked as safe -- Disable Run ActiveX controls and plug-ins -- Enable Script ActiveX controls marked safe for scripting -- Enable The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference. I've been through Oregon a lot, but I never realized there was a city actually named Zigzag! :D |
| ||
| Re: Persistent spyware problems, HJT log included. Quote:
Take care, Nancy |
| All times are GMT -4. The time now is 11:22 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC