Archive for the 'O2' Category

« Previous Entries
Next Entries »

What is win32extension.dll, How to remove win32extension.dll

Tuesday, December 1st, 2009

win32extension.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: win32extension
Filename: win32extension.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\win32extension.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Security Update – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

DDS Line:

BHO: &Security Update: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update – C:\WINDOWS\system32\win32extension.dll [2009-12-01 665088]

Description: component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is ExplorerImages.dll, How to remove ExplorerImages.dll

Monday, November 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ExplorerImages
Filename: ExplorerImages.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\ExplorerImages.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

DDS Line:

BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Description: component of Alpha Antivirus that hijacks InternetExplorer. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is AntiVirus Plus.1.dll, How to remove AntiVirus Plus.1.dll

Thursday, November 19th, 2009

AntiVirus Plus.1.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus Plus.1
Filename: AntiVirus Plus.1.dll
Registry key:

Command: %UserProfile%\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
CLSID: {C2B5AAB8-2183-4be7-81A6-F11493C45872}
Startup Type:
HijackThis Category:
HijackThis Line:

O2 – BHO: Antivirus Plus BHO – {C2B5AAB8-2183-4be7-81A6-F11493C45872} – C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
O4 – HKLM\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1
O4 – HKCU\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
Antivirus Plus BHO – C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]

Description: component of AntiVirus Plus. AntiVirus Plus is a rogue antispyware program.

How to remove: use these AntiVirus Plus removal instructions.

Posted in BHO, O2, O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is IEAddon.dll, How to remove IEAddon.dll

Wednesday, October 28th, 2009

IEAddon.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IEAddon
Filename: IEAddon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}

Command: C:\Program Files\Desktop Defender 2010\IEAddon.dll
CLSID: {CCB5551D-8594-4999-85F9-1E3EABCB95AC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
StatusBarPane Class – C:\Program Files\Desktop Defender 2010\IEAddon.dll [2009-06-12 57344]

Description: component of Desktop Defender 2010. Desktop Defender 2010 is a rogue antispyware program.

How to remove: use these Desktop Defender 2010 removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

iehelpmod.dll is trojan fakeAlert

Tuesday, September 29th, 2009

iehelpmod.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »

msnaoladdon.dll is trojan.bho

Monday, September 28th, 2009

msnaoladdon.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msnaoladdon
Filename: msnaoladdon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Command: C:\WINDOWS\system32\msnaoladdon.dll
CLSID: {A77D3539-581D-450C-9E44-A84C415A6172}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {A77D3539-581D-450C-9E44-A84C415A6172} – C:\WINDOWS\system32\msnaoladdon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
C:\WINDOWS\system32\msnaoladdon.dll [2009-09-26 403968]

Description: trojan that installed by Alpha Antivirus (fake antivirus application)

How to remove: use these Alpha Antivirus removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »

wogipute.dll is trojan Vundo

Sunday, September 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wogipute
Filename: wogipute.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}

Command: c:\windows\system32\wogipute.dll
CLSID: {6933d543-b109-40aa-9185-58ccc8241c09}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {6933d543-b109-40aa-9185-58ccc8241c09} – c:\windows\system32\wogipute.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}]
2009-06-20 03:46 50688 –sha-w- c:\windows\system32\wogipute.dll

Description: trojan Vundo that installs rogue antispyware programs

How to remove: use Malwarebytes` Anti-malware

Posted in BHO, O2, Trojan | No Comments »

WStech.dll is trojan FakeAlert, component of Green AV

Sunday, September 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WStech
Filename: WStech.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}

Command: C:\Documents and Settings\All Users\Application Data\gra\WStech.dll
CLSID: {A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: WStechB – {A5DBD8CB-DF8A-4992-A655-B155216F6AFB} – C:\Documents and Settings\All Users\Application Data\gra\WStech.dll

Description: trojan FakeAlert that installed by Green AV rogue antispyware program

How to remove: use these Green AV removal instructions

Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »

kj32.dll is trojan.bho

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: kj32
Filename: kj32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6458C00E-EF7F-4f06-9E06-49EA923386FD}

Command: C:\WINDOWS\System32\kj32.dll
CLSID: {6458C00E-EF7F-4f06-9E06-49EA923386FD}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: pl – {6458C00E-EF7F-4f06-9E06-49EA923386FD} – C:\WINDOWS\System32\kj32.dll

Description: trojan bho

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in BHO, O2, Trojan | No Comments »

ddrawx.dll is component of USAntiSpy

Saturday, July 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ddrawx
Filename: ddrawx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}

Command: C:\WINDOWS\system32\ddrawx.dll
CLSID: {0B014B81-4E12-46F9-806F-55867AF8FD3C}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: & – {0B014B81-4E12-46F9-806F-55867AF8FD3C} – C:\WINDOWS\system32\ddrawx.dll

Description: BHO component of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

« Previous Entries
Next Entries »