Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O4 - HKCU\..\Run: [waitdead] C:\DOCUME~1\ADMINI~1\APPLIC~1\GREATO~1\Joybeep.exe
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\two plan.exe
O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm
Now
close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
1. Please
open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now
copy/paste the entire content of the codebox below into the Notepad window:
Folder::
C:\Documents and Settings\All Users\Application Data\Bind Army Eggs Jo
C:\Documents and Settings\Administrator\Application Data\Greatonline
3.
Save the above as all files
CFScript.txt4. Then
drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.