Help with XP high background internet traffic. Please

Hi there and welcome. We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

Kestrel13!

 

Just add checks against the boxes you want, however leave the advanced tab alone. Are you able to check them? You made it sound like they were locked.


1. If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

2. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.



3. Use Windows Explorer to find and delete the below bold files:

• c:\program files\temp01
• c:\windows\S228739E3.tmp

After a reboot tell me if these files re-appear or whether they are gone!

4. Let's run a rootkit scanner just to be sure:

Running Rootkit Revealer...

5. Download Dr.Web CureIt and save it to your desktop.

• Doubleclick the cureit-beta.exe file and allow to run
• If it prompts you about getting any updates, get the update and then rerun the cureit-beta.exe installation.
• When it finishes you will have a green window with a Start and and Update selection. Click Start
• the Express Scan of your PC window will come up. Click OK to scan main memory to detect infected process in memory.
• If anything is found in memory, click the yes button when it asks you if you want to cure it. This is only a short scan.
• You may see a popup window to Buy or get a discount on the program. Just click the X at the top right to close this popup. The scan will continue.
• Once the short scan is completed, click the Custom Scan radio button. Then Select each of your hard disk drives (that is if you have more than one). A red dot shows which drives have been chosen.
• Click the green arrow at the right under the Dr.Web logo, and the scan will start.
• Click 'Yes to all' if it finds any problems and asks if you want to cure or move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! This is necessary because there could be files in use that will be moved or deleted during reboot.
• After reboot, rename the DrWeb.csv file to DrWeb.txt so that it can be uploaded here and then attach the log from Dr.Web to your next reply

6. Attach logs from running both the Rootkit Revealer and Dr Web CureIt into your next reply.