[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
These entries declare you have User Account Control (UAC) off. Is this true?
==
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:killall::
File::
c:\windows\System32\bahabona.dll
c:\windows\System32\hakurevi.dll
c:\windows\System32\hoyobuva.dll
c:\windows\System32\jiponite.dll
c:\windows\System32\lahuyano.dll
c:\windows\System32\lepefihi.dll
c:\windows\System32\lokudeti.dll
c:\windows\System32\lukumeyo.dll
c:\windows\System32\merenugu.dll
c:\windows\System32\modigege.dll
c:\windows\System32\mojekogi.dll
c:\windows\System32\pafikiwu.dll
c:\windows\System32\setizafu.dll
c:\windows\System32\tasasifu.dll
c:\windows\System32\vopidezu.dll
c:\windows\System32\yakiyetu.dll
c:\windows\System32\yedonuse.dll
Folder::
c:\program files\Viewpoint
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pejuhotego"=-
"jezeverat"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=app_dll.dll,tugufiki.dll c:\windows\system32\vogakape.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
@="0"
RegLock::
""=-
NetSvc::
oxdheaor
Firefox::
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Rootkit::
ADS::
MBR::
Reboot:: - Save this as CFScript.txt, in the same location as ComboFix.exe
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.