Over 1 million tech questions and answers.

persistant rootkit survived D2D system reinstall on Acer Laptop.

Q: persistant rootkit survived D2D system reinstall on Acer Laptop.

This is my Wifes newish Acer Aspire 6530, & still in it's first year warantie. Acer are almost uncontactable & we need to get at least one of our 3 laptops malware free as we are away from the UK in Greece. Did get through to Acer & they sugested a factory restore using the on board D2D recovery... Did that a couple of weeks back... Made a DVD recovery disc (2 Disks) then Conected to internet & updated Vista home premium. Downloaded MBAM & scanned, I also downloaded AVG 9.0 28 day trial & installed that along with the AVG firewall. The symptoms: To start with not many, other than slowness & some odd warnings. No Internet redirects as such. Then Windows defender started stopping working, I checked the history & found it had let through and allowed to install a registry [email protected]\SOFTWARE\Microsoft\internet Explorer\Main\\Start Page I did a web search & turned up very little info on this, but none good... I now have 2 new keys called: HKEY_USERS\S-1-5-21-3301625118-1092049821-1787829980-1000HKEY_USERS\S-1-5-21-3301625118-1092049821-1787829980-1000_Classes Next day we had aquiered an adition drive called Q: This was inacsesable... This has since diapeared from "Computer" but is still listed when GMER is run. I opened a DOS box as Admin & did "netstat -abfno" to be greeted by lots of connections including some who's host service were located on X: (This is the D2D recovery partition)??? The Windows logs seem to be full of oddness too... It would be greatly appreciated if Anybody cares to help? Steve p.s. Have attached a MBRCheck log & a RKUnhooker log as I did these just to make sure, before posting for help.DDS (Ver_10-03-17.01) - NTFSx86 Run by katofreud08 at 0:54:56.31 on 06/09/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3293.1295 [GMT 3:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\agrsmsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeC:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeC:\Program Files\Acer\Empowering Technology\Service\ETService.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Acer\Acer Bio Protection\BASVC.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Acer\Mobility Center\MobilityService.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\SPBA\upeksvr.exeC:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\PLFSetI.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Launch Manager\QtZgAcer.EXEC:\Program Files\Acer\Acer Bio Protection\PdtWzd.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exeC:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Windows\RtHDVCpl.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Users\KATOFR~1\AppData\Local\Temp\RtkBtMnt.exeC:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AVG\AVG9\avgui.exeC:\Windows\system32\conime.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Users\katofreud08\Desktop\dds.scrC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.co.uk/uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0810&m=aspire_6530gmStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0810&m=aspire_6530gmDefault_Page_URL = hxxp://en.us.acer.yahoo.comuURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No FileTB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exemRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exemRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [PLFSetI] c:\windows\PLFSetI.exemRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXEmRun: [eRecoveryService] mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" showmRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"mRun: [RtHDVCpl] RtHDVCpl.exemRun: [Skytel] Skytel.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: DisableCAD = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dllNotify: spba - c:\program files\common files\spba\homefus2.dllAppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLLLSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter============= SERVICES / DRIVERS ===============R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2010-8-18 43184]R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-8-25 25168]R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-25 52872]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-25 24856]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-25 216400]R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-25 29584]R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-25 243024]R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-8-18 61424]R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-25 921952]R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-25 308136]R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-25 2331032]R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-25 5897808]R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-8-18 81504]R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-11 24576]R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2010-8-18 3521024]R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-8-18 122368]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-8-25 122448]R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-8-25 30288]R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-8-25 27216]R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-19 22072]R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-25 431432]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-8-18 30192]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]=============== Created Last 30 ================2010-09-05 21:43:46 0 d--h--w- C:\$AVG2010-09-05 17:26:27 0 d-----w- c:\windows\system32\eu-ES2010-09-05 17:26:27 0 d-----w- c:\windows\system32\ca-ES2010-09-05 17:26:26 0 d-----w- c:\windows\system32\vi-VN2010-09-05 17:05:17 0 d-----w- c:\windows\system32\EventProviders2010-09-05 16:59:29 524288 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000002.regtrans-ms2010-09-05 16:59:28 65536 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TM.blf2010-09-05 16:59:28 524288 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000001.regtrans-ms2010-09-04 00:00:45 0 d-----w- c:\program files\Microsoft CAPICOM 22:45:03 294348889 ----a-w- c:\windows\MEMORY.DMP2010-09-03 10:07:32 412 ----a-w- c:\windows\MAXLINK.INI2010-09-03 10:07:21 0 d-----w- c:\programdata\InstallShield2010-09-03 10:06:00 0 d-----w- c:\programdata\ScanSoft2010-09-03 10:06:00 0 d-----w- c:\program files\common files\ScanSoft Shared2010-09-03 10:05:35 0 d-----w- c:\program files\ScanSoft2010-09-03 10:03:13 0 d-----w- c:\program files\common files\CANON2010-09-03 09:54:59 0 d-----w- c:\program files\Canon2010-09-03 09:19:00 0 d--h--w- c:\programdata\CanonBJ2010-09-03 09:17:04 216064 ----a-w- c:\windows\system32\CNMLM8T.DLL2010-09-01 16:33:38 0 d-----w- c:\programdata\Sun2010-09-01 16:32:58 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-09-01 15:59:51 20 ----a-w- c:\windows\system32\SYSTEM2010-09-01 05:08:26 17 ----a-w- c:\windows\system32\shortcut_ex.dat2010-08-31 14:01:22 0 d-----w- c:\programdata\VirtualizedApplications2010-08-31 09:00:58 0 d-----w- c:\users\katofr~1\appdata\roaming\SoftGrid Client2010-08-31 08:58:55 0 d-----w- c:\program files\Microsoft Application Virtualization Client2010-08-31 08:56:29 0 d-----w- c:\users\katofr~1\appdata\roaming\TP2010-08-27 11:51:35 0 d-----w- c:\users\katofr~1\appdata\roaming\AVG92010-08-26 05:50:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2010-08-26 05:50:52 49472 ----a-w- c:\windows\system32\netfxperf.dll2010-08-26 05:50:52 297808 ----a-w- c:\windows\system32\mscoree.dll2010-08-26 05:50:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe2010-08-26 05:50:52 1130824 ----a-w- c:\windows\system32\dfshim.dll2010-08-25 18:38:37 0 d-----w- c:\programdata\PlayMovie2010-08-25 10:21:24 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll2010-08-25 10:21:19 3408896 ----a-w- c:\windows\system32\SLsvc.exe2010-08-25 10:21:19 1081344 ----a-w- c:\windows\system32\SLCExt.dll2010-08-25 10:21:16 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe2010-08-25 10:21:16 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll2010-08-25 10:21:14 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll2010-08-25 10:21:11 1480704 ----a-w- c:\windows\system32\mssrch.dll2010-08-25 10:21:09 684032 ----a-w- c:\windows\system32\drivers\spsys.sys2010-08-25 10:21:07 1576960 ----a-w- c:\windows\system32\tquery.dll2010-08-25 10:21:06 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll2010-08-25 10:21:02 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys2010-08-25 10:21:01 928768 ----a-w- c:\windows\system32\scavenge.dll2010-08-25 10:19:59 199680 ----a-w- c:\windows\system32\WebClnt.dll2010-08-25 10:18:59 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll2010-08-25 10:17:59 50688 ----a-w- c:\windows\system32\wsnmp32.dll2010-08-25 10:16:34 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll2010-08-25 10:16:34 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll2010-08-25 10:16:34 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll2010-08-25 10:16:34 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll2010-08-25 10:16:34 265728 ----a-w- c:\windows\system32\wbem\esscli.dll2010-08-25 10:16:34 189440 ----a-w- c:\windows\system32\wbem\mofd.dll2010-08-25 10:16:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll2010-08-25 10:16:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll2010-08-25 10:16:18 218624 ----a-w- c:\windows\system32\wdscore.dll2010-08-25 10:16:18 130560 ----a-w- c:\windows\system32\PkgMgr.exe2010-08-25 10:15:41 247808 ----a-w- c:\windows\system32\drvstore.dll2010-08-25 09:32:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2010-08-25 09:32:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll2010-08-25 09:32:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-08-25 09:32:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-08-25 09:32:41 0 d-----w- c:\windows\system32\drivers\Avg2010-08-25 09:32:30 0 d-----w- c:\programdata\AVG Security Toolbar2010-08-25 09:30:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys2010-08-25 09:29:17 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys2010-08-25 09:27:52 0 d-----w- c:\program files\AVG2010-08-25 09:27:18 0 d-----w- c:\programdata\avg92010-08-25 08:33:33 420352 ----a-w- c:\windows\system32\vbscript.dll2010-08-24 09:20:04 0 d-----w- c:\users\katofr~1\appdata\roaming\Trusteer2010-08-24 09:19:58 0 d-----w- c:\program files\Trusteer2010-08-24 09:16:36 0 d-----w- c:\programdata\Trusteer2010-08-24 07:42:07 377344 ----a-w- c:\windows\system32\winhttp.dll2010-08-23 08:52:53 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-23 08:14:50 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin2010-08-23 08:14:44 11967524 ----a-w- c:\windows\system32\korwbrkr.lex2010-08-23 08:03:33 293376 ----a-w- c:\windows\system32\browserchoice.exe2010-08-23 07:51:44 24064 ----a-w- c:\windows\system32\nshhttp.dll2010-08-23 07:51:40 411648 ----a-w- c:\windows\system32\drivers\http.sys2010-08-23 07:51:40 30720 ----a-w- c:\windows\system32\httpapi.dll2010-08-23 07:50:33 0 d-----w- c:\program files\MSXML 4.02010-08-19 06:04:54 0 d---a-w- c:\windows\Audio2010-08-19 05:12:03 22072 ----a-w- c:\windows\system32\drivers\usbfilter.sys2010-08-19 05:12:02 0 d-----w- c:\program files\AMD2010-08-18 23:07:30 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2010-08-18 23:07:30 1696256 ----a-w- c:\windows\system32\gameux.dll2010-08-18 23:07:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2010-08-18 23:07:04 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe2010-08-18 23:07:04 518144 ----a-w- c:\windows\system32\RMActivate.exe2010-08-18 23:07:03 471552 ----a-w- c:\windows\system32\secproc_isv.dll2010-08-18 23:07:03 471552 ----a-w- c:\windows\system32\secproc.dll2010-08-18 23:07:01 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe2010-08-18 23:07:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2010-08-18 23:07:00 332288 ----a-w- c:\windows\system32\msdrm.dll2010-08-18 23:07:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll2010-08-18 23:06:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2010-08-18 23:01:42 105984 ----a-w- c:\windows\system32\netiohlp.dll2010-08-18 23:01:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2010-08-18 23:01:38 19968 ----a-w- c:\windows\system32\ARP.EXE2010-08-18 23:01:36 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2010-08-18 23:01:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2010-08-18 23:01:35 10240 ----a-w- c:\windows\system32\finger.exe2010-08-18 23:01:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE2010-08-18 23:01:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE2010-08-18 23:01:30 17920 ----a-w- c:\windows\system32\netevent.dll2010-08-18 22:50:16 499712 ----a-w- c:\windows\system32\kerberos.dll2010-08-18 22:50:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll2010-08-18 22:50:15 175104 ----a-w- c:\windows\system32\wdigest.dll2010-08-18 22:50:12 72704 ----a-w- c:\windows\system32\secur32.dll2010-08-18 22:50:12 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys2010-08-18 22:50:10 9728 ----a-w- c:\windows\system32\lsass.exe2010-08-18 22:48:52 2048 ----a-w- c:\windows\system32\tzres.dll2010-08-18 22:47:51 2868224 ----a-w- c:\windows\system32\mf.dll2010-08-18 22:47:48 98816 ----a-w- c:\windows\system32\mfps.dll2010-08-18 22:47:48 53248 ----a-w- c:\windows\system32\rrinstaller.exe2010-08-18 22:47:48 24576 ----a-w- c:\windows\system32\mfpmp.exe2010-08-18 22:47:47 2048 ----a-w- c:\windows\system32\mferror.dll2010-08-18 22:45:26 310784 ----a-w- c:\windows\system32\unregmp2.exe2010-08-18 22:45:20 7680 ----a-w- c:\windows\system32\spwmp.dll2010-08-18 22:45:18 4096 ----a-w- c:\windows\system32\msdxm.ocx2010-08-18 22:45:18 4096 ----a-w- c:\windows\system32\dxmasf.dll2010-08-18 22:45:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL2010-08-18 22:43:18 274944 ----a-w- c:\windows\system32\schannel.dll2010-08-18 22:43:09 2066432 ----a-w- c:\windows\system32\mstscax.dll2010-08-18 22:43:08 53248 ----a-w- c:\windows\system32\tsgqec.dll2010-08-18 22:43:08 136192 ----a-w- c:\windows\system32\aaclient.dll2010-08-18 22:43:03 218624 ----a-w- c:\windows\system32\msv1_0.dll2010-08-18 22:42:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll2010-08-18 22:42:37 43520 ----a-w- c:\windows\system32\msdxm.tlb2010-08-18 22:42:37 18432 ----a-w- c:\windows\system32\amcompat.tlb2010-08-18 22:41:47 2501921 ----a-w- c:\windows\system32\wlan.tmf2010-08-18 22:41:44 68096 ----a-w- c:\windows\system32\wlanhlp.dll2010-08-18 22:41:44 513536 ----a-w- c:\windows\system32\wlansvc.dll2010-08-18 22:41:43 302592 ----a-w- c:\windows\system32\wlansec.dll2010-08-18 22:41:43 293376 ----a-w- c:\windows\system32\wlanmsm.dll2010-08-18 22:41:43 127488 ----a-w- c:\windows\system32\L2SecHC.dll2010-08-18 22:41:41 65024 ----a-w- c:\windows\system32\wlanapi.dll2010-08-18 22:41:23 623616 ----a-w- c:\windows\system32\localspl.dll2010-08-18 22:41:18 243712 ----a-w- c:\windows\system32\rastls.dll2010-08-18 22:41:13 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-08-18 22:41:12 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe2010-08-18 22:40:59 784896 ----a-w- c:\windows\system32\rpcrt4.dll2010-08-18 22:40:38 156672 ----a-w- c:\windows\system32\t2embed.dll2010-08-18 22:38:34 1248768 ----a-w- c:\windows\system32\msxml3.dll2010-08-18 22:38:09 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2010-08-18 22:38:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2010-08-18 22:38:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-08-18 22:36:57 67072 ----a-w- c:\windows\system32\asycfilt.dll2010-08-18 22:34:46 36864 ----a-w- c:\windows\system32\rtutils.dll2010-08-18 22:32:57 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2010-08-18 22:07:21 172032 ----a-w- c:\windows\system32\wintrust.dll2010-08-18 22:07:16 98304 ----a-w- c:\windows\system32\cabview.dll2010-08-18 21:48:45 2421760 ----a-w- c:\windows\system32\wucltux.dll2010-08-18 21:48:20 87552 ----a-w- c:\windows\system32\wudriver.dll2010-08-18 21:48:06 33792 ----a-w- c:\windows\system32\wuapp.exe2010-08-18 21:48:06 171608 ----a-w- c:\windows\system32\wuwebv.dll2010-08-18 21:30:44 0 d-----w- c:\users\katofr~1\appdata\roaming\Malwarebytes2010-08-18 21:30:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-18 21:30:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-18 21:30:35 0 d-----w- c:\programdata\Malwarebytes2010-08-18 21:30:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-18 20:26:10 553 ----a-w- c:\windows\USetup.iss2010-08-18 20:26:09 290816 ----a-w- c:\windows\RTKVADDA.EXE2010-08-18 20:19:16 0 d-----w- c:\program files\Realtek2010-08-18 20:19:01 0 d-----w- c:\programdata\ATI2010-08-18 20:18:44 98768 ----a-w- c:\windows\system32\log.xml2010-08-18 20:13:23 0 ----a-w- c:\windows\ativpsrm.bin2010-08-18 20:10:32 14033923 ----a-w- c:\windows\system32\acer.exe2010-08-18 20:10:31 36909056 ----a-w- c:\windows\system32\acer.scr2010-08-18 20:10:27 0 d-----w- c:\program files\Acer Incorporated2010-08-18 20:10:25 0 d-----w- c:\windows\ACER2010-08-18 20:08:56 44544 ----a-w- c:\windows\system32\msxml4a.dll2010-08-18 20:02:05 0 d-----w- c:\program files\Acer Arcade Deluxe2010-08-18 20:02:02 0 d-----w- c:\programdata\CyberLink2010-08-18 20:02:01 0 d-----w- c:\programdata\Temp2010-08-18 20:00:55 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll2010-08-18 20:00:55 114688 ----a-w- c:\windows\system32\VCryptAPI.dll2010-08-18 20:00:42 23040 ----a-w- c:\windows\system32\ShlCmd.exe2010-08-18 20:00:40 5632 ----a-w- c:\windows\system32\biologon.dll2010-08-18 20:00:25 43184 ----a-w- c:\windows\system32\drivers\AlfaFF.sys2010-08-18 20:00:25 331776 ----a-w- c:\windows\system32\DrvCrypt.dll2010-08-18 20:00:25 16384 ----a-w- c:\windows\system32\AlfaFF.dll2010-08-18 20:00:19 1468928 ----a-w- c:\windows\system32\bsapi.dll2010-08-18 19:59:38 0 d-----w- c:\program files\common files\SPBA2010-08-18 19:59:35 0 d-----w- c:\programdata\UIB2010-08-18 19:58:57 20 ----a-w- C:\Medion.ini2010-08-18 19:58:57 0 d-----w- C:\CLSetup2010-08-18 19:48:41 0 ----a-w- c:\windows\system32\LogConfigTemp.xml2010-08-18 19:47:58 92 ----a-w- c:\windows\GridV.UNI2010-08-18 19:47:56 0 d-----w- c:\program files\Acer Inc2010-08-18 19:46:11 83 ----a-w- c:\windows\QtZgAcer.UNI2010-08-18 19:46:06 0 d-----w- c:\program files\Launch Manager2010-08-18 19:45:43 626688 ----a-w- c:\windows\Image.dll2010-08-18 19:45:43 4838 ----a-w- c:\windows\Suyin.reg2010-08-18 19:45:43 36 ----a-w- c:\windows\PidList.ini2010-08-18 19:45:43 262144 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE2010-08-18 19:45:43 222382 ----a-w- c:\windows\Acer Crystal Eye webcam.ico2010-08-18 19:45:43 200704 ----a-w- c:\windows\PLFSetI.exe2010-08-18 19:45:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf2010-08-18 19:44:30 0 d-----w- c:\program files\Synaptics2010-08-18 19:36:31 0 d-----w- c:\program files\ATI2010-08-18 19:36:28 0 d-----w- c:\program files\ATI Technologies2010-08-18 19:34:27 0 d-sh--w- C:\$RECYCLE.BIN2010-08-18 19:31:20 0 d-----w- c:\programdata\Google2010-08-18 19:28:18 0 d-----w- c:\users\katofr~1\appdata\roaming\Acer GameZone Console==================== Find3M ====================2010-09-05 17:34:20 86016 ----a-w- c:\windows\inf\infstor.dat2010-09-05 17:34:20 51200 ----a-w- c:\windows\inf\infpub.dat2010-09-05 17:34:20 143360 ----a-w- c:\windows\inf\infstrng.dat2010-09-05 17:26:14 665600 ----a-w- c:\windows\inf\drvindex.dat2010-09-05 17:18:21 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont2010-08-23 07:53:59 95888 ----a-w- c:\windows\fonts\cordiaub.ttf2010-08-18 20:19:24 319456 ----a-w- c:\windows\DIFxAPI.dll2010-08-05 16:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat============= FINISH: 0:55:41.32 ===============

Preferred Solution: persistant rootkit survived D2D system reinstall on Acer Laptop.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: persistant rootkit survived D2D system reinstall on Acer Laptop.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysnvraid.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

Read other 37 answers

I wanted to "give back" and try and help someone else after getting so much good advice from this forum.

Last Saturday night I was working on my Acer 7750 laptop that I got back in April, I was on Facebook and just waiting for a pizza to be delivered, I had a full solo cup filled with Diet Coke and a good amount of ice sitting a bit further back from my laptop, but next to it, when suddenly I thought I heard a car door slam, and knowing that I have to put my dog away before I answer the door, I jumped up quickly and my hand hit the glass of diet coke, and suddenly before my eyes diet coke was flooding the center of my keyboard, I grabbed my laptop up quick, unplugged the adapter, and flung the pop off my laptop, grabbed paper towels and started blotting up the evil liquid. I got it as dry as I could and then shut the lid of the laptop, and placed the laptop on a chair since the pizza man was knocking on the door, neglecting to take out the battery. I was very upset figuring I just killed it, there was enough pop on the keys to believe it plus several years ago I had killed my hubby's laptop with the same substance and it immediately died.

As soon as I paid the pizza guy, I grabbed the laptop and I tried to type something and it was working fine. I STILL did not remove the battery, just shut it off!! I wrongly thought I was out of the woods so I happily ate pizza. About a half hour later I went back to my laptop and to my horror my keyboard was now typing gib... Read more

A:Solved: My Acer 7750 Laptop SURVIVED a Diet Coke Spill

If you ever do it again take the battery out and quickly swill the keyboard with a little distilled water to wash the sticky coke away, Clean distilled water will not usually harm electronics providing there is no power until it has completely dried out.

Sticky drinks will leave stuff behind when they dry out so it is better to swill them out with (even) clean rainwater if you haven't got distilled water

Read other 3 answers

It's not the RAM sticks since i got it after changing both of them around. Might be the HDD...

A:BSOD survived windows 7 reinstall?

Start Menu\Programs\Ad-Aware Antivirus Public:Start Menu\Programs\Ad-Aware Antivirus Public
Seems to contribute to your crashes. Remove and replace with Microsoft Security Essentials to see if it provides more stability. Uninstallers (removal tools) for common antivirus software

Microsoft Security Essentials and Malwarebytes are recommended from a strict BSOD perspective. They do not cause blue screens on the system as other AV products do.

Microsoft Security Essentials, Free antivirus for windows

Malwarebytes Anti-Malware Free

DO NOT start the free trial of MalwareBytes, unselect that option when prompted.

Make full scans with both separately.

System Optimisers
Please remove the following software:

Start Menu\Programs\Wise Registry Cleaner Public:Start Menu\Programs\Wise Registry Cleaner Public
This software is a known cause of BSOD's. The windows 7 operating system does not require these registry cleaning software. They often tune-down rather than tune-up and can wreck the OS beyond repair. Microsoft have improved Windows 7 significantly and it is much better at organising and optimising itself than its predecessors. Check this, this and this thread for evidence.

If you feel the need to use a registry cleaning or optimisation software, most of us recommend the use of CCleaner - PC Optimization and Cleaning - Free Download but make sure you back up the registry befo... Read more

Read other 1 answers

i did a vista reformat of my computer when TDSS rootkit took over. So far the symptons I experienced before (redirecting me to phishing sites, unstable interface) are not present after reformating.

however I am afraid that it may have survived as a "windows.old" folder was created automatically after reformat.

here's a GMER scan, can someone analyze it, thanks:

GMER - http://www.gmer.net
Rootkit scan 2010-08-22 16:52:06
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agroypog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

A:afraid rootkit survived reformat

If you FORMAT (choose Custom to install a clean copy of Windows), not Upgrade (Repair install, over the top, keeps old data) nothing should survive. When using the clean install, there's another step which Vista does not make clear.

Setup will display a warning that your existing Windows installation will be copied to a folder called Windows.old. Click OK to proceed.

Note: If you're performing a true clean install, having booted from the DVD, at this point you should click the Drive Options link and then click Format to wipe your hard disk clean prior to installing Vista.


Nothing bad in that scan, but it doesn't look like it's been run with our preferred settings. You've not posted all the required logs, either.

Please follow our pre-posting process outlined here:


After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers

Hi. I am new to this forum...I signed up because I am out of options and about to smash my computer into pieces.
I have an Hp Omni-1057c all-in-one, my problem has been ongoing for weeks now.
I recently discovered my pc was badly hit with a rootkit from he'll. I have tried unsuccessfully to do a clean re-installation of Windows 7 HOME premium with the Hp Oem recovery discs. I have lost all my data so I don't really have anything to lose now. I am up to 12 tries of installing Windows and as soon as my desktop appears for the first time, all sorts of weird processes are running and one called: TrustedInstaller. No matter what I have trie, it deletes only momentarily. Keep in mind, this is all going on with no Internet connection set up and no windows updates. When i try to shut down for the first time... Everything, windows says there is one update file that must install after restart.
I have erased, wiped, formatted, dban nuke, reset bios, reset cmos, removed battery....all of that and it still appears.
Tonight I even tried installing Windows 7 ULTIMATE, Non-HP and it still does the exact same thing.
I know there is atleast a rootkit at minimum because if I try start up repair it fails everyone. I check details and it says root file error.
Thanks for your time ---

A:Rootkit and/or virus survived Dban nuke!!!!??

Hi pinktuna1200 TrustedInstaller.exe is a legitimate process and user under Windows (and a critical one on top of that), so I really doubt that it's a rootkit Is it the only thing which makes you believe that you are infected, or is there anything else? Also, can you list the other "weird processes" you are talking about?

Read other 1 answers

i have reinstalled an acer
and its still so slow after reinstall and hard drive is chattering all the time
is it possible the hard drive is faulty?

i mean can hard drives still work if they are damaged or will they not work at all?
its only a celeron 1.4 but you wait 45 seconds for word to open


A:acer laptop still slow after reinstall

What os are you using and how much ram do you have
Did you do the reinstall with factory recovery or a retail disk

Read other 2 answers

I have an Acer aspire e1-570 where the c: drive partition is deleted. (It is a friends pc and he treid to put win 7 on it) All the other partitions are still there. He did not make any recovery dvd or usb stick.
I trayed to get i restored to factory settings, but can not.
It says it is missing a partition.

Any one know what to do?

A:Erased c: on Acer laptop can not reinstall win 8

You can order the Microsoft official OEM Recovery disks from the OEM manufacturer's website.

You can Order Acer recovery disks from here:

Acer | Recovery Media
Check in Accessories
or check the main web site.
Acer Worldwide - Select your local country or region

Read other 6 answers

my wife's laptop recently had a virut infect it and it made a complete mess of it. with the help of another forum (my apologies already) i thought i cleaned up the mess.. but it turns out.. no.

now when i boot up i get safe mode options along with the normal boot and boot with last known working config. all of them except the last known working config end up just looping infinitely. the last known config just brings it to a black screen and nothing happens.. at all.

i have a backup cd i made, but i am not sure how it works and it wouldnt boot it after i changed the boot sequence in the BIOS to cd as the first boot source. i figured, ok, time to just reinstall XP. unfortunately, i dont have one so i broke down and burned a copy from a source. not though, when i boot, the cd doesnt boot up and i ended up in the same situation with the same loop.

any ideas?

A:Acer laptop wont boot from CD during XP reinstall

If you had a working CD, I'd suggest booting from the CD and trying to perform a repair. As you don't have a CD, you will either need to A) contact Acer and try to get a disk or B) buy a new copy.

Read other 1 answers

I have a Acer Aspire 7520 laptop that used to have Vista installed. I've been playing with it some and installed Ubuntu some time back. Got recovery and system disks from Acer to reinstall Vista but keep getting a window saying something about windows/vista not able to install with this hardware. I haven't changed any of the original hardware and have reformatted the drive with both fat and ntsf but get the same problems with hardware message.

A:Reinstall Vista on Acer Aspire 7520 Laptop

All Linux code must be deleted.

Disk - Clean and Clean All with Diskpart Command - Windows 7 Forums
Partition or Volume - Delete - Windows 7 Forums
Partition or Volume - Create New - Windows 7 Forums

Try a full clean & full format in command prompt.
1) Boot DVD & Press Shift+F10 (for command prompt)
2) Boot DVD, & Windows 7 Forums command prompt)

Type in command line

SSD : Optimize for Windows Re-Installation - Windows 7 Forums

Read other 11 answers

I have an Acer Aspire 5551 Laptop. Recently it was infected by a virus and I had to reinstall Windows XP SP2. After that i installed all drivers available for this model from the Acer site, and some empowering Tech utilities (framework and eSettings).But when i tried to install the driver for Bluetooth, it said "Device not found.Please check it is connected and turned on".So i tried to push the slider button on the front of the laptop, but the bluetooth didnt switch on. Before the reinstall, this was working fine.Similarly the slider button for wireless network is also not working.Then i tried to install USB driver for my LG phone, but again there was some problem. Though the LG sync software can detect the phone, but cant transfer files or anything. Once it gave some error message about some problem in COM port or some such thing.But i didnt understand it.I am wondering whether there is some basic motherboard driver which i did not install, which is causing all this ?I had already installed the chipset utility from the site.
Any suggestions are welcome.
thanks and regards

A:Problem wid Bluetooth after XP reinstall(Acer 5550 laptop)

Welcome to TSF!
Please open a run box (hold windows key and press "R") and type:

Are any of the devices listed accompanied by an exclamation mark or question mark?

Read other 3 answers

my system files keep getting chopped up and renamed and drivers are getting corrupted. can you see if anything looks unusal?
DDS (Ver_09-10-24.04) - NTFSx86
Run by kentadmin at 16:49:26.77 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1915.939 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba... Read more

A:persistant rootkit

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 10 answers

Good Afternoon,

I'm looking fix/remove some malware that has been causing redirects on Firefox for the past two weeks. The redirecting is infrequent and I can't be sure if there is a particular pattern it fits, nonetheless, knowing I have a worm on the machine has kept me from doing financial work on it, which has become a pain. I've run Spybot and Windows Defender to no avail. In addition, I updated my laptop to Windows 8 (it was cheap and I thought maybe I could kill two birds with one stone). Sadly the redirects kept on happening after going from Windows 7 to 8. Any help is much appreciated and please find the requested logs attached.



A:Infrequent Browser Redirect Which Has Survived Instalation Of New Operating System

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 6 answers

I have a rootkit on my computer that is redirecting my Google links, preventing Microsoft Security Essentials from running, and generally slowing down my computer. I have attempted to use Security Essentials Offline, Malwarebytes and TDSSKiller at various points, but all seem to be temporary fixes at best and useless at worst.

When I ran GMER, the only boxes that weren't greyed out were Services, Registry and Files; the results you see from that scan may therefore not be complete.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by LaNoktaTempesto at 18:22:21 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.5996.3482 [GMT -6:00]
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost... Read more

A:Persistant rootkit, TDSSKiller doesn't seem to help

Hello LaNoktaTempesto, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

Read other 15 answers

Hello guys, Ive always been browsing this forum looking for clues to most of my malware incidents and usually succeeded by running standard procedures, but this windows/system/uacinit.dll has messed up windows xp pretty bad.
Some days ago my firewall came up with an executable from windows/temp which I blocked, but straight after a fake yellow sign with an exlamation mark showed up in the system tray claiming a virus warning and a windows98 themed empty pop up showed up on screen. Also searches from google seem to contact web-analiticys.google.com before showing results and almost every link redirects me to abcjump.com or windowsclick.com. I took a look in my windows/temp folder and found numerous Perflib_Perfdata_###.dat files which I dont think belong there.

Now for my actions taken I ran Ad-aware which cleaned up a bit but always comes back with the same files:
-Win32TrojanTdss, 2 files found in windows/system32 and 1 file found in \\?\globalroot\syste\.\

Furthermore I had to rename Anti-Malware to make it executable and it returns with unremovables:
-Trojan windows/system32/uacinit.dll

After numerous attempts to remove these files with either Ad-aware or Anti-Malware my windows xp now freezes a lot just before loading in progs at the system tray at a startup. I can run windows safe mode just fine though. I would greatly appreciate any help given to remove this presistant infection.

... Read more

A:Persistant rootkit/trojan, uacinit.dll

Hello oetang and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 3 answers


I'm having an issue with a Gateway M305X CRV Laptop. When I got it to work on from a friend, it was displaying spyware symptoms. These symptoms were IE 7 opening windows automatically and constantly refreshing the open IE window. She had run malware bytes and adAware with no luck.

When I got the laptop, I tried a system restore using ERD commander with no luck...so I opted to reinstall the operating system instead of trying to clean it since it was near impossible to work with...the more you click to open things, the more IE windows open up.

To prep for the first reinstall, I used the UBCD (Ultimate Boot Disk) to run FDisk to delete the partitions and a format command through DOS. I then used the Gateway OS CD to reinstall XP. Before I could get the updates finished, I began to have the same symptoms again.
Figuring that it was buried in a partition somewhere, I removed the hard drive from the laptop and connected it to my Vista machine running Trend Micro Enterprise. I did a full scan after updating the scanning software of Trend Micro, Spybot S&D, adAware, and Malware Bytes. ALL of the scans came back with no reported problems. I ran Hijack with no reported problems.

Figuring that the format in DOS wasn't enough, I downloaded the latest utility from the hard drive manufacturer (HITACHI) and ran an erase boot sector (overwrite the sector with zeroes...stated in the utility) and the erase hard drive utility which took about 2-3 hrs. I then reinstalled ... Read more

A:Persistant Spyware Symptoms After Reformat/Reinstall of Win XP Home

Well there are two things that you could do. One would be to remove IE[IE.exe so the executable won't run] and see if it still presists? (http://support.microsoft.com/kb/957700) I'm guessing booting into linux (via a live disc) isn't a problem?

Read other 7 answers

Pretty much any wifi-capable device that was connected to my previous comcast modem was infected by some sort of malware, including my win7 desktop, win8 laptop, and numerous android phones. 
I called comcast technical support because the gateway password to the modem was changed, and none of their remote router access fixing tools could connect to it, and was unusable even after a fair amout of hardware resets.  I gave that modem back to comcast for a replacement and am now much more cautious with password protections, but all of the devices were still infected.  I eventually gave up on trying to fix my desktop, and instead copied all of my sentimental/important docs (along with the virus too, probably) to an external hard drive and factory reset my computer.  The malware itself is very sneaky, and copies itself into legitimate files, such as my Razer Taipan mouse, of which 200+ related Razer files are all trusted.  On pretty much all of my AV software there are many exclusions and trusted files and certificates added that limit my ability to remove anything, so I really just need some professional assistance here.
Thank you very much.

A:Infected by persistant LAN traveling Rootkit Trojan/worm/malware

Greetings JohnnyThunder and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter p... Read more

Read other 9 answers

I have been fighting this virus/rootkit/bootkit whatever it is for getting close to 6 months now. It started as some virus on my little brothers computer at his house which infected his router and about 5 other computers in the house. I connected to the router and it proceeded to infect my laptop, the router at my home and all the computers there as well. It also has infected 4 android phones a Palm Treo Pro with windows mobile and a palm Pre. Along with infecting anyone who connected to any of the routers. I am currently writing this from my mothers laptop which has the worst infection. She purchased a new one to replace the old one which seemed to be impossible to to fix at a cost of around $2,000. 1 Day later her new laptop was infected although it wasn't apparent to to her. I am currently go to school for my Bachelors in Computer science, my Cisco CCNA and Network security certifications. Have been building computers since I was 10 (am 28 now) and I have never come across anything like this in my life. She has been content with just letting it be because the computer works to a point. I on the other hand will not have someone or something controlling my computer. The os on this computer is Windows 7 Home Premium x64 HP laptop with a 2nd gen core i-7 that runs like its a 486 and its so infected its unreal. Also the infection causes the computers to load in Windows PE mode in a virtualized environment so nothing picks it up. I have 2 desktops and a several laptops ... Read more

A:Persistant Rootkit for over 6 months now Infects Routers Windows x32 and x64 Linux Android Phones etc

here is the dds log as well as an additional one. Will c if if it uploads this time.

Read other 3 answers

I am self taught on a Vista laptop over the past 5 years. Last year I was given an Acer 1640Z laptop which has the XP OS, and have kept it up to date for a relative. Today I pressed the wrong button which started to wipe the XP. I switched off immediately, however, I now cannot get it to boot up, or even boot from a Macrium Reflect rescue DVD. The message on screen is that the file is missing or corrupt,i.e.- Windows root\system 32\hal.dll

It looks like any remedy will be too technical for me (70yrs )

DO NOT THINK I have posted this in the incorrect forum, why I am posting here is the Acer laptop has an official sticker on it, quoting " Designed for Windows XP - Windows Vista Capable."

The question is can I convert the Acer from XP to Vista, since I still have the disks which came with the Dell Vista laptop when I bought it new ?

Hoping for some positive guidance in ths matter.

A:Acer Laptop XP system - crashed.

That error is a bad one to get because it indicates very low level corruption. You will have to reinstall XP. The hard drive will probably have to be reformatted. You can't use a copy of Vista that came with a dell on an Acer so unless you can find a retail copy of Vista you are stuck with XP or Linux. By now it will be too late to get the Vista disks from Acer but you can try.

Read other 6 answers

I have an acer laptop, and it will not boot up. It displays a blue screen and says Fatal system failure. Is this realy a fatal system failure?

A:Fatal system failure-Acer laptop

Have you tried reinstalling windows?

Read other 2 answers


I have a acer laptop with Windows's 7 I attempted to do a complete system restore to factory settings the process goes through but never returns to the state to set up the computer to be used after the system says it is restores the black acer screen comes up and at that point all it does is say boot mgr failed press ctl alt delete to restart . I need to get this computer back to normal operating status

A:Acer laptop system restore issue

Do you have the orginal Windows 7 CD?

Read other 6 answers

Hey folks, thanks a ton in advance for any help or suggestions given. I guess my old account was deleted, but I previously joined/donated for some help received. Regardless, I have a friends Acer laptop I am attempting to help her restore as usable. Acer Aspire 6930Intel Core 2 Duo Processor T5800 (2.0GHz, 800MHz FSB, 2 MB L2 cache)1244MB Mobile Graphics Accelerator 4500MHD3 GB DDR2320GB HDDWindows VistaWhen you boot it, it pretty much stays in the boot screen.....does no more. She got the computer from Best Buy, and they set up 3 recover disks. When you try to run the 1st of 3, I select the language....then a prompt comes up to ask me what I want to do. As you can see below, I cannot select "restore from backup". I then click to "restore to default" and then I get this error message......I searched the error message, and found others who've experienced the exact same issue. What they discovered is that the computer would not utilize the recovery disks if there was an existing partition. So the folks with the same problem as I, downloaded the Ultimate Boot Disk to recover their computers. When I do that, I got a message in BIOS saying "No operating system found".This whole message....I can follow directions very well, and I am a fairly familiar with computers....but not enough to solve this one. I appreciate anyones time thrown in to try and find a fix or a final resolution (if the HD is fubar). Darren

A:Acer laptop : Operating system not found

Can you download a Linux Live CD from http://www.ubuntu.com and burn it to a CD and see if it can read your disk drive.

Read other 48 answers

Hey guys,

So I made the mistake of opening an email and got infected with the System Fix virus. I followed your guide(http://www.bleepingcomputer.com/virus-removal/remove-system-fix) to the letter but System Fix is still on my system...any help you could give would be greatly appreciated.

A:Very persistant System Fix infection~

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 15 answers

I have an Acer Travelmate 4200 that got a drink spilled on it last night. It spilled all over the keyboard, so we took apart the top section of the keyboard to clean it out and dried it upside down last night to get any remaining liquid out.

Now the computer will not load. The green power light comes on and it acts like it is trying to read the DVD drive but then it does nothing. The fan comes on as well. But no screen or anything else.

Please help, this computer has the research for a thesis and it is very crucial to school.


A:Acer Laptop wont start operating system now!!!!

Aparently you have tried to make the laptop as dry as possible, but things can still be fried inside it. I am afraid the latter is the case and that you will have to opt for a waranty claim, although water damage usually isn't covered in that.

To recover the data I suggest to remove the harddisk and put it in or connect it to another laptop... but bottomline is that I think your laptop is lost :-(

Read other 1 answers

An Operating System Wasn't Found. Try Disconnecting Any Drives That Don't Contain An Operating System.Press Ctrl+Alt+Del to Restart

I Have Try Everything and Nothing works..My Laptop Is An Acer Travelmate 5335

Read other answers

hi guys...this is my first post and I need serious help. Since today, I'm stuck with 2 shystem tray icon that keeps telling me I have adware running on my computer. I can't turn them off and when i click on them they lead me to two sites. They are Slimshield and SpywareQuake. Can anyone help me with removing them? Here is my log:

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\syste... Read more

A:Help With Persistant System Tray Icon!

Please re-post & include the top header of the Hijackthis log.

Read other 13 answers

The internet on my Acer laptop is so slow after a system restore, it takes 25 minutes to download a 17 MB file on a 5 mbps internet connection.

The reason why I had to restore my laptop, is due to me deleting some registry keys.
Why I delete the keys in the first place (made everything open in notepad), is due to me trying to delete zone alarm toolbar (nightmare)
I also download some other programs which include lastpass,truecrypt,file shredder, novastor backup, threatfire, zone alarm firewall, bufferzone.

other important notes.

if you need me to run any tests on computer just ask me and I will run the test.
My laptop is a aspire 5750G
I have already used cclener, smart pc care, slimcleaner.
it's not a virus
I get error messages such as sever hang up and can not display webpage
I am using Google chrome as my browser

So How can I fix the speed of my internet?

A:[SOLVED] Help, the internet on my acer laptop is slow after system restore

Hi and welcome to TSF please try running sfc /scannow http://www.sevenforums.com/tutorials...e-checker.html

Read other 15 answers

Could use help on this one. I am trying to fix my buddies Acer Aspire 5735 and I get past the main password and get into the utilities screen and receive a system password. I have tried for over an hour different passwords but to no avail. I tried to just get into the boot menu which i can. But every option available starts up and then restarts the computer. None work not safe mode enable boot log restore system services last known config nothing. I tried running a vista recovery disc wont load. I tried to run a new installation disc nothing. I even called Acer tech support and they said they dont put them passwords on their machine and a program had too.

Any suggestion what I can do or what could be causing this issue?

Thank you Ray

Read other answers

Ok, so earlier today i decided that i needed to restore my laptop to factory default. As you can see from the title, i use an acer laptop which means i used the acer Erecovery software. All went well at first, although it took a stangely long time at a screen which said "setup is starting." The problem now is, I am now stuck on the acer 'software installation screen!' It is stuck at 41/48 where it is trying to install clear.fi v1.0. I think i heard the sound of an error earlier which worries me as i dont want to force restart my laptop as it clearly says not to do that and doing this caused my hard-drive to break last time!
I have been on this screen for about 2 hours now, and will leave it overnight if i have to. I just need to know what to do if it does not fix!

A:Laptop stuck on acer software installation after system restore

Have you categorically rejected the idea of doing a clean install, as opposed to a recovery to factory specs via the Acer software?

Acer software and support being what it is, I'm not surprised by your predicament and don't have a solution to that other than to wait as long as you can stand to see if it sobers up.

Read other 9 answers

I was hoping that someone may be able to provide some advice re a small problem I have. Since my laptop died and I've rebuilt it. The time is not correct on it. When I power on the laptop the time is wrong and I then reset it to the correct time. If I leave it on for a few hours it seems to lose time if this makes sense. I believe the CMOS battery controls the time when the laptop is switched off and this could be the problem, but I thought that once the system was fired up the time was controlled by the operating system. Is this correct?

Also if it's the CMOS battery that needs replacing is there anyway of knowing this is the issue before dismantling. Problem is that the location of this battery requires full dismantling and reassembly. Typical manufactures they put the CMOS battery in the most inaccessible place on my laptop.

Would anything other than the CMOS battery be responsible for this isue, could it be a virus or anything along these lines..

Any advice appreciated...

A:System running win7 losing time on my Acer 8930G laptop

No; actually that is where you are wrong. The CMOS battery keeps the date and time in tact at all times no matter whether the computer is on or off. The operating system just allows it to use the internet to check and set the time correctly. There probably is no virus; just the battery needs replacing. Which should be pretty simple. I believe you have to take off the top case to get to the system board and locate the cmos battery.

Read other 3 answers

I've been dealing with this for about 3 days so I apologize if can't remember what I was doing or the exact messages I recieved from any virus or trojan.Windows XP Home 2002Service Pack 3Samsung Netbook NC10(In order)Scanned with SuperAntiSpyWare(Safe mode with networking) about 2 or 3 times, mostly picked up FakeHDD Trojan (System Check)and a bunch of adware cookies.I tried Kaspersky (Safe mode w/networking) (Picked up Alureon and more FakeHDD)Performed unhide.ex to unhide all my items (It worked)Computer was still slow and acting weird and I recieved the same Security Check warnings (Sorry, brain is fried, wish I could remember the wording). I went to Bleeping Computer and followed the "Remove System Check" recomendations completely. RKill gave me some trouble, then Malwarebytes but after many tries finally got them both to stick.Performed unhide.ex again.I even downloaded Secunia-Mentioning this just in case it's important..not sure if these volunrabilities allowed these viruses to get in. (It is at 94%, had a lot of trouble trying to update Microsoft items such as Framework. Still can't update these 5 items; the MS ones just fail:
CyperLink PowerStarter 5.x (5.00.1310)-End of LifeInterActual Player 2.x ( IE 6.x (6.00.2900.5512)-Insecure------->Not sure how to delete this older version o_OMicrosoft IE 8.x (8.0.6001.18702)-InsecureMicrosoft Windows XP Professional-Insecure

I wanted to be sure so I tried Malwareby... Read more

A:Persistant System Check, Alureon, Trojan Gen-IExplorer, [email protected]

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 14 answers

This Acer Aspire 7250 laptop with Windows 7 64bit system has been causing trouble ever since I ran Tron script. I have ran the DDS on this machine if needed I will post as directed. As the title says the stuttering and delays are system wide. In event viewer the Error 11, the driver detected a controller error on \ Device\Harddisk\DRI. , which concerns me. I was seeking help on this if anyone has an idea. There are about 7 other error/warnings in the event viewer 3 of which I know to be irrelevant. As of now I only have Windows Firewall and AntiMalware malware on this system, formerly Avast Premier was on the machine. If more information is needed please inquire, I appreciate all assistance.

A:Acer Aspire laptop stuttering video/audio - lags entire system and programs.

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post. 

Read other 24 answers

Everytime I boot up windows normally I get this blue screen:


I can boot up in safe mode, safe mode with networking, and safe mode with command prompt. I am able to perform a system restore, and that fixes it until I restart again, then the same blue screen comes up.

It's kind of weird how this happened, I was converint some files on my computer for my ipod for a few hours straight, turned the laptop off, b/c i thought i was done wiht it, but wasn't, go to turn it back on and this happens. I ran norton full system scan, only found cookies, ran speed up my PC, deleted over 1500 files, still that blue screen.


HP dv9500t
Vista Ultimate (64-bit)
Intel Core 2 Duo processor T7500 (2.20 GHz;4 MB L2 Cache;800MHz FSB)
17" HD BrightView WS (1680x1050)
2GB DDR2 Mem
200GB 7200RPM SATA Dual


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:39 AM, on 1/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Butt... Read more

Read other answers

Hi i cant reinstall Acer Care Center, it error "Download failed. Check your network connection and try again" Anyone managed it at all, any help appreciated. Acer staff, can you help or advise please ?

Go to Solution.

A:Hi can anyone tell me how to reinstall the Acer Ca...

Hi guys,
Here is the link to the Acer Care Center download. Let me know if you have trouble.

Read other 3 answers

Hi i cant reinstall Acer Care Center, it error "Download failed. Check your network connection and try again" Anyone managed it at all, any help appreciated. Acer staff, can you help or advise please ?

Go to Solution.

A:Hi can anyone tell me how to reinstall the Acer Ca...

Hi guys,
Here is the link to the Acer Care Center download. Let me know if you have trouble.

Read other 3 answers

Hi i cant reinstall Acer Care Center, it error "Download failed. Check your network connection and try again" Anyone managed it at all, any help appreciated. Acer staff, can you help or advise please ?

Go to Solution.

A:Hi can anyone tell me how to reinstall the Acer Ca...

Hi guys,
Here is the link to the Acer Care Center download. Let me know if you have trouble.

Read other 3 answers

Hey people,

sorry to Amateur mod...I was a little bit hasty but I am furnishing all the requested documents below.

first, my original text;

Had a virus that disabled my anti-malware software (Malware Bytes)....ran RKill from BleepingComputer which disabled the virus etc etc, so that I could then kill it.
Malware Bytes ran a full scan, detected many infected files etc and I removed/quarantined them as per usual....normally malware bytes fixes everything and i love it!

Upon restart however, I still have the winword2.doc trying to open, with the WINWORD.EXE process hogging system memory in task manager. Also, Chrome is now sporadically crashing, and when I try to reopen it, it loads and then disappears, or doesn't load at all.

after looking in my processes in task manager, I have around 3 "iexplore.exe" processes running, not using system memory. However, when I end these processes, Chrome then loads correctly.

RKill doesnt terminate these processes and malware bytes doesnt find them....

TrendMicro house call online scan found and removed files that malware bytes didnt find...and upon restart actually fixed my problem with Skype encountering a problem and needing to close every time my laptop starts.....however my MSN Messenger / Live Messenger still crashes, and I still have the iexplore.exe processes running.

so to sum up;

my google results arent hijacked, but I have to click the result link I want like fifteen times quickly for the websi... Read more

A:Virus has survived everything I've tried

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this ... Read more

Read other 5 answers

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by william at 23:17:38 on 2012-03-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.1972 [GMT -4:00]
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceN... Read more

A:Rootkit ? after clean reinstall

Hi bwrighttwo and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you!===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button ... Read more

Read other 18 answers

i need some help on a vista reinstall. I have an Acer Aspire 5610 and cant really find much documentation on this, let alone documentation that is actually of help. I purchased this laptop a while ago and feel its time for a reformat, ive come to a problem. i have a "windows anytime upgrade" disc, and no other disc. what do i actually need to reformat? I've done it on xp in the past, but completely new to vista

A:Acer Vista Reinstall?

I have a acer and have reinstalled vista.
You need to find E-Recovery and from there you can
Restore your comp to factory settings also make vista reinstall discs and backup your comp to discs.
hope this helps

Read other 3 answers

I have tried both Windows Media Creator Tool, and a Win 10 ISO file to reinstall win 10 with no success!!! I'm at a loss, as to how I can accomplish a successful install!! Any fixes that you guys have had success with??  Thanks in advance!!

A:why can't i reinstall win 10 on my acer aspire lap...


Read other 1 answers

I have a Acer Netbook Aspire One ZG5 which has had the operating system reinstalled and I have just been through the horrors and seen the blue screen of death etc. I would like to reinstall XP from the onboard version if possible as I would like to keep the data intact.
Can this be done or where do I go to get a copy of XP to reinstall off a USB stick?

Your help will be greatly appreciated as I am keen to get it going again. If I am better off to install Unix or whatever please advise

[email protected]

A:Acer Netbook reinstall

If it has just been reinstalled, you may be wasting your time doing it yet again. What type of error are you getting? Are you sure that you don't have a hardware problem, such as faulty RAM or a bad hard drive?

Whether the OS can be reinstalled from the onboard image depends on how it was reinstalled last time and if the image has been damaged or destroyed by any changes having been made to the drive's partitions.

If you need a CD, you will need to buy one from Acer specific to that model. Recovery CD's should be available at their site.

Read other 2 answers

I'm trying to reinstall xp on a acer 3000.I can use the keys in BIOS and using recovery cd,I can use the keypad whille its installing but when its finished and gets to wecome to Mircosoft windows"lets speand a few minutes setting up your computer" the keybroad won't work.Also tryed using a mouse.Any help would be great I'm at a loss.Thanks

A:Acer 3000 reinstall

A system recovery using manufacturer's disks...I'd try a different keyboard (after disconnecting the old and then reconnecting...then rebooting).

At what point can you not use the mouse?

Ditto for the keyboard?

Does the desktop appear (properly)?

Can you boot into safe mode from a cold boot?


Read other 5 answers

Issues include CD player not working. Probably my fault due to inadvertantly erasing the program ( think). OR player malfunctioned. Ken aka LIQUIDNIRVANA

A:I need to reinstall the Acer program.

What is your model number and what program are you talking about?

Read other 1 answers

We just pulled Vista off and put XP on an Acer Aspire 4220. Audio, video, LAN, Wireless, SD card slot, modem, touchpad, chipset (nVidia) and CPU (AMD) drivers have all been installed and work perfectly. However, Device Manager still shows three "Base System Device" entries with yellow question marks and I cannot figure out what they might be. Suggestions?

A:Mystery "Base System" devices on Acer laptop

Read other 7 answers

Hello. It's the second time when I come here.
First I had this problem - https://forums.techguy.org/threads/my-laptop-wont-boot-from-usb.1173499/
and now it got worse.
I don't know what happened to my Acer Aspire ES 14 (ES1-431-C8JZ). (I haven't dropped it or something like that)
When I turn it on, it stucks on Acer logo screen, and then I can't do anything.
I tried to restart it, same problem.
I tried to enter BIOS, Boot Manager, nothing works.
Then I disassembled it, reset bios, and again, nothing worked.
I made a bootable USB - Slax, I tought Linux could fix this, but it doesn't work. It doesn't boot. I tried to remove the hard drive so I can boot with Slax like this (I've heard about this feature of slax - to boot even without hard drive) but it won't pass the Acer logo.
It would be great if someone can tell me where is the problem or how to fix it. Thank you.

A:Laptop Acer won't load past Acer logo screen

Did you ever solve your previous thread?

It's possible that your hard drive is faulty, and it can't boot into Windows because of that.
I don't have any experience with Linux, so I can't confirm if Slax allows you to boot without a hard drive installed.

Do you have any spare hard drives lying around? If not, consider purchasing a low capacity one, installing Windows on it, and trying to boot then. If it still won't boot, then you didn't spend much money on the hard drive, and it'll narrow down your issue a little more.

Worst case scenario is there's something wrong with your motherboard (as per your other thread involving your USB ports).

Read other 3 answers

I'm going completely crazy here.
Gateway GT5028. Windows XP. The problem began with a flicker in the screen, which I guessed was connected to the graphics card, and figured I couldn't do anything about it. Next came what I now have read was a trojan disguised as "Microsoft Security Essentials" which I fell for. I tried AntiMalwareBytes, but only made minor progress. Within 30 minutes of a reboot, I would have nine "svchost.exe" processes running each at about 140MB. Also, in any internet browser I used, when I right clicked to open in a new tab I'd get some random site opening about insurance or mortgages. Explorer didn't start up with re-boots and I'd have to do it manually through Task Manager to get my desktop up. Tried some fixes I found online but to no avail. When all else failed in my attempts to remove this from my system, I re-formatted the HD, but the problem persisted somehow, though the screen flicker seems to have disappeared. The problem seemed entangled in McAfee which came with the system (with it finding malware in its own files), and which I only finally removed with the McAfee removal kit. Still, every time I run AntiMalwareBytes, it finds new malware. Also, using just IE now I have the same problem with the right-clicks open new tabs with and get some random sites about insurance or mortgages. Just ran AntiMalwareBytes again (at least the 5th time since the re-format). Here's the log:

Malwa... Read more

A:Malware survived reformat

Only way it would have survived a reformat is by using an infected piece of data backup, or by using a possibly illegal version of Windows.

Read other 16 answers

Well Ive done just about everything imaginable to cleanup this virus. It originally was user32.dll being malicious creating a nvtpm32.dll tying itself into winlogin, anytime being deleted itd recreate itself. Removed the hard drive, usb it to a secondary pc and did a image backup of the drive and saved it as an acronis image file on an external drive. I also had a usb flashdrive plugged into the virut infected pc trying to fix it.

Since then I have reformatted the pc, upgraded to sp3 and all updates, put on avg and was going to restore the good data, but as soon as I plugged in the external drive avg started seeing the nvtpm32.dll file again.

I have ran malwarebytes antimalware, avg anti rootkit, and got those to be clean free.. but then once i had the laptop join a wireless network, it instantly started creating temp files in system32 and windows directories with avg seeing errors. though it looks to be a different virus now..

One thing to note, sysinternals rootkit revealer showed issues on the external in a path $Extend\ which I cant seem to access? and not a clue how to clean up that external, is it possible the virus can go inside acronis image files that havent been accessed??

Also the gmer.exe file Always reports a crash upon startup, so cannot use that to give any logs. Here is my dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 16:47:52.31 on Tue 03/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Wi... Read more

A:virus - survived reformat - need help

I see you have already been informed that this is a Virut infection. This thread shall be closed.

Read other 1 answers