Another case of AXEL.DAV

View previous topic View next topic Go down

Another case of AXEL.DAV

Post by Amazin on 3rd July 2011, 10:58 pm

Firstly, I've run the checks you asked for and the logs will be in the posts following this one. My apologies for taking several posts to do this - I don't want to risk missing out any parts of the reports.

My computer is an HP Pavilion running Windows XP Media Centre.

Yesterday, following long standing problems - running slowly, freezing, having to restart, etc - I tried to run a Restore, only to find there were no available restore dates prior to yesterday's date, though I knew I'd set dates previously. I had no choice but to go for a System recovery.
About 75% completed then an error message appeared saying "KERNEL_DATA_INPAGE_ERROR", followed by another saying one of my disks needs to be checked for consistency. - file system D (the back up drive).
I restarted the Recovery and finally Windows appeared - however, instead of loading up my previous Administrator's settings, it treated me like a brand new user, inviting me to register, name my computer etc.
When I logged on as the new Administrator I found... well, same as everyone else, Axel.Dav text files all over the place, half the programs missing and nothing would run BUT when I went into C:\Documents and settings, as well as my new Administrator's folder, I found my previous Administrator's folder which was completely intact, i.e. no Axel.Dav text files. I saved the contents of this folder to an external hard drive. I created a new user account (Grace) and copied the contents of the old Admin folder into it and managed to get Firefox running so I have internet access (but precious little else).
The main difference between the contents of the old and new Administrator folders is the file 'ntuser' - on the old account it's in lower case and 8.5mb and the new one is in caps and only 1.5mb. If only I could just delete the faulty new one and replace it with the old, but the new one is what's running the computer so can't be moved or deleted while in use.
I've deleted all the Axel.dav files from the new Administrator's account - most of them were just 1kb of random script but one was 5kb and said:"run a dll as an application".
Two other comments:
1. I've never yet created the Full recovery back up disks - just never got around to it, and
2. My computer doesn't seem to have a safe mode option - I tried (F8 key) but it just didn't register.

Again, I apologise for this version of 'War and Peace' but I thought it best to provide as much info as possible. Hope you can help. Cheers.

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AXEL.DAV - Here is my log file from OTL.txt

Post by Amazin on 3rd July 2011, 11:00 pm

OTL logfile created on: 03/07/2011 21:14:16 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Grace\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.12% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.45 Gb Total Space | 149.09 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 6.84 Gb Total Space | 0.66 Gb Free Space | 9.68% Space Free | Partition Type: FAT32

Computer Name: YOUR-E6F02835AE | User Name: Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 20:51:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\My Documents\Downloads\OTL.com
PRC - [2011/05/07 13:56:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/05 14:07:06 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/05 14:06:42 | 002,254,120 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe
PRC - [2008/12/05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/02/22 01:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/22 01:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 20:51:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\My Documents\Downloads\OTL.com
MOD - [2004/08/10 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- -- (SPBBCSvc)
SRV - File not found [On_Demand | Stopped] -- -- (SNDSrvc)
SRV - File not found [On_Demand | Stopped] -- -- (SAVScan)
SRV - File not found [On_Demand | Stopped] -- -- (NSCService)
SRV - File not found [Auto | Stopped] -- -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- -- (comHost)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (ccProxy)
SRV - File not found [On_Demand | Stopped] -- -- (ccISPwdSvc)
SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
SRV - [2008/12/05 14:07:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/12/05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2006/02/22 01:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2006/09/21 08:29:15 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/13 03:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


[2011/07/03 18:30:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Extensions
[2011/04/07 23:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/07 23:51:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/07 13:56:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] File not found
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [SSC_UserPrompt] File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: paddypower.com ([bingo] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 16:20:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{57bde70d-5718-11df-8321-0014a5e0f3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{57bde70d-5718-11df-8321-0014a5e0f3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57bde70d-5718-11df-8321-0014a5e0f3ca}\Shell\AutoRun\command - "" = J:\VoiceMemoPlayer.exe
O33 - MountPoints2\{d88f81e0-2b4b-11e0-845d-0014a5e0f3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{d88f81e0-2b4b-11e0-845d-0014a5e0f3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d88f81e0-2b4b-11e0-845d-0014a5e0f3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [You must be registered and logged in to see this link.]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 20:51:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Grace\My Documents
[2011/07/03 20:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\My Documents\Downloads
[2011/07/03 18:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Local Settings\Application Data\Mozilla
[2011/07/03 18:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Application Data\Mozilla
[2011/07/03 17:58:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Grace\Application Data\Microsoft
[2011/07/03 17:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Application Data\Nero
[2011/07/03 17:45:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Grace\Cookies
[2011/07/03 17:45:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Grace\Favorites
[2011/07/03 17:44:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Grace\Recent
[2011/07/03 17:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Start Menu\Programs\Startup
[2011/07/03 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Start Menu
[2011/07/03 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Desktop
[2011/07/03 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Application Data
[2011/07/03 17:43:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Grace\Local Settings
[2011/07/03 17:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Local Settings\Application Data\Microsoft
[2011/07/03 15:58:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/03 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/03 00:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/07/02 23:45:29 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/02 23:40:58 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/02 23:40:39 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/02 23:39:46 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/02 23:39:19 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/07/02 23:36:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011/07/02 23:10:50 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/07/02 22:45:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/02 22:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/07/02 22:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals
[2011/07/02 22:38:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/07/02 22:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/07/02 21:58:24 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2011/07/02 21:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/07/02 21:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/07/02 20:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/07/02 20:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/02 20:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/07/02 20:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/07/02 20:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/07/02 20:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/07/02 20:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pcintro
[2011/07/02 20:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/07/02 20:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/07/02 20:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/07/02 20:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/07/02 20:00:11 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/02 20:00:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/02 19:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/07/02 19:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/07/02 19:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/02 19:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/07/02 19:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/07/02 19:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/07/02 19:57:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/07/02 19:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/07/02 19:57:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/07/02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/07/02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/07/02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/07/02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2011/07/02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ENU
[2011/07/02 19:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/07/02 19:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/07/02 19:56:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/02 19:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/02 19:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/02 19:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/07/02 18:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/07/02 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/07/02 18:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/07/02 18:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/06/24 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6
[2008/12/10 23:04:05 | 000,123,256 | ---- | C] (Transparent Language) -- C:\Program Files\BYKIDownloaderPC.exe
[2008/09/25 01:50:55 | 034,130,184 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleSketchUpWEN.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/03 17:45:14 | 000,068,694 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/03 17:45:13 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/03 17:36:13 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946617688-3405114969-3559228268-1007.job
[2011/07/03 17:35:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 17:35:39 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/03 15:26:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 13:11:28 | 000,382,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 13:11:28 | 000,053,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 13:08:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/03 12:55:12 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/03 11:46:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/03 10:23:27 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/07/03 10:23:10 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2011/07/02 21:58:24 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2011/07/02 18:35:49 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp 4 Essentials.lnk
[2011/07/02 17:07:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/07/02 16:36:26 | 000,005,605 | ---- | M] () -- C:\Documents and Settings\Grace\GCD1.Theme
[2011/07/02 16:03:52 | 000,001,293 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/02 15:58:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/30 20:52:29 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946617688-3405114969-3559228268-1007.job
[2011/06/25 09:46:12 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/24 20:47:24 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2011/06/24 20:47:19 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6.lnk
[2011/06/18 21:31:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/11 13:40:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 18:57:16 | 000,005,605 | ---- | C] () -- C:\Documents and Settings\Grace\GCD1.Theme
[2011/07/03 17:58:52 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2011/07/03 17:58:52 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2011/07/03 17:58:52 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/07/03 17:58:52 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/03 17:58:52 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/03 17:58:52 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2011/07/03 17:58:52 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/03 17:58:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/03 17:45:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Grace\Start Menu\Programs\Windows Media Player.lnk
[2011/07/03 17:45:12 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Grace\Start Menu\Programs\Outlook Express.lnk
[2011/07/03 10:23:08 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2011/07/03 08:51:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/07/02 22:07:34 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/02 19:20:30 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat.oth
[2011/07/02 18:35:49 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp 4 Essentials.lnk
[2011/06/30 20:52:10 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946617688-3405114969-3559228268-1007.job
[2011/02/19 13:59:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/01/30 17:29:24 | 000,308,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1946617688-3405114969-3559228268-1007-0.dat
[2011/01/30 17:29:22 | 000,308,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/05/04 21:36:27 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/09/27 14:37:03 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2009/02/02 12:04:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/08 00:43:13 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/07/05 22:53:13 | 000,107,370 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/07/05 17:51:45 | 000,165,330 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008/07/05 17:51:45 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008/02/04 23:39:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/02/04 23:32:09 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\images
[2008/02/04 23:32:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2006/12/10 14:47:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/09 18:22:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/21 08:45:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/21 08:18:53 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/21 08:12:12 | 000,014,307 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/21 08:12:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/21 08:04:28 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/21 07:59:37 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/09/21 07:58:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/21 07:55:42 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/21 07:55:42 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/09/21 07:55:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/21 07:55:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/21 07:55:41 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/21 07:55:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/09/21 07:55:41 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/09/21 07:55:41 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/21 07:55:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
[2006/09/21 07:37:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/21 07:31:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/21 07:31:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/21 07:31:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/09/21 07:28:10 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AXEL.DAV
[2006/09/21 07:28:10 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\AXEL.DAV
[2006/09/21 07:28:09 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AXEL.DAV
[2006/09/21 07:28:09 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\AXEL.DAV
[2006/06/16 19:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/11 08:52:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/10/10 16:27:46 | 000,382,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 16:27:46 | 000,053,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 16:25:26 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 16:20:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 16:15:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/08 21:37:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2008/07/26 20:03:07 | 000,001,818 | -H-- | M] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/07 13:56:43 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/05/07 13:56:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/05/07 13:56:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/05/07 13:56:51 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/08/26 20:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\3D Driving-School Demo
[2006/12/29 23:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ability Office 98
[2010/12/05 19:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\ACTtoWAVconversion
[2011/07/03 17:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/03/27 22:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/02/21 04:57:00 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2011/06/24 20:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Desktop 9.6
[2011/04/24 02:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/02/04 23:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/05/05 20:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2011/02/08 23:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/08/08 00:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Azada
[2011/05/06 18:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\BBC iPlayer Desktop
[2011/04/24 02:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/07/03 17:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/12 04:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2006/09/21 07:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2007/07/03 19:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\Garden Action Diary
[2011/02/12 04:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2011/02/12 04:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2006/09/21 07:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/03/14 16:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/03/18 02:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/04/05 11:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/09/21 08:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\HP DigitalMedia Archive
[2006/12/11 23:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\HP restore
[2009/09/27 11:48:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/09/21 07:55:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/12/11 20:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2011/06/15 03:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/24 02:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/24 02:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2006/09/21 07:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/16 21:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/12/10 14:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/12/03 01:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/14 22:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/01/19 04:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/09 02:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/01/29 03:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/10 23:31:22 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/07/01 05:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/05/04 21:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Player Utilities
[2005/11/14 22:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/14 22:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/07/03 09:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/07/02 18:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/07/16 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/09/22 21:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/05/21 23:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2011/02/21 02:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 04:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/09/21 08:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2006/09/21 08:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2011/04/24 03:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/09 14:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2009/10/18 03:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Samorost2
[2009/09/27 11:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2011/04/07 23:51:43 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/01/07 04:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\Smilebox
[2006/09/21 08:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/06/14 00:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\SweetIM
[2009/01/18 18:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\TuxPaint
[2006/12/09 18:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/05/04 19:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/02 16:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/16 21:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 22:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/14 22:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/09/22 21:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Zoom


< MD5 for: AGP440.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/07/16 21:26:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys

< MD5 for: IASTOR.SYS >
[2006/05/11 19:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\hp\drivers\Intel_6.0.0.1022_WHQL\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\cmdcons\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\hp\drivers\Intel_raid\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\hp\drivers\Intel_raid\Utility\Winall\Driver\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/02/22 01:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\iaStor.sys
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2006/02/22 01:46:14 | 000,497,664 | ---- | M] (Intel Corporation) MD5=EBEDA5E218E0FB311A0D28923E7398E6 -- C:\hp\drivers\Intel_raid\Utility\Winall\Driver64\IaStor.sys
[2006/02/22 01:46:14 | 000,497,664 | ---- | M] (Intel Corporation) MD5=EBEDA5E218E0FB311A0D28923E7398E6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-03 10:52:01

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/09/28 20:06:36 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/10 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/09/28 20:06:36 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Internet Explorer\iexplore.exe:SummaryInformation
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5

< End of report >

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AXEL.DAV - Here is the log file from OTL Extras.txt

Post by Amazin on 3rd July 2011, 11:01 pm

OTL Extras logfile created on: 03/07/2011 21:14:16 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Grace\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.12% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.45 Gb Total Space | 149.09 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 6.84 Gb Total Space | 0.66 Gb Free Space | 9.68% Space Free | Partition Type: FAT32

Computer Name: YOUR-E6F02835AE | User Name: Grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2b8fbfaa-1668-45cd-a5a4-1a0aeaf6e307}" = Nero BackItUp 4 Essentials
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"EL" = Intel(R) Quick Resume Technology Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/07/2011 16:02:09 | Computer Name = YOUR-E6F02835AE | Source = MsiInstaller | ID = 10005
Description = Product: Norton AntiVirus 2006 -- Norton AntiVirus 2006 does not support
the Repair feature, please uninstall and reinstall.

Error - 02/07/2011 16:02:10 | Computer Name = YOUR-E6F02835AE | Source = MsiInstaller | ID = 10005
Description = Product: Norton AntiVirus 2006 -- Norton AntiVirus 2006 does not support
the Repair feature, please uninstall and reinstall.

Error - 02/07/2011 16:17:21 | Computer Name = YOUR-E6F02835AE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 02/07/2011 17:43:01 | Computer Name = YOUR-E6F02835AE | Source = Application Hang | ID = 1002
Description = Hanging application HelpCtr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/07/2011 18:59:52 | Computer Name = YOUR-E6F02835AE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ieframe.dll, version 7.0.6000.16945, fault address 0x00053f1a.

Error - 03/07/2011 05:40:03 | Computer Name = YOUR-E6F02835AE | Source = Application Hang | ID = 1002
Description = Hanging application HelpCtr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/07/2011 05:40:03 | Computer Name = YOUR-E6F02835AE | Source = Application Hang | ID = 1002
Description = Hanging application HelpCtr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/07/2011 10:10:36 | Computer Name = YOUR-E6F02835AE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 03/07/2011 10:12:29 | Computer Name = YOUR-E6F02835AE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/07/2011 10:12:29 | Computer Name = YOUR-E6F02835AE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/07/2011 12:45:49 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 03/07/2011 12:45:49 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG10\avgui.exe.
Reference
error message: The operation completed successfully. .

Error - 03/07/2011 14:02:36 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 03/07/2011 14:02:36 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 03/07/2011 14:02:36 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AOL Desktop
9.6\aol.exe. Reference error message: The operation completed successfully. .

Error - 03/07/2011 14:02:39 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 03/07/2011 14:02:39 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 03/07/2011 14:02:39 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AOL Desktop
9.6\aol.exe. Reference error message: The operation completed successfully. .

Error - 03/07/2011 15:10:32 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 03/07/2011 15:10:32 | Computer Name = YOUR-E6F02835AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .


< End of report >

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AXEL.DAV - Here is the log file from MBR log

Post by Amazin on 3rd July 2011, 11:02 pm

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 21:39:14
-----------------------------
21:39:14.765 OS Version: Windows 5.1.2600 Service Pack 2
21:39:14.765 Number of processors: 2 586 0xE08
21:39:14.765 ComputerName: YOUR-E6F02835AE UserName: Grace
21:39:15.968 Initialize success
21:46:58.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:46:58.109 Disk 0 Vendor: WDC_WD20 10.0 Size: 190782MB BusType: 3
21:46:58.125 Disk 0 MBR read successfully
21:46:58.125 Disk 0 MBR scan
21:46:58.125 Disk 0 unknown MBR code
21:46:58.125 Disk 0 scanning sectors +390715920
21:46:58.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:47:01.671 Service scanning
21:47:02.562 Disk 0 trace - called modules:
21:47:02.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:47:02.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x894c3ab8]
21:47:02.578 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89ddb030]
21:47:02.578 Scan finished successfully
21:48:35.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Grace\Desktop\MBR.dat"
21:48:35.250 The log file has been saved successfully to "C:\Documents and Settings\Grace\Desktop\aswMBR.txt"


Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AXEL.DAV - Here is the log file from Security Check

Post by Amazin on 3rd July 2011, 11:03 pm

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 2
[You must be registered and logged in to see this link.]
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton AntiVirus 2006
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 3rd July 2011, 11:22 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AXEL.DAV

Post by Amazin on 3rd July 2011, 11:35 pm

DOH! I've just realised, I did the scans while logged in on the 'Grace' account, which I'd loaded up with the non-virus stuff from the previous Administrator's account. I should have gone into the new Admistrator's account i.e. the infected account, shouldn't I?

Let me know if you need me to do that.

Apologies once again... after 48 hours on this, I'm running out of patience... and coffee...

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 4th July 2011, 7:24 am

I'll go ahead and run Combo-Fix but I can't access my security software (AVG) to change the settings because "the application configuration is incorrect" due to Axel.dav - does this mean it's being prevented from running or is it still going on in the background and just unreachable for me to reconfigure?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 4th July 2011, 1:37 pm

Hello.
Use this to temporarily uninstall AVG.

Download and install [You must be registered and logged in to see this link.]


  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on AVG.
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 4th July 2011, 6:19 pm

It's not showing AVG as one of my installed programs, nor is it showing the version of Norton that came installed originally in the computer and would have been reinstalled during the Recovery. Does that mean they've been disabled by the virus or will they be continuing to work in the background?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 6th July 2011, 5:20 pm

Every time I try to run Combofix I get the following message:

-------------

WARNING!!

Combofix has detected the following real time scanner(s) to be active:

antivirus: Norton Internet Security 2006

Antivirus and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.

-------------

Norton Internet Security 2006 came ready installed in the computer but I got rid of that program ages ago.

During the recent recovery the Norton icon reappeared on the desktop.
Clicking on it just gives an error message saying NMAIN.EXE can't be located.

Clicking on the Properties tab, the target is given as:

"C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE" /nosysworks /dat:c:\Program Files\Norton Internet Security\NISPLUG.NSI /goto:No&rton Internet Security

I've searched manually and I can't locate the program to disable it!

Is the warning message for real or something activated by the virus?

PLEASE ADVISE - should I go ahead and run Combofix?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 6th July 2011, 6:05 pm

BUMP

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 7th July 2011, 3:35 pm

Hello.
Follow my Revo Uninstaller instructions again and look for Norton AntiVirus 2006, if it's there, uninstall it as well, then run Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 8th July 2011, 8:38 pm

I told you on 4th July in Post 10 that Revo Uninstaller didn't list any version of Norton for me to uninstall. (In fact it didn't list AVG either)

On 6th in Post 11, I said that I got rid of Norton ages ago, that the Norton icon recently reappeared on the desktop and that clicking on it just gives an error message saying NMAIN.EXE can't be located.I also said I'd searched manually and couldn't find anything regarding Norton.

I've now tried Revo again as per your latest post and there's no difference at all. No Norton products listed.

Is there any other advice you can give me, should I ask someone else here or should I just go elsewhere?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 13th July 2011, 12:22 am

Okay lets try this.

Completely Uninstall Norton software using:

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):

    • Norton AntiVirus
    • Norton Internet Security
    • Norton SystemWorks
    • Norton Personal Firewall



[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 13th July 2011, 7:05 pm

I had to go online to download a new Norton Removal Tool as the other one had expired, but it seems to have done the trick.

Here is my Combofix log:



ComboFix 11-07-13.01 - Grace 13/07/2011 19:29:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1546 [GMT 1:00]
Running from: c:\documents and settings\Grace\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-E6F02835AE\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\windows\system32\acelpdec.ax
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-05 18:10 . 2011-07-05 18:10 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 18:10 . 2011-07-05 18:10 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-04 18:10 . 2011-07-04 18:10 -------- d-----w- c:\program files\VS Revo Group
2011-07-03 11:55 . 2011-07-05 19:46 -------- d-----w- c:\documents and settings\Grace
2011-07-03 08:10 . 2011-07-03 08:10 -------- d-----w- c:\program files\MSXML 4.0
2011-07-02 21:38 . 2011-07-03 12:08 -------- d-sh--w- c:\documents and settings\All Users\DRM
2011-07-02 21:09 . 2011-07-03 16:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2011-07-02 20:32 . 2011-07-03 16:30 -------- d-----w- c:\windows\WinSxS
2011-07-02 18:34 . 2011-07-13 18:40 -------- d-----w- c:\windows\system32
2011-07-02 17:28 . 2011-07-02 17:38 -------- d-----w- c:\program files\Nero
2011-07-02 17:26 . 2011-07-02 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-07-02 17:26 . 2011-07-02 17:42 -------- d-----w- c:\program files\Common Files\Nero
2011-07-02 15:11 . 2011-07-08 20:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-E6F02835AE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 01:15 . 2006-12-09 16:38 90112 ----a-w- c:\windows\DUMP5b11.tmp
2008-12-10 22:04 . 2008-12-10 22:04 123256 ----a-w- c:\program files\BYKIDownloaderPC.exe
2008-09-25 00:50 . 2008-09-25 00:50 34130184 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2011-07-05 18:10 . 2011-03-24 14:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7622656]
"nwiz"="nwiz.exe" [2006-06-20 1519616]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2006-04-07 53248]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2007-10-14 49152]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-21 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-21 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-02-21 c:\windows\Tasks\Internet Services.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
.
2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946617688-3405114969-3559228268-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
2011-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946617688-3405114969-3559228268-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: paddypower.com\bingo
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AOL Fast Start - c:\program files\AOL Desktop 9.6\AOL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-13 19:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-13 19:56:36
ComboFix-quarantined-files.txt 2011-07-13 18:56
.
Pre-Run: 161,846,767,616 bytes free
Post-Run: 161,901,613,056 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6AAFDBF47ED2D66D7FB3DF1399CD13C2


Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 17th July 2011, 4:11 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 18th July 2011, 12:09 am

As I said previously, I can only use Firefox.

Axel dav stopped all my other programs, including Internet Explorer.

Should I run the ESET scan or not?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 20th July 2011, 1:12 am

Combofix should of removed the AXEL.DAV now, is IE still not working?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 21st July 2011, 6:30 pm

After my last post the computer failed completely. The message was:

Windows could not start because the following file is missing or corrupt:
Windows root\system32\hal.dll

I had no choice but to do another system restore. This time was slightly better than the last. No axel dav documents appeared on the desktop plus I got Internet Explorer back. However, all the other programs I had previously installed were still unavailable (e.g. itunes, etc). I'm having to go through all of them individually wiping out all the associated files, then re-installing.

You said Combofix should have cleared out Axel dav?

What should I do/ run to make sure axel dav has gone?

I want to create backup disks for the future but axel dav was activated by the restore/ recovery function last time so I want to be ultra sure.


Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 23rd July 2011, 8:34 pm

You should be able to back up your data to an external disc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 25th July 2011, 6:53 pm

Yes, but I also want to create recovery CDs and as I said before, axel dav was activated by the restore/ recovery function last time so I want to be ultra sure.

You said Combofix should have cleared out Axel dav - so what should I do/ run to make sure axel dav has gone?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Belahzur on 27th July 2011, 1:33 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Amazin on 2nd August 2011, 9:25 pm

Apologies for this delayed response. Here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7359

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

02/08/2011 21:39:19
mbam-log-2011-08-02 (21-39-19).txt

Scan type: Quick scan
Objects scanned: 180661
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

X - X - END - X - X

As I recall, two items were detected and deleted.

I notice the scan ran on the C Drive. Would you recommend trying to run a scan of the D Drive (the partition drive) to check for any remaining traces of axel.dav or do you think that would that cause a problem?

Amazin
Novice
Novice

Posts Posts : 16
Joined Joined : 2011-07-03
OS OS : Windows XP home
Points Points : 20088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another case of AXEL.DAV

Post by Sneakyone on 3rd August 2011, 4:58 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum