A lot of nasties aggressiveloy resist removal these days ..... there are specialised fix tools out there that are designed to address just one specific problem in particular

Moderator: All Moderators
Angoid wrote:Which means this thing is aggressively resisting removal.
I'll need to look up the correct tool for this, but I'm at work right now and am out this evening .....
In the meantime, leave TeaTimer turned off as it will still interfere with the fix procedure. It can be turned off afterwards once your system is clear.
Angoid wrote:And another "Arrgghhhhh!!!"![]()
How on *earth* did I miss this?!?!?!?!?!
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)
It's part of the problem.
Go to Start -> Command Prompt and when you get the little black box up, type services.msc and press Return.
When the window appears, maximise it. Double click on the following service (if present) and select stop if they are running. Set the startup type to disabled using the dropdown. Click apply / ok when donee.
Print Spooler Service (hej7rla5aqambc)
Close the services.msc program window.
Then rerun HijackThis and check off those I listed before, along with that O23 line listed above. Here they all are for reference:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKLM\..\RunServices: [uvese] C:\WINDOWS\system32\uvese.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\uvese.exe (file missing)
Some of them may no longer be present - this is perfectly fine.
Then try the Killbox bit again.
Post another HijackThis report when done - if you get that message again about delete pending being removed from the Registry, then can you boot into Safe Mode (see earlier in the thread for how to do this) and run HijackThis (HCheck) from there - it may show up some things absent from a normal log.
Sorry - a bit rushed, need to be out now!
Angoid wrote:It is one and the same, yes. The key marked either with a wonky arrow as you put it or the word 'Enter' are one and the same. Sometimes it can also be referred to as the 'Return' key, but you don't get that so much these days.
Angoid wrote:It's generally a bigger key than any other on the keyboard as well
Angoid wrote:OK, true .... I'll give you thatIt might look a bit like this:
Users browsing this forum: No registered users and 2 guests