I ran Avast! Home Edition after updating to the newest version yesterday and it found something called HTML:Script.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTML:Script.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTML:Script.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTML:Script.inf and WinRPoly [Cryp] infections is greatly appreciated:
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.