Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post CMD.exe problme after removing FBI Virus
Go to first new post BSOD ntoskrnl.exe error after FBI Cyberc ...
Go to first new post Trojan virus
Go to first new post cant connect to internet!!
Go to first new post win32.trojan.agent on Ad-Aware
Go to first new post YellowMoxie Redirect
Go to first new post Audio Ads Playing in the Background + Ot ...
Go to first new post Click live search redirect..........Help ...
Go to first new post Blekko Lavasoft search engine removal
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post adminstrator account not working
Go to first new post Help! Everything not responding!
Go to first new post email hacked
Search Search
Search for:
Tech Support Guy Forums > > >

Possible Virus? AXWIN

(New)
(!)

Reply
anoisaris's Avatar
Member with 44 posts.
THREAD STARTER
  
Join Date: May 2001
Location: Galway, Ireland
31-Dec-2006, 07:56 AM #1
Possible Virus? AXWIN
Hi

I find that it takes a lot longer to bring my home now than it did before. When I restarted the PC an "END PROGRAM" window popped up referring to "AXWIN". I have no Idea what this program is.

If anyone can shed light I would be most grateful.

ty in advance

David

Logfile of HijackThis v1.99.1
Scan saved at 12:48:23, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Paddy Power Poker\client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\David\My Documents\Downloads\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107963243203
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
$teve's Avatar
Member with 9,397 posts.
  
Join Date: Oct 2001
Location: 25 miles from Manchester/Engla
Experience: Tweedle-Dee
31-Dec-2006, 08:15 AM #2
The only real problem I can see is your TWO antivirus programs.....two will not protect you as much as one,they will conflict and do not make good bedfellows.
I would remove Norton completely and reboot your machine.

Then.....
Run HijackThis again and open the "Misc Tools" section.
Then "Open Process Manager"
Hit the "Copy to Clipboard" icon.
Open Notepad and Paste the log.

Then copy/paste it in your next reply.

__________________
A légpárnás hajóm tele van angolnákkal.
anoisaris's Avatar
Member with 44 posts.
THREAD STARTER
  
Join Date: May 2001
Location: Galway, Ireland
31-Dec-2006, 09:19 AM #3
Thanks $teve,

Process list saved on 14:21:13, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
476 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
632 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
676 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
688 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
852 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4111 ATI Technologies Inc.
872 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1024 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1204 C:\WINDOWS\system32\ZoneLabs\vsmon.exe 6.5.737.0 Zone Labs, LLC
1840 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
360 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4111 ATI Technologies Inc.
224 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
692 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 7.5.0.420 GRISOFT, s.r.o.
984 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 7.5.0.420 GRISOFT, s.r.o.
1056 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe 7.5.0.432 GRISOFT, s.r.o.
1112 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
1120 C:\WINDOWS\system32\RunDll32.exe 5.1.2600.2180 Microsoft Corporation
1132 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5137 ATI Technologies, Inc.
1108 C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe 4.0.0.1403
1176 C:\WINDOWS\AGRSMMSG.exe 2.1.47.0 Agere Systems
1180 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe 1.1.0.1101 Cyberlink
1272 C:\WINDOWS\Dit.exe 2.1.2.720 ICSI Technology Ltd.
1308 C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
1364 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe 1.1.0.1101 Cyberlink
1372 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 7.0.9466.0 Microsoft Corporation
1408 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1436 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe 4.0.0.0 CyberLink Corp.
1544 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe 7.5.0.418 GRISOFT, s.r.o.
1760 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 6.5.737.0 Zone Labs, LLC
2000 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 2.0.39.0 Hewlett-Packard Company
2008 C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe 4.0.0.1403
2088 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.0.3510 RealNetworks, Inc.
2124 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 2.1.1.0 Hewlett-Packard Company
2216 C:\Program Files\Internet Explorer\iexplore.exe 7.0.5730.11 Microsoft Corporation
2248 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2268 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe 1.2.908.8472 Google Inc.
2368 C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe 1.4.9.5 IVT Corporation
2992 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe 43.0.125.0 Hewlett-Packard Co.
3136 C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 1.0.0.1 X10
3192 C:\WINDOWS\system32\msiexec.exe 3.1.4000.1823 Microsoft Corporation
3720 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation
3148 C:\Documents and Settings\David\My Documents\Downloads\New Folder\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
$teve's Avatar
Member with 9,397 posts.
  
Join Date: Oct 2001
Location: 25 miles from Manchester/Engla
Experience: Tweedle-Dee
31-Dec-2006, 09:31 AM #4
Thats fine.......did you remove Norton?
And how are things running?
anoisaris's Avatar
Member with 44 posts.
THREAD STARTER
  
Join Date: May 2001
Location: Galway, Ireland
31-Dec-2006, 10:36 AM #5
Thanks $teve,

Yes I removed NAV. PC seems to going well.

Thanks again and happy new year
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 11:39 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑