Windows.google.java.script redirect=1 Do I have a virus?

Started by Evenshade, May 17, 2014, 11:03:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3
User actions

DonnaB

#15
May 20, 2014, 10:30:31 PM
Quoteyour instructions are as smooth as silk and this machine has, indeed, liked OTL much better than Dan's laptop did
Thank you! :) Detailed instructions certainly makes the task easier.  Some of the programs we use can really be confusing for some. I still wonder why OTL refuses to run on a select few computers. So glad it worked on yours...  :thumbsup:

How is the computer behaving now???

Let's run just a couple more scans to ensure nothing is left behind, lurking in the shadows:

Let's run a Threat Scan with MBAM v2 since you have it installed already. I haven't experimented much with this new version, so please let me know if the instructions below are appropriate for the occasion.

Right click on the  MBAM v2 icon and choose Run as administrator to open the program:

  • Click on the Dashboard tab then select Update Now >>
  • Once it has updated select Settings > Detection and Protection
  • Tick Scan for rootkits



  • Go back to the Dashboard and select Scan Now



  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





  • On completion of the scan (or after the reboot)  select View Detailed Log
  • Select   Export >  Select text file and save to the desktop
Please post the log in your next reply.

Next:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.


  • Please go >>HERE<< then click on:


    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on:
            (Selecting Uninstall application on close if you so wish)

       
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#16
May 21, 2014, 02:47:32 AM
Hi Donna,
The computer is behaving beautifully...spunky and fast again.   :mitch:    Your MBAM instructions were pretty good.  I'm new to this version, too, so learned a couple of things by going through the instructed steps.  At the "scan now" instruction, it gave me the option to choose the updates and I do so.  If I recall correctly, I didn't see it ask me for a reboot until after I clicked the "apply action" button.

Here are my logs:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18345
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 02:40:16
# local_time=2014-05-20 10:40:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25979063 152183466 0 0
# scanned=219657
# found=2
# cleaned=0
# scan_time=3810
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2014
Scan Time: 9:26:37 PM
Logfile: MBAM SCAN 052014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.01
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276140
Time Elapsed: 12 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [ea1605fb0000738d82ba704cf60d946c],

Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, No Action By User, [ea1605fb0000738d82ba704cf60d946c]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

DonnaB

#17
May 21, 2014, 11:50:58 AM
QuoteThe computer is behaving beautifully...spunky and fast again.
Ahhh. I like spunky and fast. Kind of makes you want to do the happy dance!   :dance:

QuoteYour MBAM instructions were pretty good.
Good! I will have to make the time to thoroughly go over the new version of MBAM v2. There is so much more to that version, and I've never been comfortable asking others to initiate scans that I am not familiar with, though thought it was silly to have you install yet a another program that I am familiar with and since you had it installed already, might as well get good use out of it and maybe both of us would learn something along the way.  :thumbsup:

For some reason, the MBAM log shows No Action By User even though you did take action, so lets take different approach to rid that from your machine.

Go to Start > Control Panel > Programs and Features and see if it still listed there. It shouldn't be since AdwCleaner acknowledged that did remove the folder. It appears that it is just a leftover in the registry run key.


Next:

Let's use OTL to remove the files that ESET found and remove it from the registry. Looking back at my first OTL fix, I realize now that I removed that value data for Mobile App Sync when I should have just remove the item from the registry all together. I'll include that as well in my fix:


  • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Quote
    :COMMANDS
    [CREATERESTOREPOINT]

    :Reg
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "BrowserSafeGuard"=-
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "BrowserSafeGuard"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Mobile App Sync"=-

    :Files
    C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res
    C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res

    :Commands
    [Reboot]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
Next:

Please run another MBAM scan so we can verify a clean scan.

No need to provide another OTL scan. The OTL moved log and MBAM will show me if the files are removed.

Please post the following logs in your next reply:

C:\_OTL\Moved Files
MBAM.txt

Thank you,
Donna :)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#18
May 21, 2014, 01:12:58 PM
Good morning Donna!

I hate to say this, but I'm not sure what I'm to be looking for in Programs and Features.   :confused:  Unfortunately, confusion is not an unusual state for me.  :)  So let me know and I will look for it. 

I did run the scans and here are the logs.   Thank you again for everything!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 9:05:42 AM
Logfile: mban 052114.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.04
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275620
Time Elapsed: 13 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [916fc739ae52c93794114f6db44f4cb4],

Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, No Action By User, [916fc739ae52c93794114f6db44f4cb4]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeGuard not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeGuard not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Mobile App Sync deleted successfully.
========== FILES ==========
C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res moved successfully.
File\Folder C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05212014_084915

DonnaB

#19
May 21, 2014, 10:21:29 PM
QuoteI'm not sure what I'm to be looking for in Programs and Features.

For heavens sake! This is why I try not to think too hard before that 2nd cup of coffee in the morning.   :thud: Boy, do we need one of those *facepalm* smilie guys for my personal use, or what?

I meant to have you look for the BrowserSafeGuard folder and delete it, if found. I see that the last OTL fix did remove Mobile App Sync, though MBAM is still showing that no action was taken on the following:

Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [916fc739ae52c93794114f6db44f4cb4],

Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, No Action By User, [916fc739ae52c93794114f6db44f4cb4]

Allow me a moment to discuss this with my associates before I provide further instructions.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#20
May 21, 2014, 11:27:41 PM
Donna, you're so funny.  :)   I just thought it had gone over my head like many things do. 

I went back to uninstall BrowerSafeguard with RocketTabs and got this message:  an error occurred while trying to uninstall BrowserSafeguard with RocketTabs.  It may have already been uninstalled.  Would you like to remove yada, yada, yada from the Programs and Features list and I did that. 

I noticed those PUPs still there, too.  I'll wait for a reply...no hurry.  Speaking of that, we are leaving in the morning to go out of town until next Tuesday so we can pick up again if we don't get finished tonight.  No rush at all. 
Pam

DonnaB

#21
May 22, 2014, 04:28:34 AM
QuoteDonna, you're so funny.  :)  I just thought it had gone over my head like many things do.
Did I mention how much fun you are to work with? You are so on my level of cognitive thinking.  :hug:

QuoteI went back to uninstall BrowerSafeguard with RocketTabs and got this message:  an error occurred while trying to uninstall BrowserSafeguard with RocketTabs.  It may have already been uninstalled.  Would you like to remove yada, yada, yada from the Programs and Features list and I did that.
Perfect!!  :thumbsup:

QuoteI noticed those PUPs still there, too.
We'll need to remove those as well.

QuoteI'll wait for a reply...no hurry.  Speaking of that, we are leaving in the morning to go out of town until next Tuesday so we can pick up again if we don't get finished tonight.  No rush at all.
Not a problem at all.

I did discuss this with my fellow associates and it is agreed upon that some settings that should have been configured for our needs were not. I have tweaked the instructions a tad so if you have time before you leave please try the new set of instructions below. I did not run the new instructions by the rest of the team prior to posting them below thinking you might have time to rescan. If not, don't worry about it and we can pick up where we left off when you get back next Tuesday.

Here are the tweaked instructions:


  • Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
  • After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
  • Under Detection Options, make sure all 3 options are checked.
  • Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
  • Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
  • If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
  • When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
Post log:

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#22
May 27, 2014, 07:58:52 PM
Home again, home again, jiggity jig..and happy to be here.  As Dorothy said, there's no place like home.  I hope you had a happy and meaningful Memorial Day, Donna!

Here is my latest scan log......

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 5/27/2014 3:34:29 PM, SYSTEM, MASTIN-HP, Scheduler, Malware Database, 2014.5.22.6, 2014.5.27.9,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Refresh, Starting,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Stopping,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Stopped,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Refresh, Success,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Started,
Protection, 5/27/2014 3:55:43 PM, SYSTEM, MASTIN-HP, Protection, Malware Protection, Starting,
Protection, 5/27/2014 3:55:43 PM, SYSTEM, MASTIN-HP, Protection, Malware Protection, Started,
Protection, 5/27/2014 3:55:44 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 5/27/2014 3:55:51 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Started,

(end)

Evenshade

#23
May 27, 2014, 08:29:34 PM
Donna,
I hope  I didn't mess anything up.  I know I'm not supposed to change anything while we're working on a problem but when I was prompted upon opening a .pdf file I'd saved, I downloaded and installed the newest version of Sumatra without thinking .  I'm searching the emoticons for a red face about now.
Pam

DonnaB

#24
May 27, 2014, 10:13:53 PM
Hi Pam! I see someone doing the happy dance.   :lol:  There's nothing better than coming home after being away for more than a few days.

Yes. I had a very nice Memorial Day. Best part was talking to my Son for over an hour who is deployed overseas.   :hug:

Updating Sumatra was no big deal. There is no foistware included in the updates like there would be for Adobe Reader that would make unwanted changes.

I'm trying to figure out where you got that log from. That is not a typical Threat scan result. I've been trying to find an exact log on my system but I can not find one.

Let's see if there is a Threat scan log from the scan you ran:

Right click on the MBAM icon and choose Run as administrator to open the program.
Click on the History > Application Logs > Scan Log > View.
Click on the Copy to Clipboard button at the bottom.

Come back here to your thread and paste that into a reply box.

Hopefully one of the other members can tell us what the log in the above post is all about.

"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#25
May 27, 2014, 11:46:26 PM
I'm happy you got to talk to your son....thank him for his service for us.

Oops..it looks like I copied the "protection log" for today's date instead of the "scan log".  I didn't realize there were 2 there.   This should look more reasonable, I hope.   :smash:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/27/2014
Scan Time: 3:54:02 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.27.09
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279089
Time Elapsed: 15 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [838cd38142398aacf41ad0f445be32ce],

Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, Quarantined, [838cd38142398aacf41ad0f445be32ce]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

winchester73

#26
May 27, 2014, 11:55:43 PM
Quote from: DonnaB on May 27, 2014, 10:13:53 PM
Hopefully one of the other members can tell us what the log in the above post is all about.

I was typing a reply to the effect that you had posted the protection log instead of the scan/detection log, then noticed you had explained it yourself while I was grabbing some coffee  :D

MBAM quarantined those last two items.   :thumbsup:

How is your computer now?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Evenshade

#27
May 28, 2014, 12:02:44 AM
Thanks to you, Donna.  It's fantastic.   No lags, no waiting....everything comes up instantly like it should.   :dance:

DonnaB

#28
May 28, 2014, 12:25:02 AM
Wonderful! I love happy news. Let's run an online scan with ESET and see if there are any stragglers lurking in the shadows before we clean up our tools.  :thumbsup:

This scan may take quite awhile to run, so your patience will be needed. :)

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on:

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on:
    (Selecting Uninstall application on close if you so wish)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#29
May 28, 2014, 01:38:56 AM
Here we go, Donna.........

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18345
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 02:40:16
# local_time=2014-05-20 10:40:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25979063 152183466 0 0
# scanned=219657
# found=2
# cleaned=0
# scan_time=3810
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18438
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-28 01:35:40
# local_time=2014-05-27 09:35:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26579987 152784390 0 0
# scanned=223484
# found=1
# cleaned=0
# scan_time=3713
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\05212014_084915\C_ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
Print
Go Up Pages 1 2 3
User actions