Member Avatar for zigzagmolly

I am so frustrated! I too have *Microsoft update wstcl.exe on my computer since this morning. I have tried everything. System restore is disabled. I have the following in safe mode: NAV and deleted everything it found, run HJT and deleted all references, run regedit and deleted all references, stop the NT service as above, and unchecked wstcl.exe in msconfig startup. But it comes back every time. I downloaded silent runners and double-clicked per the instructions, but it only gave me notepad with information on the program, not an additional start program list file. I just don't know what else today. I searched google and newsgroups, but the only reference to this problem was found in this forum. I love and use Opera as much as possible. I'm dual booting running Win XP Pro sp1 in both partitions. I had Win98 in one partition until a couple of days ago, when I reformatted it and installed XP. Now,every time I boot up in one of my partitions, I get an open my documents list on my desktop. I have tried everything in google to fix it without success. I just can't keep up with this crap. I spend my life looking at task manager to see what's going on. I have set my security settings to try and keep from getting this stuff, but I never know where it comes from. I have gone to every site listed above and followed their directions. I would appreciate any help you can give me with this. Thanks.

My HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:10 PM, on 2/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\System32\CTSvcCDA.exe
G:\Program Files\Kaiser\VPN Client\cvpnd.exe
G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Program Files\1208_Fiberlink\Fgrd.exe
G:\WINDOWS\System32\mgabg.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton Utilities\NPROTECT.EXE
G:\Program Files\Norton AntiVirus\SAVScan.exe
G:\Program Files\Speed Disk\nopdb.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\wstcl.exe
G:\DOCUME~1\Nancy\LOCALS~1\Temp\Rar$EX03.266\shutz.exe
G:\WINDOWS\System32\PDesk\PDesk.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\DS Clock\dsclock.exe
G:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
D:\Program Files\SSC\SSC.EXE
G:\Program Files\Winwall\Winwall.exe
G:\Program Files\RoboMagic\WetSock\wetsock.exe
G:\Program Files\Opera\opera.exe
G:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-cast.com/9hour/?BC%3ARU%3A6QZeeQzQ=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,G:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://weather.belointeractive.com/mycast/dev/portland/current_w_radar.jsp");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.turbo.showDialog", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "62274932.s");
user_pref("timebomb.first_launch_time"
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://weather.belointeractive.com/mycast/dev/portland/current_w_radar.jsp");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.turbo.showDialog", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "62274932.s");
user_pref("timebomb.first_launch_time"
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Shtz] G:\DOCUME~1\Nancy\LOCALS~1\Temp\Rar$EX03.266\shutz.exe
O4 - HKLM\..\Run: [Ink Monitor] G:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Glide] glidew32.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NAV Agent] G:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] G:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [*Microsoft Update] wstcl.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wstcl.exe
O4 - HKCU\..\Run: [DS Clock] D:\Program Files\DS Clock\dsclock.exe
O4 - HKCU\..\Run: [ShutdownTray] G:\Program Files\ShutdownTray\ShutdownTray.exe /start
O4 - HKCU\..\Run: [Screen Saver Control] C:\unzipped\ScreenSaverControl\ScreenSaverControl.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - HKCU\..\Run: [*Microsoft Update] wstcl.exe
O4 - Startup: QuickRun.LNK = G:\Program Files\Quickrun\QUICKRUN.EXE
O4 - Startup: Winwall Autostart.lnk = G:\Program Files\Winwall\Winwall.exe
O4 - Startup: Wetsock (2).lnk = G:\Program Files\RoboMagic\WetSock\wetsock.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = G:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Shortcut to SSC (2).lnk = D:\Program Files\SSC\SSC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kaiser VPN Client.lnk = G:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O8 - Extra context menu item: &Google Search - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar_en_2.0.114-big.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://G:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - G:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://69.50.191.68/eb/be//T.CHM::/load.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://R:\Bin\html\files\MotivePreQual.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: *Microsoft Update - Unknown owner - G:\WINDOWS\System32\wstcl.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FGR Service - Fiberlink Communications Corporation - G:\Program Files\1208_Fiberlink\Fgrd.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - G:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - G:\WINDOWS\system32\ZONELABS\vsmon.exe

Have you tried this .
Be sure to Check off Auto Fix on this site

http://housecall.trendmicro.com/housecall/start_corp.asp
please run this one also to be sure .

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Also do the following .

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Member Avatar for zigzagmolly

Hi,

I did all you suggested, but no go. I was glad to get rid of a lot of junk though and learned an amazing amount while dealing with this program. I build and maintain my relatives and neighbors computers, so I'm sure it will come in handy in the future. This is a good forum to bookmark.

Ended up repairing my XP installation and that fixed everything including the My Documents window opening at start up. I unplugged my DSL connection, put everything to high security, reinstalled SP1, Zone Alarm Pro trial, and NAV. Only problem is my son's account is still not working, so am in the process of transferring some of his user settings and programs to a new account. I like being able to do that.

I'm now trying to find the right balance to block out the amazing amount of crap out there and still be able to install programs and browse. I am really impressed with XP's ability to do a repair. I have done this twice in the last few days. I did not lose any data, but had to do a small amount of reinstalling. Thanks for your help. Still have to figure out whether I want to buy ZA pro or go with the free program, or try something else. Good thing I love to research.

Take care,
Nancy

check the software tools link in my signature it leats to a very good site/fourm also .

I'm now trying to find the right balance to block out the amazing amount of crap out there and still be able to install programs and browse.

It may help to 'Customize' your ActiveX settings:

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example:

This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.):
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

I've been through Oregon a lot, but I never realized there was a city actually named Zigzag! :D

Member Avatar for zigzagmolly

It may help to 'Customize' your ActiveX settings:

Thanks, I will do that.

I've been through Oregon a lot, but I never realized there was a city actually named Zigzag! :D

Zigzag is in the western foothills of Mt. Hood at about 1500ft elevation and is absolutely beautiful!

Take care,
Nancy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.