Microsoft AntiSpyware and HJT log

[Eeeeediot]

I'm pretty vigilant with regards to my PC security, but I downloaded MS AntiSpyware Beta yesterday and done a quick scan which showed some pretty surprising results.

 

 

 

 

 

 

 

My AV is Norton AV 2006 and I have the Sygate Firewall.

 

 

 

Additionally, I regularly update and scan with Ad-Aware and Spybot S&D.

 

 

 

On a less regular basis, I also use CCleaner.

 

 

 

 

 

 

 

However, the MS Anti Spyware scan results brought up some things which I know wasn't spyware, but also these:

 

 

 

 

 

 

 

Trojan.KillReg Trojan

 

 

 

Status: Removed

 

 

 

High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

 

 

 

 

 

 

 

Infected files detected

 

 

 

C:\WINDOWS\autoclk[Caution: ExecutableFile]

 

 

 

 

 

 

 

SdBot.NvCplScan Worm

 

 

 

Details: SDBot.NvCplScan is a network spreading worm that has backdoor capabilities, and may execute commands coming from a remote malicious user. It also terminates processes associated with antivirus and security programs.

 

 

 

Status: Removed

 

 

 

Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

 

 

 

 

 

 

 

Infected registry keys/values detected

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvCplScan

 

 

 

 

 

 

 

Trojan.Downloader.CR64Loader Trojan Downloader

 

 

 

Status: Removed

 

 

 

High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

 

 

 

 

 

 

 

Infected registry keys/values detected

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\VersionIndependentProgID retro64_loader.R64Loader

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} CR64Loader Object

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} AppID

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\Contains\Files C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\DownloadInformation CODEBASE http://www.miniclip.com/supergerball/mi ... Loader.dll

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\InstalledVersion 1,0,0,1

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\InstalledVersion LastModified Tue, 02 Nov 2004 09:10:33 GMT

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} SystemComponent 0

 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} Installer MSICD

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\InprocServer32 C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\InprocServer32 ThreadingModel apartment

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\MiscStatus\1 131473

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\MiscStatus 0

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\ProgID retro64_loader.R64Loader.1

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll, 1

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\TypeLib {C7F00A9A-F1BC-436E-82C7-E8CAE6FD67F7}

 

 

 

HKEY_CLASSES_ROOT\clsid\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\Version 1.0

 

 

 

 

 

 

 

Which I removed ofcourse. So my question is - what is your experience with MS Anti-Spyware if any?

 

 

 

 

 

 

 

And secondly, could anyone be so kind enough to quickly look over my HJT log as I'd prefer to be on the safe side :P

 

 

 

http://www.alhuda.org.uk/eeeeediot/hijackthis.log

 

 

 

 

 

 

 

Thanks all :D

[Vape]

Stuff you definately ought to delete:

 

 

 

 

 

 

 

O4 - HKCU\..\Run: [NvCplScan] nvsc32[Caution: ExecutableFile]

 

 

 

 

 

 

 

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/part ... nstall.cab

 

 

 

 

 

 

 

Stuff you may or may not choose to delete at your discression:

 

 

 

 

 

 

 

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

 

 

 

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/fi ... tup141.cab

 

 

 

 

 

 

 

Stuff I'm not sure about:

 

 

 

 

 

 

 

O18 - Protocol hijack: mhtml -

 

 

 

 

 

 

 

I think it might be okay but you gotta get someone else to check it.

[Eeeeediot]

Thanks for that Cameron :)

 

 

 

 

 

 

 

Updated HJT log uploaded to same location:

 

 

 

http://www.alhuda.org.uk/eeeeediot/hijackthis.log