Solved

Error loading c:\WINDOWS\System32\mswap.dll

Posted on 2006-07-05
6
1,690 Views
Last Modified: 2011-10-03
This error pops up everytime I start my laptop and to be honest its beginning to annoy me :)

Anyone had any previous encounters with it?

I have checked google but was getting no where fast!!

Appreciate any help!


IF
0
Comment
Question by:iainfitzy
6 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 17043021
Hello there,

Seems that it could be some sort of spyware.

Do the following. First turn off system restore.
Right click "My Computer" select properties Click the System restore Tab and Put a check mark in the "Turn off system restore"

After you have done that download the following programs.

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-1

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Use these programs together and it will get rid of most/all of the spyware and it will also prevent it from coming back.

You can also try Ewido anti-malware.
Download and install the free version of Ewido anti-malware.
http://www.ewido.net/en/download/
Update first then scan in safe mode.

Also download hijackthis

http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

when you have installed this program run it then post your results here

www.hijackthis.de

After pasting the log here click analyze

Hope this helps

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17046915
Let us look at your Hijackthis log as already suggested, the registry entry is most probably calling for it.
You should see something like this in the log, and fixing that entry should stop the error.
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start


Or just let us look at the log and we'll let you know which one to fix.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

The go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com

Click on "Expert Area" tab
type or paste the link to your Question
"Browse" to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR:
paste the log to either of these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 5

Expert Comment

by:Davidshc76
ID: 17047664
Hi There:
Here is a link to see what it is.
http://fileinfo.prevx.com/adware/qq261422933713-MSWA17578643/MSWAP.DLL.html


http:\\www.georgebullardconsulting.com

This message was scanned by Symantec anti-virus Corporate edition and
Microsoft OneCare Live.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:iainfitzy
ID: 17049319
http://www.hijackthis.de/logfiles/0ae8a159124db12ad2be6df432d43021.html

That is what I get.

Unfortunately the file in question is unknown!
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 400 total points
ID: 17049878
Fixing this entry should stop the "mswap.dll" error at startup.
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start


You also have few other nasties there:
1. Please download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7
Close all windows before continuing.
Double-click "Look2Me-Destroyer.exe" to run it.
Put a check next to "Run this program as a task".
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the "Scan for L2M" button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M" button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


2. a) Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:)
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

b) Download Alcra PLUS Remover.
http://metallica.geekstogo.com/alcanshorty.bfu
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!


Reboot your computer into Safe Mode.
You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the "scriptline to execute" field click the "folder icon"  and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.


Go to Start > run and paste the following lines, 1 at a time, hitting enter after each.
sc stop K4NV
sc delete K4NV
sc stop  Network Monitor
sc delete  Network Monitor
sc stop UpdateManagerTool
sc delete UpdateManagerTool


Run Hijackthis and put a check next to these entries if they're still present:(some of them will be gone)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe    
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe    
O4 - HKLM\..\Run: [defender] C:\\defender25.exe    
O4 - HKLM\..\Run: [newname] C:\\newname25.exe    
O4 - HKLM\..\Run: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKLM\..\Run: [Microsoft Service] system32.exe    
O4 - HKLM\..\Run: [Windows Core Kernel Update] C:\WINDOWS\System32\win32bootcfg.exe    
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKLM\..\Run: [sprwin] rundll32.exe C:\WINDOWS\System32\sprwin.dll,start
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKLM\..\RunServices: [Microsoft Service] system32.exe    
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKCU\..\Run: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - Winlogon Notify: ddcyw - ddcyw.dll (file missing)    
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\k062lajo1doc.dll    
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\dXtime.dll (file missing)    
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\k6nolg5316.dll (file missing)    
O23 - Service: K4NV - Unknown owner - C:\WINDOWS\k4nv.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe


Check to make sure that these files are gone:
C:\WINDOWS\update\updmangr.exe
C:\WINDOWS\System32\sprwin.dll
C:\WINDOWS\System32\svcchost.exe    
C:\WINDOWS\System32\system32.exe
C:\WINDOWS\System32\iexpl0re.exe <-- it's a zero

C:\Program Files\Network Monitor <-- folder
C:\Program Files\ToolBar888 <-- folder


Then run MS Removal tool:
MS malicious software removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Give us updates afterwards.
0
 

Author Comment

by:iainfitzy
ID: 17058894
Thanks for answering the question.

Ill look into your advice over the weekend.

Thanks again

Iain
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now