all my docx files hav become, docx.exe

November 3, 2013 at 11:13:22
Specs: Windows XP
All my docx files have become docx.exe. AVG antivirus detects it as trojan horse and deletes the file. I just want to delete the virus and retrieve the docx file. I tried malwarebytes but even its deleting the file and making it unable to retrieve it.

Please help me out.

See More: all my docx files hav become, docx.exe

Report •

November 3, 2013 at 11:40:10
Do you have the avg log? Or if possible what where the detected files?

On another note, It is highly possible that the .exe files that were created just mimicked the original files. If that is the case, you can probably find them again by clicking on folder options and the show hidden and system files.

however you still have a major infection. So running malwarebytes might be a great choice as well.


Report •

November 3, 2013 at 11:52:37
See the answer from autotboskids on here:

You might need more focussed help but try the above for starters.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

November 3, 2013 at 17:50:41
I don't know if it's the same virus but you might check this earlier thread:

Report •

Related Solutions

November 4, 2013 at 07:10:47
@mikelinus: I do not have a log but AVG detects them as Trojan horse Delf.AKTM.
I tried changing the folder attributes but the files cannot be found, they're not hidden.

Report •

November 4, 2013 at 07:44:35
Did you input the command "exactly" as written (except for changing the drive letter from e to whatever your system drive happens to be - usually c)?

attrib e:\*.* /d /s -h -r -s

Note the exactness required - for example, there are six spaces and you have to use back slashes and forward slashes as per the example.

Did you also look at suggestion #3?

Windows search can be a bit rickety with system files so it might need to above unhide in order for it to find them.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

November 4, 2013 at 09:32:50
Upon using the command, it returns a message Access denied C:\Documents and Settings\All Users\Application Data\MIcrosoft\Dr Watson\user.dmp

And about the suggestion #3, I did try changing the extension and opening the file, but it shows access denied. If it change it to .txt, it opens some unreadable fonts and if the .txt is openend with MS Word, it opens up some 6000 pages with unreadable fonts.

Report •

November 4, 2013 at 09:38:32
Assuming your system drive is C, then input cd.. (and hit Enter) as many time as is necessary to get to just the C prompt itself - it won't matter if you do it more times than necessary. The command cd.. (two dots) moves it back up the directory path one step at a time.

Now try:
attrib c:\*.* /d /s -h -r -s

Even if it prevents acces to the odd place, just check to see if it has had the desired effect.

Always pop back and let us know the outcome - thanks

Report •

November 4, 2013 at 10:36:44
If it helps you can also use cd\ to go to the bottom level.


Report •

November 8, 2013 at 08:02:46
It still isn't working. I couldn't find my files.
Though I still have an option to restore the files that were deleted by Malware Bytes, I'm still not sure as I can recover the actual files once restored and if there is a chance the virus would affect other files as well.

Report •

November 8, 2013 at 08:44:37
Let me just clarify your orginal post. If you originally had a file called Something.docx are you saying this has become Something.docx.exe ?

If so you could diable your virus checker then remove the .exe part. Next put your AV back on and see if it still thinks the file is viral. If so then it probably is, so best not double click it.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

November 10, 2013 at 06:12:40
Yes it does detect it as a virus. I still haven't been able to find a solution to this problem. Please help..

Report •

November 10, 2013 at 07:07:44
Is there a reason you don't want to post the log.

and are you willing to run a malwarebytes scan from safe mode?


message edited by mikelinus

Report •

November 10, 2013 at 08:39:56
Could you please clarify the situation regarding the first line of my #10. Thanks.

Always pop back and let us know the outcome - thanks

Report •

November 10, 2013 at 09:42:04
About your #10, yes if originally I had a file called Something.docx it has turned into Something.docx.exe
And I did try your suggestion as in #10 but my Anti virus still detects it as a virus.

message edited by Manojm

Report •

November 10, 2013 at 09:46:34
Mike, please let me know which log I need to post.
I've run malwarebytes scan and it also finds my files as a malware threat. But I'm not sure if I've run it in safe mode or not.

Report •

November 10, 2013 at 11:53:25
Can you post the malwarebytes log?


Report •

November 11, 2013 at 04:01:36
Could u please let me know how to post the log to this post?

Report •

November 11, 2013 at 05:25:45
"Could u please let me know how to post the log to this post?"
Open up the log, Copy & Paste the contents here.

Report •

November 11, 2013 at 06:06:31
It's a log file, its too big. this cannot take it. I'm asking if there is a way I can attach it as in a mail.

Report •

November 11, 2013 at 06:25:03
Upload it using this. I upload to for images & for files ( neither need an account ) Give us the link please.
Image Uploader

How to use for files.

Report •

November 12, 2013 at 07:12:51

Report •

November 12, 2013 at 12:24:30
Ok got the log, will now use 5 or 6 tools to remove the infections.

As you can see from your log, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, they make you aware the program is Ad-supported & down the bottom of the page, they will advise of what you have to watch out for.
Sample pages.
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshot ) of above.

Report •

November 12, 2013 at 12:26:20
1: Run AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

Report •

November 15, 2013 at 07:10:47
Here's both the logs:

What to do next??

Report •

November 15, 2013 at 11:17:50
No need to upload most logs.

# AdwCleaner v3.012 - Report created 15/11/2013 at 18:02:58
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Manuu - MANUU-98977CDC2
# Running from : F:\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\AVG Nation toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\vghd
Folder Deleted : C:\Program Files\uTorrentControl_v6
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\AVG Nation toolbar
Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\vghd
Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\uTorrentControl_v6
Folder Deleted : C:\Documents and Settings\Manuu\Application Data\AVG Nation toolbar
Folder Deleted : C:\Documents and Settings\Manuu\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Manuu\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\MCB\Local Settings\Application Data\AVG Nation toolbar
Folder Deleted : C:\Documents and Settings\MCB\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\MCB\Local Settings\Application Data\uTorrentControl_v6
Folder Deleted : C:\Documents and Settings\MCB\Application Data\AVG Nation toolbar
Folder Deleted : C:\Documents and Settings\MCB\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\MCB\Application Data\PriceGong
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\MCB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Manuu\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\WINDOWS\Tasks\Express FilesUpdate.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\ SiteSafety plugin,version=,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\5aede8fb63abd43
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61FF8246-4E94-42F2-8647-DDA6F03F2689}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7518D81A-DABD-4B23-A425-227B4303BA6A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9BF541B-4015-454F-BD8D-664DF60D51DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\expressdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ExpressFiles\ExpressFiles.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Manuu\Local Settings\Application Data\vghd\bin\Virtuagirl_Downloader.exe]
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\uTorrentControl_v6
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\uTorrentControl_v6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Manuu\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\MCB\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url


AdwCleaner[R0].txt - [9999 octets] - [15/11/2013 17:59:16]
AdwCleaner[S0].txt - [10204 octets] - [15/11/2013 18:02:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10265 octets] ##########

Report •

November 15, 2013 at 11:18:59
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Manuu on Fri 11/15/2013 at 20:30:15.08

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-583907252-1035525444-1177238915-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-583907252-1035525444-1177238915-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{83EC974E-BBE7-4525-9D44-45826F0BF9E4}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ammyy"
Successfully deleted: [Folder] "C:\Documents and Settings\Manuu\Local Settings\Application Data\cre"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

Scan was completed on Fri 11/15/2013 at 20:37:05.87
End of JRT log

Report •

November 15, 2013 at 11:23:22

1: Download & run Unhide
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run RogueKiller
User guide
Official tutorial
If RougeKiller won't run, open IE & turn off SmartScreen Filter.
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

November 17, 2013 at 10:42:53
Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013
More Information about Unhide.exe can be found at this link:

Program started at: 11/17/2013 11:22:04 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 50291 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 12393 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 9015 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 6096 files processed.

The C:\DOCUME~1\Manuu\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts:

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 11/17/2013 11:32:31 PM
Execution time: 0 hours(s), 10 minute(s), and 26 seconds(s)

Report •

November 17, 2013 at 10:43:52
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
Website :
Blog :

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Manuu [Admin rights]
Mode : Remove -- Date : 11/18/2013 00:01:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PC Performer43885.exe ("C:\DOCUME~1\Manuu\LOCALS~1\Temp\PC Performer43885.exe" /XML="C:\DOCUME~1\Manuu\LOCALS~1\Temp\C7.tmp" /ROS /STP=0:2 [x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Documents and Settings\Manuu\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid df1e0502e6e247d3917fd1509778bf7e-48b2feb5b829c59a58b382147088e28fe7dcf79f --CMPID 0913b [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-583907252-1035525444-1177238915-1003\[...]\Run : PC Performer43885.exe ("C:\DOCUME~1\Manuu\LOCALS~1\Temp\PC Performer43885.exe" /XML="C:\DOCUME~1\Manuu\LOCALS~1\Temp\C7.tmp" /ROS /STP=0:2 [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-583907252-1035525444-1177238915-1003\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Documents and Settings\Manuu\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid df1e0502e6e247d3917fd1509778bf7e-48b2feb5b829c59a58b382147088e28fe7dcf79f --CMPID 0913b [x][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-583907252-1035525444-1177238915-1004\[...]\Run : System32 (C:\Documents and Settings\All Users\Application Data\MCB.exe [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-583907252-1035525444-1177238915-1004\[...]\Run : Ms.word (C:\Documents and Settings\MCB\Application Data\WINWORD.EXE [x]) -> DELETED
[RUN][HJNAME] HKUS\S-1-5-21-583907252-1035525444-1177238915-1004\[...]\Run : Microsoft Windows (C:\Documents and Settings\MCB\Application Data\Microsoft\Office\rundll32.exe [x]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : 9890 (C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msyazcwxx.cmd [x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F7333C)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F7333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160215AS +++++
--- User ---
[MBR] 8701ce42c68960e27bb421615cf5c801
[BSP] 517c04e011e25ebceb537ff4afb8bbc8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 78140160 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11182013_000126.txt >>

Report •

November 17, 2013 at 10:44:24
I still cannot find my files.

Report •

November 17, 2013 at 13:25:08
"I still cannot find my files"
As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
If any program won't run ( due to the infection ) let me know.

Please download and run ListParts by Farbar (for 32-bit system):

Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.
If Listparts won't run. May get the message > The disk management services could not complete the operation
1: Restart the computer. Any messages after the reboot?
2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts, Copy & Paste the contents the log in your next reply.
Run ListParts, Copy & Paste the contents of the log please.

Report •

November 18, 2013 at 07:39:36
ListParts by Farbar Version: 20-10-2013
Ran by Manuu (administrator) on 18-11-2013 at 21:07:31
Windows XP (X86)
Running From: F:\Downloads
Language: 0409

========================= Memory info ======================

Percentage of memory in use: 60%
Total physical RAM: 1013.25 MB
Available physical RAM: 403.24 MB
Total Pagefile: 2440.08 MB
Available Pagefile: 1294.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.67 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:37.26 GB) (Free:16.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: () (Fixed) (Total:37.26 GB) (Free:0.28 GB) NTFS
3 Drive e: () (Fixed) (Total:37.26 GB) (Free:4.99 GB) NTFS
4 Drive f: () (Fixed) (Total:37.26 GB) (Free:1.64 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 37 GB 32 KB
Partition 2 Extended 112 GB 37 GB
Partition 3 Logical 37 GB 37 GB
Partition 4 Logical 37 GB 75 GB
Partition 5 Logical 37 GB 112 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 37 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 37 GB Healthy

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 37 GB Healthy

Disk: 0
Partition 5
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 37 GB Healthy
============================== MBR Partition Table ==================

Partitions of Disk 0:
Disk ID: E783E783
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=OF Extended)

****** End Of Log ******

Report •

November 18, 2013 at 13:36:55
Had to make sure that no nasties were hidden in the partitions, all Ok.

Run Defogger & then Combofix.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
A guide and tutorial on using ComboFix
Manually restoring the Internet connection
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Do not mouseclick combofix's window while it is running. That may cause it to stall.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

December 4, 2013 at 09:19:53
ComboFix 13-12-04.04 - Manuu 12/04/2013 22:20:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.694 [GMT 5.5:30]
Running from: f:\downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2013-11-04 to 2013-12-04 )))))))))))))))))))))))))))))))
2013-12-04 04:53 . 2013-12-04 04:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 04:53 . 2013-12-04 04:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-18 18:16 . 2013-12-04 17:09 -------- d-----w- c:\documents and settings\Manuu\Application Data\Skype
2013-11-18 18:15 . 2013-11-18 18:15 -------- d-----r- c:\program files\Skype
2013-11-18 18:15 . 2013-11-18 18:15 -------- d-----w- c:\program files\Common Files\Skype
2013-11-18 18:14 . 2013-12-04 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2013-11-15 15:00 . 2013-11-15 15:00 -------- d-----w- c:\windows\ERUNT
2013-11-15 11:54 . 2013-11-15 12:36 -------- d-----w- C:\AdwCleaner
2013-11-12 15:06 . 2013-11-12 15:08 -------- d-----w- c:\documents and settings\Manuu\Application Data\Image Uploader
2013-11-12 15:06 . 2013-11-12 15:06 -------- d-----w- c:\program files\Image Uploader
2013-11-12 15:06 . 2013-11-12 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Image Uploader
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-11-05 16:20 . 2013-09-25 15:27 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 16:27 . 2013-02-26 18:10 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 17:30 . 2013-02-07 23:07 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 17:00 . 2013-02-07 23:07 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-24 16:58 . 2013-02-07 23:07 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-09 20:11 . 2013-09-28 09:11 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-30 19:19 . 2013-02-07 23:07 102712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-09-16 19:27 . 2013-03-01 05:02 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 19:13 . 2013-02-07 23:07 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SkyTel"="SkyTel.EXE" [2007-07-11 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 16132608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\MCB\\My Documents\\Downloads\\AA_v3.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/28/2013 2:41 PM 37664]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11/11/2013 10:02 PM 3478544]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:01 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 20:54]
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-13 20:54]
------- Supplementary Scan -------
uStart Page = hxxp://
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone:\www
TCP: DhcpNameServer =
- - - - ORPHANS REMOVED - - - -
AddRemove-sl-dlc - c:\program files\OApps\sl-dlc_uninstall.exe
AddRemove-vghd - c:\documents and settings\Manuu\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
AddRemove-VirtuaGirl_is1 - c:\documents and settings\Manuu\Local Settings\Application Data\vghd\bin\unins000.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2013-12-04 22:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1540)
------------------------ Other Running Processes ------------------------
Completion time: 2013-12-04 22:45:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-04 17:15
Pre-Run: 17,852,821,504 bytes free
Post-Run: 18,253,012,992 bytes free
[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6257285916CF20338D3D9DA5CED30472

Report •

December 4, 2013 at 11:53:16
Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
Configure ESET this way & disable your AV.
How to Temporarily Disable your Anti-virus
Which web browsers are compatible with ESET Online Scanner?
Online Scanner not working
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.

Report •

January 3, 2014 at 10:04:16

message edited by Manojm

Report •

January 3, 2014 at 10:59:17

Your link in #36 is not working.

Started working later - seems changeable. Avoided opening it because at one stage it offered an exe file.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

January 4, 2014 at 10:03:51

Report •

January 4, 2014 at 15:42:31
found=490, that's a lot of virus finds, not sure ESET removed them.

Keep ESET as a permanent part of your toolkit, as soon as you run it again, it will update.

To see if those files got removed, Run ESET again & give me the new log please.

Report •

Ask Question