my friend had the same problem........ except his was from Windows Service Pack 2, it messed up his computer really bad.. take forever to load and wat not.... check to see if u have a process called drwatsn32 or sometthing running.. if you do.. remove SP2, we did that and it solved the problem.

 

I just installed and ran this... the only thing it found was 1 program that my IT department uses for remote management... nothing else thinking.gif dunno.gif

 

Restart the computer in safe mode (by pressing F8 at startup)
run Ad-aware, spybot, hijack{downlaodable at download.com} this and some form of antivirus.
Should fix ya.

 

LOL or just remove Dr. Watson. SP2 is the ONLY way you will be able to keep spyware and such out of your PC. For each install including ActiveX components you need to clikc 3 times. So NOTHING and I repeat NOTHING can install by itself. So if something then happens to that PC you know it was the user doing things they shouldnt be and just being a dumb sh!t.

Casper: Yeah I run this on my PC at home and at the office. If your PC is pretty clean then you wont have anything. I think the nicest part about it is the auto protection which will not allow you to download know adware and spyware components. Now there are ways to turn this off if for some reason you have to use Kazza or something but for the most part it is great.

-Edit-

Unfortunatly just starting in safe mode and running them is not good enough 90% of the time. These things get so embedded into a system that it really does take less time to reload the OS rather than fix the issue.

 

Its going to get the reg files and he can deleted anything manually at that point. Where else is it embeded. MBR?

 

I'm on the verge of doing that again tonight, if the suggestions you guys have don't kill this damn file!!!

And yeah that link to Google said something about the program "hijack this" but it was all in I think French. I used Babelfish to try to translate it, but couldn't really get the jist of it.

THanks for all the suggestions guys.
I'll let you know how it goes

 

Well, Below is a list of all the ways I know to prevent a thread from starting when windows starts (one of these will work).

-MSConfig from the run menu. (Look for startup tab).


-Sysedit from the run menu. (Check autoexec.bat (not used anymore, but still check it))


-Open All users AND your username and replace the XXX with them (from c:/document and settings/XXXX/program files/startup). Look at these.


-Regedit from the run menu. Goto HKEY_Local_Machine/Software/Microsoft/windows/current version/
Check RUN and RUN ONCE and RUN ONCEEX

If you find the file in the registry, just hit the delete buttin when you have it highlighted.

Thats all I can think of for now... the registry should kill it. If not ... get me that hijackthis report!

 

go to www.download.com and download these 2 programs.

Process explorer
File Monitor

Process explorer will tell you EVERYTHING that's running, and which DLL's it is using.
File Monitor will montor ANY access to your hard drive (read, write, or even just a disk check).

Use those 2 programs to determine what is causing the problem.
If you can't delete that EXE file, try deleting or renaming it's dependant DLL's. Usually, if you mess with them, the EXE won't work/load, and then you can get rid of it.

 

I use XoftSpy, SpyBotSD (Search and Destroy), and AdAware 6.0 to get it all off

Then I download FireFox and I never get any more spyware (EVER) again.

I also suggest downloading Linux. I just downloaded it for free at 500 kB/s (I tried to take a screen shot but my computer was trying so hard to keep up with the download that nothing else would work... took 25 minutes to download 650 MB
(http://www.gentoo.org)

 

Ok update
Still there but I'm using it now, I still have to manually use the taskmgr to end that damn wstcl.exe thing. found 4 instances this time with taskmanager.

Ok, so did the safe mode thing, and ran my spy software, and antivirus, neither found anything.

Ran the MS antispyware thing, found this little minor toolbar thing,... and the same results after reboot.

Ran msconfig, stopped a few things that were suspicious, a couple of which was the wstcl.exe. But it just came back with more instances. I KNOW THIS DAMN thing is what's causing the problem, I need to get rid of it. SO the MS config don't work.
Along with the damn wstcl.exe I also saw PrevAdserv which I know is adware, but for some reason it's still there and non of the adware stuff picks it up.

ANd now, ran hijackThis
I got hijackThis and here are the results.
Casper, lemme know how and what to nuke.
It's got a few things I see like a few instances of the wstcl.exe and a couple of other things
Safemode:

Logfile of HijackThis v1.99.1
Scan saved at 6:47:54 PM, on 2/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32taskmgr.exe
C:New FolderHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://67.15.70.15/~black/videosex.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [Apoint] Crogram FilesApoint2KApoint.exe
O4 - HKLM..Run: [CeEPOWER] Crogram FilesTOSHIBAPower ManagementCePMTray.exe
O4 - HKLM..Run: [CeEKEY] Crogram FilesTOSHIBAE-KEYCeEKey.exe
O4 - HKLM..Run: [CPLDBL10] Crogram FilesEzButtonCPLDBL10.EXE
O4 - HKLM..Run: [TPNF] Crogram FilesTOSHIBATouchPadTPTray.exe
O4 - HKLM..Run: [ezShieldProtector for Px] C:WINDOWSSystem32ezSP_Px.exe
O4 - HKLM..Run: [ccApp] Crogram FilesCommon FilesSymantec SharedccApp.exe
O4 - HKLM..Run: [ccRegVfy] Crogram FilesCommon FilesSymantec SharedccRegVfy.exe
O4 - HKLM..Run: [Advanced Tools Check] CROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [*Microsoft Update] wstcl.exe
O4 - HKLM..Run: [Preview AdService] Crogram FilesPreview AdServicePrevAdServ.exe
O4 - HKLM..RunServices: [*Microsoft Update] wstcl.exe
O4 - HKCU..Run: [SpySweeper] "Crogram FilesWebrootSpy SweeperSpySweeper.exe" /0
O4 - HKCU..Run: [*Microsoft Update] wstcl.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: *Microsoft Update - Unknown owner - C:WINDOWSsystem32wstcl.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - Crogram FilesTOSHIBAPower ManagementCeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:WINDOWSSystem32DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Crogram FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe


Casper, I leave this with you. HELP!

If I cannot not get rid of it, I'll try Random's solution
THanks guys