Solved

2020Search Toolbar Removal

Posted on 2004-04-19
8
1,534 Views
Last Modified: 2009-07-29
How can I get rid of the 2020Search Toolbar that comes up every time I go to IE 6?  I have tried SpyBot S&D, Ad-Aware, Hijack This and Norton Antivirus 2003.
0
Comment
Question by:LinBro
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10861683
Hi LinBro,

Post the hijackthis logfile and we will be able to point out what to remove.

Greetings,

LucF
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10861797
Make a backup of your registry

Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

and remove that 2020search if you find them
0
 

Author Comment

by:LinBro
ID: 10862339
I've tried removing these items and they reappear.  Here is the Hijack This Log:

Logfile of HijackThis v1.97.7
Scan saved at 1:31:03 PM, on 4/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\Smtray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINNT\system32\wfxsnt40.exe
C:\winnt\system32\infwin.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINNT\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\LLB\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Mscnt] c:\winnt\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.4636689815
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - https://imaging.emitchell.com/../../saxfile.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {ED03E47C-D12B-4798-B016-E6EAA05FD1FA} (MitFIOCX.FIData) - https://imaging.emitchell.com/FIData.CAB
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C7FBDE-F64E-4EE8-A15D-7EC619B68C20}: NameServer = 216.167.161.35,216.167.161.36

Thanks for your help!
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 32

Accepted Solution

by:
Luc Franken earned 50 total points
ID: 10862391
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

After ticking all these lines and clicking "fix checked" reboot your computer and start updating windows fast!
http://windowsupdate.microsoft.com

Then, use this tool to remove all traces of the virusses you have running loose in your computer:
http://vil.nai.com/vil/stinger/

0
 

Author Comment

by:LinBro
ID: 10864182
So far, it's working like a charm!  Thanks!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10866370
So your problem is solved?
You did update windows?
You removed the virusses with stinger?

LucF
0
 

Author Comment

by:LinBro
ID: 10885130
Solved!  Yes, I did the updates and used stinger.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10886065
Can you then please click the "accept" link on the comment that helped you the most?

Anyway, glad to help :)

LucF
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question