8 replies to this topic

[Magick13]

AVG emergency boot and Malwarebytes found the Kryptic trojan on my computer. I knew I had it because the wireless signal would be present and my mail server (web based) would work, but no network connection could be found by the browser. I think I have cleaned it off, but I still cannot connet to the internet at home (writing from work). I have copies of my Malwarebytes logs which I hope are alright to post here (I am new), I am posting the only one with anything in it, the others have nothing malicious. Now I am getting the blue screen of death sometimes and even got a back bios checksum error. Has this trojan damaged my mother board? I am obviously not techie and praying for some help here. Because I use a work computer, i can only check on weekdays. thanks so much, can post hijack this on Tuesday if that would help
Debbi
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2010 12:18:27 AM
mbam-log-2010-04-08 (00-18-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 215511
Time elapsed: 3 hour(s), 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Maurice Naggar]

Hello Magick13,

a) The version of MalwareBytes is seriously out of date.
b) We need DDS logs for review before we go further

Download DDS and save it to your desktop from http://www.techsuppo...ctools/sUBs/dds here
or http://download.blee...om/sUBs/dds.scr or
http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt

[Maurice Naggar]

Hello,

Please provide a status update.

[Magick13]

_{Here is the DDS notepad log:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Debbi at 0:35:50 on 2012-08-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.264 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bell\Mobile Connect\SwiCardDetect.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Bell\Mobile Connect\MobileConnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\owner\My Documents\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Bell\Mobile Connect\RcAppSvc.exe
C:\Program Files\Bell\Mobile Connect\SwiApiMuxX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [Conime] %windir%\system32\conime.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Bell Canada Connection Manager] "c:\program files\bell\mobile connect\MobileConnect.exe" -a
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\documents and settings\owner\my documents\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://msn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C7E002D6-324B-4500-883D-84B620FD8640} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 207.164.79.254 204.101.237.136
TCP: Interfaces\{2F1BE497-DDB9-4721-BEAE-31D7A203E63D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B6497878-FD13-4012-8E66-7BC62DFB11EC} : DhcpNameServer = 207.164.79.254 204.101.237.136
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-6-16 87368]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-4 54752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-2 655944]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2012-1-9 96088]
R2 sbbotdi;sbbotdi;c:\progra~1\speedbit video accelerator\sbbotdi.sys [2007-2-9 33024]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2008-3-24 24576]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\bell\mobile connect\SwiCardDetect.exe [2011-6-24 238960]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BellCanadaRcAppSvc;Bell Canada Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2012-2-10 120672]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-5-12 1287296]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-8-7 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-2 22344]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2011-6-28 215552]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2011-6-28 83968]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2011-6-28 208128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 athrusb;TP-LINK Extensible Wireless LAN device driver;c:\windows\system32\drivers\athrusb.sys [2009-11-4 857600]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-2-20 6016]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-27 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-2-20 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-2-20 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-2-20 23424]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-2-20 11008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 113120]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2012-2-10 169824]
S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2011-11-2 987904]
S3 ZD1211BU(TP-LINK);TL-WN322G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [2009-10-22 477696]
.
=============== Created Last 30 ================
.
2012-08-08 04:16:34 -------- d-sh--w- c:\documents and settings\temp.intelpd.000\PrivacIE
2012-08-08 04:16:22 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\AVG Secure Search
2012-08-08 04:12:23 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\Skinux
2012-08-08 04:11:49 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\Sierra Wireless
2012-08-08 04:08:49 -------- d-----w- c:\documents and settings\temp.intelpd.000\local settings\application data\Identities
2012-08-08 04:08:12 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\Windows Desktop Search
2012-08-08 04:08:07 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\Bell
2012-08-08 04:07:46 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\AVG2012
2012-08-08 04:07:38 -------- d-----w- c:\documents and settings\temp.intelpd.000\local settings\application data\Google
2012-08-08 04:07:33 -------- d-----w- c:\documents and settings\temp.intelpd.000\local settings\application data\AVG Secure Search
2012-08-08 04:05:29 -------- d-----w- c:\documents and settings\temp.intelpd.000\application data\Motorola
2012-08-08 01:38:19 -------- d-----w- c:\documents and settings\all users\application data\Sierra Wireless
2012-08-08 01:35:28 -------- d-----w- c:\program files\Bell
2012-08-08 01:35:28 -------- d-----w- c:\documents and settings\all users\application data\Bell
2012-08-08 01:30:05 -------- d-----w- c:\program files\Novatel Wireless
2012-08-06 23:35:52 -------- d-----w- c:\program files\Symantec
2012-08-06 23:32:47 -------- d-----w- c:\program files\Norton 360
2012-08-06 23:29:47 -------- d-----w- c:\program files\NortonInstaller
2012-08-06 23:02:07 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-06 22:59:46 33792 ----a-w- c:\program files\messenger\custsat.dll
2012-08-06 18:42:05 -------- d-----w- C:\WINDOW
2012-08-02 23:54:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 23:54:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-22 21:23:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-22 21:23:15 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-08-08 04:17:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 04:17:27 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 01:20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-27 01:20:32 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-27 01:20:32 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2010-03-26 16:05:20 19869696 -c--a-w- c:\program files\IKEA_Home_Planner.exe
2004-10-01 19:00:16 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 0:38:30.65 ===============}

[Magick13]

I apologize it tookme so long to reply. My computer crashed fatally and I had to have my motherboard replaced. Now my original profile is corrupt and the system is still running incredibly slowly in spite of adding a new high speed turbo stick. F8 does not give me a safe mode option.

[Maurice Naggar]

Sorry to hear about the corrupted profile and the hardware replacement. I'd suggest that you insure that the RAM memory is meeting the specs of your new system-board, and that you run a thorough memory diagnostic. Bad or marginal RAM can lead to all sorts of issues.
MS Windows memory diagnostic tool WINDIAG
http://oca.microsoft.../en/windiag.asp

Make sure all of your RAM passes tests.

2) Backup all your personal files, documents, downloads, etc to offline media (such as external-USB drive, or CD/DVDs)

3) A change in systemboard requires a repair install as a follow-up.
You need to do is a XP repair install. But first un-install Internet Explorer 8 before you do the repair.
See Repair Install http://pcsupport.abo...stxprepair1.htm

[Magick13]

the ram test will not work from the dvd drive, copied the iso to C: and will try again.

[Magick13]

Nope that didn't work either. Booted from the dvd drive and got a strange screen with large icons. Norton 360 started to load, I have never installed Norton 360. I uninstalled it, and rebooted to C because I was getting prompts to reinstall my keboard. I really think I need to repair my profile first. Nothing will save and I have jump through initializing IE each time I reboot. I get weird prompts from Firefox to accept numbered files that don't look safe so I am not using that. Is there any other way to run the ram test or should I go directly to the xp repair? Have my xp disk.

[Maurice Naggar]

stop. Please stop. And get re-organized.
You need to do a repair install.
Yes you will need the XP operating system CD.

A Windows XP repair install is "iffy" in that there can be no guarantee that it will really result in a fix of your issues.
I would urge a full offline backup of the system before you even start it. Having the backup would serve as a means of possibly reverting it in case things did not work out.

Following is the Repair Install scenario.
Only if you have a "full" XP CD ----
The object of this exercise is to do an in-place upgrade or an in-place installation for purposes of "repair".
It needs to go to the same partition as before , and the same directory as before.

Usually for example XP is on C drive and is on folder/directory \Windows or \WINNT.

Configure your computer to start from the CD-ROM drive. You do that from the pc BIOS setup screen. You specify CDROM as the first drive to boot from.

Insert your Windows XP CD into your CD-ROM drive, and then restart your pc.

When the "Press any key to boot from CD" message is displayed on your
screen, press a key to boot pc from the XP CD.

When you see the following message displayed on the Welcome to Setup screen,
press ENTER:
To setup Windows XP now, press ENTER.

At this point an option to press R to enter the Recovery Console is displayed. Do NOT select this option.

On the Windows XP Licensing Agreement screen, press F8 function key to agree to it.

Make sure that your current installation of Windows XP (in your case, the one you wish to repair) is selected in the box, and then press the R key to repair XP.

Follow the instructions on the screen.

NOTE: You may refer to this article for more details
http://www.michaelst...pairinstall.htm