R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2sea...sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassista...om/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eznsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.eznsearch.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\System32\AANTX.dll
O2 - BHO: (no name) - {22D34420-FEE3-D2AD-CDBA-C11BF1E35FD4} - C:\WINDOWS\Dzugtnie.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Search - {6C3FA15A-7573-E65B-A6B1-8D0AB5E42387} - C:\WINDOWS\Dzugtnie.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKCU\..\Run: [itss] C:\WINDOWS\System32\itss.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [ltdis11n] C:\WINDOWS\System32\ltdis11n.exe
O4 - HKCU\..\Run: [tapi3] C:\WINDOWS\System32\tapi3.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6D251D8B-FD68-4BA2-83D5-1A0A245830C3} (alaWeb.clsSolutionCenter) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://iow.mlxchange...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://iow.mlxchange...ol/IRCSharc.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {ED29A481-CD46-43D9-85AA-E6E869DF2214} (MercStats.cStats) - file://C:\Program Files\Mercury\Content\cabs\MercStats.CAB
Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\AANTX.dll
C:\WINDOWS\Dzugtnie.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup <- this folder
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\Dzugtnie.dll
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Web_Rebates <- this folder
C:\Program Files\TV Media <- this folder
C:\Program Files\Common files\updater <- this folder
C:\WINDOWS\System32\idctup20.exe
C:\WINDOWS\System32\itss.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\[b]ltdis11n.exe
C:\WINDOWS\System32\[b]tapi3.exe
Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.
Reboot your PC.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. smile.gif
-=jonnyrotten=-