I have the following spybot/teatimer notification:
Located: HK_LM:Run, BMd3877471
command: Rundll32.exe "C:\WINDOWS\system32\btoyfsdb.dll",s
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Over the weekend, I kept getting the pop up from spybot regarding this error. I ran spybot, avg, avg spywire, and adaware and found two different trojans during scans. I ran the scans in both safe mode and regular mode.
Just when I think that I got rid of this monster, it adds itself back to the startup entries (even though I click deny change during the pop up above). Each time I go to safe mode and delete the DLL, it comes back with a different name but the BMD3877471 is always the same entry.
The three trojans/viruses I found were over the weekend:
Trojan horse generic9.BHWU
Trojan Obfuscated mu
I do tashi, and I think that I got rid of the virus.
I think the difference was when I went in and deleted the previous restore points through the disk cleanup---that and when I disconnected the machine from the internet while running the scans.
I posted here because I couldn't find any information using the particular DLL and registry entry so I thought that I perhaps had a virus that was new. Plus, Spybot was the only product...except for superantispyware that detected it.