# Solved: Missing files and folders, AXEL.DAV files everywhere



## DBoe (Jan 16, 2008)

A friend of mine asked me to take a look at his PC, it's a HP Pavilion a1510n, running XP Media Center Edition. He has lost hundreds of files and in the folders where the files were is this small file called AXEL.DAV, there are over 2000 of the files in just about every folder on the pc. I have run Ad-Aware but it didn't seem to find anything. I have attached a HJT log. Any help would be appreciated.


----------



## DBoe (Jan 16, 2008)

Bump


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O4 - S-1-5-18 Startup: AXEL.DAV (User 'SYSTEM')
O4 - .DEFAULT Startup: AXEL.DAV (User 'Default user')
O4 - .DEFAULT User Startup: AXEL.DAV (User 'Default user')
O4 - Startup: AXEL.DAV
O4 - Global Startup: AXEL.DAV

*Close all applications and browser windows before you click "fix checked".*

Click *here* to download *Dr.Web CureIt *and save it to your desktop.

Doubleclick the *drweb-cureit.exe *file and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click *'Yes to all' *if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the *Dr.Web CureIt *menu on top, click file and choose save report list
Save the report to your desktop. The report will be called *DrWeb.csv*
*Close Dr.Web Cureit*.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from *Dr.Web *you saved previously in your next reply along with a new *HijackThis log*.


----------



## DBoe (Jan 16, 2008)

Thanks for replying, 
I ran HJT again and checked the five lines containing the AXEL.DAV files. 
Then I DL'd the Dr.Web CureIt, and ran the scan. 
I was unable to upload the .csv file so I copied the contents to a text file, which I attached.
I noticed when I ran HJT again, that some of the AXEL.DAV lines were back.


----------



## cybertech (Apr 16, 2002)

What is going on with Norton? Have you tried removing it?

If you need an anti-virus software load *AVG* it's free.

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------

