Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Outgoing Packets Suggest A Virus or Malware

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I have recently come down with this problem where I noted that the outgoing data on my dial-up connection was vastly higher than what I was downloading. Since I hadn't been sending files or pictures, I figured that I had a virus or malware.

I checked out the suggested programs, and I cleaned up the extraneous files. I ran Spybot and I ran a virus scan thus far.

I am still getting the empty dos box/window calling for cmd.exe. I have multiple occurences of svchost and I think my AVG scanner is either not working properly or it has been disabled by a virus or malware. The window doesn't always go away on it's own, and the opening of the black window is also accompanied by the opening of a browser. Fortunately, I am using Firefox as my default browser so the address calling for an update doesn't continue in Firefox.

Presently I'm running XP Pro, SP1.

Here is the Hijack This log that was generated after the initial stages of clean up:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:31 AM, on 7/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\FreeRAM XP Pro 1.40.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APB_Start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APB_Start.html
O2 - BHO: IEMan Class - {24100E69-977D-4AEF-9538-B0FE1DDCE584} - C:\Program Files\Incredi IE Manager\IEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [startxpclean] \program files\xpcleaner\cxprerun.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [startxpclean] \program files\xpcleaner\cxp.cmd
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\\InstallStub.exe -a
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ThumbBot... - {EE874DF5-BA13-4961-A0CF-B047F6E4D78C} - C:\PROGRA~1\SWELLC~1\ThumbBot\Thumb.dll
O9 - Extra 'Tools' menuitem: ThumbBot... - {EE874DF5-BA13-4961-A0CF-B047F6E4D78C} - C:\PROGRA~1\SWELLC~1\ThumbBot\Thumb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119663947913
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) -
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://play08.pogo.c...aploader_v5.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Thank you in advance for your assistance!
  • 0




    Retired Staff

  • Retired Staff
  • 2,089 posts
Hi and welcome go Geeks to Go. Start by working your way through the malware removal guide at the top of this forum where it says "Do you suspect a malware (Spyware, Virus, Trojan) infection? Please start here. " This enables folks to solve most problems on their own. If you still have trouble after that, post a hijack this log in the malware forum at
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thanks for the link.

I followed the instructions for the board before I posted.

What next?
  • 0



    Retired Staff

  • Retired Staff
  • 2,089 posts
If you posted your hijack this log in the malware forum (the link I gave you) just be patent, they will get to you as soon as they can. Those folks do an outstanding job. They are the malware expterts here. Please understand there are lots of folks like you needing help, and they will get to you. They are fighting a never ending battle against malware! :tazz:
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP