Rivarts.A registery keys and the return

Rivart.a detected and removed by MS AntiSpyware Beta 1.
After reboot it returns I checked registery "Run" but found no suspicious entries that could be responsable for the return"
the registery entries after reboot are:

THKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum 0 Root\LEGACY_MCHINJDRV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv ErrorControl 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv Start 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv ImagePath \??\C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\mc24.tmp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv DeleteFlag 1

Upon delete them by MS AntiSpyware the PC is clean until next reboot.
Please help.

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)