Inactive [InActive] Found calc.exe in task manager

Hi,
I recently found that in my task manager under processes calc.exe is continuously running. Even when i open calculator it shows two calc.exe is this a virus.

 

Help i am puzzled about this calc.exe

 

hi,
i am sorry i didnot follow earlier. but now i know what u mean
i am attaching documents as u say

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2008 7:32:51 PM
System Uptime: 4/5/2009 8:34:32 PM (1 hours ago)

Motherboard: Kobian | | PI945GZD
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 |

2992/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 6.529 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 14.434 GiB free.
E: is FIXED (NTFS) - 61 GiB total, 6.796 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 10 GiB total, 2.65 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID:

PCI\VEN_10EC&DEV_8139&SUBSYS_81391019&REV_10\4&CF81C54&0&28F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID:

PCI\VEN_10EC&DEV_8139&SUBSYS_81391019&REV_10\4&CF81C54&0&28F0
Service: RTL8023xp

==== System Restore Points ===================

RP82: 3/15/2009 9:25:06 PM - Removed ABBYY FineReader 8.0 Professional

Edition
RP83: 3/15/2009 9:25:47 PM - Installed ABBYY FineReader 8.0

Professional Edition
RP84: 3/15/2009 9:33:02 PM - Removed ABBYY FineReader 8.0 Professional

Edition
RP85: 3/18/2009 9:28:25 PM - Avg8 Update
RP86: 3/18/2009 9:57:14 PM - SiSoftware Sandra Lite
RP87: 3/19/2009 10:28:29 PM - Installed Windows Media Format 9 Series

Runtime Setup
RP88: 3/19/2009 10:28:42 PM - Installed Roxio Easy Media Creator 7.5

Trial
RP89: 3/20/2009 5:59:19 PM - Removed Roxio Easy Media Creator 7.5 Trial
RP90: 3/20/2009 6:00:02 PM - Configured Driver Installer
RP91: 3/20/2009 6:00:06 PM - Configured Sitecom USB 2.0 Multi Memory

Reader Writer 17:1 MD-00
RP92: 3/20/2009 6:00:12 PM - Removed Sitecom USB 2.0 Multi Memory

Reader Writer 17:1 MD-004
RP93: 3/22/2009 8:20:04 PM - Unsigned driver install
RP94: 4/4/2009 9:35:16 PM - Removed Disk Performance Analyzer for

Networks

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AutoUpdate
AVG Free 8.0
CDisplay 1.8
Concise Oxford English Dictionary and Thesaurus
ConvertLIT Graphical User Interface 2.0
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EasyCleaner
FreshDiagnose
Google Earth
High Definition Audio Driver Package - KB888111
iBall Baton ADSL2+ USB Device
Intel(R) Graphics Media Accelerator Driver
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Mozilla Firefox (3.0)
MSVC80_x86
MSXML 6.0 Parser
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
PC Connectivity Solution
PC Wizard 2008.1.871
PDF-XChange PDF Viewer
Realtek High Definition Audio Driver
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sony Sound Forge 7.0
Tautology Bandwidth Meter v1.5 Release (remove only)
TeraCopy 1.2
Update for Windows XP (KB898461)
VideoLAN VLC media player 0.8.6c
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp
WinDirStat 1.1.2
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
XP TCP/IP Repair 1.0

==== Event Viewer Messages From Past Week ========

4/4/2009 8:34:03 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments " " in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2009 8:33:25 PM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: AFD

ASPI32 AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS RasAcd

Rdbss Tcpip
4/4/2009 8:33:25 PM, error: Service Control Manager [7001] - The IPSEC

Services service depends on the IPSEC driver service which failed to

start because of the following error: A device attached to the system

is not functioning.
4/4/2009 8:33:25 PM, error: Service Control Manager [7001] - The

TCP/IP NetBIOS Helper service depends on the AFD service which failed

to start because of the following error: A device attached to the

system is not functioning.
4/4/2009 8:33:25 PM, error: Service Control Manager [7001] - The DNS

Client service depends on the TCP/IP Protocol Driver service which

failed to start because of the following error: A device attached to

the system is not functioning.
4/4/2009 8:33:25 PM, error: Service Control Manager [7001] - The DHCP

Client service depends on the NetBios over Tcpip service which failed

to start because of the following error: The dependency service or

group failed to start.
4/4/2009 8:33:25 PM, error: Service Control Manager [7001] - The

NetBios over Tcpip service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: A device

attached to the system is not functioning.
4/4/2009 8:32:21 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service netman with arguments " " in order to

run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/4/2009 7:59:48 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Windows WorkGroup service to

connect.
4/3/2009 5:18:37 PM, error: W32Time [17] - Time Provider NtpClient: An

error occurred during DNS lookup of the manually configured peer

'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes. The error was: A socket operation was attempted to an

unreachable host. (0x80072751)
4/4/2009 9:35:19 PM, error: Service Control Manager [7023] - The

Application Management service terminated with the following error:

The specified module could not be found.
4/4/2009 8:29:07 PM, information: Windows File Protection [64002] -

File replacement was attempted on the protected system file cmd.exe.

This file was restored to the original version to maintain system

stability. The file version of the system file is 5.1.2600.5512.
4/4/2009 8:28:23 PM, information: Windows File Protection [64002] -

File replacement was attempted on the protected system file

g:\windows\system32\cacls.exe. This file was restored to the original

version to maintain system stability. The file version of the system

file is 5.1.2600.5512.
4/4/2009 8:28:17 PM, information: Windows File Protection [64002] -

File replacement was attempted on the protected system file

g:\windows\system32\calc.exe. This file was restored to the original

version to maintain system stability. The file version of the system

file is 5.1.2600.0.
4/4/2009 8:27:05 PM, information: Windows File Protection [64002] -

File replacement was attempted on the protected system file cacls.exe.

This file was restored to the original version to maintain system

stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================

DDS (Ver_09-03-16.01) - NTFSx86
Run by localadmin at 21:28:03.48 on Sun 04/05/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.77 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
G:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\WINDOWS\system32\calc.exe
G:\program files\internet explorer\IEXPLORE.EXE
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\AVG\AVG8\avgrsx.exe
G:\WINDOWS\system32\wscntfy.exe
G:\PROGRA~1\AVG\AVG8\avgtray.exe
G:\WINDOWS\system32\igfxtray.exe
G:\WINDOWS\system32\igfxpers.exe
G:\WINDOWS\system32\igfxsrvc.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
G:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
G:\Program Files\BandwidthMeter\BandwidthMeter.exe
G:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
G:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
G:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
G:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
G:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCview.exe
G:\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg8\avgssie.dll
uRun: [PC Suite Tray] "g:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [SkyTel] SkyTel.EXE
mRun: [AVG8_TRAY] g:\progra~1\avg\avg8\avgtray.exe
mRun: [IgfxTray] g:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] g:\windows\system32\hkcmd.exe
mRun: [Persistence] g:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
StartupFolder: g:\docume~1\locala~1\startm~1\programs\startup\bandwi~1.lnk - g:\program files\bandwidthmeter\BandwidthMeter.exe
StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - g:\program files\widcomm\bluetooth software\BTTray.exe
dPolicies-explorer: StartMenuLogOff = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - g:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - g:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230898844296
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - g:\docume~1\locala~1\applic~1\mozilla\firefox\profiles\oql4qu0b.default\
FF - prefs.js: browser.startup.homepage -
FF - component: g:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: g:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2008-12-10 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2008-12-10 27656]
R2 avg8wd;AVG8 WatchDog;g:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-10 298264]
S2 svrhost;Windows WorkGroup;g:\program files\common files\microsoft shared\msinfo\svrhost.abc [2009-1-5 655872]
S3 cpuz129;cpuz129;g:\program files\pc wizard 2008\pcwiz32.sys [2008-12-26 9600]
S3 HwIOctl;HwIOctl;\??\g:\docume~1\locala~1\locals~1\temp\rar$ex00.234\hwioctl.sys --> g:\docume~1\locala~1\locals~1\temp\rar$ex00.234\HwIOctl.sys [?]
S3 Memctl;Memctl;\??\g:\docume~1\locala~1\locals~1\temp\rar$ex00.234\memctl.sys --> g:\docume~1\locala~1\locals~1\temp\rar$ex00.234\Memctl.sys [?]
S3 ptiusbf;PTI USB Filter;g:\windows\system32\drivers\ptiusbf.sys --> g:\windows\system32\drivers\PTIUSBF.SYS [?]

=============== Created Last 30 ================

2009-04-03 17:24 <DIR> --d----- g:\docume~1\locala~1\applic~1\Malwarebytes
2009-04-03 17:24 <DIR> --d----- g:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-26 18:47 <DIR> --d----- G:\cit
2009-03-24 22:10 <DIR> --d----- g:\program files\Astonsoft
2009-03-19 22:28 <DIR> --d----- g:\program files\Roxio
2009-03-19 21:52 <DIR> --d----- g:\program files\Roxio Easy Media Creator 7.5 UK Trial
2009-03-18 21:54 <DIR> --d----- g:\windows\system32\NtmsData
2009-03-15 21:18 <DIR> --d----- g:\docume~1\locala~1\applic~1\ABBYY
2009-03-15 21:07 <DIR> --d----- g:\program files\Simpli Software
2009-03-09 18:14 <DIR> --d----- g:\windows\pss
2009-03-09 17:52 <DIR> --d----- g:\windows\Downloaded Installations
2009-03-09 17:52 <DIR> --d----- g:\program files\Executive Software
2009-03-09 17:49 <DIR> --d----- g:\program files\Power Measure
2009-03-09 17:42 <DIR> --d----- g:\program files\PalickSoft
2009-03-09 17:11 <DIR> --d----- g:\docume~1\locala~1\applic~1\FreshDiagnose

==================== Find3M ====================

2009-02-06 18:13 10,520 a------- g:\windows\system32\avgrsstx.dll
2009-02-06 18:13 325,128 a------- g:\windows\system32\drivers\avgldx86.sys

============= FINISH: 21:28:39.17 ===============

 

Hi kmsk

Please do the following.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Thanks
Geri

 

problem solved

Hi,
I did what you said but the report said no trojans found.
Then what i did, i uninstalled AVG anti virus and installed
Avast Home edition , ans it said there is virus which it removed
and now there is no calc.exe in task manager.
Anyway Thanks for your support

 

Hi
Ok, thanks for letting me know.

Geri