Do i still have a virus?

H

H.

I have scanned my computer with both online virus scans
as well as the norton antivirus i have installed on my
computer. However my computer still kept shuting down
after startup. I went to microsft and used the windows
update feature and that seemed to solve the problem about
windows shutting down.
To do this though I ended the process of WkCalRem.exe
which seemed to stop my computer from shutting down which
allowed me to download the updates. My question: Do I
still have a virus on my computer even though I don't see
the effects any more. Here is a log from XP Starup
Tracker:

-- Registry - HKEY_LOCAL_MACHINE RunOnce --
Compaq_RBA C:\Program
Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -z

-- Registry - HKEY_LOCAL_MACHINE Run --
ccApp "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
WT GameChannel C:\Program
Files\WildTangent\Apps\GameChannel.exe
WinStart001.EXE
C:\WINDOWS\System\WinStart001.EXE -b
WINDVDPatch CTHELPER.EXE
Windows Update
C:\windows\system\winupdate16.exe
WCOLOREAL "C:\Program
Files\COMPAQ\Coloreal\coloreal.exe"
UpdReg C:\WINDOWS\UpdReg.EXE
STOPzilla C:\Program Files\STOPzilla!
\Stopzilla.exe /autorun
srmclean C:\Cpqs\Scom\srmclean.exe
Spool 32 syscfg32.exe
SAHAgent C:\WINDOWS\System32
\SahAgent.exe
PROMon.exe PROMon.exe
nwiz nwiz.exe /install
NvCplDaemon RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
NeroCheck C:\WINDOWS\system32
\NeroCheck.exe
Microsoft Works Update DetectiC:\Program Files\Microsoft
Works\WkDetect.exe
Microsoft Works Portfolio C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
LXSUPMON C:\WINDOWS\System32
\LXSUPMON.EXE RUN
KaZooM C:\Game
Files\kazaa\KaZooM.Exe
Jet Detection "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
InternalSystray c:\windows\system32
\kernel32.exe
gouprgl C:\DOCUME~1\Sheila\APPLIC~1
\wamdygqu.exe -QuieT
eDonkey2000 C:\Program Files\eDonkey2000
\eDonkey2000.exe -t
DietK C:\PROGRA~1\DIETKA~1
\DietKaza.exe
Diet K C:\Program Files\Diet
Kaza\DietKaza.exe
CPQEASYACC C:\Program
Files\COMPAQ\Easy Access Button Support\StartEAK.exe
CARPService carpserv.exe
BJCFD C:\Program
Files\BroadJump\Client Foundation\CFD.exe
ATTBroadbandUpdate C:\Program
Files\AT&T\BBClient\Programs\SAUpdate.exe
ATTBroadbandClient C:\Program
Files\AT&T\BBClient\Programs\RegCon.exe /admincheck
AdaptecDirectCD "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Ad-watch C:\Program
Files\Lavasoft\Ad-aware 6\Ad-watch.exe
QuickTime Task "C:\Program
Files\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
SafeSurfingUpdate C:\Program
Files\SafeSurfing\SSUpdate.exe
ezShieldProtector for Px C:\WINDOWS\System32
\ezSP_Px.exe

-- Registry - HKEY_CURRENT_USER RunOnce --
No Items Found

-- Registry - HKEY_CURRENT_USER Run --
Start WingMan Profiler
Excalibur C:\Program
Files\EarthStation5\ES5.exe show=minimize
AutoUpdater C:\WINDOWS\System32
\aupdate.exe

-- Registry - HKEY_USERS\.DEFAULT Run --
No Items Found

-- Start Menu - Current User --
HotSync Manager.lnk
PowerReg Scheduler.exe
PowerReg SchedulerV2.exe
Update Grokster.lnk

-- Start Menu - All Users --
Date Manager.lnk
GoBack.lnk
Microsoft Office.lnk
Microsoft Works Calendar Reminders.lnk
PrecisionTime.lnk

-- Disabled Items --
No Items Found

-- Registry - Shell Value -
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe

-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
svchost.exe C:\WINDOWS\system32\svchost -k rpcss
svchost.exe C:\WINDOWS\System32\svchost.exe -k
netsvcs
svchost.exe
svchost.exe
LEXBCES.EXE C:\WINDOWS\system32\LEXBCES.EXE
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
LEXPPS.EXE LEXPPS.EXE
CCEVTMGR.EXE "C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe"
CCAPP.EXE "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
CTHELPER.EXE "C:\WINDOWS\System32\CTHELPER.EXE"
SahAgent.exe "C:\WINDOWS\System32\SahAgent.exe"
PROMon.exe "C:\WINDOWS\System32\PROMon.exe"
LXSUPMON.EXE "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
carpserv.exe "C:\WINDOWS\System32\carpserv.exe"
CFD.exe "C:\Program Files\BroadJump\Client
Foundation\CFD.exe"
Directcd.exe "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
qttask.exe "C:\Program
Files\QuickTime\qttask.exe" -atboottime
realsched.exe "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
ezSP_Px.exe "C:\WINDOWS\System32\ezSP_Px.exe"
CpqEAKSystemTray.exe"C:\Program Files\Compaq\Easy Access
Button Support\CPQEAKSYSTEMTRAY.EXE"
CPQEADM.exe "C:\Program Files\Compaq\Easy Access
Button Support\CPQEADM.EXE"
EAUSBKBD.exe "C:\Compaq\EAKDRV\EAUSBKBD.EXE"
BttnServ.exe C:\PROGRA~1\Compaq\EASYAC~1
\BttnServ.exe -Embedding


WkCalRem.exe "C:\Program Files\Common
Files\Microsoft Shared\Works Shared\wkcalrem.exe"


hotsync.exe "C:\Program Files\Palm\hotsync.exe"
PackethSvc.exe C:\WINDOWS\System32\PackethSvc.exe
alg.exe
compaq-rba.exe "C:\Program Files\COMPAQ\Compaq
Advisor\bin\compaq-rba.exe"
CTsvcCDA.EXE C:\WINDOWS\System32\CTsvcCDA.exe
upssrv.exe C:\PowerPanelPlus\upssrv.exe
GBPoll.exe "C:\Program
Files\Roxio\GoBack\GBPoll.exe"
NAVAPSVC.EXE "C:\Program Files\Norton
SystemWorks\Norton AntiVirus\navapsvc.exe"
NMSSvc.Exe C:\WINDOWS\System32\NMSSvc.exe
nvsvc32.exe C:\WINDOWS\System32\nvsvc32.exe
MsPMSPSv.exe C:\WINDOWS\System32\MsPMSPSv.exe
eMule.exe "C:\Program
Files\eMulePlus\eMule.exe"
explorer.exe C:\WINDOWS\explorer.exe
iexplore.exe "C:\Program Files\Internet
Explorer\IEXPLORE.EXE"
Ad-aware.exe "C:\Program Files\Lavasoft\Ad-aware 6
\Ad-aware.exe"
StartupTracker3.exe "C:\Documents and
Settings\Sheila\Local Settings\Temp\StartupTracker3.exe"
wmiprvse.exe

I have spaced out the WkCalRem.exe so it's easier to
find. My computer doesn't shutdown after startup anymore
(thank god) but I just want to make sure my system is
clean.
Thanks for your time
H.
 
E

Edward

Is it an old version of Works that you are using? WkCalRem.exe is the
Calendar reminder feature of MSWorks. Since you've cleared out the worm,
some corruption may have occurred. Reinstalling Works may just fix
everything.

Ed
 
M

mamabear

I would suggest that you download AdAware (free version)
from here http://www.lavasoftusa.com/
It detects and safely removes trackware, dialers,
dataminers and other objects from your computer which can
cause lot of problems. Run Webupdate before each scan to
make sure that you have the latest ref file because they
are updated frequently. I see that you use kazaa.
Adaware will detect some components of it that if you
remove, will render kazaa inoperable. If you want to use
kazaa, scan with Adaware and before you remove anything,
post your logfile at their forums
http://www.lavasoftsupport.com/ and you will be advised as
to what to remove and how to keep kazaa on your machine.
There are several "clean" alternatives to kazaa if you
would like to try one of them.
 
D

Doug Knox MS-MVP

It appears that you have one, or more, and a ton of spyware. Here is the
list of what I suspect is a virus/worm, and/or spyware. All of these items
can be disabled via MSCONFIG, Startup Tab, with the exception of the two
listed under Running Processes. They would appear to be running as
Services, and you access those via the Services tab in MSCONFIG or by
running SERVICES.MSC. I would recommend disabling all of these, and any
others that you're not sure about. If your machine seems to behave
normally, then you can add them back one at a time until the problem
re-occurs. However, you should also visit www.lavasoft.com and download and
install AdAware (or update it if you already have it). You may also want to
try SpyBot Search and Destroy, for the spyware issues.

-- Registry - HKEY_LOCAL_MACHINE Run --
WinStart001.EXE C:\WINDOWS\System\WinStart001.EXE -b
Windows Update C:\windows\system\winupdate16.exe
Spool 32 syscfg32.exe
InternalSystray c:\windows\system32\kernel32.exe
WINDVDPatch CTHELPER.EXE
gouprgl
C:\DOCUME~1\Sheila\APPLIC~1\wamdygqu.exe -QuieT
DietK C:\PROGRA~1\DIETKA~1\DietKaza.exe
Diet K C:\Program Files\Diet Kaza\DietKaza.exe
CARPService carpserv.exe
ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

-- Registry - HKEY_CURRENT_USER Run --
AutoUpdater C:\WINDOWS\System32\aupdate.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

-- Start Menu - Current User --
HotSync Manager.lnk
PowerReg Scheduler.exe
PowerReg SchedulerV2.exe

Start Menu, Programs, Startup

-- Running Processes --

NMSSvc.Exe C:\WINDOWS\System32\NMSSvc.exe
MsPMSPSv.exe C:\WINDOWS\System32\MsPMSPSv.exe

These look to be starting as Services.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Explorer crashes when I try to view a file property 2
Problems with pops ups 6
over 600 virus's found! ran anti-virus but still not working 12
Internet Explorer 8 Error Messages and Dump File 16
IE redirection problem 2
Explorer.Exe 6
sharedobj.dll errors 1
Windows Explorer crashes in several circumstances 6

Top