System is running Windows NT SP5. I need some help removing it.
Also, I don't know what this is...--> O4 - HKLM\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
BTW, I ended the MGRS.exe process before running HiJack.
Here is a HiJackLog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:15 AM, on 11/2/07
Platform: Windows NT 4 SP5 (WinNT 4.00.1381)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
C:\WINNT\System32\loadwc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\dscio1rv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.crunet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.crunet.com/
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [TimeSink Ad Client] "c:\Program Files\TimeSink\AdGateway\TsAdBot.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\dscio1rv.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] tbgnvaaa.exe
O4 - HKCU\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKUS\S-1-5-21-1477194092-1373913777-1509252994-1173\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe (User '?')
O4 - HKUS\S-1-5-21-1477194092-1373913777-1509252994-1173\..\Run: [Windows installer] C:\winstall.exe (User '?')
O4 - S-1-5-21-1477194092-1373913777-1509252994-1173 Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (User '?')
O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.crunet.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dresden
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dresden
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.1.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.1.0.2
O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe
--
End of file - 3843 bytes
Also, I don't know what this is...--> O4 - HKLM\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
BTW, I ended the MGRS.exe process before running HiJack.
Here is a HiJackLog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:15 AM, on 11/2/07
Platform: Windows NT 4 SP5 (WinNT 4.00.1381)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
C:\WINNT\System32\loadwc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\dscio1rv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.crunet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.crunet.com/
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [TimeSink Ad Client] "c:\Program Files\TimeSink\AdGateway\TsAdBot.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [avp] C:\WINNT\dscio1rv.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] tbgnvaaa.exe
O4 - HKCU\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKUS\S-1-5-21-1477194092-1373913777-1509252994-1173\..\Run: [xytuxyxr] C:\WINNT\System32\xytuxyxr.exe (User '?')
O4 - HKUS\S-1-5-21-1477194092-1373913777-1509252994-1173\..\Run: [Windows installer] C:\winstall.exe (User '?')
O4 - S-1-5-21-1477194092-1373913777-1509252994-1173 Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe (User '?')
O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.crunet.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dresden
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dresden
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.1.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.1.0.2
O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe
--
End of file - 3843 bytes
