mefthymi
2008-12-29, 07:02
After running Spybot I now get a Run DLL error:
Error loading C:Windows\system32\bajuwuge.dll
This is probably because I denied a Registry Change request and now see a pop up every second with Registry Change Denied mesage. The details from the Resident Log are:
12/28/2008 8:54:00 PM Denied (based on user blacklist) value "vihisagadi" (new data: "Rundll32.exe "C:\WINDOWS\system32\bajuwuge.dll",s") added in System Startup global entry!
Is this a legimate registry change? If not how do I get rid off it?
Mike E
md usa spybot fan
2008-12-29, 07:47
mefthymi:
What did you attempt to remove with Spybot, Virtumonde perhaps?
It looks as if the bajuwuge.dll may have been deleted by Spybot but the infection was not totally cleared so the infection is attempting to add the "Rundll32.exe "C:\WINDOWS\system32\bajuwuge.dll",s" startup entry back into the registry.
If that is the case denying the registry change was the correct action.
Please post the Fixes.yymmdd-hhmm.txt log file from the running of Spybot before encountering the problem. There are two methods to do that:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the correct Fixes.yymmdd-hhmm.txt log file. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
The Fixes.yymmdd-hhmm.txt log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.txt log file. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Note: By default here are two Checks.yymmdd-hhmm.txt log files produced during a scan. The second Checks.yymmdd-hhmm.txt log file has the details of what the scan found. A Fixes.yymmdd-hhmm.txt log file is produced if you fix or attempt to fix something.
mefthymi
2008-12-29, 22:28
md usa spybot fan,
thanks for your support on this.
From the log it look like Virtumonde was detected so its possible this is causing the problem
Here is the fixes log file:
--- Report generated: 2008-12-28 11:46 ---
Hint of the Day: Click the bar at the right of this to see more information! ()
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe
StarWare: [SBI $A82637BF] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Starware
StarWare: [SBI $8008440B] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\BrowserSearch\
StarWare: [SBI $9780440A] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ErrorSearch\
StarWare: [SBI $76047FA3] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Layouts\
StarWare: [SBI $E5A2946D] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Manager\
StarWare: [SBI $AF7DF342] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\PopupBlocker\
StarWare: [SBI $3F6D43DB] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Reference\
StarWare: [SBI $461B2748] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\RelatedSearch\
StarWare: [SBI $82175B8E] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchAssistPlus\
StarWare: [SBI $B69F5A09] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchMatch\
StarWare: [SBI $D5728ACA] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Toolbar\
StarWare: [SBI $007CB757] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarLogo\
StarWare: [SBI $F5040D20] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarSearch\
StarWare: [SBI $6F569955] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\TravelSearch\
StarWare: [SBI $FDA327EC] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\
StarWare: [SBI $F26334AD] Web page (File, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\AlertArchive.xml
StarWare: [SBI $680C6CD8] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
StarWare: [SBI $CD7E532B] Program directory (Directory, fixing failed)
C:\Documents and Settings\All Users\Application Data\Starware\
StarWare: [SBI $D2AFA17F] Program directory (Directory, fixing failed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\
StarWare: [SBI $95CA14DA] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}
StarWare: [SBI $C1439312] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5}
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uparafuy.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amesujaj.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amovozat.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\aviwizim.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\efamidos.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\egoseluh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\umegizul.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\etameneh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\evemewew.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ewevizuh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\eyonagol.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ukaverif.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ilowoyuw.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\izapopud.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ujafeliy.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ojoyohig.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\osipunej.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uduhalek.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\udatusav.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ubudiled.ini
Virtumonde: [SBI $1E12D746] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\fias4013
Virtumonde.prx: [SBI $9C9A1A85] Autorun settings (CPMf3075b31) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPMf3075b31
Virtumonde.prx: [SBI $9C9A1A85] Program file (File, fixed)
c:\windows\system32\vetidika.dll
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
Virtumonde.prx: [SBI $3F5CA9DA] Program file (File, fixed)
C:\WINDOWS\system32\bajuwuge.dll
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2008-12-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- Report generated: 2008-12-28 11:46 ---
Hint of the Day: Click the bar at the right of this to see more information! ()
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe
StarWare: [SBI $A82637BF] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Starware
StarWare: [SBI $8008440B] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\BrowserSearch\
StarWare: [SBI $9780440A] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ErrorSearch\
StarWare: [SBI $76047FA3] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Layouts\
StarWare: [SBI $E5A2946D] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Manager\
StarWare: [SBI $AF7DF342] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\PopupBlocker\
StarWare: [SBI $3F6D43DB] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Reference\
StarWare: [SBI $461B2748] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\RelatedSearch\
StarWare: [SBI $82175B8E] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchAssistPlus\
StarWare: [SBI $B69F5A09] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\SearchMatch\
StarWare: [SBI $D5728ACA] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Toolbar\
StarWare: [SBI $007CB757] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarLogo\
StarWare: [SBI $F5040D20] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\ToolbarSearch\
StarWare: [SBI $6F569955] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\TravelSearch\
StarWare: [SBI $FDA327EC] Program directory (Directory, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\
StarWare: [SBI $F26334AD] Web page (File, fixed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\Weather\AlertArchive.xml
StarWare: [SBI $680C6CD8] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
StarWare: [SBI $CD7E532B] Program directory (Directory, fixing failed)
C:\Documents and Settings\All Users\Application Data\Starware\
StarWare: [SBI $D2AFA17F] Program directory (Directory, fixing failed)
C:\Documents and Settings\Janice Maroot\Application Data\Starware\
StarWare: [SBI $95CA14DA] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}
StarWare: [SBI $C1439312] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5}
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uparafuy.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amesujaj.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\amovozat.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\aviwizim.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\efamidos.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\egoseluh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\umegizul.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\etameneh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\evemewew.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ewevizuh.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\eyonagol.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ukaverif.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ilowoyuw.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\izapopud.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ujafeliy.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ojoyohig.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\osipunej.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\uduhalek.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\udatusav.ini
Virtumonde: [SBI $D510A69C] Configuration file (File, fixed)
C:\WINDOWS\system32\ubudiled.ini
Virtumonde: [SBI $1E12D746] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3832157255-1604685445-225423429-1005\Software\Microsoft\fias4013
Virtumonde.prx: [SBI $9C9A1A85] Autorun settings (CPMf3075b31) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPMf3075b31
Virtumonde.prx: [SBI $9C9A1A85] Program file (File, fixed)
c:\windows\system32\vetidika.dll
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
Virtumonde.prx: [SBI $3F5CA9DA] Program file (File, fixed)
C:\WINDOWS\system32\bajuwuge.dll
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
Virtumonde.prx: [SBI $3F5CA9DA] Autorun settings (vihisagadi) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi
DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
DirectTrack: Tracking cookie (Internet Explorer: Janice Maroot) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-12-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2008-12-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
md usa spybot fan
2008-12-29, 23:18
mefthymi:
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.
If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required/suggested scans, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from the above instructions.
mefthymi
2008-12-30, 18:27
I have now posted this problem on the Malware Removal Forum
Mike E
md usa spybot fan
2008-12-30, 23:47
The link to mefthymi (http://forums.spybot.info/member.php?u=54338) (Mike E)'s thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum:
DLL Error & Registry Change Denied Message
http://forums.spybot.info/showthread.php?t=42649