Tech Support Forum - View Single Post

albamerlot · 12-31-2007, 11:18 PM

Hello again & happy new year!

Here's the Kaspersky file from the scan. I tried to attach it, but it came up as invalid file - it's saved on the desktop as an HTML file, so not sure what's wrong with it. Hope you can read it okay from this cut and paste version.

Thanks, Rebecca

KASPERSKY ONLINE SCANNER REPORT
Monday, December 31, 2007 11:12:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/01/2008
Kaspersky Anti-Virus database records: 500952
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 86920
Number of viruses found 4
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 01:33:25

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00086e62.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00086e62.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00b75c3f.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00b75c3f.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00bcd5fa.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00bcd5fa.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\37890.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\37890.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\history.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\key3.db Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Snow Valley\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temp\37312.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temp\37312.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temp\38343.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temp\38343.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\3ZU9NHSX\install437[1].exe Infected: Trojan-Downloader.Win32.Agent.gyl skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Snow Valley\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Snow Valley\NTUSER.DAT.LOG Object is locked skipped
C:\MSSQL7\Data\master.mdf Object is locked skipped
C:\MSSQL7\Data\mastlog.ldf Object is locked skipped
C:\MSSQL7\Data\model.mdf Object is locked skipped
C:\MSSQL7\Data\modellog.ldf Object is locked skipped
C:\MSSQL7\Data\msdbdata.mdf Object is locked skipped
C:\MSSQL7\Data\msdblog.ldf Object is locked skipped
C:\MSSQL7\Data\TEMPDB.MDF Object is locked skipped
C:\MSSQL7\Data\TEMPLOG.LDF Object is locked skipped
C:\MSSQL7\LOG\ERRORLOG Object is locked skipped
C:\MSSQL7\LOG\SQLAGENT.OUT Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP1\A0000520.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP1\A0000569.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

12-31-2007, 11:18 PM	#7 (permalink)
albamerlot Registered User Join Date: Dec 2007 Posts: 6 OS: XP	Re: need to uninstall malware crush Hello again & happy new year! Here's the Kaspersky file from the scan. I tried to attach it, but it came up as invalid file - it's saved on the desktop as an HTML file, so not sure what's wrong with it. Hope you can read it okay from this cut and paste version. Thanks, Rebecca KASPERSKY ONLINE SCANNER REPORT Monday, December 31, 2007 11:12:47 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 1/01/2008 Kaspersky Anti-Virus database records: 500952 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 86920 Number of viruses found 4 Number of infected objects 21 Number of suspicious objects 0 Duration of the scan process 01:33:25 Infected Object Name Virus Name Last Action C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00086e62.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00086e62.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00b75c3f.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00b75c3f.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00bcd5fa.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\00bcd5fa.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\37890.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Deckard\System Scanner\backup\DOCUME~1\SNOWVA~1\LOCALS~1\Temp\37890.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\cert8.db Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\history.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\key3.db Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\parent.lock Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\search.sqlite Object is locked skipped C:\Documents and Settings\Snow Valley\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Snow Valley\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Identities\{BFBE6F27-FB9B-4E02-BE99-3B2290AB59F0}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Application Data\Mozilla\Firefox\Profiles\f2mb0gyx.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Temp\37312.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Documents and Settings\Snow Valley\Local Settings\Temp\37312.exe NSIS: infected - 1 skipped C:\Documents and Settings\Snow Valley\Local Settings\Temp\38343.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\Documents and Settings\Snow Valley\Local Settings\Temp\38343.exe NSIS: infected - 1 skipped C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\3ZU9NHSX\install437[1].exe Infected: Trojan-Downloader.Win32.Agent.gyl skipped C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Snow Valley\Local Settings\Temporary Internet Files\Content.IE5\ULVMCUAF\SmitfraudFix[1].exe RarSFX: infected - 2 skipped C:\Documents and Settings\Snow Valley\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Snow Valley\NTUSER.DAT.LOG Object is locked skipped C:\MSSQL7\Data\master.mdf Object is locked skipped C:\MSSQL7\Data\mastlog.ldf Object is locked skipped C:\MSSQL7\Data\model.mdf Object is locked skipped C:\MSSQL7\Data\modellog.ldf Object is locked skipped C:\MSSQL7\Data\msdbdata.mdf Object is locked skipped C:\MSSQL7\Data\msdblog.ldf Object is locked skipped C:\MSSQL7\Data\TEMPDB.MDF Object is locked skipped C:\MSSQL7\Data\TEMPLOG.LDF Object is locked skipped C:\MSSQL7\LOG\ERRORLOG Object is locked skipped C:\MSSQL7\LOG\SQLAGENT.OUT Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP1\A0000520.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP1\A0000569.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped C:\System Volume Information\_restore{52F86EEF-A40D-462A-8332-08A7A98A2B1E}\RP4\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD Object is locked skipped C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.