1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open
notepad and copy/paste the text in the quotebox below into it:
Code:
KillAll::
RegLockDel::
[HKEY_USERS\S-1-5-21-1933547834-1420827827-3990081825-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAArIQbsT9b/k+GLBrXXftiOgAAAAACAAAAAAAQZgAAAAEAACAAAAAcbY5BhDDIlrldUz3nY2XLEkRTsemQvtOC1VwFB4RiXAAAAAAOgAAAAAIAACAAAACqxiQ1UA8eMHL0l3RYlCvjEIGpL8FQh4H/Mn4QD9OmORAAAABhmHcMpLYjYvMk54oiS5riQAAAACIqxEYsVPxxrAYFjUjtQsTx4j2zU1O6EKMJiT9OhMPKW+Yid2Y2rDfmVN5XfU/KsCbsa3+0OY3o+uMvhn8g3Tc="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtRgPXe1v1EKGAqQj5b8hpgAAAAACAAAAAAAQZgAAAAEAACAAAADT2JGwvPqMceoWpens0wTEtjIQuz18ZT8C22jMVxrjEwAAAAAOgAAAAAIAACAAAABee9nRSd29klpoPZMsxcd0/C3xDcaM0JPOLIq954vNxCAAAACx8ZzKDeYXQos8ZdxqOGmP/cimDJ1aIMHGOEbHsfgfCEAAAABirUSmTTI+n69/S6/KZLaKaobp7ZMICrHnX7Py2NQPveDRRAaAucIW1JhUMJ1bdUJQIFL0gjNr+uOQs4K7xP1b"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAArIQbsT9b/k+GLBrXXftiOgAAAAACAAAAAAAQZgAAAAEAACAAAADY0Cmwu9PyVn6BiUg7WHo08jDh3cwsyaJJISgtSTFOlQAAAAAOgAAAAAIAACAAAACLY51uEbtQIHPTvHwX7mClaC9b4FqLZsogzQ+f331AyhAAAACoDNpicyqg0El7Kk1kVNP5QAAAAOyCcz2k1M55vVjWcIbliBWP2HXKtf8DJaKBk9SZVYHNP81xQWazqT5+DU1gupeD9IuHwDeHx9qGdUjw76qRnro="
File::
C:\mnwu.exe
c:\windows\SYSNATIVE\GameMon.des
Driver::
npggsvc
ClearJavaCache::
Save this as
CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at
C:\ComboFix.txt which I will require in your next reply.