Tech Support Guy banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
39 Posts
Discussion Starter · #1 ·
HKLM\..\Run: [Ynfdn+[ydhno~yn+Hjgg] y{hxx%nsn
O4 - HKLM\..\RunServices: [Ynfdn+[ydhno~yn+Hjgg] y{hxx%nsn

anyone know what these registry entries are, had problems with several virus attack but seems to be clear know
 

Attachments

·
Registered
Joined
·
16,274 Posts
Lets put that out here first :
Logfile of HijackThis v1.97.7
Scan saved at 07:34:32, on 24/03/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\rpcss.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\MacOpener\MacName.exe
C:\Documents and Settings\stephen\My Documents\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [update] %windir%\system32\drivers\etc\csrss.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [Ynfdn+[ydhno~yn+Hjgg] y{hxx%nsn
O4 - HKLM\..\RunServices: [Ynfdn+[ydhno~yn+Hjgg] y{hxx%nsn
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\ProfileMaker Professional 4.1.0\CalibrationLoader.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38030.0351388889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

·
Registered
Joined
·
16,274 Posts
Its deffinitly strange and I don't see what could be the trigger but since hijack is run from documents and settings you could check and fix each of them and you should let hijack create backups. Then if something isn't working correctly just restore those backups..
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top