• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0

‘spylocked’ has messed my PC up!!!

3 posts in this topic

My Norton Internet Security 2006 was asking to be updated, and as it happened my IS provider informed that their freebie product was available. So as am strapped for cash right now, I downloaded and used the ‘Virgin PCguard’ freebie.

The conscience of this was that my PC would, for no apparent reason, regularly show a blue screen with a dialog that informed me that there was an error.


As a result, I uninstalled this program and went on the hunt for another free substitute. That’s when my troubles really started.


I must have downloaded my problems with one or more of the various the products I looked at. My PC has become infected by some sort of a virus. I think it is called / adwear or malwear. It created a flashing icon in the taskbar and from this icon intermittently came a message informing me that my pc’s system was infected. If I clicked onto the icon it directed my browser to a web site. As I recall, the site was called ‘spylocked’. I know I should have made proper a note, but I did not think this virus would have caused me so much trouble.


I Google’ed the symptoms and looked around for a fix. I came across a site where it appeared that my situation had been noted. They explained and offered a remedy. I duly carried out their instructions and to my delight it got rid of the dam icon and stopped the consent interruptions.


What the remedy did not cure was two other faults that have occurred since the virus took hold.

1) I can not change the desktop background.

The desktop background had revered back to a plain blue screen and would not change.

I already have ‘Ad-aware’, that appeared to do nothing to help so I downloaded and ran ‘Spybot’. This did bring back the background picture that was showing before the virus hit. However, the background still cannot be changed.

2) The home page of my internet browser has changed form what it was set to show, and I cannot make any alteration to it.

I should say that the Windows IE 7 appears to look and work fine. I run, and prefer to use ‘Maxthon MyIE’. This did have the ‘bbc.co.uk’ home page and has now taken to showing ‘Maxthon Start Page’ I cannot make any alteration to this.


Can anybody help me please?


I have ran ‘AVG Anti-Spywear’ and here are the results:

AVG Anti-Spyware - Scan Report


+ Created at: 22:17:14 31/05/2007

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Ignored.

I:\Documents and Settings\BECK\Cookies\beck@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.

I:\Documents and Settings\BECK\Cookies\beck@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.

I:\Documents and Settings\User1\Cookies\user1@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignored.

I:\Documents and Settings\NICK\Cookies\nick@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.

I:\Documents and Settings\BECK\Cookies\beck@search.live[2].txt -> TrackingCookie.Live : Ignored.

I:\Documents and Settings\NICK\Cookies\nick@search.live[1].txt -> TrackingCookie.Live : Ignored.

I:\Documents and Settings\BECK\Cookies\beck@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.

I:\Documents and Settings\User1\Cookies\user1@overture[1].txt -> TrackingCookie.Overture : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dex.class -> Trojan.ClassLoader.g : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dix.class -> Trojan.ClassLoader.g : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dux.class -> Trojan.ClassLoader.g : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dex.class -> Trojan.ClassLoader.g : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dix.class -> Trojan.ClassLoader.g : Ignored.

I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dux.class -> Trojan.ClassLoader.g : Ignored.



::Report end


Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes

Share this post

Link to post
Share on other sites

As requested


Logfile of HijackThis v1.99.1

Scan saved at 16:07:58, on 01/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)


Running processes:







I:\Program Files\Windows Defender\MsMpEng.exe


I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

I:\Program Files\Alwil Software\Avast4\ashServ.exe


I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

I:\Program Files\Alwil Software\Avast4\ashWebSv.exe


I:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

I:\Program Files\Analog Devices\SoundMAX\SMTray.exe

I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

I:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe


I:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

I:\Program Files\Microsoft Office\Office10\WINWORD.EXE

I:\Program Files\Maxthon\Maxthon.exe

I:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

I:\Documents and Settings\User1\Desktop\HijackThis.exe\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "I:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Launch Microsoft Outlook.lnk = I:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm079YYGB

O8 - Extra context menu item: &Translate English Word - res://I:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://I:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://I:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://I:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145301351609

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B352686-B05F-4473-8DA0-2FF1E54974A7}: NameServer =

O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - I:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Share this post

Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.


Thank you for your patience.


[this is an automated reply]

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0