Boot in Safe Mode
Switch off System Restore
Press ctrl/alt/del and in taskmanager try to STOP:
msnmsgr.exe
kmatcvkf.exe
msupd6.exe
SRCHostSvc.exe
Next, try to UNinstall anything to do with:
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SafeIP\SRCHostSvc.exe
Next, run Hijackthis on its own and let it 'fix' (if still there):
C:\Programmer\
MSN Messenger\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.politiken.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2356C850-53A3-8D51-7BE8-BFF22708F974} - C:\WINDOWS\system32\
qqapyhso.dll
O2 - BHO: (no name) - {A270EB7F-418A-4556-1135-2404666D67B4} - C:\WINDOWS\system32\
fvzqlvpi.dll
O4 - HKLM\..\Run: [kmatcvkf] C:\WINDOWS\system32\
kmatcvkf.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
ALL lines with O16 - DPF:
O23 - Service: xwphnxzxmqgo - Unknown - C:\WINDOWS\system32\
msupd6.exe
O23 - Service: SafeIP remote control - ProSafe A/S - C:\Programmer\
SafeIP\SRCHostSvc.exe
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Boot in normal mode. When all OK, turn System Restore back on.