This post refers to my Vista System only. The problem I am experiencing with the EXE's is that when I try to run one in my Dropbox folder or subfolders, I either get the CMD line message "Access denied - c:\users\jxx\appdata\local\temp\ztmp 'C:users\jxx\appdata\local\temp\ztemp\tmpnnnn.bat (where n represent any number) is not recognized as an internal...." (This ploy is to capture in a file, in the \ztmp folder, any BAT file I run from the above mentioned Dropbox folder. The hacker is trying to get passwords that are in the BAT files. But I have removed those BAT files and have created EXE's of them that do not reveal the password(s) stored in them.) or "Windows cannot find c:\users......\Appdata...\ztmp\tnnnn.bat ...." (This ploy is the same as mentioned above.) Plus, I am experiencing a slow computer, especially when I boot up. Sometimes I have to restart my machine. Here is the DDS.txt file:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by XXX at 6:04:45 on 2013-04-26
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3069.1500 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\iashost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearch Bar = Preserve
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - <orphaned>
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreeSoundRecorder Toolbar: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\XXX\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\XXX\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra08.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra082.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.XXXXX.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{22906850-BC0B-4365-9A92-605E13EB2013} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0C51C7F-ADB0-4604-A879-B0BCA0430089} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\search~2\search~1\datamngr.dll c:\progra~1\search~2\search~1\IEBHO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 50.63.125.1 godaddy.com
Hosts: 66.135.48.22 serverbeach.com
Hosts: 66.150.14.42 pinball.com
Hosts: 63.162.234.131 Akamai.net
Hosts: 184.87.3.235 Akamai.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-19 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-28 41544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1403010.016\symds.sys [2013-4-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1403010.016\symefa.sys [2013-4-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\bashdefs\20130412.001\BHDrvx86.sys [2013-4-12 1000024]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys [2013-4-16 134304]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-19 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-11-1 186952]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\ipsdefs\20130425.001\IDSvix86.sys [2013-4-26 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1403010.016\ironx86.sys [2013-4-16 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys [2013-4-16 350368]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-29 68168]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-3-29 23624]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-7-27 112968]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-7-12 132056]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-26 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-26 342016]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-25 3560288]
R3 arusb_lh;SMCWUSB-N2 802.11n Wireless device driver;c:\windows\system32\drivers\arusb_lh.sys [2012-10-31 437760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-26 106656]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-7 5504]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-12 21504]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-9-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-16 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-2-16 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-11-1 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-11-1 8456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-7 29744]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-9-4 22640]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-10-6 14592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2012-12-14 2620016]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
FileExt: .inf: Applications\Q.EXE="c:\q\Q.EXE" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-26 11:00:06 688992 ----a-r- c:\users\XXX\dds.scr
2013-04-26 10:42:28 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00c549f0-9d0d-448c-8af9-205f661578b8}\offreg.dll
2013-04-17 21:12:28 -------- d--h--w- C:\VirtualStore
2013-04-17 19:15:02 -------- d-----w- c:\users\jim\appdata\roaming\ParetoLogic
2013-04-16 16:36:09 -------- d-----w- c:\program files\Dropbox
2013-04-16 13:06:52 -------- d-----w- c:\users\jim\appdata\local\{1B6E5156-96F8-4B58-9A85-0947C12A3C51}
2013-04-16 11:42:59 934488 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symefa.sys
2013-04-16 11:42:59 367704 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symds.sys
2013-04-16 11:42:59 350368 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys
2013-04-16 11:42:59 338592 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symnets.sys
2013-04-16 11:42:59 32344 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtspx.sys
2013-04-16 11:42:59 21400 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symelam.sys
2013-04-16 11:42:58 602712 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtsp.sys
2013-04-16 11:42:58 175264 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ironx86.sys
2013-04-16 11:42:58 134304 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys
2013-04-16 11:42:21 14818 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symvtcer.dat
2013-04-16 11:42:20 -------- d-----w- c:\windows\system32\drivers\nis\1403010.016
2013-04-10 13:31:34 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:31:31 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:31:31 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:31:30 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:31:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:31:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:31:21 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 13:31:19 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:39:34 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-04 14:39:34 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-04-02 16:23:16 -------- d-----w- c:\program files\RealNetworks
2013-04-02 16:22:29 -------- d-----w- c:\program files\common files\xing shared
2013-03-29 14:19:45 19528 ----a-w- c:\windows\system32\fbnative.exe
.
==================== Find3M ====================
.
2013-04-26 10:21:50 70006 ----a-w- c:\users\XXX\usage.exe
2013-04-22 13:46:53 61667 ----a-w- c:\users\XXX\offering.exe
2013-04-22 13:45:50 61664 ----a-w- c:\users\XXX\checkbox.exe
These 3 EXE's are run outside of Dropbox although they are also in Dropbox.
2013-04-20 16:55:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 16:55:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 16:21:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-02 16:21:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-21 15:26:08 848 --sha-w- c:\programdata\KGyGaAvL.sys
2013-03-16 17:51:52 186952 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-16 17:48:40 41544 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-16 17:43:22 15944 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-16 17:40:12 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-10 20:52:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 20:52:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 20:52:30 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-16 11:37:00 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-15 22:12:33 200 ----a-w- c:\windows\system32\o.BAT
2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 6:06:13.70 ===============
I do have access to the Install Disk. Attached is the file "attach.zip".
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by XXX at 6:04:45 on 2013-04-26
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3069.1500 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\iashost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearch Bar = Preserve
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - <orphaned>
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreeSoundRecorder Toolbar: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\XXX\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\XXX\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra08.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra082.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.XXXXX.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{22906850-BC0B-4365-9A92-605E13EB2013} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0C51C7F-ADB0-4604-A879-B0BCA0430089} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\search~2\search~1\datamngr.dll c:\progra~1\search~2\search~1\IEBHO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 50.63.125.1 godaddy.com
Hosts: 66.135.48.22 serverbeach.com
Hosts: 66.150.14.42 pinball.com
Hosts: 63.162.234.131 Akamai.net
Hosts: 184.87.3.235 Akamai.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-19 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-28 41544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1403010.016\symds.sys [2013-4-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1403010.016\symefa.sys [2013-4-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\bashdefs\20130412.001\BHDrvx86.sys [2013-4-12 1000024]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys [2013-4-16 134304]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-19 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-11-1 186952]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\ipsdefs\20130425.001\IDSvix86.sys [2013-4-26 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1403010.016\ironx86.sys [2013-4-16 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys [2013-4-16 350368]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-29 68168]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-3-29 23624]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-7-27 112968]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-7-12 132056]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-26 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-26 342016]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-25 3560288]
R3 arusb_lh;SMCWUSB-N2 802.11n Wireless device driver;c:\windows\system32\drivers\arusb_lh.sys [2012-10-31 437760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-26 106656]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-7 5504]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-12 21504]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-9-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-16 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-2-16 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-11-1 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-11-1 8456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-7 29744]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-9-4 22640]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-10-6 14592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2012-12-14 2620016]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
FileExt: .inf: Applications\Q.EXE="c:\q\Q.EXE" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-26 11:00:06 688992 ----a-r- c:\users\XXX\dds.scr
2013-04-26 10:42:28 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00c549f0-9d0d-448c-8af9-205f661578b8}\offreg.dll
2013-04-17 21:12:28 -------- d--h--w- C:\VirtualStore
2013-04-17 19:15:02 -------- d-----w- c:\users\jim\appdata\roaming\ParetoLogic
2013-04-16 16:36:09 -------- d-----w- c:\program files\Dropbox
2013-04-16 13:06:52 -------- d-----w- c:\users\jim\appdata\local\{1B6E5156-96F8-4B58-9A85-0947C12A3C51}
2013-04-16 11:42:59 934488 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symefa.sys
2013-04-16 11:42:59 367704 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symds.sys
2013-04-16 11:42:59 350368 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys
2013-04-16 11:42:59 338592 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symnets.sys
2013-04-16 11:42:59 32344 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtspx.sys
2013-04-16 11:42:59 21400 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symelam.sys
2013-04-16 11:42:58 602712 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtsp.sys
2013-04-16 11:42:58 175264 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ironx86.sys
2013-04-16 11:42:58 134304 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys
2013-04-16 11:42:21 14818 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symvtcer.dat
2013-04-16 11:42:20 -------- d-----w- c:\windows\system32\drivers\nis\1403010.016
2013-04-10 13:31:34 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:31:31 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:31:31 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:31:30 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:31:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:31:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:31:21 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 13:31:19 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:39:34 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-04 14:39:34 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-04-02 16:23:16 -------- d-----w- c:\program files\RealNetworks
2013-04-02 16:22:29 -------- d-----w- c:\program files\common files\xing shared
2013-03-29 14:19:45 19528 ----a-w- c:\windows\system32\fbnative.exe
.
==================== Find3M ====================
.
2013-04-26 10:21:50 70006 ----a-w- c:\users\XXX\usage.exe
2013-04-22 13:46:53 61667 ----a-w- c:\users\XXX\offering.exe
2013-04-22 13:45:50 61664 ----a-w- c:\users\XXX\checkbox.exe
These 3 EXE's are run outside of Dropbox although they are also in Dropbox.
2013-04-20 16:55:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 16:55:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 16:21:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-02 16:21:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-21 15:26:08 848 --sha-w- c:\programdata\KGyGaAvL.sys
2013-03-16 17:51:52 186952 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-16 17:48:40 41544 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-16 17:43:22 15944 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-16 17:40:12 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-10 20:52:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 20:52:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 20:52:30 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-16 11:37:00 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-15 22:12:33 200 ----a-w- c:\windows\system32\o.BAT
2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 6:06:13.70 ===============
I do have access to the Install Disk. Attached is the file "attach.zip".