[Solved]Help with HiJack Report

Discussion in 'adware, spyware & hijack cleaning' started by colshandy, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    Here is my recent HijackThis report after efforts to remove viruses (sysdaemg.exe, lsass, w32.spybot.worm) - with help from Pieter in Holland (Cheers). Can anyone tell me if it looks okay? Thanks again. Colin.

    Logfile of HijackThis v1.97.7
    Scan saved at 20:09:33, on 02/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Colin Atkinson\Desktop\HiJack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Colin Atkinson\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Help with HiJack Report

    HI colshandy

    Nope - still an unfriendly one in there :(

    check the following items in Hijackthis - close ALL windows\browsers except HIjackthis and click "Fix checked":

    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.


    Then reboot and use AdAware as described here:
    https://www.wilderssecurity.com/showthread.php?t=15913

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log.
     
  3. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    Re: Help with HiJack Report

    Thanks for that.

    Ive followed the instruction and here is the latest HiJack Report, how does it look now? Again thanks in advance. Colin

    Logfile of HijackThis v1.97.7
    Scan saved at 22:01:39, on 03/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Documents and Settings\Colin Atkinson\Desktop\HiJack This\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Colin Atkinson\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Help with HiJack Report

    Hi colshandy

    great job :D

    Great - your nasties are gone :)

    Did you get the latest Microsoft Critical Patch from yesterday??If NO - go get it :)

    Happy Safe Computing :)
     
  5. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    Re: Help with HiJack Report

    Excellent news - Thanks for your help.

    I was worried that wuamgrd.exe was still on the log - is this okay?

    Now I am free of nasties are there any tips to keep them of my machine?
    My ISP is pipex - is their firewall sufficient?

    Thanks again

    Colin
     
  6. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    Re: Help with HiJack Report

    PS - how do I get automatic windows updates?

    Cheers
     
  7. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Help with HiJack Report

    Please follow the steps to avoid re-infection that was posted in http://www.computercops.biz/postt7736.html

    Have NO idea about pipex - you should have to ask them. Maybe you should install the free version of Zonealarm??

    In Windows XP: Start > Settings > Control Panel > System > Automatic Updates

    Maybe you should get a different browser like Firefox??

    Happy Safe Computing !
     
  8. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    Re: Help with HiJack Report

    Thanks again. I ran the toolbox test and fixed another few things.

    I have downloaded firefox - is this recommended to be used in preference to internet explorer?

    Cheers

    Colin
     
  9. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Help with HiJack Report

    Hi Colin - YES - SUPER !!!!! but you still need IE for your Windows Updates - don't forget.

    Happy Surfing :)
     
  10. colshandy

    colshandy Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    8
    More Help with HiJack Report

    Guys,

    A little "problem" has resurfaced - after i have connected to the net, when I open IE and try to connect to a site I get a message saying roughly "page not available offline, click to connect".

    This message appeared when I have the previous problem along with dodgy homepages, xxx pop ups, etc. but had stopped after follwong you advice.

    I ran Adawre then Hijack and here is the report - is anything there worth worrying about? Cheers, Colin.

    Logfile of HijackThis v1.97.7
    Scan saved at 17:24:31, on 04/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Documents and Settings\Colin Atkinson\Desktop\HiJack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVComS.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B810B0F-EDD3-4BBF-9801-58A5D5C6F211}: NameServer = 62.241.160.200 158.43.240.3
     
  11. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI Colin,

    I PMed you yesterday - you didn't get my message?

    Boot into safemode, bring up TaskManager, kill the wuamgrd.exe, then fix the start up key in Hijackthis, then delete the file.

    O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe

    Reboot

    Next -
    Go here RAV (http://www.ravantivirus.com/scan/)
    and run the free online scan

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.
     
Thread Status:
Not open for further replies.