Popups at startup

March 24, 2010 at 21:17:14
Specs: Windows Vista
My problem is, that during startup, messages
say that, "The application failed to start
because notepad.dll was not found." I know
that notepad.dll is a virus, but it isn't on the
computer, so i'm not getting it. The computer
isn't slowing down, it's been getting these
messages for 2 months now. Here is my
HiJackThis report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:35 PM, on 3/24/2010
Platform: Windows Vista SP1 (WinNT
6.00.1905)
MSIE: Internet Explorer v8.00
(8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Program Files\Toshiba\Power
Saver\TPwrMain.exe
C:\Program
Files\Toshiba\SmoothView\SmoothView.exe
C:\Program
Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program
Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSHIBA Service
Station\TSS.exe
C:\Program Files\Winamp\winampa.exe
C:\Program
Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media
Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org
3\program\soffice.exe
C:\Program Files\OpenOffice.org
3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program
Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Kana\AppData\Local\Google\Chrome
\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
C:\Users\Kana\AppData\Local\Google\Chrome
\Application\chrome.exe
C:\Users\Kana\AppData\Local\Google\Chrome
\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.ask.com?o=101676&l=null
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]
C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program
Files\Intel\Intel Matrix Storage
Manager\iaanotif.exe
O4 - HKLM\..\Run: [Camera Assistant
Software] "C:\Program Files\Camera Assistant
Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain]
%ProgramFiles%\TOSHIBA\Power
Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON]
%ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView]
%ProgramFiles%\Toshiba\SmoothView\Smoot
hView.exe
O4 - HKLM\..\Run: [00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrd
Main.exe
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe]
NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe]
cfFncEnabler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [notepad] rundll32.exe
C:\Windows\system32\notepad.dll,_IWMPEve
nts@0
O4 - HKLM\..\Run: [ToshibaServiceStation]
C:\Program Files\TOSHIBA\TOSHIBA Service
Station\TSS.exe /hide
O4 - HKLM\..\Run: [Fsipamux] rundll32.exe
"C:\Users\Kana\AppData\Local\ijewaqifihufeho.
dll",Startup
O4 - HKLM\..\Run: [WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-
Malware (reboot)] "C:\Program
Files\Malwarebytes' Anti-Malware\mbam.exe"
/runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-
Malware] C:\Program Files\Malwarebytes'
Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program
Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update]
"C:\Users\Kana\AppData\Local\Google\Update
\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe
C:\Windows\system32\config\SYSTEM~1\ntlo
ad.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Kvorimogoy] rundll32.exe
"C:\Users\Kana\AppData\Local\CPCMSNl.dll",
Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]
%ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run:
[WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]
%ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User
'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk =
C:\Program Files\OpenOffice.org
3\program\quickstart.exe
O4 - Startup: scandisk.lnk = ?
O4 - Startup: winesm32.exe
O8 - Extra context menu item: Add to Google
Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXC
EL.EXE/3000
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-
9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4
~1.DLL
O23 - Service: Agere Modem Call Progress
Audio (AgereModemAudio) - Agere Systems -
C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA
CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) -
ESET - C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
O23 - Service: IntelĀ® PROSet/Wireless Event
Log (EvtEng) - Intel(R) Corporation -
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event
Monitor (IAANTMON) - Intel Corporation -
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: IntelĀ® PROSet/Wireless
Registry Service (RegSrvc) - Intel(R)
Corporation - C:\Program Files\Common
Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SmartFaceVWatchSrv -
Toshiba - C:\Program
Files\Toshiba\SmartFaceV\SmartFaceVWatch
Srv.exe
O23 - Service: TMachInfo - TOSHIBA
Corporation - C:\Program
Files\TOSHIBA\TOSHIBA Service
Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service
(TNaviSrv) - TOSHIBA Corporation -
C:\Program Files\Toshiba\TOSHIBA DVD
PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive
Service (TODDSrv) - TOSHIBA Corporation -
C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver
(TosCoSrv) - TOSHIBA Corporation -
C:\Program Files\Toshiba\Power
Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service -
TOSHIBA Corporation - C:\Program
Files\TOSHIBA\SMARTLogService\TosIPCSrv.
exe
O23 - Service: Ulead Burning Helper
(UleadBurningHelper) - Ulead Systems, Inc. -
C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe
O23 - Service: WinEncrypt service
(wencrservice) - WinEncrypt -
C:\Windows\SYSTEM32\wentxp.exe

--
End of file - 7952 bytes


See More: Popups at startup

Report •


#1
March 25, 2010 at 00:51:02
You are getting the error message because you've removed the file but there's still a command at startup which I suspect is the one shown in HJT as:

O4 - HKCU\..\Run: [notepad] rundll32.exe
C:\Windows\system32\config\SYSTEM~1\ntlo
ad.dll,_IWMPEvents@0

You also have a few other obvious ones - (the one below it is definitely suspect) but I'm not an HJT expert so i don't want to give specific advice, you could start by checking MSCONFIG and disabling the 'notepad' one from there to see if it fixes your problem.

"I've always been mad, I know I've been mad, like the most of us..."


Report •

#2
March 26, 2010 at 09:42:42
The poster posted his log without a request, funny he didn't SEE the pop-up when he posted, telling him that, it sure is big enough!

Other website forums are full of junk like that, and that's what makes computing.net so unique, they control the junk.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions


Ask Question