Question

"Error while unpacking program, code LP5. Please report to author."

Asked by: miloski

Recently, I have been infected with some viruses (like the w32v!rut.A) and while my norton has done a good job of getting ride of the risks, I believe there are still some traces left. I use this program "Poker Ace Hud" for entertainment which now does not work. It is properly installed and I did uninstall/install again, and again and still no dice. In addition, some of my desktop icons are duds.  The files are all there but the programs simply will not load.  So I attempted to reformat my disk and I am unable!! When I press F11 for recovery, after a few seconds the screen simply turns black and stays that way forever.  I am also getting the same "error(...code LP5...)" when trying to open my Ad-aware software. I contacted gateway and they have no clue what this error code LP5 is, so that leads me to believe it's not a real error. I have also contacted the support on the Poker Ace Hud and they have no clue what this is. I have searched for this error over the internet and I have found very little information. Mainly clues that it can be the w32 virus or some CA/e-trust anti-virus Firewall/program, however, I don't even have that anti-virus program, nor did I ever. Anyway, here is my Hijackthis report if you find it neccessary:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:26:38 AM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\PAYOFF~1\act.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I45GTWPP\HiJackThis_v2[1].exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6440
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKUS\S-1-5-21-2491041210-689413833-755988637-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2491041210-689413833-755988637-1003\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\S-1-5-21-2491041210-689413833-755988637-1003\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-08-26 at 01:12:57ID22787535
Tags

unpacking

,

error

,

code

,

while

,

lp5

Topics

Anti-Virus

,

Microsoft Windows Operating Systems

Participating Experts
2
Points
500
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. hijackthis file
    Can someone please look at this HIJACKTHIS FILE and let me know if there are some items that should be removed? It appears that for some reason, AOL will attempt to start up and it also appears that IE will be become corrupted in the process. This in turn causes the router ...
  2. HijackThis log
    Can someone tell me if anything from this hijackthis log needs to be removed? Even with firewall and anti-virus running I still got hit with adware and a virus. I already removed kernels32.exe from a previous hijackthis log and ran ad-aware in safe mode. But I'm still having ...
  3. Hijackthis Log
    Ok I scanned my computer with hijack this here is the log: I get popups like crazy on this computer!!!! What needs deleted? Logfile of HijackThis v1.99.1 Scan saved at 3:08:23 AM, on 8/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6....
  4. HijackThis Log
    Below is a HijackThis log of a computer that was infected by spyware. I cleaned it up but it still is running slow. I am wondering if it is fully clean. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:09 PM, on 2/13/2008 Platform: Windows XP SP2 (WinNT...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: rindiPosted on 2007-08-26 at 04:04:46ID: 19770647

Get rid of the following, if they are still there after you have tried removing them with hijakthis after a reboot, use a liveCD like the UBCD4WIN and search for the file svdhost.exe and rename it or move it away:

http://ubcd4win.com

O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)

If you know the below software and trust it, then leave it, if not use hijackthis to remove them:

O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKUS\S-1-5-21-2491041210-689413833-755988637-1003\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\S-1-5-21-2491041210-689413833-755988637-1003\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

 

by: rpggamergirlPosted on 2007-08-26 at 04:16:44ID: 19770658

These entries below are SDBot variants:
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe



1.  Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


Also run this tool afterwards.
2.  Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

by: miloskiPosted on 2007-08-26 at 11:14:18ID: 19771697

here is the SDfix report:

SDFix: Version 1.100

Run by Owner on Sun 08/26/2007 at 01:34 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Owner\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\svdhost.exe  - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1187832509\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1187832509\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\\Autorun.exe"="E:\\Autorun.exe:*:Enabled:Installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:


                                 Finished
__________________________________________________________________________

now here is the combofix log:

ComboFix 07-08-25.2 - "Owner" 2007-08-26 13:52:26.1 - NTFSx86


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000026_.tmp.dll


(((((((((((((((((((((((((   Files Created from 2007-07-26 to 2007-08-26  )))))))))))))))))))))))))))))))


2007-08-26 13:51      61,952      --a------      C:\WINDOWS\nircmd.exe
2007-08-26 13:32      <DIR>      d--------      C:\WINDOWS\ERUNT
2007-08-25 01:08      <DIR>      d--------      C:\WINDOWS\0E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2007-08-24 23:53      12,840      --a------      C:\WINDOWS\BigFixClientOverride.dll
2007-08-24 21:47      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\SampleView
2007-08-24 21:34      <DIR>      d--------      C:\Program Files\Lavasoft
2007-08-24 21:33      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-24 21:32      <DIR>      d--h-----      C:\WINDOWS\PIF
2007-08-24 21:23      <DIR>      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2007-08-24 17:15      21,504      --a------      C:\WINDOWS\system32\hidserv.dll
2007-08-24 17:15      12,160      --a------      C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-23 18:01      <DIR>      d--------      C:\Program Files\PokerAce Hud
2007-08-23 15:48      <DIR>      d--------      C:\DOCUME~1\Owner\Dr Delete
2007-08-23 14:19      <DIR>      d--------      C:\DOCUME~1\Owner\Incomplete
2007-08-23 14:18      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-08-23 14:17      <DIR>      d--------      C:\Program Files\LimeWire
2007-08-23 12:21      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-08-23 04:04      87,280      --a------      C:\WINDOWS\system32\wsatrace.dll
2007-08-23 04:04      <DIR>      d--------      C:\Program Files\Poker Tracker Omaha
2007-08-23 04:01      <DIR>      d--------      C:\Program Files\Poker Tracker V2
2007-08-23 03:58      <DIR>      d--------      C:\Program Files\PKR
2007-08-23 03:53      <DIR>      d--------      C:\Program Files\RagDollMasters
2007-08-23 03:35      17,801      --a------      C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-23 03:21      618,880      --a------      C:\WINDOWS\system32\drivers\wn511b.sys
2007-08-23 03:21      266,240      --a------      C:\WINDOWS\InstallDialog.exe
2007-08-23 03:21      233,472      --a------      C:\WINDOWS\UninstallDialog.exe
2007-08-23 03:15      81,920      --a------      C:\WINDOWS\system32\ASupplicant.dll
2007-08-23 03:15      73,728      --a------      C:\WINDOWS\system32\AW32n50.dll
2007-08-23 03:15      17,801      --a------      C:\WINDOWS\system32\AegisP.sys
2007-08-23 03:15      16,194      --a------      C:\WINDOWS\system32\AWINDIS5.SYS
2007-08-23 03:13      <DIR>      d--------      C:\Program Files\NETGEAR
2007-08-23 03:08      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\NetMedia Providers
2007-08-23 03:05      33,340      ---------      C:\WINDOWS\system32\dbmsqlgc.dll
2007-08-23 03:05      24,576      ---------      C:\WINDOWS\system32\dbmsgnet.dll
2007-08-23 03:05      <DIR>      d--------      C:\Program Files\Microsoft SQL Server
2007-08-23 03:04      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Sony
2007-08-23 03:04      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-08-23 03:03      <DIR>      d--------      C:\Program Files\Vstplugins
2007-08-23 03:03      <DIR>      d--------      C:\Program Files\Sony
2007-08-23 03:02      <DIR>      d--------      C:\Program Files\Sony Setup
2007-08-23 02:46      <DIR>      d--------      C:\Program Files\Common Files\xing shared
2007-08-23 02:45      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Real
2007-08-23 01:53      225,664      --a------      C:\WINDOWS\system32\drivers\tcpip6.sys
2007-08-23 01:47      721,920      --a------      C:\WINDOWS\system32\lsasrv.dll
2007-08-23 01:47      132,096      --a------      C:\WINDOWS\system32\wkssvc.dll
2007-08-23 01:42      1,843,584      --a------      C:\WINDOWS\system32\win32k.sys
2007-08-23 01:40      37,888      --a------      C:\WINDOWS\system32\olecnv32.dll
2007-08-23 01:27      128,896      --a------      C:\WINDOWS\system32\drivers\fltmgr.sys
2007-08-23 01:17      <DIR>      d--------      C:\Program Files\WinAce
2007-08-23 01:07      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-08-23 00:59      10,344      --a------      C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-23 00:58      <DIR>      d--------      C:\Program Files\Norton Internet Security
2007-08-23 00:57      48,776      --a------      C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-23 00:57      115,000      --a------      C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-23 00:56      <DIR>      d--------      C:\Program Files\Symantec
2007-08-23 00:56      <DIR>      d--------      C:\Program Files\Common Files\Symantec Shared
2007-08-23 00:56      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-23 00:43      <DIR>      d-a------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 00:41      <DIR>      d--------      C:\Program Files\Payoffs Plus Poker
2007-08-23 00:39      <DIR>      d--------      C:\WINDOWS\system32\PreInstall
2007-08-23 00:39      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-08-23 00:39      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-23 00:34      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-08-23 00:34      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-23 00:33      <DIR>      d--------      C:\Program Files\Skype
2007-08-23 00:33      <DIR>      d--------      C:\Program Files\Common Files\Skype
2007-08-23 00:33      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-23 00:32      <DIR>      d--------      C:\Program Files\Yahoo!
2007-08-23 00:15      <DIR>      d--------      C:\Program Files\lx_cats
2007-08-23 00:14      87,040      --a------      C:\WINDOWS\system32\wiafbdrv.dll
2007-08-23 00:14      692,224      --a------      C:\WINDOWS\system32\lxcrdrs.dll
2007-08-23 00:14      65,536      --a------      C:\WINDOWS\system32\lxcrcaps.dll
2007-08-23 00:14      61,440      --a------      C:\WINDOWS\system32\lxcrcnv4.dll
2007-08-23 00:14      409,600      --a------      C:\WINDOWS\system32\lxcrinpa.dll
2007-08-23 00:14      40,960      --a------      C:\WINDOWS\system32\lxcrvs.dll
2007-08-23 00:14      393,216      --a------      C:\WINDOWS\system32\lxcriesc.dll
2007-08-23 00:14      303,104      --a------      C:\WINDOWS\system32\lxcrcoin.dll
2007-08-23 00:14      15,104      --a------      C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-23 00:14      <DIR>      d--------      C:\DOCUME~1\Owner\APPLIC~1\Gadu-Gadu
2007-08-23 00:13      995,328      --a------      C:\WINDOWS\system32\lxcrusb1.dll
2007-08-23 00:13      983,107      --a------      C:\WINDOWS\system32\lxcrgf.dll
2007-08-23 00:13      9,600      --a------      C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-23 00:13      86,016      --a------      C:\WINDOWS\system32\lxcrcub.dll
2007-08-23 00:13      73,728      --a------      C:\WINDOWS\system32\lxcrcu.dll
2007-08-23 00:13      73,728      --a------      C:\WINDOWS\system32\LXCRcfg.dll
2007-08-23 00:13      667,648      --a------      C:\WINDOWS\system32\lxcrpmui.dll
2007-08-23 00:13      610,304      --a------      C:\WINDOWS\system32\lxcrcomc.dll
2007-08-23 00:13      606,208      --a------      C:\WINDOWS\system32\lxcrcoms.exe
2007-08-23 00:13      536,576      --a------      C:\WINDOWS\system32\lxcrlmpm.dll
2007-08-23 00:13      446,464      --a------      C:\WINDOWS\system32\lxcrutil.dll
2007-08-23 00:13      425,984      --a------      C:\WINDOWS\system32\lxcrih.exe
2007-08-23 00:13      421,888      --a------      C:\WINDOWS\system32\lxcrcomm.dll
2007-08-23 00:13      36,864      --a------      C:\WINDOWS\system32\lxcrcur.dll
2007-08-23 00:13      25,856      --a------      C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-23 00:13      233,472      --a------      C:\WINDOWS\system32\LXCRinst.dll
2007-08-23 00:13      200,704      --a------      C:\WINDOWS\system32\lxcrinsb.dll
2007-08-23 00:13      163,840      --a------      C:\WINDOWS\system32\lxcrprox.dll
2007-08-23 00:13      155,648      --a------      C:\WINDOWS\system32\lxcrins.dll
2007-08-23 00:13      139,264      --a------      C:\WINDOWS\system32\lxcrjswr.dll
2007-08-23 00:13      114,688      --a------      C:\WINDOWS\system32\lxcrpplc.dll


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 02:32      ---------      d--------      C:\Program Files\Messenger
2007-08-23 01:21      806      --a------      C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-23 01:21      8014      --a------      C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-22 21:02      ---------      d--------      C:\Program Files\Windows NT
2007-08-22 21:02      ---------      d--------      C:\Program Files\Movie Maker
2007-08-22 20:56      ---------      d--------      C:\Program Files\Online Services
2007-08-22 20:56      ---------      d--------      C:\Program Files\MSN Gaming Zone
2007-08-22 20:56      ---------      d--------      C:\Program Files\microsoft frontpage
2007-08-22 20:56      ---------      d--------      C:\Program Files\Common Files\SpeechEngines
2007-08-22 20:56      ---------      d--------      C:\Program Files\Common Files\ODBC
2007-08-22 20:56      ---------      d--------      C:\Program Files\Common Files\MSSoap
2007-07-30 19:19      92504      --a------      C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19      549720      --a------      C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19      53080      --a------      C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19      43352      --a------      C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19      325976      --a------      C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19      203096      --a------      C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19      1712984      --a------      C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18      33624      --a------      C:\WINDOWS\system32\wups.dll
2007-06-26 02:08      1104896      --a------      C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31      282112      --a------      C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23      1043968      --a------      C:\WINDOWS\explorer.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 12:47]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 00:05]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 13:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 01:10]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 07:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-23 02:45]
"AS00_WN511B"="C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe" [2007-04-02 15:48]
"PKR Pal"="./\pkrpal.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Power2GoExpress"="NA" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [ ]


*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-23 03:37:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-23 02:19:08 C:\WINDOWS\Tasks\ISP signup reminder 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-08-23 02:19:09 C:\WINDOWS\Tasks\ISP signup reminder 3.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-08-25 00:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 13:56:32
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 13:59:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 13:59

      --- E O F ---
_____________________________________________________________________________

FInally, here is my hijackthis report after I ran both the SDfix & combofix scans:

Logfile of HijackThis v1.99.1
Scan saved at 2:12:50 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6440
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks for your help.

 

by: miloskiPosted on 2007-08-26 at 11:29:59ID: 19771729

In addition, i have uninstalled/reinstalled my aim & limewire (the programs that wouldnt load) and now they do load. However, the poker ace hud software still gives the same error (...code LP5...).  the weird thing is that when i tried to uninstall poker ace hud, it went through the process, and at the end it showed "C:\ProgramFiles\PokerAce Hud could not be removed."  So the program files are gone but the folder itself could not be removed? I don't know why.  Anyway, this program is very crucial for me to have working properly.

 

by: rpggamergirlPosted on 2007-08-26 at 17:07:07ID: 19772762

SDFix deleted "svdhost.exe" and combofix also deleted tmp.dlls.

>>So the program files are gone but the folder itself could not be removed? <<
check if the folder really is gone, if so then maybe it's just the entry in add/remove program that still present, that happens sometimes with programs uninstallations.
C:\ProgramFiles\PokerAce Hud <-- delete this folder if still present, then run CCleaner or CleanUp and reinstall it again.

If problem persists, I would try and uninstall/reinstall Ad-Aware, that sometimes caused programs to malfunction if during the scan it was interrupted(or the scan wasn't complete somehow)

 

by: miloskiPosted on 2007-08-26 at 19:10:11ID: 19773307

I appreciate your help so far... but the pokerace hud still gives me the same error.  also, i am unable to reformat my drive.  when i press F11 to start recovery eventually the screen just turns completely black and stays that way.  reformatting is my last resort and i cant even do that.

 

by: rindiPosted on 2007-08-26 at 22:22:17ID: 19773830

For recovery to work, you either need the recovery media (CD/DVD), Most systems have a utility which lets you make that media, or there is a recovery partition on the HD from which the recovery is done. Many users remove that recovery partition because they think it isn't used.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...