Page 1 of 4 1234 LastLast
Results 1 to 10 of 40
  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    56

    Default I have gummed up the works. Help

    I tried restore, NBG

    My mouse keeps freezing with a dom-di-dom sound simular to the sound when I turn my printer off.

    I uninstalled my scanner software and must have done something wrong????

    When I boot my comp. a box appears titled:

    DSTray.exe - Unable To Locate Component

    In the box:

    This application has failed to start because rtl100.bpl was not found. Reinstall the application may fix this problem.

    I reinstalled the Drivers but to no avail.

    Any ideas please

    John.

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,844

    Default Re: I have gummed up the works. Help

    That dstray.exe entry may belong to a trojan

    I would get trojan remover in my sig, update it then click ln scan. Then select all options under the utilities menu.

    Its a backdoor trojan. Whatever u do, dont do or use anything that involves passwords.
    Last edited by Speedy Gonzales; 08-12-2007 at 01:48 PM.

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    56

    Default Re: I have gummed up the works. Help

    I ran Rogueremover and Trojan Remover. No change
    John

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,844

    Default Re: I have gummed up the works. Help

    Hmm if you can run msconfig, go to run/start

    Then go to startup then find that entry untick it.

    Or get ccleaner

    Install it, run it. Then go to tools / startup tab. Delete that entry here.

    Post a hijackthis log. Its in my sig.

    Put it in its own folder first run it then click on scan the system and save a log.

    Copy and paste the log here.

  5. #5
    Senior Member pctek's Avatar
    Join Date
    Feb 2005
    Location
    In the Wild West
    Posts
    24,210

    Default Re: I have gummed up the works. Help

    DSTRay IS a trojan.

    As for the other:

    http://forums.techarena.in/showthread.php?t=740700

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    56

    Default Re: I have gummed up the works. Help

    Thanks pctek but pc something or other Pro told me that I had lots problems but if I wanted them fixed I would have to pay which I think is pure dishonesty as they will give no guarantees and are claiming it a free offer. Another was REg Mechanic which I have tried before and acts the same. Another one offered RegCure, I have it and it has done nothing for me. If DSTRay is a trojan it does not show up in a search. I would not know if it should.
    John

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,844

    Default Re: I have gummed up the works. Help

    Quote Originally Posted by jboy View Post
    Thanks pctek but pc something or other Pro told me that I had lots problems but if I wanted them fixed I would have to pay which I think is pure dishonesty as they will give no guarantees and are claiming it a free offer.
    Be careful WHAT you install as some of these programs are rogue software / programs. All they do is, infect your system with crap

    Then say you're infected with whatever, and they do NOTHING at all.

    Post a hijackthis log, so we can see whats in it.

  8. #8
    Junior Member
    Join Date
    Nov 2005
    Posts
    56

    Default Re: I have gummed up the works. Help

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:50:22 p.m., on 8/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
    C:\2\R\RMP2\RMP2.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Comodo\CBOClean\BOCORE.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\1\h\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.starware.com/dp/startpage?src_id=358
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pro...age?src_id=358 (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware358\bin\Starware358.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
    O3 - Toolbar: Starware Entertainment Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware358\bin\Starware358.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\1\C\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RMP2.lnk = C:\2\R\RMP2\RMP2.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 5988 bytes


    Hope this is what you want Speedy

  9. #9
    Senior Member
    Join Date
    Nov 2006
    Posts
    1,882

    Default Re: I have gummed up the works. Help

    Download Boclean from Speedy's sig

    run hjt and tick these following entry's and fix them, then run Boclean

    do another hjt scan and post the log



    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pro...age?src_id=358 (obfuscated)

    O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware358\bin\Starware358.dll

    O3 - Toolbar: Starware Entertainment Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware358\bin\Starware358.dll

  10. #10
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,844

    Default Re: I have gummed up the works. Help

    Yup, tick the ones Bevy one.

    And these ones as well.

    Not sure what this is

    C:\2\R\RMP2\RMP2.exe

    These are safe, but dont have to be in startup

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

    Dont know

    O4 - Startup: RMP2.lnk = C:\2\R\RMP2\RMP2.exe

    Uninstall ALL versions of Java. Update is in my sig below.

Similar Threads

  1. Replies: 4
    Last Post: 23-05-2005, 04:07 PM
  2. Works 4.5 - again
    By Scouse in forum PressF1
    Replies: 5
    Last Post: 03-03-2005, 09:08 AM
  3. Replies: 10
    Last Post: 09-05-2003, 08:32 PM
  4. Ms Works Conversion, 3.0b to Works Xp-Help!
    By fiveonefive in forum PressF1
    Replies: 18
    Last Post: 15-07-2002, 07:04 PM
  5. MS Works
    By in forum PressF1
    Replies: 1
    Last Post: 29-07-2001, 10:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •