TechSpot

Yet another dork with a Hijackthis logfile

By meDoc
Feb 14, 2005
Topic Status:
Not open for further replies.
  1. Hi guys, your patience must be infinite :)
    My main problems are slowness, and a browser hijack which redirects all urls containing the word 'poker' to a certain poker site.
    Thank you in advance for your help, logfile is attached.

    meDoc
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode
    Switch off System Restore
    Press ctrl/alt/del and in taskmanager try to STOP:
    msnmsgr.exe
    kmatcvkf.exe
    msupd6.exe
    SRCHostSvc.exe

    Next, try to UNinstall anything to do with:
    C:\Programmer\MSN Messenger\msnmsgr.exe
    C:\Programmer\SafeIP\SRCHostSvc.exe

    Next, run Hijackthis on its own and let it 'fix' (if still there):
    C:\Programmer\MSN Messenger\msnmsgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {2356C850-53A3-8D51-7BE8-BFF22708F974} - C:\WINDOWS\system32\qqapyhso.dll
    O2 - BHO: (no name) - {A270EB7F-418A-4556-1135-2404666D67B4} - C:\WINDOWS\system32\fvzqlvpi.dll
    O4 - HKLM\..\Run: [kmatcvkf] C:\WINDOWS\system32\kmatcvkf.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?

    ALL lines with O16 - DPF:

    O23 - Service: xwphnxzxmqgo - Unknown - C:\WINDOWS\system32\msupd6.exe
    O23 - Service: SafeIP remote control - ProSafe A/S - C:\Programmer\SafeIP\SRCHostSvc.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Boot in normal mode. When all OK, turn System Restore back on.
  3. meDoc

    meDoc TS Rookie Topic Starter

    Thanks man, everything works fine now :)

    meDoc
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.