Archive for the 'BHO' Category

« Previous Entries

What is UpdateExplorer.dll, How to remove UpdateExplorer.dll

Friday, March 12th, 2010

UpdateExplorer.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: UpdateExplorer
Filename: UpdateExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}

Command: C:\Windows\System32\UpdateExplorer.dll
CLSID: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &UpdateCheck.dll – {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

DDS Line:

BHO: &UpdateCheck.dll: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}]
UpdateCheck.dll – C:\Windows\System32\UpdateExplorer.dll

Description: malicious add-on to Internet Explorer that installed by Antivirus 7. Antivirus 7 is a rogue antispyware program.

How to remove: use these Antivirus 7 removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is adc32.dll, How to remove adc32.dll

Wednesday, February 3rd, 2010

adc32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adc32
Filename: adc32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}

Command: C:\Program Files\adc32.dll
CLSID: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: ICQSys (ADC PlugIn) – {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

DDS Line:

BHO: ADC PlugIn: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}]
ADC PlugIn – C:\Program Files\adc32.dll [2010-02-04 958464]

Description: malicious BHO addon to Internet Explorer that installed by Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is Corpor.dll, How to remove Corpor.dll

Monday, December 7th, 2009

Corpor.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Corpor
Filename: Corpor.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}

Command: C:\Windows\System32\Corpor.dll
CLSID: {8FF40C83-9F3A-449C-8874-4C867931D5EA}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEE – {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

DDS Line:

BHO: IEE: {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}]
IEE – C:\Windows\System32\Corpor.dll

Description: trojan also known as Trojan-Downloader.Win32.Agent.cwyk [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in BHO, O2, Trojan | No Comments »

What is ieso0.dll, How to remove ieso0.dll

Saturday, December 5th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

Command: C:\Windows\System32\ieso0.dll
CLSID: {CE7C3CF0-4B15-11D1-ABED-709549C10000}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEHlprObj – {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

DDS Line:

BHO: IEHlprObj: {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj – C:\Windows\System32\ieso0.dll

Description: component of autorun.inf trojan. It installed with kxvo.exe

How to remove: use HijackThis + these autorun.inf trojans removal instructions

Posted in BHO, O2, Trojan | No Comments »

What is win32extension.dll, How to remove win32extension.dll

Tuesday, December 1st, 2009

win32extension.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: win32extension
Filename: win32extension.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\win32extension.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Security Update – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

DDS Line:

BHO: &Security Update: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update – C:\WINDOWS\system32\win32extension.dll [2009-12-01 665088]

Description: component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is ExplorerImages.dll, How to remove ExplorerImages.dll

Monday, November 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ExplorerImages
Filename: ExplorerImages.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\ExplorerImages.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

DDS Line:

BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Description: component of Alpha Antivirus that hijacks InternetExplorer. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is AntiVirus Plus.1.dll, How to remove AntiVirus Plus.1.dll

Thursday, November 19th, 2009

AntiVirus Plus.1.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus Plus.1
Filename: AntiVirus Plus.1.dll
Registry key:

Command: %UserProfile%\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
CLSID: {C2B5AAB8-2183-4be7-81A6-F11493C45872}
Startup Type:
HijackThis Category:
HijackThis Line:

O2 – BHO: Antivirus Plus BHO – {C2B5AAB8-2183-4be7-81A6-F11493C45872} – C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
O4 – HKLM\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1
O4 – HKCU\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
Antivirus Plus BHO – C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]

Description: component of AntiVirus Plus. AntiVirus Plus is a rogue antispyware program.

How to remove: use these AntiVirus Plus removal instructions.

Posted in BHO, O2, O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is IEAddon.dll, How to remove IEAddon.dll

Wednesday, October 28th, 2009

IEAddon.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IEAddon
Filename: IEAddon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}

Command: C:\Program Files\Desktop Defender 2010\IEAddon.dll
CLSID: {CCB5551D-8594-4999-85F9-1E3EABCB95AC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
StatusBarPane Class – C:\Program Files\Desktop Defender 2010\IEAddon.dll [2009-06-12 57344]

Description: component of Desktop Defender 2010. Desktop Defender 2010 is a rogue antispyware program.

How to remove: use these Desktop Defender 2010 removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

iehelpmod.dll is trojan fakeAlert

Tuesday, September 29th, 2009

iehelpmod.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »

msnaoladdon.dll is trojan.bho

Monday, September 28th, 2009

msnaoladdon.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msnaoladdon
Filename: msnaoladdon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Command: C:\WINDOWS\system32\msnaoladdon.dll
CLSID: {A77D3539-581D-450C-9E44-A84C415A6172}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {A77D3539-581D-450C-9E44-A84C415A6172} – C:\WINDOWS\system32\msnaoladdon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
C:\WINDOWS\system32\msnaoladdon.dll [2009-09-26 403968]

Description: trojan that installed by Alpha Antivirus (fake antivirus application)

How to remove: use these Alpha Antivirus removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »

« Previous Entries