Help - Search - Members - Calendar
Full Version: trend microhousecall crashes;bitdefender becomes blank;winamp runtime
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
vbattery
Oct 10 2007, 04:39 PM
hi al,


phew! sorry long list but that is exactly what is happening. i am newbie and came across this forum when i googled for my winamp problem; produced the runtime error r6025-pure virtual call function. i followed the directions given by user "calamity jane" wch directed me to use trendmicro online scan...wch i did as the scan was about to get over the firefox crashed out. then i tried the newly installed Bitdefender08 antivirus...wch during its initial scan found many infected files but then it to aborted and its statistics window showing "number of files infected" and "no of issues solved" etc.. was all blank.
i recently only removed ravmon virus and many others manually from symptoms...
well looks like i got lots of viruses in my computer please solve the winamp problem and suggest a good antivirus.
2)if any best scan method tht will weed this viruses out ?
3)can i scan using my friends HD without infecting his HD by anyway?

thx yo all.

also the previously installed kaspersky anitvirus persists as 'being installed' after i unistalled it.

here is the hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 9:44:16 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
F:\programfiles\firefox.exe
C:\HIjack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - e:\arcade\Yeti\IEButtonYetiSportsEBayInterface.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9C4455-2696-49CD-B80C-3AC8489BD4CF}: NameServer = 202.88.152.8,202.88.130.67,4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE4B0A2-5C6A-4174-B6A2-7CC53243EFF2}: NameServer = 4.2.2.2,202.88.152.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB0E6FC-8C96-4C25-B201-B4067622AD87}: NameServer = 4.2.2.2,202.88.152.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1EAB1B-9F05-451F-BEE6-53206B408D8F}: NameServer = 202.88.152.5,202.56.230.6,202.56.250.5,202.54.1.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
vbattery
Oct 10 2007, 04:47 PM
other information i missed out

i use windows xp pro
service pack 2 installed
LoPhatPhuud
Oct 11 2007, 12:41 AM
Please delete the version of HiJackThis.exe you have installed, then download the new version from here:
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Double Click on the HJTInstall.exe file. It will be installed to the default location of C:\Program File\Trend Micro\HiJackThis\

Run HiJackThis, scan, save the log, then post the new log in this thread.
vbattery
Oct 11 2007, 11:17 AM
tht was a fast reply.. thx...

bitdefender caused more probs so i unisatalled and took up AVG 7.5 free edition and it cleared upto 13 viruses...but winamp prob persists... and more my yahoo messenger chat window is blank... i am able to view the users online but cant chat with them. as in any text i type or replies i receive are not displayed... jus BLANK...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:33 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\Winamp\winampa.exe
F:\PROGRA~1\AVG7AN~1\avgcc.exe
F:\PROGRA~1\AVG7AN~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\AVG7AN~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
F:\programfiles\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: metaspinner media GmbH -

{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} -

e:\arcade\Yeti\IEButtonYetiSportsEBayInterface.dll
O3 - Toolbar: (no name) -

{E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program

Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] f:\Program

Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC]

F:\PROGRA~1\AVG7AN~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program

Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon]

C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator]

Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator]

Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel

-

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/30

00
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Anti-Virus -

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - blank

(file missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.com/images/nocache/funwebproducts/ei-

2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF:

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yins

t20040510.cab
O16 - DPF:

{88D969C0-F192-11D4-A65F-0040963251E5} (XML

DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{0D84DDD4-DBBE-

4F52-BEAC-1C755AEB8AC6}: NameServer =

4.2.2.2,202.88.152.6,202.88.152.8
O17 -

HKLM\System\CCS\Services\Tcpip\..\{2D9C4455-2696-4

9CD-B80C-3AC8489BD4CF}: NameServer =

202.88.152.8,202.88.130.67,4.2.2.2,202.88.152.6,202.8

8.152.8
O17 -

HKLM\System\CCS\Services\Tcpip\..\{4CE4B0A2-5C6A-4

174-B6A2-7CC53243EFF2}: NameServer =

4.2.2.2,202.88.152.6
O17 -

HKLM\System\CCS\Services\Tcpip\..\{6FB0E6FC-8C96-4

C25-B201-B4067622AD87}: NameServer =

4.2.2.2,202.88.152.6
O17 -

HKLM\System\CCS\Services\Tcpip\..\{CB1EAB1B-9F05-4

51F-BEE6-53206B408D8F}: NameServer =

202.88.152.5,202.56.230.6,202.56.250.5,202.54.1.30
O17 -

HKLM\System\CS1\Services\Tcpip\..\{0D84DDD4-DBBE-

4F52-BEAC-1C755AEB8AC6}: NameServer =

4.2.2.2,202.88.152.6,202.88.152.8
O17 -

HKLM\System\CS2\Services\Tcpip\..\{0D84DDD4-DBBE-

4F52-BEAC-1C755AEB8AC6}: NameServer =

4.2.2.2,202.88.152.6
O20 - Winlogon Notify: winjjq32 -

C:\WINDOWS\SYSTEM32\winjjq32.dll
O23 - Service: ANSYS FLEXlm license manager -

Macrovision Corporation -

C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lm

grd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

F:\PROGRA~1\AVG7AN~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

F:\PROGRA~1\AVG7AN~1\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown

owner - F:\Program Files\Kaspersky Lab\Kaspersky

Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8

(CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -

E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)

(RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX

Agent Service (default)) - Analog Devices, Inc. -

C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner -

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6342 bytes
LoPhatPhuud
Oct 12 2007, 12:58 AM
First:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

QUOTE
Files to delete:
C:\WINDOWS\SYSTEM32\winjjq32.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply


[b]Second:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Press the 'Scan' button and when done check the following items in HijackThis:
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...0.0.8.cab\

O20 - Winlogon Notify: winjjq32 - C:\WINDOWS\SYSTEM32\winjjq32.dll

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\heap41a\ <--delete entire folder,

*How to Boot into Safe mode:
http://www.computerhope.com/issues/chsafe.htm

**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.
vbattery
Oct 12 2007, 10:50 AM
here is the avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uulkdqxk

*******************

Script file located at: \??\C:\WINDOWS\system32\ailmmtuw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\winjjq32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:16 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\PROGRA~1\AVG7AN~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\AVG7AN~1\avgamsvr.exe
F:\PROGRA~1\AVG7AN~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
F:\programfiles\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - e:\arcade\Yeti\IEButtonYetiSportsEBayInterface.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\AVG7AN~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\AVG7AN~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9C4455-2696-49CD-B80C-3AC8489BD4CF}: NameServer = 202.88.152.8,202.88.130.67,4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE4B0A2-5C6A-4174-B6A2-7CC53243EFF2}: NameServer = 4.2.2.2,202.88.152.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB0E6FC-8C96-4C25-B201-B4067622AD87}: NameServer = 4.2.2.2,202.88.152.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1EAB1B-9F05-451F-BEE6-53206B408D8F}: NameServer = 202.88.152.5,202.56.230.6,202.56.250.5,202.54.1.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6,202.88.152.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D84DDD4-DBBE-4F52-BEAC-1C755AEB8AC6}: NameServer = 4.2.2.2,202.88.152.6
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\AVG7AN~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\AVG7AN~1\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5910 bytes

the c: heap14a folder did not exist as i personally deleted it sometime back.

the winamp prob persists..

any way thx..
LoPhatPhuud
Oct 12 2007, 04:27 PM
Your system is clean.

The Winamp issue (R6025 pure virtua call function) is not a malware issue. Most likely caused by a faulty Winamp program or an add-in you have added. Check the Winamp support forums for solutions.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.