DLL Errors on start up

Status
Not open for further replies.

mattchew008

Posts: 6   +0
Hi, I've recently ran into a case of malware.

I was using e-buddy (msn web-based messenger), and suddenly my computer attempted to install some sort of anti-spyware program. It would load the installation file, then fail claiming it couldn't connect to the server, but I would repeatedly get annoying ads popping up on my computer and it GREATLY slowed down my internet usability to basically unusable. I can't remember specifically what the program was called, but I know it wasn't good. I ended up installing
- ad-aware (ran a scan, came back)
- spybot search and destroy (claimed to remove it, came back)
- malwarebytes' anti-malware (finally removed it!)

I then ran a search on my PC for all the files with it's related name (of the spyware program that tried to install on my PC) and removed them, however now I get dll errors on start up and I'm not quite sure how to fix them =(

The 2 dll errors I get are:
- sbgltiik.dll
- nudsikrq.dll

I've tried running HJT to see if I could possibly identify some sort of issues with my registry, however it worked to no avail.

I've attached the log file below and I'm basically out of ideas on how to fix it.
If someone could help me or advise me in the right path it would be greatly appreciated!

Thanks,
mattchew008
 
Your Hijack log is from an old version if the program. Please be sure to use the recommended version when you go through the cleaning process. (currently v2.0.0.2)

You will also need to stop the Real Times programs that are running and that is also covered.
 
Sorry I don't quite understand.

I'm trying to see the 3 programs you have in your signature, but I can't seem to find them.

I will try running the newest version of hijack and turn off real player as well.

I'll keep you guys posted. Thanks for the help :D
 
Hi guys, I've followed the instructions up till step 10, run Smithfraudfix.exe, when I get this error

IEDFix.exe file missing!

Unzip all the archive in a folder.

Press any key to continue...

I've tried all 3 mirror files and get the same problem...not sure why, can I skip this step and continue with the rest?
 
I have followed all the steps to the best of my knowledge.

It appears I do not have any virus/malware (as I expected), but those .dll pop ups are still there.

Here are the logs.
Thanks a lot everyone for taking the time to help, I really appreciate it!
 

Attachments

  • combofixlog.txt
    17.9 KB · Views: 6
Hey everyone, I was searching through the forums for a solution and I think I found one, although I don't quite know the full implications of what I've done so far.

But here it is.
I went to my System Configuration Utility (run -> msconfig), then went to the Startup tab, found the 2 dll files (sbgltiik and nudsikrq) and disabled them on start up.

I no longer have those dll error pop ups, however does anyone know what the implications of doing it this way may cause?

Thanks
 
I doubt it will be that simple! Those dll files belonged to something- they weren't just 2 idle files that happened to be on your startup menu. Something put them there.

The two files are auto-loading from the Registry and will reappear when you reboot. You can have Hijack remove them, but unless the source is removed, they will load again:

O4 - HKLM\..\Run: [2a7688cc] rundll32.exe "C:\WINDOWS\system32\sbgltiik.dll",b
O4 - HKLM\..\Run: [BM2945bb50] Rundll32.exe "C:\WINDOWS\system32\nudsikrq.dll",s
You are also way behind in your Java updates. Have Hijack remove the following:
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
Then download the latest version which is v6u7:
https://www.techspot.com/downloads/6463-java-se.html

After downloading and installing the current Java, go to the Control Panel> Add/Remove Programs and uninstall ALL earlier versions of Java as they are a security risk.

You have an abundance of background IBM processes. It is doubtful that you need them all running and it is recommended that you disable those you do not use. A particular suspect process is:
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
This is listed as an IBM software installer but no one knows what it installs. It can also be a virus:
Defergui.exe VIRUS Alert:
Defergui.exe is a Trojan Virus installed on your computer mainly after getting a pirated software. When it is installed in your system it hijacks your browser.

Please note: I have not reviewed all the logs. I was concerned when you said you took the two entries off of startup and assumed that would handle the problem.
 
Status
Not open for further replies.
Back