Would love some help with C:\Windows\mgrsts.exe[RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Would love some help with C:\Windows\mgrsts.exe[RESOLVED]

Options

Guy Scissorhands View Member Profile	Apr 15 2005, 05:53 PM Post #1
New Member Posts: 7 OS: XP SP 2	Hi there! Just joined the forum. I noticed my PC running slowly last night and today when i rebooted Macafee gave me an indication of C:\Windows\mgrsts.exe trying to get outbound access to the internet. I was sure this was shady because under google i found people taking about it in reference to malware. Im not sure how it got on here and to be honest i have no real idea where to start in removing this. I could delete it but i have a feeling theres a proper way to get rid of it. Any help is deeply appreciated Thanks in advance. Oh and if theres anything else that shouldnt be here could someone let me know! Logfile of HijackThis v1.97.7Scan saved at 01:02:45, on 16/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\mssoi32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\AIM\aim.exe C:\Program Files\FinePixViewer\QuickDCF.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\G\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.co.uk/myway O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [WINDOWSmssoi32] C:\WINDOWS\mssoi32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA40EAD-7D9F-4055-96AC-3416D9AF6809}: NameServer = 62.241.162.200 158.43.240.3 This post has been edited by Guy Scissorhands: Apr 15 2005, 06:10 PM

Posts in this topic

Guy Scissorhands Would love some help with C:\Windows\mgrsts.exe[RESOLVED] Apr 15 2005, 05:53 PM

Avohir Your version of HijackThis is out of date. Downloa... Apr 20 2005, 01:48 PM

Guy Scissorhands Sorry I forgot i actually edited with thew new log... Apr 20 2005, 03:15 PM

Guy Scissorhands sorry i got a little confused i thought i had edit... Apr 20 2005, 06:11 PM

Avohir you downloaded and saved the new version of Hijack... Apr 20 2005, 06:05 PM

Avohir your log looks clean. submit C:\Windows... Apr 20 2005, 06:45 PM

Guy Scissorhands QUOTE(Avohir @ Apr 21 2005, 12:45 AM)your log... Apr 20 2005, 06:51 PM

Avohir thats the name of your user account to change it,... Apr 21 2005, 11:01 AM

Avohir Since this issue appears to be resolved ... this T... Apr 21 2005, 11:01 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
System Building and Upgrading I would love some help	1 / 333	8th May 2005 - 07:23 PM Benjammin started - last by Benjammin
Virus, Spyware and Trojan Removal HELP WITH C:\WINDOWS\SYSTEM\DRIVER\CSRSS.EXE	0 / 748	3rd June 2005 - 08:25 PM medc started - last by medc
Introductions Hi folks - I would love some help	2 / 199	9th December 2008 - 03:37 AM Flyer2008 started - last by Flyer2008
Virus, Spyware and Trojan Removal google being redirected..would love some help.. :( [Solved]	12 / 381	25th May 2009 - 06:48 AM jackie_is_29 started - last by Blade81