|
Try a slightly different tack Start in Normal Mode.
Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):
wruaclt.exe
ruzzom.exe
suge.exe
wruaclt.exe
PowerReg SchedulerV2.exe
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [*windows update] wruaclt.exe
O4 - HKLM\..\RunServices: [*windows update] wruaclt.exe
O4 - HKCU\..\Run: [Windows Compliant] ruzzom.exe
O4 - HKCU\..\Run: [MSChoEx] suge.exe
O4 - HKCU\..\Run: [*windows update] wruaclt.exe
O4 - Startup: PowerReg SchedulerV2.exe
Reboot into Safe Mode (hit F8 key until menu shows up). Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:
C:\WINDOWS\system32\wruaclt.exe
ruzzom.exe
suge.exe
PowerReg SchedulerV2.exe
__________________
GO BIG BLUE!!
|