1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible Virus? AXWIN

Discussion in 'Virus & Other Malware Removal' started by anoisaris, Dec 31, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. anoisaris

    anoisaris Thread Starter

    Joined:
    May 24, 2001
    Messages:
    44
    Hi

    I find that it takes a lot longer to bring my home now than it did before. When I restarted the PC an "END PROGRAM" window popped up referring to "AXWIN". I have no Idea what this program is.

    If anyone can shed light I would be most grateful.

    ty in advance

    David

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:23, on 31/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Paddy Power Poker\client.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\David\My Documents\Downloads\New Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107963243203
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,397
    The only real problem I can see is your TWO antivirus programs.....two will not protect you as much as one,they will conflict and do not make good bedfellows.
    I would remove Norton completely and reboot your machine.

    Then.....
    Run HijackThis again and open the "Misc Tools" section.
    Then "Open Process Manager"
    Hit the "Copy to Clipboard" icon.
    Open Notepad and Paste the log.

    Then copy/paste it in your next reply.

    ;)
     
  3. anoisaris

    anoisaris Thread Starter

    Joined:
    May 24, 2001
    Messages:
    44
    Thanks $teve,

    Process list saved on 14:21:13, on 31/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)

    [pid] [full path to filename] [file version] [company name]
    476 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
    632 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
    676 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
    688 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
    852 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4111 ATI Technologies Inc.
    872 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1024 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1204 C:\WINDOWS\system32\ZoneLabs\vsmon.exe 6.5.737.0 Zone Labs, LLC
    1840 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
    360 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4111 ATI Technologies Inc.
    224 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
    692 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 7.5.0.420 GRISOFT, s.r.o.
    984 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 7.5.0.420 GRISOFT, s.r.o.
    1056 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe 7.5.0.432 GRISOFT, s.r.o.
    1112 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    1120 C:\WINDOWS\system32\RunDll32.exe 5.1.2600.2180 Microsoft Corporation
    1132 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5137 ATI Technologies, Inc.
    1108 C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe 4.0.0.1403
    1176 C:\WINDOWS\AGRSMMSG.exe 2.1.47.0 Agere Systems
    1180 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe 1.1.0.1101 Cyberlink
    1272 C:\WINDOWS\Dit.exe 2.1.2.720 ICSI Technology Ltd.
    1308 C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    1364 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe 1.1.0.1101 Cyberlink
    1372 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 7.0.9466.0 Microsoft Corporation
    1408 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1436 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe 4.0.0.0 CyberLink Corp.
    1544 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe 7.5.0.418 GRISOFT, s.r.o.
    1760 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 6.5.737.0 Zone Labs, LLC
    2000 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 2.0.39.0 Hewlett-Packard Company
    2008 C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe 4.0.0.1403
    2088 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.0.3510 RealNetworks, Inc.
    2124 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 2.1.1.0 Hewlett-Packard Company
    2216 C:\Program Files\Internet Explorer\iexplore.exe 7.0.5730.11 Microsoft Corporation
    2248 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
    2268 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe 1.2.908.8472 Google Inc.
    2368 C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe 1.4.9.5 IVT Corporation
    2992 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe 43.0.125.0 Hewlett-Packard Co.
    3136 C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 1.0.0.1 X10
    3192 C:\WINDOWS\system32\msiexec.exe 3.1.4000.1823 Microsoft Corporation
    3720 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation
    3148 C:\Documents and Settings\David\My Documents\Downloads\New Folder\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,397
    Thats fine.......did you remove Norton?
    And how are things running?

    ;)
     
  5. anoisaris

    anoisaris Thread Starter

    Joined:
    May 24, 2001
    Messages:
    44
    Thanks $teve,

    Yes I removed NAV. PC seems to going well.

    Thanks again and happy new year
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/531023