DLL Error & Registry Change Denied Message

[mefthymi]

After running Spybot I now get a Run DLL error:

Error loading C:Windows\system32\bajuwuge.dll

This is probably because I denied a Registry Change request and now see a pop up every second with Registry Change Denied mesage. The details from the Resident Log are:

12/28/2008 8:54:00 PM Denied (based on user blacklist) value "vihisagadi" (new data: "Rundll32.exe "C:\WINDOWS\system32\bajuwuge.dll",s") added in System Startup global entry!

Is this a legimate registry change? If not how do I get rid off it?

Mike E

[md usa spybot fan]

mefthymi:

What did you attempt to remove with Spybot, Virtumonde perhaps?

It looks as if the bajuwuge.dll may have been deleted by Spybot but the infection was not totally cleared so the infection is attempting to add the "Rundll32.exe "C:\WINDOWS\system32\bajuwuge.dll",s" startup entry back into the registry.

If that is the case denying the registry change was the correct action.

Please post the Fixes.yymmdd-hhmm.txt log file from the running of Spybot before encountering the problem. There are two methods to do that:

• Method 1:
  
  • Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the correct Fixes.yymmdd-hhmm.txt log file. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
• Method 2
  
  • The Fixes.yymmdd-hhmm.txt log files are stored in the following folders:
    
    • Windows 95 or 98:
      C:\Windows\Application Data\Spybot - Search & Destroy\Logs
    • Windows ME:
      C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Windows NT, 2000 or XP:
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Windows Vista:
      C:\ProgramData\Spybot - Search & Destroy\Logs
  • Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.txt log file. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

Note: By default here are two Checks.yymmdd-hhmm.txt log files produced during a scan. The second Checks.yymmdd-hhmm.txt log file has the details of what the scan found. A Fixes.yymmdd-hhmm.txt log file is produced if you fix or attempt to fix something.

[mefthymi]

md usa spybot fan,

thanks for your support on this.

From the log it look like Virtumonde was detected so its possible this is causing the problem

Here is the fixes log file:


--- Report generated: 2008-12-28 11:46 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

StarWare: [SBI $A82637BF] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Starware

StarWare: [SBI $8008440B] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\BrowserSearch\

StarWare: [SBI $9780440A] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ErrorSearch\

StarWare: [SBI $76047FA3] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Layouts\

StarWare: [SBI $E5A2946D] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Manager\

StarWare: [SBI $AF7DF342] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\PopupBlocker\

StarWare: [SBI $3F6D43DB] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Reference\

StarWare: [SBI $461B2748] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\RelatedSearch\

StarWare: [SBI $82175B8E] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchAssistPlus\

StarWare: [SBI $B69F5A09] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchMatch\

StarWare: [SBI $D5728ACA] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Toolbar\

StarWare: [SBI $007CB757] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarLogo\

StarWare: [SBI $F5040D20] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarSearch\

StarWare: [SBI $6F569955] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\TravelSearch\

StarWare: [SBI $FDA327EC] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\

StarWare: [SBI $F26334AD] Web page (File, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\AlertArchive.xml

StarWare: [SBI $680C6CD8] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D49E9D35-254C-4c6a-9D17-95018D228FF5}

StarWare: [SBI $CD7E532B] Program directory (Directory, fixing failed)
C:\Documents and Settings\All Users\Application Data\Starware\

StarWare: [SBI $D2AFA17F] Program directory (Directory, fixing failed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\

StarWare: [SBI $95CA14DA] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}

StarWare: [SBI $C1439312] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5}

Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uparafuy.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amesujaj.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amovozat.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\aviwizim.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\efamidos.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\egoseluh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\umegizul.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\etameneh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\evemewew.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ewevizuh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\eyonagol.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ukaverif.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ilowoyuw.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\izapopud.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ujafeliy.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ojoyohig.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\osipunej.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uduhalek.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\udatusav.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ubudiled.ini

Virtumonde: [SBI $1E12D746] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\fias4013

Virtumonde.prx: [SBI $9C9A1A85] Autorun settings (CPMf3075b31) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPMf3075b31

Virtumonde.prx: [SBI $9C9A1A85] Program file (File, fixed)
c:\windows\system32\vetidika.dll

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

Virtumonde.prx: [SBI $3F5CA9DA] Program file (File, fixed)
C:\WINDOWS\system32\bajuwuge.dll

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)


DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2008-12-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- Report generated: 2008-12-28 11:46 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

StarWare: [SBI $A82637BF] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Starware

StarWare: [SBI $8008440B] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\BrowserSearch\

StarWare: [SBI $9780440A] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ErrorSearch\

StarWare: [SBI $76047FA3] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Layouts\

StarWare: [SBI $E5A2946D] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Manager\

StarWare: [SBI $AF7DF342] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\PopupBlocker\

StarWare: [SBI $3F6D43DB] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Reference\

StarWare: [SBI $461B2748] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\RelatedSearch\

StarWare: [SBI $82175B8E] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchAssistPlus\

StarWare: [SBI $B69F5A09] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchMatch\

StarWare: [SBI $D5728ACA] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Toolbar\

StarWare: [SBI $007CB757] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarLogo\

StarWare: [SBI $F5040D20] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarSearch\

StarWare: [SBI $6F569955] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\TravelSearch\

StarWare: [SBI $FDA327EC] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\

StarWare: [SBI $F26334AD] Web page (File, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\AlertArchive.xml

StarWare: [SBI $680C6CD8] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D49E9D35-254C-4c6a-9D17-95018D228FF5}

StarWare: [SBI $CD7E532B] Program directory (Directory, fixing failed)
C:\Documents and Settings\All Users\Application Data\Starware\

StarWare: [SBI $D2AFA17F] Program directory (Directory, fixing failed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\

StarWare: [SBI $95CA14DA] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}

StarWare: [SBI $C1439312] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5}

Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uparafuy.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amesujaj.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amovozat.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\aviwizim.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\efamidos.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\egoseluh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\umegizul.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\etameneh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\evemewew.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ewevizuh.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\eyonagol.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ukaverif.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ilowoyuw.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\izapopud.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ujafeliy.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ojoyohig.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\osipunej.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uduhalek.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\udatusav.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ubudiled.ini

Virtumonde: [SBI $1E12D746] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\fias4013

Virtumonde.prx: [SBI $9C9A1A85] Autorun settings (CPMf3075b31) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPMf3075b31

Virtumonde.prx: [SBI $9C9A1A85] Program file (File, fixed)
c:\windows\system32\vetidika.dll

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

Virtumonde.prx: [SBI $3F5CA9DA] Program file (File, fixed)
C:\WINDOWS\system32\bajuwuge.dll

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi

DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)


DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2008-12-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[md usa spybot fan]

mefthymi:

Consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required/suggested scans, start your own thread in the Malware Removal forum, making sure to post the HijackThis log produced from the above instructions.

[mefthymi]

I have now posted this problem on the Malware Removal Forum


Mike E

[md usa spybot fan]

The link to mefthymi (Mike E)'s thread in the Malware Removal forum:

• DLL Error & Registry Change Denied Message
  http://forums.spybot.info/showthread.php?t=42649