Hi,
Fix these entries in Hijackthis:
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D
7688CFE39A
3} - C:\Program Files\Gamevance\gamevancel
ib32.dll
None O2 - BHO: (no name) - {1C491DFA-8139-D99C-1E63-8
F8DB157D5E
E} - (no file)
BHO O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-a
a35e39143e
d} - C:\Program Files\AskBarDis\bar\bin\as
kBar.dll
BHO O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-0
00874180BB
3} - (no file)
BHO O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
A8D5E23E04
5} - (no file)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5
A42E736288
3} - C:\Program Files\Gamevance\gvtl.dll
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance3
2.exe a
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autoch
k.dll,_IWM
PEvents@16
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\prote
ct.dll,_IW
MPEvents@1
6
O4 - HKCU\..\Run: [A00F890D63.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F890D63.ex
e
O4 - HKCU\..\Run: [A00F37B6B.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F37B6B.exe
O4 - HKCU\..\Run: [A00F364C6.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F364C6.exe
O4 - HKCU\..\Run: [A00F8042F.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F8042F.exe
O4 - HKCU\..\Run: [A00F424E9.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F424E9.exe
O4 - HKCU\..\Run: [A00F578F0.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F578F0.exe
O4 - HKCU\..\Run: [A00F6B72D.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F6B72D.exe
O4 - HKCU\..\Run: [A00F3130C.exe] C:\DOCUME~1\Owner\LOCALS~1
\Temp\_A00
F3130C.exe
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYUS G
MDO O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEA
RCH.HTML
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
E41684E07B
B} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab X(F) DPF O16 - DPF: {1D6711C8-7154-40BB-8380-3
DEA45B69CB
F} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-7
3DB16A1543
A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cabO18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\dgnet3
2.dll
O20 - Winlogon Notify: 64ced752583 - C:\WINDOWS\System32\dgnet3
2.dll
O20 - Winlogon Notify: __c00F883B - C:\WINDOWS\system32\__c00F
883B.dat
And run MalwareBytes or Combofix as has been suggested.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.phpPlease download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exeYou must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
