Can anyone tell me what applications NCPMFCD.dll or agapadewiyohu.dll are used with?
Can’t find anything on them. agapadewiyohu.dll definitely looks like malware.
They look like randomly generated file names and there are no hits on google, which for dll files I find a little suspect.
Depending on the location of these dll files ?
If in any of the system folders, system or system32, etc. would make it even more suspect.
However, this begs the question why are you asking ?
I’ve spent many hours fighting a “MALICIOUS URL BLOCKED” report from avast!. I’ve finally got the problem taken care of. However, while looking for possible problems I ran across both of these entries in the System Configration Utility Start list. I unchecked NCPMFCD and have not seen any problems after restarting and the box stays unchecked. When I uncheck the box associated with agapadewiyohu.dll , apply, then restart, when I’m back running and check the SCU Start List, the box has been rechecked. I’m trying to make sure I have all my problems taken care of.
The entry reads:
rundll32.exe “C:\WINDOWS\agapadewiyohu.dll”, Startup
Have you run Malware Bytes Anti Malware (MBAM)???
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Does it bring up anything ???
See if you can find both of these files, especially the agapadewiyohu.dll that keeps getting reinstated and and send the samples to avast.
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
It looks like there is something remaining in your system that is trying to register that dll file using the startup list. So if you have a topic in the viruses and worms forum about this you should report this development in it. If you don’t have a topic in the viruses and worms forum about this you should create one.
I have run MBAM - many times over the last few days. In looking back over my notes, avast! actually found the NCPMFCD.dll problem - it was attributed to Win32:Crypt-IMY[Trj]. avast! moved the file to the Virus chest. I realized there was an entry in the System Configuration Utility Startup List as I would get an error message when it tried to execute the file that had been moved to the virus chest. I unchecked the execute box in the Startup list and everything appears to be fine.
MBAM, avast!, nor Windows Defender have ever found anything wrong with aqapadewiyohu.dll. The name seemed unusual and when I Googled it I could find no reference to it. It also seemed unusual that if I tried to turn off the execution it would reset itself somehow.
Question - since NCPMFCD is still in the SCU Startup list (unchecked) is there any way to delete that entry from the Startup List??
I will take DavidR’s advice and send it to avast! I do have an article in the Viruses and worms forum under MALICIOUS URL BLOCKED where I describe what I went through to get the problem fixed.
You could also check the offending/suspect aqapadewiyohu.dll file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
This should give a good idea if any of the 43 different scanners find this infected/suspect, etc.
Since the startup entry rundll32.exe “C:\WINDOWS\agapadewiyohu.dll”, keeps being created, there is something else undetected, so you cleansing hasn’t been thorough. So that needs to be reported in your other topic, so that essexboy can get back on the case.
Here is the URL for the results page of VirusTotal:
Too many bad vibes to ignore it. 
This should also be posted in your other topic, it is crucial that you get back there as essexboy has asked you to post an OTL log.
http://forum.avast.com/index.php?topic=71596.msg599952#msg599952
He is trying to help and his time is very limited, so he will only be on the forums for a couple of hours.
I have just posted the OTL log.
sigcheck:
publisher…: X10 Wireless Technology, Inc.
copyright…: (C) X10 Wireless Technology, Inc. 2003-2006
product…: X10 USB Control Interface
description…: X10 USB Control Interface
original name: x10ufx2.sys
internal name: x10ufx2.sys
file version.: 6.0.0.210
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
Strange why the file name would be changed from the original and even stranger that the original is a sys file rather than a dll file.
Do you need anything further from me? I’m also working this problem with essexboy in the viruses and worms forum…
Thanks for your help!!