Solved

2020Search Toolbar Removal

Posted on 2004-04-19
8
1,537 Views
Last Modified: 2009-07-29
How can I get rid of the 2020Search Toolbar that comes up every time I go to IE 6?  I have tried SpyBot S&D, Ad-Aware, Hijack This and Norton Antivirus 2003.
0
Comment
Question by:LinBro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 10861683
Hi LinBro,

Post the hijackthis logfile and we will be able to point out what to remove.

Greetings,

LucF
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10861797
Make a backup of your registry

Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

and remove that 2020search if you find them
0
 

Author Comment

by:LinBro
ID: 10862339
I've tried removing these items and they reappear.  Here is the Hijack This Log:

Logfile of HijackThis v1.97.7
Scan saved at 1:31:03 PM, on 4/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\Smtray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINNT\system32\wfxsnt40.exe
C:\winnt\system32\infwin.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINNT\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\LLB\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Mscnt] c:\winnt\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.4636689815
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - https://imaging.emitchell.com/../../saxfile.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {ED03E47C-D12B-4798-B016-E6EAA05FD1FA} (MitFIOCX.FIData) - https://imaging.emitchell.com/FIData.CAB
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C7FBDE-F64E-4EE8-A15D-7EC619B68C20}: NameServer = 216.167.161.35,216.167.161.36

Thanks for your help!
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 32

Accepted Solution

by:
LucF earned 50 total points
ID: 10862391
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

After ticking all these lines and clicking "fix checked" reboot your computer and start updating windows fast!
http://windowsupdate.microsoft.com

Then, use this tool to remove all traces of the virusses you have running loose in your computer:
http://vil.nai.com/vil/stinger/

0
 

Author Comment

by:LinBro
ID: 10864182
So far, it's working like a charm!  Thanks!
0
 
LVL 32

Expert Comment

by:LucF
ID: 10866370
So your problem is solved?
You did update windows?
You removed the virusses with stinger?

LucF
0
 

Author Comment

by:LinBro
ID: 10885130
Solved!  Yes, I did the updates and used stinger.
0
 
LVL 32

Expert Comment

by:LucF
ID: 10886065
Can you then please click the "accept" link on the comment that helped you the most?

Anyway, glad to help :)

LucF
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question