Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Stubborn website

  • Please log in to reply

Silvio Atanes

Silvio Atanes

    New Member

  • Member
  • Pip
  • 1 posts
Dear Sirs,

I'm a Brazilian journalist and I've got a tick that is annoying me a lot. The problem is with MS Internet Explorer. All the time I call the browser IE 6.0, website http://540.scmg.net/...tes/banner.aspx tries to load by itself. My software is updated: MS XP Home SP2, anti-virus and firewall programs OK. Start page is OK too. Regularly I clean the register with anti-spyware.

Despite these measures, the above site -- or its mask (www.oldgames.se) -- keeps on bothering me. What else can I do besides HD formatting? To bypass this, I'm using Mozilla Firefox 1.0. I think my trouble is due to some IE's security hole.

Thaks in advance for your kind assistance. Below is my HijackThis log.

yours sincerely,
Silvio Atanes
digital scribe & paper report

Logfile of HijackThis v1.99.0
Scan saved at 16:46:40, on 22/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Sygate\SPF\smc.exe
C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe
C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\Arquivos de programas\Terra Discador - Versão Compacta\TerraDiscadorComp.exe
C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Arquivos de programas\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\ARQUIV~1\GetRight\xx2gr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-br\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-br\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: GetRight.lnk = C:\Arquivos de programas\GetRight\getright.exe
O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF7B799-2AA6-44DA-95D5-72140165D70B}: NameServer =
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe
  • 0




    Malware Expert

  • Retired Staff
  • 235 posts
I apologize for the delay in response.

Hello and welcome to GeeksToGo Forums. We hope you enjoy your stay here! :tazz:

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Please delete these files using Windows Explorer(if present):


Now you can restart the computer normally.
Please run HijackThis again and post a fresh log, just so I can make sure that all the malware was deleted according to plan. ;)
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP