Solved

2020Search Toolbar Removal

Posted on 2004-04-19
8
1,531 Views
Last Modified: 2009-07-29
How can I get rid of the 2020Search Toolbar that comes up every time I go to IE 6?  I have tried SpyBot S&D, Ad-Aware, Hijack This and Norton Antivirus 2003.
0
Comment
Question by:LinBro
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10861683
Hi LinBro,

Post the hijackthis logfile and we will be able to point out what to remove.

Greetings,

LucF
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10861797
Make a backup of your registry

Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

and remove that 2020search if you find them
0
 

Author Comment

by:LinBro
ID: 10862339
I've tried removing these items and they reappear.  Here is the Hijack This Log:

Logfile of HijackThis v1.97.7
Scan saved at 1:31:03 PM, on 4/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\Smtray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINNT\system32\wfxsnt40.exe
C:\winnt\system32\infwin.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINNT\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\LLB\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Mscnt] c:\winnt\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.4636689815
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - https://imaging.emitchell.com/../../saxfile.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {ED03E47C-D12B-4798-B016-E6EAA05FD1FA} (MitFIOCX.FIData) - https://imaging.emitchell.com/FIData.CAB
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C7FBDE-F64E-4EE8-A15D-7EC619B68C20}: NameServer = 216.167.161.35,216.167.161.36

Thanks for your help!
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 50 total points
ID: 10862391
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cngc.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {00DF1284-083D-488C-A031-CE0D9CEE9142} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {04245EC0-5E97-4B59-A1C9-CFFD8C99F0C1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0D78E984-944D-4457-8D04-AEED39AD86DE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0E2DA6DB-B0A7-4E32-BC85-8AB5D9803AB4} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {0F4B40C4-5B05-432A-9CE3-5E9BE7B884E5} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {15A50002-ED39-4081-82A6-46829ED1CB19} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {1E4064FB-766B-4DF5-BC02-81F941767A6C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2115FCF3-3AB9-4D0B-982C-DCB9AE75562B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2405028D-769B-43A9-9AF4-CC531F6E33A0} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\System32\stlbdist.DLL
O2 - BHO: (no name) - {32C4571B-DBE1-4E12-91B8-098773B85C68} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {336CDBA8-1A88-47F6-8142-B87D71FBD4D6} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {36594D8C-7C76-492B-AB41-223C7000A76C} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {38B1D185-FDEE-4704-BE22-E6D5A7122C0E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3CACCCEC-1737-4CC2-AAF1-EE14FFFDE42B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {3FF5E0A5-8F1B-4E80-8852-75480E81E71D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {45F36E29-9351-41D6-80B3-6CADC9FD7E53} - C:\WINNT\System32\cngc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\LLB\BACKUP~3.DLL
O2 - BHO: (no name) - {5E271C40-28A4-4355-A4C3-7DAA1561A5F9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {7272C341-1C7A-4E63-B55C-08710A81F4FD} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {858F6D92-58E5-4316-A0D2-0DA755E3C819} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {881E3858-04BB-4D6F-BCA3-C30FC71DD880} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8BB9F018-AD8A-4B96-9291-BBCBE42EBCE3} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {8F921655-8D69-43AE-AF26-86A69810A1E9} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\System32\bridge.dll
O2 - BHO: (no name) - {A39112CA-FFC5-4CFD-BC43-FF51303E0A97} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {A3EE71AE-5DA6-47DB-9B64-6936CBEB75AE} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {B2C28E6D-F16A-425D-94E6-BC198187E93D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C0090A19-4CD1-41EF-8FBF-79DE94F8F30E} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {C8BF565E-145B-4B6D-9D5F-2C04B1FEAD39} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CDA3D1A7-0EAE-41C7-BE78-F5B9543CEB25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CE76FDEB-E257-4475-BBA4-0306B189020D} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {CEE83B7B-FFE5-44DA-B864-8A60EA04B940} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D05652FB-E3E5-4D4B-A661-CE7ACF21F45B} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0A0450F-B92F-4439-9811-C83BCDCB5DB2} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D0C5654E-BF7C-4C73-9384-6E77AB38ED25} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D498F354-E92E-4B30-B554-AC2C532E2982} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {D90F98C3-5C8D-4C0B-A7D4-C2DB6F2E3372} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {DDCBED59-0A7C-4C1C-B267-01862EF1D36F} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {E2F5A057-BFF3-4BB7-9C63-AF916D6592D1} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {F17678D5-9740-4AB2-9D18-A4555070EE26} - C:\WINNT\System32\cngc.dll
O2 - BHO: (no name) - {FABFAE6D-366A-4F7E-BDB2-B274FEE395B6} - C:\WINNT\System32\cngc.dll
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [infwin] c:\winnt\system32\infwin.exe /noconnect
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - Startup: AUTODISC.BAT.lnk = C:\AUTODISC.BAT
O8 - Extra context menu item: &RSDN Search - res://C:\WINNT\2020SE~1.DLL/GoRSDN.dll.htm
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

After ticking all these lines and clicking "fix checked" reboot your computer and start updating windows fast!
http://windowsupdate.microsoft.com

Then, use this tool to remove all traces of the virusses you have running loose in your computer:
http://vil.nai.com/vil/stinger/

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:LinBro
ID: 10864182
So far, it's working like a charm!  Thanks!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10866370
So your problem is solved?
You did update windows?
You removed the virusses with stinger?

LucF
0
 

Author Comment

by:LinBro
ID: 10885130
Solved!  Yes, I did the updates and used stinger.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10886065
Can you then please click the "accept" link on the comment that helped you the most?

Anyway, glad to help :)

LucF
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now