Category Archives: O2

What is mmx.dll, How to remove mmx.dll

mmx.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mmx
Filename: mmx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}

Command: %WinDir%\$NtUninstallMTF1011$\mmx.dll
CLSID: {0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]
brumaqpyxgrm Object – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll [2010-08-17 247296]

DDS Line:

BHO: brumaqpyxgrm Object : {0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629} – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]
brumaqpyxgrm Object – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll

Description: variant of Win32/Adware.Lifze

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]

:files
%WinDir%\$NtUninstallMTF1011$\mmx.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is mmduch.dll, How to remove mmduch.dll

mmduch.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mmduch
Filename: mmduch.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | bipro

Command: %WinDir%\$NtUninstallMTF1011$\mmduch.dll
CLSID: {9429BB93-2DC8-4C12-83A6-91BF6B374D85}
Startup Type: BHO, HKLM->Run
HijackThis Category: O2, O4
HijackThis Line:

O2 – BHO: Sky-Banners Browser Enhancer mmduch – {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
O4 – HKLM\..\Run: [bipro] rundll32 “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

DDS Line:

BHO: Sky-Banners Browser Enhancer mmduch: {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
mRun: [bipro] “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]
Sky-Banners Browser Enhancer mmduch – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=”C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

Description: component of Sky-Banners Browser Enhancer malware

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=-

:files
%WinDir%\$NtUninstallMTF1011$\mmduch.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is Wireshark Antivirus, How to remove Wireshark Antivirus

Wireshark Antivirus is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Startup Type: BHO, Service
HijackThis Category: O2, O23
HijackThis Line:

O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

Description: rogue antispyware program

How to remove: use these Wireshark Antivirus removal instructions.

What is dfmcd21.dll, How to remove dfmcd21.dll

dfmcd21.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dfmcd21
Filename: dfmcd21.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}

Command: C:\WINDOWS\system32\dfmcd21.dll
CLSID: {0098EFCC-12D6-4B0C-B566-E133F6B4941B}, {77D30FCF-771E-4EF4-9DCD-69056CA0B517}
Startup Type: BHO, Microsoft active setup
HijackThis Category: O2
HijackThis Line:

O2 – BHO: – {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll

DDS Line:

BHO: : {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll
mASetup: {77D30FCF-771E-4EF4-9DCD-69056CA0B517} – C:\WINDOWS\system32\dfmcd21.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll

Description: malware

How to remove: use the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]

:files
%WinDir%\system32\dfmcd21.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is MicrosoftExtensions.dll, How to remove MicrosoftExtensions.dll

MicrosoftExtensions.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MicrosoftExtensions
Filename: MicrosoftExtensions.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3304f17f-732c-4ac6-bf67-dbdc8b88c11f}

Command: %Temp%\MicrosoftExtensions.dll
CLSID: {3304f17f-732c-4ac6-bf67-dbdc8b88c11f}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &UpdateCheck.dll – {3304F17F-732C-4AC6-BF67-DBDC8B88C11F} – C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MICROS~1.DLL

DDS Line:

BHO: &UpdateCheck.dll : {3304F17F-732C-4AC6-BF67-DBDC8B88C11F} – C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MICROS~1.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}]
&UpdateCheck.dll – C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MICROS~1.DLL

Description: trojan BHO that installed with AntivirusGT. AntivirusGT is a rogue antispyware program

How to remove: use the AntivirusGT removal instructions or the steps below.

1. Run Internet Explorer, open Tools menu and select Manage Add-ons option. Select UpdateCheck.dll addon and click disable. Click Ok and OK again. Close Internet Explorer.

2. Right click to Task bar and select Task Manager. In the list of processes, select AntivirusGT.exe and click End process button to stop it. Click Yes to confirm it. Close task Manager.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is UpdateExplorer.dll, How to remove UpdateExplorer.dll

UpdateExplorer.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: UpdateExplorer
Filename: UpdateExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}

Command: C:\Windows\System32\UpdateExplorer.dll
CLSID: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &UpdateCheck.dll – {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

DDS Line:

BHO: &UpdateCheck.dll: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}]
UpdateCheck.dll – C:\Windows\System32\UpdateExplorer.dll

Description: malicious add-on to Internet Explorer that installed by Antivirus 7. Antivirus 7 is a rogue antispyware program.

How to remove: use these Antivirus 7 removal instructions.

What is AvBho.dll, How to remove AvBho.dll

AvBho.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AvBho
Filename: AvBho.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}

Command: C:\Program Files\Antivirus\AvBho.dll
CLSID: {9d541c6a-573b-4888-b35e-6816e68c3620}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: BhoApp – {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

DDS Line:

BHO: BhoApp: {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}]
BhoApp – C:\Program Files\Antivirus\AvBho.dll

Description: malicious BHO module, component of Antivirus. Antivirus is a rogue antispyware program.

How to remove: use these Antivirus removal instructions.

What is adc32.dll, How to remove adc32.dll

adc32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adc32
Filename: adc32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}

Command: C:\Program Files\adc32.dll
CLSID: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: ICQSys (ADC PlugIn) – {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

DDS Line:

BHO: ADC PlugIn: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}]
ADC PlugIn – C:\Program Files\adc32.dll [2010-02-04 958464]

Description: malicious BHO addon to Internet Explorer that installed by Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

What is Corpor.dll, How to remove Corpor.dll

Corpor.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Corpor
Filename: Corpor.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}

Command: C:\Windows\System32\Corpor.dll
CLSID: {8FF40C83-9F3A-449C-8874-4C867931D5EA}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEE – {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

DDS Line:

BHO: IEE: {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}]
IEE – C:\Windows\System32\Corpor.dll

Description: trojan also known as Trojan-Downloader.Win32.Agent.cwyk [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is ieso0.dll, How to remove ieso0.dll

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

Command: C:\Windows\System32\ieso0.dll
CLSID: {CE7C3CF0-4B15-11D1-ABED-709549C10000}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEHlprObj – {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

DDS Line:

BHO: IEHlprObj: {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj – C:\Windows\System32\ieso0.dll

Description: component of autorun.inf trojan. It installed with kxvo.exe

How to remove: use HijackThis + these autorun.inf trojans removal instructions