HT Logs. Tips, FAQs, Analyze.

UpdateExplorer.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: UpdateExplorer
Filename: UpdateExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}

Command: C:\Windows\System32\UpdateExplorer.dll
CLSID: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &UpdateCheck.dll – {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

DDS Line:

BHO: &UpdateCheck.dll: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}]
UpdateCheck.dll – C:\Windows\System32\UpdateExplorer.dll

Description: malicious add-on to Internet Explorer that installed by Antivirus 7. Antivirus 7 is a rogue antispyware program.

How to remove: use these Antivirus 7 removal instructions.

AvBho.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AvBho
Filename: AvBho.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}

Command: C:\Program Files\Antivirus\AvBho.dll
CLSID: {9d541c6a-573b-4888-b35e-6816e68c3620}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: BhoApp – {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

DDS Line:

BHO: BhoApp: {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}]
BhoApp – C:\Program Files\Antivirus\AvBho.dll

Description: malicious BHO module, component of Antivirus. Antivirus is a rogue antispyware program.

How to remove: use these Antivirus removal instructions.

adc32.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: adc32
Filename: adc32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}

Command: C:\Program Files\adc32.dll
CLSID: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: ICQSys (ADC PlugIn) – {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

DDS Line:

BHO: ADC PlugIn: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}]
ADC PlugIn – C:\Program Files\adc32.dll [2010-02-04 958464]

Description: malicious BHO addon to Internet Explorer that installed by Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

Corpor.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Corpor
Filename: Corpor.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}

Command: C:\Windows\System32\Corpor.dll
CLSID: {8FF40C83-9F3A-449C-8874-4C867931D5EA}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEE – {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

DDS Line:

BHO: IEE: {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}]
IEE – C:\Windows\System32\Corpor.dll

Description: trojan also known as Trojan-Downloader.Win32.Agent.cwyk [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

Command: C:\Windows\System32\ieso0.dll
CLSID: {CE7C3CF0-4B15-11D1-ABED-709549C10000}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEHlprObj – {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

DDS Line:

BHO: IEHlprObj: {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj – C:\Windows\System32\ieso0.dll

Description: component of autorun.inf trojan. It installed with kxvo.exe

How to remove: use HijackThis + these autorun.inf trojans removal instructions

win32extension.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: win32extension
Filename: win32extension.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\win32extension.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Security Update – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

DDS Line:

BHO: &Security Update: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update – C:\WINDOWS\system32\win32extension.dll [2009-12-01 665088]

Description: component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ExplorerImages
Filename: ExplorerImages.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\ExplorerImages.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

DDS Line:

BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Description: component of Alpha Antivirus that hijacks InternetExplorer. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

AntiVirus Plus.1.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus Plus.1
Filename: AntiVirus Plus.1.dll
Registry key:

Command: %UserProfile%\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
CLSID: {C2B5AAB8-2183-4be7-81A6-F11493C45872}
Startup Type:
HijackThis Category:
HijackThis Line:

O2 – BHO: Antivirus Plus BHO – {C2B5AAB8-2183-4be7-81A6-F11493C45872} – C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
O4 – HKLM\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1
O4 – HKCU\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
Antivirus Plus BHO – C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]

Description: component of AntiVirus Plus. AntiVirus Plus is a rogue antispyware program.

How to remove: use these AntiVirus Plus removal instructions.

IEAddon.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: IEAddon
Filename: IEAddon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}

Command: C:\Program Files\Desktop Defender 2010\IEAddon.dll
CLSID: {CCB5551D-8594-4999-85F9-1E3EABCB95AC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
StatusBarPane Class – C:\Program Files\Desktop Defender 2010\IEAddon.dll [2009-06-12 57344]

Description: component of Desktop Defender 2010. Desktop Defender 2010 is a rogue antispyware program.

How to remove: use these Desktop Defender 2010 removal instructions

iehelpmod.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions