Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\windows\Installer\{00b4e2c7-6edb-d884-b334-5eef3a884c97}
KillAll::
ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Hi, i followed your instruction, turn off the Avast and doing the CFScript.txt dragging into ComboFix.exe. After that, CombiFix run automatically and after a few minutes the computer reboot, a pop up said the windows cannot start up normally and i followed the recommended step from Windows to restart my computer
After it restart, the ComboFix.exe icon located in desktop is disappeared and no scanning by ComboFix after reboot. and the Avast enable automatically. What should i do now???
For your information, after i use combofix.exe yesterday and posted my logs to you, pop up seems no more exists, but I don't know is it totally cleared the trojan or not.