Help with Hijack This log

[Guest]

Hi, today I did a scan with Hijack This. I know that I
use all these programs, except for two that I am not sure
if I should delete or not.

I don't know if I should delete C:\INDOWS\ajyd.exe, or
C:\INDOWS\tygkkcnon.exe. They look pretty weird to me and
are the only programs I don't know what my computer would
use for or when I ever got it. I am unsure of whether it
would be safe to delete those two programs or not.


Here are the results that Hijack This came up with:

Logfile of HijackThis v1.98.0
Scan saved at 1:17:58 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\NETSTATT.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ajyd.exe
C:\WINDOWS\tygkkcnon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700
series\Bin\hpobrt07.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-
EA101271BC25} - (no file)
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-
00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {D6260A41-01AA-4248-AB17-
24905D608FF9} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
(file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program
files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater]
regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater
(required)] regsvr32 /s C:\WINDOWS\System32\KDP5e31.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1
\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1
\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1
\CookiePatrol.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1
\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [cdvgonsx] C:\WINDOWS\ajyd.exe
O4 - HKLM\..\Run: [syneobl] C:\WINDOWS\tygkkcnon.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program
Files\PestPatrol\ppclean.exe" clean ts:20040629113930419
suite 2 2
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program
Files\Webroot\Washer\WashIdx.exe "Crystal"
O4 - HKCU\..\Run: [AllSpamGone] C:\Program
Files\AllSpamGone\AllSpamGone.exe
O4 - HKCU\..\Run: [Morpheus] "C:\Program
Files\StreamCast\Morpheus\Morpheus.exe" -min
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -
cnetwait.odl
O4 - HKCU\..\Run: [Crao] C:\Documents and
Settings\Crystal\Application Data\oeta.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Window Washer] C:\Program
Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PRIVMGR] C:\Program
Files\Anonymizer\Privacy
Manager\privmgr.exe /min /autostart
O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program
Files\Webroot\Washer\WashIdx.exe "Crystal "
O4 - Global Startup: HPAiODevice(hp psc 700 series) -
1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700
series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk =
C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk =
C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: AdsGone 2004.lnk = C:\Program
Files\AdsGone\adsgone.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program
Files\Broderbund\AG CreataCard\AGRemind.exe
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings -
file://C:\Program
Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_sc
ript0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-
00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-
81F134789E7B} - C:\Program Files\AdsGone\adsgone (file
missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings -
{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program
Files\AdsGone\adsgone (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
(file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-
11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE (file missing)


Does anyone know if I should delete C:\INDOWS\ajyd.exe or
C:\INDOWS\tygkkcnon.exe?

 

[Carey Frisch [MVP]]

You may wish to try the Panda ActiveScan Free Online Scanner.
Just click on the "Scan your PC" box.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Download Ad-Aware 6.0 and scan your PC for spyware:
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

3 Steps to Help Insure Your PC is Protected
http://www.microsoft.com/security/protect/

Frequently Asked Questions About Antivirus Software
http://www.microsoft.com/security/protect/antivirus.asp

Special note if you use AOL:

America Online installs its own connection settings that override
the ones that come with Windows XP. America Online's
connection settings don't include a way to turn on Windows XP's
built-in firewall.

Visit the following web site for instructions on downloading
a FREE firewall program for your computer.

Ref: http://www.updatexp.com/free.html

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------


| Hi, today I did a scan with Hijack This. I know that I
| use all these programs, except for two that I am not sure
| if I should delete or not.
|
| I don't know if I should delete C:\INDOWS\ajyd.exe, or
| C:\INDOWS\tygkkcnon.exe. They look pretty weird to me and
| are the only programs I don't know what my computer would
| use for or when I ever got it. I am unsure of whether it
| would be safe to delete those two programs or not.
|
|
| Here are the results that Hijack This came up with:
|
| Logfile of HijackThis v1.98.0
| Scan saved at 1:17:58 PM, on 6/30/2004
| Platform: Windows XP SP1 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
|
| Running processes:
| C:\WINDOWS\System32\smss.exe
| C:\WINDOWS\system32\winlogon.exe
| C:\WINDOWS\system32\services.exe
| C:\WINDOWS\system32\lsass.exe
| C:\WINDOWS\system32\svchost.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\system32\spoolsv.exe
| C:\WINDOWS\system32\cisvc.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\Explorer.EXE
| C:\Program Files\Microsoft Hardware\Mouse\point32.exe
| C:\WINDOWS\System32\NETSTATT.EXE
| C:\WINDOWS\System32\rundll32.exe
| C:\WINDOWS\ajyd.exe
| C:\WINDOWS\tygkkcnon.exe
| C:\Program Files\Hewlett-Packard\AiO\hp psc 700
| series\Bin\hpobrt07.exe
| C:\QUICKENW\QWDLLS.EXE
| C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
| C:\WINDOWS\System32\hpoipm07.exe
| C:\WINDOWS\System32\ctfmon.exe
| C:\WINDOWS\System32\wisptis.exe
| C:\Program Files\Common Files\Real\Update_OB\realsched.exe
| C:\unzipped\hijackthis[1]\HijackThis.exe
|
| R0 - HKLM\Software\Microsoft\Internet
| Explorer\Search,CustomizeSearch =
| http://websearch.drsnsrch.com/sidesearch.cgi?id=
| R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
| (Default) = websearch.drsnsrch.com/q.cgi?q=
| R0 - HKCU\Software\Microsoft\Internet
| Explorer\Toolbar,LinksFolderName =
| R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-
| EA101271BC25} - (no file)
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O1 - Hosts: 207.68.172.246 msn.com
| O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
| 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
| \Reader\ActiveX\AcroIEHelper.dll
| O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-
| 00E018981B9E} - C:\Program
| Files\NewDotNet\newdotnet6_30.dll
| O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
| 8333-CF10577473F7} - c:\program
| files\google\googletoolbar1.dll (file missing)
| O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
| 00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
| O3 - Toolbar: SuperBar - {D6260A41-01AA-4248-AB17-
| 24905D608FF9} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
| (file missing)
| O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
| 009027A5CD4F} - c:\program
| files\google\googletoolbar1.dll (file missing)
| O4 - HKLM\..\Run: [POINTER] point32.exe
| O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
| Files\QuickTime\qttask.exe" -atboottime
| O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
| O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater]
| regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
| O4 - HKLM\..\Run: [Cmaudio] RunDll32
| cmicnfg.cpl,CMICtrlWnd
| O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
| O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater
| (required)] regsvr32 /s C:\WINDOWS\System32\KDP5e31.dll
| O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
| Files\Real\Update_OB\realsched.exe" -osboot
| O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
| O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1
| \PPMemCheck.exe
| O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1
| \PESTPA~1\PPControl.exe
| O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1
| \CookiePatrol.exe
| O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1
| \NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
| O4 - HKLM\..\Run: [cdvgonsx] C:\WINDOWS\ajyd.exe
| O4 - HKLM\..\Run: [syneobl] C:\WINDOWS\tygkkcnon.exe
| O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program
| Files\PestPatrol\ppclean.exe" clean ts:20040629113930419
| suite 2 2
| O4 - HKLM\..\RunOnce: [Index Washer] C:\Program
| Files\Webroot\Washer\WashIdx.exe "Crystal"
| O4 - HKCU\..\Run: [AllSpamGone] C:\Program
| Files\AllSpamGone\AllSpamGone.exe
| O4 - HKCU\..\Run: [Morpheus] "C:\Program
| Files\StreamCast\Morpheus\Morpheus.exe" -min
| O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -
| cnetwait.odl
| O4 - HKCU\..\Run: [Crao] C:\Documents and
| Settings\Crystal\Application Data\oeta.exe
| O4 - HKCU\..\Run: [SpySweeper] "C:\Program
| Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
| O4 - HKCU\..\Run: [Window Washer] C:\Program
| Files\Webroot\Washer\wwDisp.exe
| O4 - HKCU\..\Run: [PRIVMGR] C:\Program
| Files\Anonymizer\Privacy
| Manager\privmgr.exe /min /autostart
| O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE
| O4 - HKCU\..\RunOnce: [Index Washer] C:\Program
| Files\Webroot\Washer\WashIdx.exe "Crystal "
| O4 - Global Startup: HPAiODevice(hp psc 700 series) -
| 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700
| series\Bin\hpobrt07.exe
| O4 - Global Startup: Microsoft Office.lnk = C:\Program
| Files\Microsoft Office\Office10\OSA.EXE
| O4 - Global Startup: Quicken Startup.lnk =
| C:\QUICKENW\QWDLLS.EXE
| O4 - Global Startup: Billminder.lnk =
| C:\QUICKENW\BILLMIND.EXE
| O4 - Global Startup: AdsGone 2004.lnk = C:\Program
| Files\AdsGone\adsgone.exe
| O4 - Global Startup: Forget Me Not.lnk = C:\Program
| Files\Broderbund\AG CreataCard\AGRemind.exe
| O8 - Extra context menu item: &Add animation to
| IncrediMail Style Box - C:\PROGRA~1\INCRED~1
| \bin\resources\WebMenuImg.htm
| O8 - Extra context menu item: E&xport to Microsoft Excel -
| res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
| O8 - Extra context menu item: Web Savings -
| file://C:\Program
| Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_sc
| ript0.htm
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
| 00401C608501} - (no file)
| O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
| 4FCB-11CF-AAA5-00401C608501} - (no file)
| O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-
| 00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
| O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-
| 81F134789E7B} - C:\Program Files\AdsGone\adsgone (file
| missing)
| O9 - Extra 'Tools' menuitem: &AdsGone Settings -
| {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program
| Files\AdsGone\adsgone (file missing)
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
| 00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
| (file missing)
| O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-
| 11d2-BB9E-00C04F795683} - C:\Program
| Files\Messenger\MSMSGS.EXE (file missing)
|
|
| Does anyone know if I should delete C:\INDOWS\ajyd.exe or
| C:\INDOWS\tygkkcnon.exe?

 

[Chuck]

Hi, today I did a scan with Hijack This. I know that I
use all these programs, except for two that I am not sure
if I should delete or not.

I don't know if I should delete C:\INDOWS\ajyd.exe, or
C:\INDOWS\tygkkcnon.exe. They look pretty weird to me and
are the only programs I don't know what my computer would
use for or when I ever got it. I am unsure of whether it
would be safe to delete those two programs or not.


Here are the results that Hijack This came up with:

Does anyone know if I should delete C:\INDOWS\ajyd.exe or
C:\INDOWS\tygkkcnon.exe?

Those look suspicious to me. Find out a bit about them - get Process Explorer
(free) from <http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>.
Provides way more information than Task Manager. It will show you all the
programs that each process calls, and if any information about Company (who
wrote it), Product Name, etc. was provided for any modules, it will show that
too.

Then, get rid of this crap. Close ALL open windows, start HJT, and have it fix:

Spyware:
C:\WINDOWS\System32\NETSTATT.EXE
O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE
<http://search.yahoo.com/search?p=NETSTATT.EXE&fr=my_top>

Unnecessary (if you gotta use RealPlayer, you still don't need this):
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

Network Hijack:
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-
00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet6_30.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1
\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

Trojan Carrier:
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater]
regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater
(required)] regsvr32 /s C:\WINDOWS\System32\KDP5e31.dll

Spyware:
O4 - HKCU\..\Run: [Morpheus] "C:\Program
Files\StreamCast\Morpheus\Morpheus.exe" -min

After running HJT and fixing the above, reboot, rerun HJT, extract new log, and
post it here in this thread.

Your HJT Log was a bit brief. Usually you should have a long list of O16
entries too. Make sure you post the entire HJT Log the next time.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Chuck]

Hi, today I did a scan with Hijack This. I know that I
use all these programs, except for two that I am not sure
if I should delete or not.

I don't know if I should delete C:\INDOWS\ajyd.exe, or
C:\INDOWS\tygkkcnon.exe. They look pretty weird to me and
are the only programs I don't know what my computer would
use for or when I ever got it. I am unsure of whether it
would be safe to delete those two programs or not.


Here are the results that Hijack This came up with:

Does anyone know if I should delete C:\INDOWS\ajyd.exe or
C:\INDOWS\tygkkcnon.exe?

Those look suspicious to me. Find out a bit about them - get Process Explorer
(free) from <http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>.
Provides way more information than Task Manager. It will show you all the
programs that each process calls, and if any information about Company (who
wrote it), Product Name, etc. was provided for any modules, it will show that
too.

Then, get rid of this crap. Close ALL open windows, start HJT, and have it fix:

ADD THIS ONE TO PREVIOUS LIST:
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no
file)
<http://www.pestpatrol.com/pestinfo/c/cleveriehooker.asp>

Spyware:
C:\WINDOWS\System32\NETSTATT.EXE
O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE
O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE
<http://search.yahoo.com/search?p=NETSTATT.EXE&fr=my_top>

Unnecessary (if you gotta use RealPlayer, you still don't need this):
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

Network Hijack:
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-
00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet6_30.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1
\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

Trojan Carrier:
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater]
regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater
(required)] regsvr32 /s C:\WINDOWS\System32\KDP5e31.dll

Spyware:
O4 - HKCU\..\Run: [Morpheus] "C:\Program
Files\StreamCast\Morpheus\Morpheus.exe" -min

After running HJT and fixing the above, reboot, rerun HJT, extract new log, and
post it here in this thread.

Your HJT Log was a bit brief. Usually you should have a long list of O16
entries too. Make sure you post the entire HJT Log the next time.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Kent W. England [MVP]]

Hi, today I did a scan with Hijack This. I know that I
use all these programs, except for two that I am not sure
if I should delete or not.

I don't know if I should delete C:\INDOWS\ajyd.exe, or
C:\INDOWS\tygkkcnon.exe. They look pretty weird to me and
are the only programs I don't know what my computer would
use for or when I ever got it. I am unsure of whether it
would be safe to delete those two programs or not.


Here are the results that Hijack This came up with:

Your system is definitely full of crap. Use spyware removal tools
recommended by Carey Frisch and then you likely won't have any troubles.
If you do, THEN run HiJackThis and post your results.