Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.

Topic Review

[*] posted on 13-7-2008 at 12:36
I actually managed to find an option buried deep within the options of the Acer eManagement Backup program that gave me the opportunity to create a recovery set of CDs or DVDs. I tried it, two DVDs later it was time to re-boot and see what happens. The recovery program started to load and I thought I was on a winner. Nope! It threw up a "the program has failed owing to an error, please reboot" I did mention the error, which was very informative "0CE00BOOLSHIRT" or similar.

The owner picked up the lappy this PM as I could offer nothing more than return it to place of purchase with a cryptic remark or six.

She rang me to say that it's working better than it has for ages, despite the fact that I wasn't happy. She is going to take my advice, though.

From this experience I've learnt that, of the Vista lappies that I've had experience with so far, Acer is not at the top of my list.

[*] posted on 11-7-2008 at 22:38
Well as long as its working thats fine.

[*] posted on 11-7-2008 at 12:39
Yeah! No problem.... to you! Bl***y Vista! If it were XP, or older, we'd never have had this "conversation". I've spoken to the owner and she is cool, but it still frustrates the "you know what" out of me!
Just as a f'rinstance: First reboot gave this
Failed to load Apoint.dll/ Alps Pointing device has stopped

Installing AVG 8.0 And I get a BSOD "KERNEL_STACK_IN_PAGE" error and a re-start.
I've also had this prior to cleaning out the nasties, so sommat is still not right.

Since the second re-start

Cyberlink PowerCinema Resident Program has stopped working

Check online for a solution
close the program

and now
LManager.exe - Bad image

C:\ProgramFiles\Launch Manager\RgnMaker.dll is either not designed to rum on Wimdows or it contains an error....

HD Audio Control panel has stopped working

Check online for a solution
close the program

igfxtray Module has stopped working

Check online for a solution
close the program

I've since been into Control panel and turned off auto boot after a failure and now the bl***y thing is behaving itself! Aaaaaaaaarrrrrrrgh!

[*] posted on 10-7-2008 at 01:34
Ok.No problem.:D

[*] posted on 10-7-2008 at 00:41
Thank you sir, you are a gentleman and a scholar.

Bl**dy Lappy is still unstable! I think I'm going to have to return it, and say, take it back from whence it came and demand a set of recovery disks!

[*] posted on 6-7-2008 at 22:38
Just need to clean these and your done..

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O23 - Service: GWIYKPO - Unknown owner - C:\Users\denice\AppData\Local\Temp\GWIYKPO.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VGZCCHGNX - Unknown owner - C:\Users\denice\AppData\Local\Temp\VGZCCHGNX.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.


ComboFix /u


[*] posted on 6-7-2008 at 12:09


[*] posted on 6-7-2008 at 12:08


[*] posted on 4-7-2008 at 23:17
Ok.Combo seems to have fixed it. It just now a matter to see if these are dead.Then your done.

Download The Avenger by Swandog46 from http://swandog46.geekstogo.com/avenger2/download.php.

Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C.


    Files to delete:

  • In the avenger window, click the Paste Script from Clipboard, [badimg]http://img220.imageshack.us/img220/8923/pastets4.png[/bad img] button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.

  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a shutdown. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log, along with a new HijackThis log in your next reply.
  • LSemmens

    [*] posted on 4-7-2008 at 16:24
    Thanks Pancake.

    [*] posted on 4-7-2008 at 16:03
    Will do HJT in a moment

    [*] posted on 3-7-2008 at 23:24

    [*] posted on 2-7-2008 at 00:18
    Thanks Mate, I'm off to the big smoke in a couple of hours so will do this upon my return, probably Friday.

    [*] posted on 1-7-2008 at 22:52
    Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> http://www.bleepingcomputer.com/combofix/how-to-use-combofix A Guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    New HijackThis log.

    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
    NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

    [*] posted on 1-7-2008 at 15:11
    Acer Lappy 512Mb RAM Vista Home Basic. Flaky as all you know what!

    It's taken me three days just to get the thing stable enough to run HJT and save a log to disk. In the meantime I've managed to, I hope, remove Norton Internet Security Suite, which I think was causing some issues. I would have gone the re-load route but the owner cant seem to find her CD's (doesn't think she got any). HJT reports that it cannot access the Hosts file, (I've looked at it but there seems nothing untoward in it.) It also throws up a more cryptic "An unexpected error has occurred at Procedure
    Error #75 - Path/File access error
    Please tell merjin about this problem etc" and then continues with the log. as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:04:56 AM, on 2/07/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)

    Running processes:
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Apoint2K\Apntex.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.au.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: GWIYKPO - Unknown owner - C:\Users\denice\AppData\Local\Temp\GWIYKPO.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: VGZCCHGNX - Sysinternals - http://www.sysinternals.com - C:\Users\denice\AppData\Local\Temp\VGZCCHGNX.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    Thanks Mate!
    I'll be off air for a couple of days so will not get back to this until Friday.