Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6694 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/27/2011 12:11:05 PM mbam-log-2011-05-27 (12-11-05).txt Scan type: Quick scan Objects scanned: 166268 Time elapsed: 13 minute(s), 50 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: c:\program files\spytech software\spytech spyagent\sysdiag.exe (Trojan.Agent) -> 3260 -> Unloaded process successfully. Memory Modules Infected: c:\WINDOWS\clfct.dll (Trojan.Dropper) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System32 (Trojan.Agent) -> Value: System32 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(default) (Trojan.Agent) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\clfct.dll (Trojan.Dropper) -> Quarantined and deleted successfully. c:\program files\spytech software\spytech spyagent\sysdiag.exe (Trojan.Agent) -> Quarantined and deleted successfully.