Solved

Error loading c:\WINDOWS\System32\mswap.dll

Posted on 2006-07-05
6
1,696 Views
Last Modified: 2011-10-03
This error pops up everytime I start my laptop and to be honest its beginning to annoy me :)

Anyone had any previous encounters with it?

I have checked google but was getting no where fast!!

Appreciate any help!


IF
0
Comment
Question by:iainfitzy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 17043021
Hello there,

Seems that it could be some sort of spyware.

Do the following. First turn off system restore.
Right click "My Computer" select properties Click the System restore Tab and Put a check mark in the "Turn off system restore"

After you have done that download the following programs.

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-1

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Use these programs together and it will get rid of most/all of the spyware and it will also prevent it from coming back.

You can also try Ewido anti-malware.
Download and install the free version of Ewido anti-malware.
http://www.ewido.net/en/download/
Update first then scan in safe mode.

Also download hijackthis

http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

when you have installed this program run it then post your results here

www.hijackthis.de

After pasting the log here click analyze

Hope this helps

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17046915
Let us look at your Hijackthis log as already suggested, the registry entry is most probably calling for it.
You should see something like this in the log, and fixing that entry should stop the error.
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start


Or just let us look at the log and we'll let you know which one to fix.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

The go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com

Click on "Expert Area" tab
type or paste the link to your Question
"Browse" to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR:
paste the log to either of these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 5

Expert Comment

by:Davidshc76
ID: 17047664
Hi There:
Here is a link to see what it is.
http://fileinfo.prevx.com/adware/qq261422933713-MSWA17578643/MSWAP.DLL.html


http:\\www.georgebullardconsulting.com

This message was scanned by Symantec anti-virus Corporate edition and
Microsoft OneCare Live.
0
Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

 

Author Comment

by:iainfitzy
ID: 17049319
http://www.hijackthis.de/logfiles/0ae8a159124db12ad2be6df432d43021.html

That is what I get.

Unfortunately the file in question is unknown!
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 400 total points
ID: 17049878
Fixing this entry should stop the "mswap.dll" error at startup.
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start


You also have few other nasties there:
1. Please download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7
Close all windows before continuing.
Double-click "Look2Me-Destroyer.exe" to run it.
Put a check next to "Run this program as a task".
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the "Scan for L2M" button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M" button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


2. a) Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:)
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

b) Download Alcra PLUS Remover.
http://metallica.geekstogo.com/alcanshorty.bfu 
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!


Reboot your computer into Safe Mode.
You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the "scriptline to execute" field click the "folder icon"  and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.


Go to Start > run and paste the following lines, 1 at a time, hitting enter after each.
sc stop K4NV
sc delete K4NV
sc stop  Network Monitor
sc delete  Network Monitor
sc stop UpdateManagerTool
sc delete UpdateManagerTool


Run Hijackthis and put a check next to these entries if they're still present:(some of them will be gone)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [mswap] rundll32.exe C:\WINDOWS\System32\mswap.dll,start
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe    
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe    
O4 - HKLM\..\Run: [defender] C:\\defender25.exe    
O4 - HKLM\..\Run: [newname] C:\\newname25.exe    
O4 - HKLM\..\Run: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKLM\..\Run: [Microsoft Service] system32.exe    
O4 - HKLM\..\Run: [Windows Core Kernel Update] C:\WINDOWS\System32\win32bootcfg.exe    
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKLM\..\Run: [sprwin] rundll32.exe C:\WINDOWS\System32\sprwin.dll,start
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKLM\..\RunServices: [Microsoft Service] system32.exe    
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKCU\..\Run: [Microsoft Telecoms Center] svcchost.exe    
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE  
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - Winlogon Notify: ddcyw - ddcyw.dll (file missing)    
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\k062lajo1doc.dll    
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\dXtime.dll (file missing)    
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\k6nolg5316.dll (file missing)    
O23 - Service: K4NV - Unknown owner - C:\WINDOWS\k4nv.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe


Check to make sure that these files are gone:
C:\WINDOWS\update\updmangr.exe
C:\WINDOWS\System32\sprwin.dll
C:\WINDOWS\System32\svcchost.exe    
C:\WINDOWS\System32\system32.exe
C:\WINDOWS\System32\iexpl0re.exe <-- it's a zero

C:\Program Files\Network Monitor <-- folder
C:\Program Files\ToolBar888 <-- folder


Then run MS Removal tool:
MS malicious software removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Give us updates afterwards.
0
 

Author Comment

by:iainfitzy
ID: 17058894
Thanks for answering the question.

Ill look into your advice over the weekend.

Thanks again

Iain
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Software to manage all passwords for our IT dept 7 92
Blocking outside IP Addresses 16 130
endpoint protection and patch status - SCCM 3 73
Lost or Stolen Laptops 13 48
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question