Infected Files and Registery Keys

Startup Objects Scan: completed 2 hours ago (events: 21, objects: 1684, time: 00:12:30)
7/28/2011 5:15:08 PM Task started
7/28/2011 5:16:01 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\disk.sys
7/28/2011 5:16:03 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\dmio.sys
7/28/2011 5:16:04 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\dmusic.sys
7/28/2011 5:16:06 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\fdc.sys
7/28/2011 5:16:06 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\flpydisk.sys
7/28/2011 5:16:07 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\fltmgr.sys
7/28/2011 5:16:12 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\intelppm.sys
7/28/2011 5:16:12 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\ip6fw.sys
7/28/2011 5:16:13 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\ipinip.sys
7/28/2011 5:16:18 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\mspqm.sys
7/28/2011 5:16:18 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\mssmbios.sys
7/28/2011 5:16:21 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\npfs.sys
7/28/2011 5:16:25 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\raspppoe.sys
7/28/2011 5:16:30 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\redbook.sys
7/28/2011 5:16:33 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\swenum.sys
7/28/2011 5:16:37 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\update.sys
7/28/2011 5:16:38 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\usbstor.sys
7/28/2011 5:18:20 PM Packed: UPX c:\Documents and Settings\Valerie\Desktop\commy.exe
7/28/2011 5:20:07 PM Packed: Py2Exe c:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe
7/28/2011 5:27:41 PM Task completed

Hi,

How's your computer running now?

Hi,
Just came back from a well needed vacation. The computer still hangs a bit when opening up a new page or opening a program. Have to wait about 20-30 seconds before it starts to open. Not sure what that is from. Is there anything I can do about that? Also, the RUNDLL still comes up in the begining. Thanks for your help!

Sorry, I mispoke....it is taking over 2-3 min. to load a page....

Hi,

Could you please re-run OTL?

The error message comes up when boot up begins still saying "Missing RUNDLL Entry".

OTL logfile created on: 8/22/2011 11:42:31 AM - Run 8
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 68.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 203.29 Gb Free Space | 87.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 387.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIE-DAAA710
Current User Name: Valerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/30 19:00:37 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/12/12 08:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (atnthost)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?vv=750
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.8
FF - prefs.js..extensions.enabledItems: feedly@devhd:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 11:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 11:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 11:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 15:05:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 20:23:13 | 000,000,000 | ---D | M]

[2011/03/09 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Extensions
[2011/08/17 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions
[2011/03/10 13:43:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/15 09:31:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/06/11 13:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/06/11 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd
[2011/06/11 13:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\staged-xpis
[2011/06/11 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd\content\app\extension
[2011/08/17 16:09:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 17:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/26 14:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/04 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/04/04 14:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/30 11:09:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - Startup: C:\Documents and Settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 14:12:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/25 17:14:48 | 000,180,224 | R--- | M] (Dell Computer Corporation) - E:\AUTORCD.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/01/11 18:51:40 | 000,000,049 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 01:51:21 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 01:50:54 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/22 11:58:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 11:37:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/22 11:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/22 11:37:04 | 000,001,099 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/08/22 11:36:57 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2011/08/22 11:36:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 11:36:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/08/22 11:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/22 11:23:47 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/08/21 19:02:45 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
[2011/08/18 12:53:11 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Burnett, Richard.doc
[2011/08/18 12:44:35 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$nway, Frank.doc
[2011/08/18 09:04:14 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Valerie\ntuser.dat
[2011/08/18 09:01:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Microsoft Office Word 2003.lnk
[2011/08/17 21:58:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Valerie\ntuser.ini
[2011/08/17 21:56:48 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\SPRINT PSWDS..doc
[2011/08/14 11:52:42 | 000,397,960 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Vista-Spec-Sheet-April-2010.pdf
[2011/08/14 10:06:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/08/13 00:09:34 | 000,505,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/08/13 00:09:34 | 000,444,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/13 00:09:34 | 000,072,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/12 01:36:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 12:05:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Blood Bank of DE2.doc
[2011/08/11 10:37:24 | 000,117,907 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Vista Residential Warranty.pdf
[2011/08/11 10:36:46 | 000,112,634 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\VISTA RES GOLD WARRTY.pdf
[2011/08/11 10:35:54 | 000,196,133 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\VistaWarrantyTransfer.pdf
[2011/08/11 10:12:37 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Santangelo, Jill.doc
[2011/08/09 13:23:51 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Day, Christy.doc
[2011/08/09 11:30:33 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Un Poco de Mexico.doc
[2011/08/09 10:17:29 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Christiana Care Main Lobby2.doc
[2011/08/08 17:24:22 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Casanova, Carmen2.doc
[2011/08/01 22:06:39 | 000,515,276 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\val w2.pdf
[2011/08/01 22:02:09 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Financial Aid, Larry2.doc
[2011/08/01 20:26:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$mmons Response[1].doc
[2011/08/01 19:06:40 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Summons Response[1].doc
[2011/08/01 14:48:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/31 21:51:20 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Voshell, Courtney.doc
[2011/07/31 21:17:42 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Patel, Ashok5.doc
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/18 12:53:03 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Burnett, Richard.doc
[2011/08/18 12:44:35 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$nway, Frank.doc
[2011/08/17 20:18:00 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\SPRINT PSWDS..doc
[2011/08/14 11:52:42 | 000,397,960 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\Vista-Spec-Sheet-April-2010.pdf
[2011/08/14 10:06:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/08/14 10:06:31 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/08/11 12:05:14 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Blood Bank of DE2.doc
[2011/08/11 10:36:46 | 000,112,634 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\VISTA RES GOLD WARRTY.pdf
[2011/08/11 10:35:47 | 000,196,133 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\VistaWarrantyTransfer.pdf
[2011/08/11 10:12:37 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Santangelo, Jill.doc
[2011/08/09 13:23:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Day, Christy.doc
[2011/08/09 11:30:29 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Un Poco de Mexico.doc
[2011/08/09 10:17:24 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Christiana Care Main Lobby2.doc
[2011/08/01 22:06:30 | 000,515,276 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\val w2.pdf
[2011/08/01 22:02:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Financial Aid, Larry2.doc
[2011/08/01 20:26:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$mmons Response[1].doc
[2011/08/01 19:06:38 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Summons Response[1].doc
[2011/07/31 21:51:19 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Voshell, Courtney.doc
[2011/07/31 21:17:42 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Patel, Ashok5.doc
[2011/02/19 20:33:06 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/16 12:57:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 20:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Valerie.ini
[2009/04/21 21:05:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/02 21:02:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/05/06 08:39:42 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2008/04/30 15:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/04/30 15:17:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/04/30 15:17:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/04/30 15:17:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/04/29 11:40:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2008/04/29 11:39:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2008/04/29 11:39:08 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2008/04/29 11:39:08 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2008/04/29 11:39:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2008/04/29 11:39:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2008/04/29 11:39:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2008/04/29 11:39:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2008/04/29 11:39:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2008/04/29 11:39:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2008/04/29 11:39:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2008/04/29 11:39:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2008/04/29 11:39:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2008/04/29 11:39:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2008/04/29 11:39:03 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2008/04/29 11:39:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2008/04/29 11:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2008/04/29 11:39:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/18 14:48:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 14:47:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/10 09:43:24 | 003,563,520 | R--- | C] () -- C:\WINDOWS\System32\BGP856.dll
[2005/10/14 17:09:48 | 000,050,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\atntwink.sys
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\LARRYS PICS 001.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 2007.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 1 2007.png:SummaryInformation
< End of report >

Hi there...

does this error message also refer to a certain file path, or is it just an open dialog box saying that?

the error says:
Error in C:/Windows/System32/spool/Drivers/w32x86/3/
Missing Entry: RunDLL Entry

FYI: I am not sure this error has anything to do with not having sound on my computer.

Have you installed a printer recently? Do you have a printer?

Yes, I do have a printer. I had the same printer for over 5 years. It is a Dell All In One.

I have 2 viruses on my laptop. Should I post in a new forum or can I post my Malwarebytes log here? Thanks.

Post a new topic for that.

As for the Dell All-In-One, do you have any discs available for reinstalling the printer drivers?

Yes, I do have the disk.

Please reinstall those drivers, and see if the error pops up anymore...

Don't know if this changes anything since I don't have any sound. When I check Device Manager it shows a yellow question mark infront of multimedia audio controllers. When I check the properties, it says the device has no drivers.
When I go to install the CD (Drivers and Utilities for my Dell Photo All in one printer 964) it does nothing. Nothing pops up. I am not sure how to go about re installing the drivers. What do I do after putting in the CD and do I UNINSTALL anything first? Thanks

Right-click on My Computer and select Manage.

Click Device Manager in the left pane.

Find your Printer in the list, right-click and select Uninstall.

Reboot your computer. Make sure the printer is on before it finishes starting up, and then allow it to queue the driver setup. When the prompt appears...insert the driver CD and continue through the wizard to completion.

Let me know if that works.. (we'll work on sound issue later).