Page 6 of 7

PostPosted: Wed Apr 09, 2008 12:15 pm
by Angoid
When you start Spybot S&D up, you do get this 'progressometer' and it may take a little while to fire up. This is perfectly normal.

A lot of nasties aggressiveloy resist removal these days ..... there are specialised fix tools out there that are designed to address just one specific problem in particular :roll:

PostPosted: Wed Apr 09, 2008 12:16 pm
by Killiney
ANGUS!!!

I've ended the teatimer and I did the thingy with the Killbox thing, and it is still coming up with the same message.

(now you're going to be very frustrated)

PostPosted: Wed Apr 09, 2008 2:18 pm
by Angoid
Which means this thing is aggressively resisting removal.

I'll need to look up the correct tool for this, but I'm at work right now and am out this evening .....

In the meantime, leave TeaTimer turned off as it will still interfere with the fix procedure. It can be turned off afterwards once your system is clear.

PostPosted: Wed Apr 09, 2008 2:46 pm
by Killiney
Angoid wrote:Which means this thing is aggressively resisting removal.

I'll need to look up the correct tool for this, but I'm at work right now and am out this evening .....

In the meantime, leave TeaTimer turned off as it will still interfere with the fix procedure. It can be turned off afterwards once your system is clear.


I bet you're rather peeved at that.

Anyway, I'll stand back and let you do what you need to do.

Thanks though

PS, Angus, while re-reading your post, I got a bit confused, you said that TeaTimer can be turned off afterwards, did you mean to say turn it on?

PostPosted: Wed Apr 09, 2008 4:27 pm
by Angoid
Yes - I mean it can always be turned on again afterwards :) sorry, my mistake .... typed that in a bit of a hurry, methinx

PostPosted: Wed Apr 09, 2008 4:40 pm
by Killiney
Thanks Angus.

PostPosted: Wed Apr 09, 2008 6:05 pm
by Angoid
And another "Arrgghhhhh!!!" :(

How on *earth* did I miss this?!?!?!?!?!
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)

It's part of the problem.

Go to Start -> Command Prompt and when you get the little black box up, type services.msc and press Return.

When the window appears, maximise it. Double click on the following service (if present) and select stop if they are running. Set the startup type to disabled using the dropdown. Click apply / ok when donee.

Print Spooler Service (hej7rla5aqambc)

Close the services.msc program window.

Then rerun HijackThis and check off those I listed before, along with that O23 line listed above. Here they all are for reference:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKLM\..\RunServices: [uvese] C:\WINDOWS\system32\uvese.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)


Some of them may no longer be present - this is perfectly fine.

Then try the Killbox bit again.

Post another HijackThis report when done - if you get that message again about delete pending being removed from the Registry, then can you boot into Safe Mode (see earlier in the thread for how to do this) and run HijackThis (HCheck) from there - it may show up some things absent from a normal log.

Sorry - a bit rushed, need to be out now!

PostPosted: Thu Apr 10, 2008 9:14 am
by Killiney
Angoid wrote:And another "Arrgghhhhh!!!" :(

How on *earth* did I miss this?!?!?!?!?!
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)

It's part of the problem.

Go to Start -> Command Prompt and when you get the little black box up, type services.msc and press Return.

When the window appears, maximise it. Double click on the following service (if present) and select stop if they are running. Set the startup type to disabled using the dropdown. Click apply / ok when donee.

Print Spooler Service (hej7rla5aqambc)

Close the services.msc program window.

Then rerun HijackThis and check off those I listed before, along with that O23 line listed above. Here they all are for reference:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKLM\..\RunServices: [uvese] C:\WINDOWS\system32\uvese.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)


Some of them may no longer be present - this is perfectly fine.

Then try the Killbox bit again.

Post another HijackThis report when done - if you get that message again about delete pending being removed from the Registry, then can you boot into Safe Mode (see earlier in the thread for how to do this) and run HijackThis (HCheck) from there - it may show up some things absent from a normal log.

Sorry - a bit rushed, need to be out now!


Thanks Angus.
Is the return key the wonky arrow thingy that says enter? I'm not good with computers :roll: :oops:

PostPosted: Thu Apr 10, 2008 11:38 am
by Angoid
It is one and the same, yes. The key marked either with a wonky arrow as you put it or the word 'Enter' are one and the same. Sometimes it can also be referred to as the 'Return' key, but you don't get that so much these days.

PostPosted: Thu Apr 10, 2008 11:48 am
by Killiney
Angoid wrote:It is one and the same, yes. The key marked either with a wonky arrow as you put it or the word 'Enter' are one and the same. Sometimes it can also be referred to as the 'Return' key, but you don't get that so much these days.


Its just that I'm using a latptop, and my key is both the arrow and the word combined on one key if that makes any sense.

Thanks though.

PostPosted: Thu Apr 10, 2008 5:36 pm
by Angoid
It's generally a bigger key than any other on the keyboard as well :)

PostPosted: Thu Apr 10, 2008 5:43 pm
by Killiney
Angoid wrote:It's generally a bigger key than any other on the keyboard as well :)


Thanks :) but the space bar's bigger lol.

PostPosted: Fri Apr 11, 2008 6:47 am
by Angoid
OK, true .... I'll give you that :lol: It might look a bit like this:

Image

PostPosted: Fri Apr 11, 2008 9:24 am
by Killiney
Angoid wrote:OK, true .... I'll give you that :lol: It might look a bit like this:

Image



yeah, but:

Image

Not my model but it'll do :roll:

With that aside, is the Command Prompt the one in the accessories folder on the start menu?

Start --> All Programs --> Accessories --> Command Prompt

??

Thanks

PostPosted: Wed Apr 16, 2008 4:25 pm
by Killiney
HELP!!!

Since I have turned off the Spybot thingy, I have had two rather daunting messages appear on my screen, filling it entirely with a blue background, and white text, similar to the safe boot menu,

The message flashed up and then the computer restarted itself, I got the jist of the first message, it said that it had encountered a serious error and needs to close,

the second one being the message displayed in the same format as above and reads 'imminant hard drive failure please back up and replace your hard drive immediately'

so um yeah, that's not good right?

By the way, these messages appeared today, I don't know what time, but the second, and most daunting one, appeared about 6 minutes ago