HT Logs. Tips, FAQs, Analyze.

notepad.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: notepad
Filename: notepad.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: c:\windows\system32\notepad.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

DDS Line:

mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Description: trojan also known as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

ntload.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: %UserProfile%\ntload.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

DDS Line:

uRun: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Description: trojan also know as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

lib.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: lib
Filename: lib.dll
Command: C:\Program Files\Shared\lib.dll
Description: Trojan.BHO [MalwareBytes Anti-malware]

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: siszyd32
Filename: siszyd32.exe
Command: %userProfile%\start menu\programs\startup\siszyd32.exe
Startup Type: StartUp folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: siszyd32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\siszyd32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
siszyd32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

av_md.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: av_md
Filename: av_md.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | av_md
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | av_md

Command:

%WinDir%\system32\av_md.exe
%UserProfile%\av_md.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe
O4 – HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘Default user’)

DDS Line:

mRun: [av_md] C:\WINDOWS\system32\av_md.exe
uRun: [av_md] C:\Documents and Settings\user\av_md.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\WINDOWS\system32\av_md.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\Documents and Settings\user\av_md.exe

Description: trojan also known as Trojan.Pandex [Symantec], Backdoor.Win32.HareBot.alo [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

ccdrive32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ccdrive32
Filename: ccdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: C:\Windows\ccdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe

Description: trojan also known as Trojan.Win32.Buzus.crty [Kaspersky Lab], Worm:Win32/Pushbot.gen [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

mydpla.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mydpla
Filename: mydpla.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Technology NT

Command: C:\Windows\System32\mydpla.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Technology NT] C:\Windows\System32\mydpla.exe

DDS Line:

mRun: [Technology NT] C:\Windows\System32\mydpla.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Technology NT”=C:\Windows\System32\mydpla.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.apxq [Kaspersky Lab]

How to remove: use HijackThis + Kaspersky virus removal tool

ntfs_ext7.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ntfs_ext7
Filename: ntfs_ext7.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | NTFS_ext_drv

Command: \?\globalroot\Windows\System32\ntfs_ext7.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [NTFS_ext_drv] \\?\globalroot\Windows\System32\ntfs_ext7.exe

DDS Line:

mRun: [NTFS_ext_drv] \?\globalroot\Windows\System32\ntfs_ext7.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“NTFS_ext_drv”=\?\globalroot\Windows\System32\ntfs_ext7.exe

Description: trojan agent

How to remove: use HijackThis

raidhost.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: raidhost
Filename: raidhost.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | raidhost

Command: C:\Windows\raidhost.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [raidhost] raidhost.exe

DDS Line:

mRun: [raidhost] raidhost.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“raidhost”=raidhost.exe

Description: trojan also known as Backdoor.Trojan [Symantec], Worm.Win32.AutoRun.gow [Kaspersky Lab], W32/Autorun.worm!fi [McAfee], Backdoor:Win32/IRCbot [Microsoft], Backdoor.Win32.IRCBot [Ikarus]

How to remove: use HijackThis + Kaspersky virus removal tool

Corpor.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Corpor
Filename: Corpor.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}

Command: C:\Windows\System32\Corpor.dll
CLSID: {8FF40C83-9F3A-449C-8874-4C867931D5EA}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEE – {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

DDS Line:

BHO: IEE: {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}]
IEE – C:\Windows\System32\Corpor.dll

Description: trojan also known as Trojan-Downloader.Win32.Agent.cwyk [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware