is it a virus?

there seems to be something running in the background on my pc. it is most notable when i am connected to the internet, if i open my connection by clicking on the screens on my taskbar, the status window shows it is sending and receiving bytes constantly. it never used to do this until about a week ago. generally once my automatic updates were complete the connection icon would not flash. i am up to date with avast and running a full scan has not found anything. i have also tried adaware with no success. any suggestions would be appreciated.

Hi,
please describe your System more detailed and
post a hijackthis-Log for analysis…: → http://klaffke.de
:wink:

First, do as Whocares suggested and give us more system information … plus a Hijackthis log.

It could be a keylogger or some other malware. Since Ad-aware did not find anything, I would suggest you also try Spybot-Search & Destroy. You can find it here:

http://www.safer-networking.org/en/index.html

sorry for the delay in my response, i am located in rural australia.

os- win xp pro
p3 800
256mb ram
20gb seagate hdd

here are the results of the hijack this scan. i hope i have done it correctly as i have not used this before.thanks

Logfile of HijackThis v1.98.2
Scan saved at 8:15:20 PM, on 9/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\WINBOOT32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\SYSTEM32\RAMASST.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchPRO - {4E7BD74F-2B8D-469E-8EEC-EF64B787BB38} - C:\WINDOWS\DOWNLO~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: EasySearchBar - {86790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\PROGRAM FILES\ESB\ESB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: SearchPRO - {4E7BD74F-2B8D-469E-8EEC-EF64B787BB38} - C:\WINDOWS\DOWNLO~1\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..\Run: [Reg Services] WINBOOT32.EXE
O4 - HKLM..\RunServices: [Reg Services] WINBOOT32.EXE
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: EasySearchBar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRAM FILES\ESB\ESB.DLL
O9 - Extra ‘Tools’ menuitem: EasySearchBar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRAM FILES\ESB\ESB.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: Win32 Classes -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E7BD74F-2B8D-469E-8EEC-EF64B787BB38} (SearchPRO) - http://www.searchpro.com.au/toolbar/searchpro.cab
O17 - HKLM\System\CCS\Services\Tcpip..{6B0B68FB-E104-4415-AAF2-CE81ED909AE8}: NameServer = 203.134.64.66 203.134.65.66
O17 - HKLM\System\CS1\Services\Tcpip..{6B0B68FB-E104-4415-AAF2-CE81ED909AE8}: NameServer = 203.134.64.66 203.134.65.66

Billy are you on broadband or dial up? given your country location i assume you are on dial up . You really should consider a firewall, more so if you are on broadband . there`s just too much garbage not to have one installed. plenty of free ones around.
I would also consider giving the searchbars the flick as they often come with added extras that dont always take you where you wanna go .

i am on dial-up. have removed searchbars. i will get a firewall but dont know which one,i have never used one. will a firewall help me with my current problem or only help prevent future probs?

1] Disable system restore
2] Reboot
3] Fix the following things:
\windows\system32\winboot32.exe
r3 - default urlsearchhook is missing
o2 - bho: searchpro - {4e7bd74f-2b8d-469e-8eec-ef64b787bb38} - c:\windows\downlo~1\search~1.dll
o3 - toolbar: easysearchbar - {86790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} - c:\program files\esb\esb.dll
o3 - toolbar: searchpro - {4e7bd74f-2b8d-469e-8eec-ef64b787bb38} - c:\windows\downlo~1\search~1.dll
o4 - hklm..\run: [reg services] winboot32.exe
o4 - hklm..\runservices: [reg services] winboot32.exe
o9 - extra button: easysearchbar - {a26abcf0-1c8f-46e7-a67c-0489dc21b9cc} - c:\program files\esb\esb.dll
o9 - extra ‘tools’ menuitem: easysearchbar - {a26abcf0-1c8f-46e7-a67c-0489dc21b9cc} - c:\program files\esb\esb.dll

4] Visit http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en and keep going there till ALL security patches/updates are installed.
Both your Windows and your IE are very much outdated and vulnerable to all kinds of mallware.

firewall ,I reccommend Zonealarm you can find it in technicals links in general topics forum.its the simplest to use/setup.
But eddy`s right your biggest problem now is M$ update. you havent even got service pack one which is over a year ago. problem is, it alone takes 5-6 hrs to download on 56k and there are heaps of updates since .best to leave it running overnight. hope your plan is unlimited d/l. :wink:
do you know how to turn off sys restore? go to cont panel/ system/ and look for a system restore tab , check the box to turn off then hit apply, then uncheck again and apply
good luck :smiley:

Too bad you can’t order the free security update cd anymore from MS :-\

thanks eddy i will do what you say. though as far i was concerned i had done all windows updates (except sp1 & sp2).? but mind you, i only think i know what i’m talking about