And another "Arrgghhhhh!!!"
How on *earth* did I miss this?!?!?!?!?!
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)
It's part of the problem.
Go to
Start -> Command Prompt and when you get the little black box up, type
services.msc and press Return.
When the window appears, maximise it. Double click on the following service (if present) and select
stop if they are running. Set the
startup type to disabled using the dropdown. Click apply / ok when donee.
Print Spooler Service (hej7rla5aqambc)
Close the services.msc program window.
Then rerun HijackThis and check off those I listed before, along with that O23 line listed above. Here they all are for reference:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKLM\..\RunServices: [uvese] C:\WINDOWS\system32\uvese.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)
Some of them may no longer be present - this is perfectly fine.
Then try the Killbox bit again.
Post another HijackThis report when done - if you get that message again about delete pending being removed from the Registry, then can you boot into Safe Mode (see earlier in the thread for how to do this) and run HijackThis (HCheck) from there - it may show up some things absent from a normal log.
Sorry - a bit rushed, need to be out now!