Spybot asked me if I wanted to allow a registry change a few days ago, and I said yes, and I checked remember this decision. The computer seems to be working fine, but I keep getting windows on the desktop every few seconds. The windows say Resident at the top, and then the time, and then Registry change denied. Identified as user decision. That part is in bold, then in regular print, Resident denied the change of userinit (category System Startup user entry) based on your black list.

Based on advice in similar thread I read, I have copied the log lines from when the incident ocurred. The second one is repeated thousands of times, with the time changing. Thank you for any help you can provide.




6/18/2009 1:22:35 PM Encountered and terminated AdSpy.TTC in C:\Windows\system32\userinit.exe!
6/18/2009 1:23:04 PM Denied (based on user decision) value "userinit" (new data: "C:\Users\lew\AppData\Roaming\sdra64.exe") added in System Startup user entry!

TeaTimer is actually doing a good job at keeping this malware at bay.
http://www.prevx.com/filenames/X930247081595103602-X1/SDRA64.EXE.html
-
By denying the malware from starting up for the time being. What I would suggest you do is start your own thread in the Malware Removal Forums to get this rootkit cleaned out. It's pretty severe. The instructions are below.

Please follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where an analyst will advise you as soon as available.

I am proceeding as per your instructions.

http://forums.spybot.info/showthread.php?t=49524