Well i didn't open this topic to the malware removal form as i don't have malware I am an hijackthis analyzer in our forum but i have done a very big mistake with combofix a gave a script like this:
Notice to the part which i have written in bold. That's the big mistake. And now the user says all the accounts are now password protected and he can't open windows. Is there a way to correct this mistake?Code:Driver:: ATE_PROCMON vaxscsi SYMIDSCO apwlo7pc Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48612bb0-8f78-11da-9a9c-00c09f9dc713}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NDSTray.exe"=- "CFSServ.exe"=- "c4c4b52e"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsro] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6AFB6F98-289C-442E-B577-5E5125C742E2}"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=- File:: C:\WINDOWS\system32\tuvWonMg.dll