Over 1 million tech questions and answers.

t.swapx.cc Struggling

Q: t.swapx.cc Struggling

I have followed the steps outlined to get rid of this but it just keeps coming back. I delete everything at the very end for step 21 and when I run HiJack This again its back just with new junk. Ok here is my current log. Oh it will not let me delete winlogin.exe not even from the task manager says its critical and can not delete. Logfile of HijackThis v1.98.2Scan saved at 10:14:02 PM, on 12/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\00THotkey.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\System32\TPWRTRAY.EXEC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\WINDOWS\System32\TFNF5.exeC:\WINDOWS\System32\EZSP_PX.EXEC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\RUNDLL32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\sysxx.exeC:\Program Files\Windows TaskAd\WinTaskAd.exeC:\WINDOWS\System32\566j3rej0lvethd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Windows TaskAd\WinSched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ISTsvc\istsvc.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\AIM\aim.exeC:\PROGRA~1\AWS\WEATHE~1\Weather.EXEC:\Documents and Settings\green\Application Data\rrup.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\RAMASST.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\apisd.exeC:\Program Files\Web_Rebates\WebRebates1.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Web_Rebates\WebRebates0.exeC:\PROGRA~1\NORTON~1\navw32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\green\Local Settings\Temp\Temporary Directory 5 for HijackThis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=31130123321001R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31130123321001R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\taxxl.dll/sp.html#28129R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxxl.dll/sp.html#28129R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=31130123321001R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\taxxl.dll/sp.html#28129R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\5626K1~1.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"O4 - HKLM\..\Run: [TFNF5] TFNF5.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXEO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detectO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMainO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sysxx.exe] C:\WINDOWS\system32\sysxx.exeO4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exeO4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exeO4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\566j3rej0lvethd.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\green\Application Data\rrup.exeO4 - HKCU\..\Run: [Gvgbhpzt] C:\WINDOWS\System32\??plorer.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exeO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted Zone: *.static.topconverting.comO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...937c6314a45eb37O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cabO20 - AppInit_DLLs: w8c6s4xcm66s.dll

RELEVANCY SCORE 200
Preferred Solution: t.swapx.cc Struggling

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: t.swapx.cc Struggling

ok i finally got it to work *I think* here is the new log....but now i have a new problem I cant open Internet Explorer without a error message and then it shutting down. It wasnt doing that before. Just to be able to type this to you guys I had to hope over to MSN sigh ok here is my new log. Logfile of HijackThis v1.98.2Scan saved at 11:20:07 PM, on 12/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\00THotkey.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\System32\TPWRTRAY.EXEC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\WINDOWS\System32\TFNF5.exeC:\WINDOWS\System32\EZSP_PX.EXEC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\RUNDLL32.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Windows TaskAd\WinTaskAd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Web_Rebates\WebRebates0.exeC:\Program Files\Windows TaskAd\WinSched.exeC:\Program Files\ISTsvc\istsvc.exeC:\WINDOWS\system32\sysxx.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\AIM\aim.exeC:\PROGRA~1\AWS\WEATHE~1\Weather.EXEC:\Documents and Settings\green\Application Data\rrup.exeC:\WINDOWS\System32\??plorer.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Apoint2K\Apntex.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\apisd.exeC:\Program Files\Web_Rebates\WebRebates1.exeC:\WINDOWS\System32\msiexec.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\MSN\MSNCoreFiles\msn6.exeC:\Documents and Settings\green\Local Settings\Temp\Temporary Directory 5 for HijackThis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\taxxl.dll/sp.html#28129R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\taxxl.dll/sp.html#28129R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=31130123321001R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {5FF0D81A-2868-9B2D-7596-9078825C8E9F} - C:\WINDOWS\system32\ipwd32.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXEO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"O4 - HKLM\..\Run: [TFNF5] TFNF5.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXEO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detectO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMainO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exeO4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [sysxx.exe] C:\WINDOWS\system32\sysxx.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\green\Application Data\rrup.exeO4 - HKCU\..\Run: [Gvgbhpzt] C:\WINDOWS\System32\??plorer.exeO4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exeO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted Zone: *.static.topconverting.comO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...937c6314a45eb37O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

Read other 3 answers
RELEVANCY SCORE 56.4

having been told to read this topichttp://www.bleepingcomputer.com/forums/t/3932/how-to-remove-the-cws-swapx-httptswapxcc/with regards removing the annoying bug CWS SWAPX infection (http://t.swapx.cc/h.php?aid=20009) that appears in my homepage and adds porn links.i followed the instructions and downloaded HiJackThis and scanned.... it found no 020 file for me to proceed past the first stageany clues of how to get rid of this. please. its so annoying.

A:CWS SWAPX infection (http://t.swapx.cc/h.php?aid=20009)

Please post a hijackthis log so that we can review it.

Read other 3 answers
RELEVANCY SCORE 54.4

Can someone help me remove this brutal attack of spyware. I have downloaded everything i can to kill it; spybot, ad-aware, killbox, hijackthis, yahoo anti-spy. I can not get rid of it. I manually followed what was said here http://www.bleepingcomputer.com/forums/t/3932/how-to-remove-the-cws-swapx-httptswapxcc/ and still nothing. Any advice please.When my HijackThis scans it comes up with: I apologize for the length. I can't destroy the first and the last log. It won't let me. Maybe there is something else here I have to remove first I am not a computer savy person so any help would be appreciated.O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\UZI2OC~1.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_5_0.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUS... Read more

A:How to remove the CWS SWAPX (http://t.swapx.cc/)

Please post an entire log...you left out the top portion

Read other 1 answers
RELEVANCY SCORE 40.4

Well first of all, i would like to say hi & sorry to the Lawrence Abrams about the validation problem. Anyway, hi & ohh.... i really really need your advice. ~big sigh~ lately my computer has been bogging down on me, especially that CWS SWAPX - t.swapx.cc/h.php?aid. I dont knw how to get rid of it. I've donwloaded a million cleaners for spywares and adwares and trojans but it still seems to be there. Some of my exe files don't work anymore Please help me out. Logfile of HijackThis v1.98.2Scan saved at 12:08:39 AM, on 11/20/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\logonui.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exec:\progra~1\mcafee.com\vso\mcvsescn.exec:\program files\mcafee.com\agent\mcagent.exeC:\Program Files\Common Files&#... Read more

A:CWS SWAPX - t.swapx.cc/h.php?aid

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall New.Net.Open TheKillbox. Select the Delete on reboot option.In the 'Full Path of File to Delete' box, copy and paste the following, clicking the 'Delete File' button (red circle with a white X) after pasting:C:\WINDOWS\system32\oe9ltrnlv8nlc.dllIt will prompt you to reboot, press the NO button. Instead, copy and paste the following and click the 'Delete File' button again:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exeWhen it prompts you to reboot this time, press the YES button.On restarting, open HijackThis, scan and when complete, remove the following entries (if still there) by checking the box to the left and clicking 'fixed checked':R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\8094ZW~1.DLLO3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)O20 - AppInit_DLLs: oe9ltrnlv8nlc.dllReboot when done. Rescan with HJT and post a new log.

Read other 15 answers
RELEVANCY SCORE 40.4
Q: swapx

i did the hijack this scan how do i post the results and get guidance as to what to delete

A:swapx

Hi sexyratRun HijackThis. Press the Scan button, then Save Log. Notepad will open. In Notepad click Edit menu --> Select All thenEdit menu --> CopyFollow this link and open a new topic:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Name it "sexyrat - swapx" or something like that.Right click in the message area and click on the paste option to paste the log into the post.When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

Read other 1 answers
RELEVANCY SCORE 40.4
Q: swapx

Logfile of HijackThis v1.98.2Scan saved at 8:42:23 PM, on 11/8/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\devldr32.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Pr... Read more

A:swapx

HiIt is a good ideea to print or copy these instructions because you are not able to access the Internet in SafeMode.When choosing anti-spyware protection, you should rely on products with deserved reputations and proven track recordsSpyware Assassin is a rogue anti-spy software. Please uninstall it from Add\Remove Programs.Also uninstall WinTools - Windows AdTools - WinAdTools from Add\Remove Programs.Reboot your computer.Download CWShredder from hereAfter you download the program, unzip it into a directory. Don't use it yet.Download Ad-aware SE: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Download the Hoster from here. Unzip the program to your desktop. Don't use it yet.Copy the contents of the Quote Box below to Notepad.Click File menu -> Save and name the file as fix.regChange the Save as Type to All FilesSave this file on the desktop. Don't use it yet.REGEDIT4[-HKEY_CLASSES_ROOT\Interface\{0D721150-AEF3-457B-B03A-5097B623CE45}][-HKEY_CLASSES_ROOT\Plugin6.DNSErrObj][-HKEY_CLASSES_ROOT\redalert.here][-HKEY_CLASSES_ROOT\TypeLib\{444A5674-FF85-45D4-9AE2-4199D8D70C85}]Download KillBox here:KillBox. Unzip it to your deskt... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

Have read everything I can about this to no avail. Any help appreciated. Thanks...

Logfile of HijackThis v1.98.2
Scan saved at 9:20:34 PM, on 11/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\5igmo2cg5kthd.exe
C:\Program ... Read more

A:t-swapx.cc/h.php?aid=543

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\WINDOWS\System32\5igmo2cg5kthd.exe
C:\Documents and Settings\Anthony\Local Settings\Temp\Temporary Directory 2 for notepad.zip\notepad.exe

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=543
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\Syste... Read more

Read other 10 answers
RELEVANCY SCORE 40.4

how to remove CWS SWAPX Logfile of HijackThis v1.97.7Scan saved at 8:21:07, on 26.11.2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WiredRed\EPop\logonsvc.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exeC:\Program Files\Internet Explorer\Iesearch.exeC:\Program Files\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslstat.exeC:\Program Files\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslagent.exeC:\WINDOWS\System32\vwxjrx7wjxy4thd.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:... Read more

A:CWS SWAPX

Hi civomizak,You don't have the latest version of HijackThis. Open HijackThis again then, on the right hand side, click on Other stuff, then Config, then Misc Tools, then Check for update online.If that doesn?t work delete the copy you have and download a new copy from one of the following links: LINK 1 LINK 2 LINK 3.Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.Post a fresh HijackThis log when you've done the above.From the moment you post your log, until you see a reply, DO NOT reboot your system or log off. If you do, the bad files will have changed and the fix provided will not work

Read other 1 answers
RELEVANCY SCORE 40.4
Q: swapx

Logfile of HijackThis v1.98.2Scan saved at 8:42:23 PM, on 11/8/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\devldr32.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Pr... Read more

A:swapx

havin some troble ther rat

Read other 1 answers
RELEVANCY SCORE 40.4

Reading other posts, this seems to be a common problem. When IE comes up it goes to t.swapx.cc regardless of what I reset the home page to.

I tried the steps outlined on your site. However Hijack This did not give me the filenames listed on your help steps. I did delete item 20 which it did but it regenerated a similar looking file in C:\windows\system32

Therefore I am attaching my HJT log for your expert analysis.

Thanks much

Joe

A:t.swapx.cc

Here is the logLogfile of HijackThis v1.98.2Scan saved at 9:11:40 AM, on 11/24/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\cisvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.ex... Read more

Read other 12 answers
RELEVANCY SCORE 40.4
Q: SWAPX

I have folowed all the instructions to remove this and I still have it as the first page when I open IE. If I hit home page after IE is open it goes to my home page. Is there any way to get my home page to be the first page upon openning rather than SWAPX?

A:SWAPX

Try This

Read other 2 answers
RELEVANCY SCORE 40.4

Hello:I printed and followed, as best I could, the instructions found in Grinler's "How to manually remove t.swapx.cc" to no avail. I am still hijacked.Hijack this log follows:Logfile of HijackThis v1.98.2Scan saved at 4:56:05 PM, on 10/26/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Common Files\Microsoft Shared... Read more

A:t.swapx.cc

Did you run that registry file and merge the information ?Fix these:O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0934b7eb84b201...ip/RdxIE601.cabReboot and do the following:Download the Registry Search Tool here. Unzip it and run it. If your antivirus inteferes you may have to disable script blocking in the antivirus. Put the following in the search box:swapxThen post the log that it creates along with a new hijackthis log

Read other 5 answers
RELEVANCY SCORE 40.4

Please help me... Swapx.cc has taken over.. Here is my Hijack this File.. Please help me remove this: Logfile of HijackThis v1.98.2Scan saved at 9:23:37 PM, on 11/15/04Platform: Windows 98 Gold (Win9x 4.10.1998)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSGLOOP.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXEC:\WINDOWS\SYSTEM\MSG32.EXEC:\PROGRAM FILES\ENCOMPASS\MONITOR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATICWD32.EXEC:\WINDOWS\SYSTEM\ATITASK.EXEC:\WINDOWS\SYSTEM\3dmoused.exeC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXEC:\WINDOWS\SYSTEM\HPSYSDRV.EXEC:\WINDOWS\RunDLL.exeC:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXEC:\PROGRAM FILES\AIM95\AIM.EXEC:\WINDOWS\SYSTEM\DGWLWEUVPRH4.EXEC:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXEC:\PROGRA~1\NETROPA ... Read more

A:SWAPX HAS TAKEN OVER....

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden filesRun Hijackthis again, click scan, and Put a checkmark next to each of these. Be sure to close all browser windows, including this one before clicking the Fix button.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=31403R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=31403R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=31403R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=31403R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.htmlO2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\MG3NMF~1.DLLO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEMO4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exeO4 - HKLM\..\Run: [Win Server Updt] C:\WI... Read more

Read other 5 answers
RELEVANCY SCORE 40.4
Q: SWAPX

Help! I've been attacked by the SWAPX program. It has taken over my homepage as http://win-eto.com/hp.htm?id=31403. It also takes over my web pages as I try to browse the net. I couldn't even link to the instruction page to download my register log. I've downloaded spybot and got a temporary fix but the problem quickly came back.

A:SWAPX

You posted in the right place, shanksman. We need a HJT log to get busy fixin' that problem.Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.Download HijackThis from:HijackThis Download SiteSave this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.Create a reply to this post here and right click in message area and select paste to paste the log into the post.Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.To see a tutorial with screenshots on using HijackThis you can click on the link below:How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

Read other 43 answers
RELEVANCY SCORE 40.4
Q: t.swapx

Hi,I got this bug when I downloaded IE6 from the following website: http://www.broomeman.com/support/wsiedown.html. Probably a dumb thing to do but I couldn't seem to find the download on microsoft.com.Here is the Hijackthis log:Logfile of HijackThis v1.98.2Scan saved at 19:03:17, on 08/11/04Platform: Windows 98 Gold (Win9x 4.10.1998)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\IE9SMU2IW3IM1D.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXEC:\PROGRAM FILES\WINZIP\WZQKPICK.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\DESKTOP\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=543R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=543R1 - HKCU\Softwar... Read more

A:t.swapx

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=543R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=543R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=543R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=543R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eircom.net/O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\0FHDDF~1.DLLO2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\WINDOWS\SYSTEM\MVM09G.DLLO4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXEO4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXEO4 - HKCU\..\Run: [romahere2] C:\WINDOWS\SYSTEM\IE9SMU2IW3IM1D.EXEO15 - Trusted Zone: *.greg-search.comO16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cabO18 - Protocol: icoo... Read more

Read other 6 answers
RELEVANCY SCORE 40.4

I have been infected by this swapx home page. It keeps adding porn sites to my favourites. Have tried running free AVG but to no avail, likewise deleting it from system32, with a pal who knows a bit more tahn me. Can anyone provide a step by step guide for the layman on how to get rid of this? I want my google back!

A:swapx for the dim

HiDownload the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Run HijackThis.exe Press the Scan button, then Save Log. Notepad will open. In Notepad click Edit menu --> Select All thenEdit menu --> CopyWhen responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.Right click in the message area and click on the paste option to paste the log into the post.

Read other 2 answers
RELEVANCY SCORE 40.4

Logfile of HijackThis v1.97.7Scan saved at 7:14:32 PM, on 11/05/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\PCBugRemover\PCBugRemover.exeC:\Program Files\Amer... Read more

A:t.swapx.cc/

Lavasoft Ad-aware Professional Build 158Logfile created on :Friday, November 05, 2004 7:31:33 PMUsing reference-file :01R04 27.01.2003______________________________________________________Ad-aware Settings=========================Set : Activate in-depth scanSet : Move deleted files to recycle binSet : Safe mode (always request confirmation)Set : Scan active processesSet : Scan registrySet : Deep scan registrySet : Scan my IE Favorites for banned URLsSet : Scan within archivesListing running processes??????????????????????????????????????#:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 11-06-2004 12:53:43 AM BasePriority : Normal#:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 11-06-2004 12:53:44 AM BasePriority : Normal#:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 11-06-2004 12:53:51 AM BasePriority : High#:4 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-06-2004 12:53:51 AM BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 Copyright : Microsoft Corporation. All rights reserved. CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName ... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

Here is a list of the logfile from Hijackthis. Can someone help me remove this nasty veerus??Logfile of HijackThis v1.98.2Scan saved at 1:59:53 PM, on 11/1/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\DATACA~1\FLashKsk.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Zero Knowledge\Freedom\Freedom.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Sy... Read more

A:swapx help!

uscmem06, welcome. Please print this out and follow ALL these directions carefully.The system is infected with W32.Randex.E by the presence of winlogin.exehttp://securityresponse.symantec.com/avcen...2.randex.e.htmlUpdate your anti virus application daily as this is how often new viruses/worms are apearing now.Please read about NoAdware:http://www.spywarewarrior.com/rogue_anti-spyware.htmImportant: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder as you do not want the HijackThis backup logs in the Temp folder that should be cleaned out periodically.When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions here:http://service1.symantec.com/SUPPORT/tsgen...001052409420406Go to Add/Remove Programs and un-install NoAdware and Weather BugFind and delete if still present:winlogin.exe30zte2r2en4.dllC:\install.cabC:MAIN.MHTC:\Documents and Settings\Owner\Application Data\eber.exeC:\WINDOWS\sdkqh32.dllC:\WINDOWS\System32\jflaiin.exeC:\WINDOWS&... Read more

Read other 1 answers
RELEVANCY SCORE 40.4

Here is my new log, it changed from yesterday. I've spent over 12 hours trying to fix this Logfile of HijackThis v1.98.2Scan saved at 5:45:52 PM, on 11/29/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exeC:\WINDOWS\System32\34ol2yvcf1thd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Ex... Read more

A:Please Help with Swapx...New Log

I've read all of the added posts, and instructions. I have run every possible program and it still doesn't work! Here is my new updated log....Logfile of HijackThis v1.98.2Scan saved at 7:58:24 PM, on 11/29/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee.com\Agent\McRegWiz.exeC:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exeC:\WINDOWS\System32\34ol2yvcf1thd.exeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Hewlet... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

I have been reading the forums, so i hope i did this correctly.any help will be greatly appreciated, in fact i'll even buy ya a beer..Thank You Logfile of HijackThis v1.98.2Scan saved at 6:54:52 AM, on 12/14/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\FLETCH89406\HIJACK THIS\HIJACKTHIS.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=11034R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\XTFNU3~1.DLLO3 - Toolbar: Pop-Up... Read more

A:HELP please swapx got me

Hi fletch89406,

Sorry about the delay in getting back to you. If you haven't managed to resolve this problem yet could you run HijackThis again and post me a new log here using the Add Reply button. Also, can you let me know if you have run a full scan with AVG since you got infected?

Read other 1 answers
RELEVANCY SCORE 40

I need help... this is what I have and I've tried to follow "how to" guide on how fix it but I'm stumped.Logfile of HijackThis v1.98.2Scan saved at 10:56:47 PM, on 11/28/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee.com\Agent\McRegWiz.exeC:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exeC:\WINDOWS\System32\34ol2yvcf1thd.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:&... Read more

A:swapx and other various problems. Help!

Let's start with some automated anti-malware tools.Download Ad-aware SE v1.05 from LavaSoft. Install, update and configure it as explained in this tutorial. Be sure it is using the most recent reference file (currently SE1R20 25.11.2004). Run Ad-aware in 'Full System Scan' and allow it to remove everything it finds.Reboot and post a new HJT log.

Read other 1 answers
RELEVANCY SCORE 40

Apparently, according to your tutorial on how to remove the swapx CRAP from my computer, I don't actually have the infection that you were talking about, because I don't have an 020 entry in my HijackThis logfile, even though what my computer is doing is exactly like what you said swapx will do. Anyway, here is the logfile I got back from HijackThis: Logfile of HijackThis v1.98.2Scan saved at 3:45:11 AM, on 11/28/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXEC:\WINDOWS\SYSTEM\MSDTCW.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\VOYETRA\TBS MONTEGO\VTRAY.EXEC:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGR... Read more

A:Swapx is really p*ssing me off!

Duplicate closed, see here:http://www.bleepingcomputer.com/forums/fin...5645-37911.html

Read other 1 answers
RELEVANCY SCORE 40

An oldie but a goodie. Am trying to clean this off a friends computer - she has kids.
Have downloaded the hijack this software and need some help as to what to delete from the log (which is included). Any help would be greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 3:00:17 PM, on 6/4/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET TOOLKIT 4.11\NETSURF.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCA... Read more

A:t.swapx.cc removal

Hello teddyb35 and welcome to the BC forums. You are currently running an outdated version of HijackThis. Please click on the link below and download the most current version:HijackThis_sfx.exeDelete your current HijackThis.exe file and double-click on the file you just downloaded and then click on the Unzip button to install the newer version. It will be installed to the C:\Program Files\HijackThis\ directory by default.Start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.OT

Read other 3 answers
RELEVANCY SCORE 40

I have copied the HijackThis log as you mentioned in my posting on Nov 19,2004 at 2:16. I have set up the Hijack log in C: and have all the other 'tools' mentioned in the posting about "How to remove the CWS SWAPX. Please advise me as what to do next. I will not do anything more with the computer until I see your posting. Thanks for your help ahead of time. (I hope I have posted this correctly) JakeLogfile of HijackThis v1.98.2Scan saved at 11:09:38 PM, on 11/19/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files�... Read more

A:t.swapx.cc problems, Can't get rid of it

HiRead this about Viewpoint Media Player and decide if you want to keep it or not: Viewpoint Media Player. Removing Viewpoint Media Player may cause the program that bundled it to not function as intended.You can remove Viewpoint Media Player from Add\Remove Programs.You have Wild Tangent installed. Wild Tangent collects information about you and your usage. The advertisements may also contain pornographic or other material that you might find inappropriate. You can follow these instructions to uninstall it: No. 8 - Uninstallation .It is a good ideea to print or copy these instructions because you are not able to access the Internet in SafeMode.1, Download CWShredder from hereAfter you download the program, unzip it into a directory. Don't use it yet.2. Download Ad-aware SE: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.3. Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop. Install the program. Don't use it yet.4. Download the Hoster from here. Unzip the program to your desktop. Don't use it yet.5. Copy the contents of the Quote Box below to Notepad.Click File menu -> Save and name the file as fix.regChange the Save as Type to All FilesSave this file on the desktop. Don't use it yet.REGEDIT4[-HKEY_CLASSES_ROOT\Interface\{0D721150-AEF... Read more

Read other 13 answers
RELEVANCY SCORE 40

Hi AllNew to this forum, having a lovely time trying to remove t.swapx from my system.Going a bit mad now!!! with my constant failure. have downloaded "CWshredder" , Killbox, and Hoster, have ran Ad-aware and Spybot to no avail. Here is the Hijackthis log:Logfile of HijackThis v1.98.2Scan saved at 05:01:17, on 01/12/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXEC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXEC:\WINDOWS\System32\8yholn2xwussclthd.exeC:\Program Files\Common Files\Real\Update_OB�... Read more

A:t.swapx Problem

HiWe don't normally recommend running two antivirus programs together. The program I am going to tell you to install has been successful removing this particular variant in the past.Could you disable Panda for now and go here to download the free version of Grisoft's AVG AntiVirus program. Install the program, check for updates and scan your system allowing it to remove whatever it finds.Download KillBox here: KillBox. Unzip it to your desktop.Start Killbox.exeSelect the Delete on reboot option.Copy and paste each of the following file(s) to the address bar:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exeC:\WINDOWS\System32\8yholn2xwussclthd.exey9ok38kdie7pljdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dllAfter each file press the Delete button (the button that looks like a red circle with a white X in it).A dialog box will ask if you want to delete and reboot now - on all but the last file, answer NoFor the last file (or first, if only one file), answer YesOn restart, verify that the files have been deleted.Run HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9R1 - HKCU\Software\Microsoft\Interne... Read more

Read other 5 answers
RELEVANCY SCORE 40

Hi there.I have received this virus or whatever it is, on about 21st November called win-eto/t.swapx. It seems to be a popular one in this site!!! I would very much appreciate some help on this one.It has taken over my homepage and has added unwanted dirty sites into my favourites. I have one computer but my husband and I have different settings eg we log in as different users, so we both have the problem. Does he also have to send you a log????I am no computer whizz so please give any instructions in plain english, thank youso much!!Suzanne - New ZealandHJT Log - SuzanneLogfile of HijackThis v1.98.2Scan saved at 7:33:35 p.m., on 10/12/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\Internet Security\Tmntsrv.exeC:\Program Files\Trend Micro\Internet Security\tmproxy.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr... Read more

A:Any help appreciated for win-eto/t.swapx

HiWe don't normally recommend running two antivirus programs together. The program I am going to tell you to install has been successful removing this particular variant in the past.Could you disable Trend Micro Antivirus for now and go here to download the free version of Grisoft's AVG AntiVirus program. Install the program, check for updates and scan your system allowing it to remove whatever it finds.Download KillBox here: KillBox. Unzip it to your desktop.Start Killbox.exeSelect the Delete on reboot option.Copy and paste each of the following file(s) to the address bar:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exeC:\WINDOWS\System32\ungwc6y22rthd.exeC:\WINDOWS\System32\llyzyiol1tsjx9l.dll.dll.dll.dllC:\WINDOWS\hcfkd.exeC:\Program Files\websx\ (the last one is a folder)After each file press the Delete button (the button that looks like a red circle with a white X in it).A dialog box will ask if you want to delete and reboot now - on all but the last file, answer NoFor the last file (or first, if only one file), answer YesOn restart, verify that the files have been deleted.Run HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=31130R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU... Read more

Read other 9 answers
RELEVANCY SCORE 40

I dont have a O20 entry in my hijackthis log, but the CWS SWAPX site keeps coming up, was wondering if anyone could help me?? pleasssse!!here is the logLogfile of HijackThis v1.97.7Scan saved at 4:25:23 PM, on 21/11/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\upofu0yxeibthd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Real\Update_OB\rnathchk.exeC:\Program Files\WinMX\WinMX.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.... Read more

A:CWS SWAPX is stupid

You are running an outdated version of HijackThis.. Delete the copy you have and download the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Please post a new hijackthis log.

Read other 1 answers
RELEVANCY SCORE 40

i have run spy bot and adaware but they keep coming up withthe same stuff over and over again.here is my hijack this log Logfile of HijackThis v1.98.2Scan saved at 8:23:00 PM, on 12/6/2004Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\khooker.exeC:\Program Files\PCI Audio Applications\Mixer.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\paprport\pptd40nt.exeC:\WINNT\System32\LXSUPMON.EXEC:\WINNT\system32\sistray.EXEC:\WINNT\system32\pctspk.exeC:\WINNT\System32\57xt5oee30thd.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\COMMON~1\tsa\tsm2.exeC:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXEC:\P... Read more

A:t.swapx and win-eto hijacker

Hi seb,

I'll be looking after the review and fix of your malware infections. I'll get back to you as soon as possible.

Read other 8 answers
RELEVANCY SCORE 40

stupid window always opens to t.swapx.cc and adds porn to favourites...so... this is a huge problem for me. and quite sadly i'm the most computer savvy in our household and that's not saying much. any help would be deeply appreciated.Logfile of HijackThis v1.98.2Scan saved at 8:00:33 PM, on 11/30/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\OFFICE51\SOINTGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\ICHOOSE\NAG.EXEC:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\MSMGT.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\31237.EXEC:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXEC:\WINDOWS\SYSTEM\WXTVVK.EXEC:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXEC:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXEC:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXEC:\WINDOWS\SYSTEM\ZEBP8GF9GLB3YPTHD.EXEC:\PROGRAM FILES\ISTSVC\ISTSVC.EXEC:\PROGRAM FILES... Read more

A:t.swapx.cc problem

HiREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeUnistall from Add\Remove Programs:SpeedblasterTV T-Media DisplayREBOOT normally.Unistall from Add\Remove Programs:KeenValueIST BarYou are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use Add/Remove Program to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Yes'.P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.You have Wild Tangent installed. Wild Tangent collects information about you and your usage. The advertisements may also contain pornographic or other material that you might find inappropriate. You can follow these instructions to uninstall it: No. 8 - Uninstallation .Download CWShredder: Download here. Don't use it yet.Download Ad-aware SE 1.05: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the &quo... Read more

Read other 7 answers
RELEVANCY SCORE 40

Good Morning AllTHis is my first visit and I hope you can help.I think I have caught the CWS SWAPX virus, this is my HiJackThis Log.Can you help me please?Logfile of HijackThis v1.98.2Scan saved at 08:49:17, on 26/11/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINNT\system32\mg44m1ls4lncthd.exeC:\WINNT\system32\internat.exeC:\Old C_Drive\Program Files\WinZip\WZQKPICK.EXEC:\WINNT\system32\wuauclt.exeC:\unzipped\hijackthis_198[1]\HijackThis... Read more

A:CWS SWAPX Infection

HiPlease REBOOT your machine.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsPlease look for this file:C:\WINNT\system32\J8GSJX~1.DLL <-- this file, filename starts with J8GSJXand post the full name please.Please look in the c:\windows\system32\ folder and post all the filenames like this one:2t9y2mzlym95w7.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dlll ...The files have this format random.dll.dll.dll.dll.dll.dllPlease post also a fresh HJT log.

Read other 13 answers
RELEVANCY SCORE 40

Hi there, i am also having problems getting rid of this. Followed the online guide for hijackthis butt it does not find the 020 entry needed. here is the full scan logLogfile of HijackThis v1.98.2Scan saved at 14:03:17, on 14/11/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\PTSNOOP.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATICWD32.EXEC:\WINDOWS\SYSTEM\ATITASK.EXEC:\WINDOWS\STARTER.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\MSWHEEL.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXEC:\WINDOWS\RunDLL.exeC:\WINDOWS\APPLICATION DATA\OWAO.EXEC:\WINDOWS\SYSTEM\ZJRVVY0XO8.EXEC:\PROGRAM FILES\AOL 9.0\AOLTRAY.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:... Read more

A:t.swapx Problems Again !

GeordieJon, welcome. Please print this out and follow ALL these directions carefully.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions here:http://service1.symantec.com/SUPPORT/tsgen...001052409420406Find and delete if still present:C:\WINDOWS\SYSTEM\gmkat.exeC:\WINDOWS\SYSTEM\ZJRVVY0XO8.EXEC:\WINDOWS\Application Data\owao.exeC:\WINDOWS\SYSTEM\I48FE4~1.DLL <==filesC:\WINDOWS\TEMP <== empty this folder regularlyStart HijackThis and tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked" if still present.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=9R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\I48FE4~1.DLLO4 - HKLM\..\Run: [Kp... Read more

Read other 1 answers
RELEVANCY SCORE 40

this is a problem that i am trying to fix using a forum posted in bleeping computer.com. when i scanned the computer with hjack this it gave me this entry for 020: AppInit_DLLs: vgghez5stgkc9ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. this message is in response to a reqest made by the instructions in the forum. maybe i can get some help getting it off my computer.
thank you
FBot

A:t.swapx removal

frankiebot, if you're still havin' some difficulties:Open HijackThis and click Scan-->Save Log-->name it hijackthis 1-->save as: all files-->in: My Documents. Notepad should be visible now.Choose Edit-->select all-->right-click Copy, then "post new reply" right here. Right click Paste in the message box, and add any comments.Someone will reply to you after reading your reply to this post. Please be patient, as all persons assisiting are volunteers. DO NOT fix any entries unless you understand what you are doing. Most of what it lists will be harmless or even essential, don't fix anything yet.To see a tutorial with screenshots on using HijackThis you can click on the link below:How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

Read other 1 answers
RELEVANCY SCORE 40

Hi, I have downloaded hijackThis and killbox and followed your instructions on this webpage. Trying to delete the file under O20 of the scan with killbox, does not work. I have tried several times and file still is there. Am I doing something wrong here? Please help.

Thanks!

Here the scanlog from HijachThis (I also attached the file)

Logfile of HijackThis v1.98.2 - kzsh3k
Scan saved at 17:39:33, on 03.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32 ... Read more

A:don't get rid of t.swapx.cc/h.php?aid=31403

Logfile of HijackThis v1.98.2Scan saved at 17:39:33, on 03.12.2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Programme\T-Online\Dialerschutz-Software\DFInject.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exeC:\Programme\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Programme\QuickTime\qttask.exeC:\Programme\Logitech\iTouch\iTouch.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:... Read more

Read other 5 answers
RELEVANCY SCORE 40

Please help. My IE has been hijacked and I can not get rid of this infection!!! On IE start (or from any page) i get kicked back to this page. I can not use IE for anything, because no matter what I type in the address bar, i get redirected to this........http://t.swapx.cc/h.php?aid=20009-or-http://win-eto.com/hp.htm?id=9A HijackThis log is posted below:Logfile of HijackThis v1.98.2Scan saved at 7:56:03 AM, on 12/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Dell\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\cusrvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Novell\ZENworks\nalntsrv.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exeC:\Program Files\Novell�... Read more

A:t.swapx.cc has my IE hostage. HELP!

Please download Ad-Aware SE:http://24.32.5.119/aawsepersonal.exeStart the program and click Check for updates now.After you have updated the definitions, click the gear icon in the toolbar, click Tweak, expand the Scanning Engine section and uncheck Unload recognized processes & modules during scan. Click Proceed. (If you miss this step your computer will shutdown during scan.Alternatively you can prevent the shutdown by typing shutdown /a into Run when you get the message. You have 60 seconds time.)Clean everything Ad-Aware finds and post a new log.

Read other 3 answers
RELEVANCY SCORE 40

I am following a guide posted by Grinler on Oct 26th to get rid of t.swapx.cc/h.php?aid=20009. However the site I am led to ends in 31403 instead of 20009. the sites are the same as far as I can see and are having the same effect on my computer. I downloaded hjt and scanned, but didnt find the 020 entry.
Where do I go from here? Let me know if you need more info

A:t.swapx.cc/h.php?aid=31403

Hi gregrDownload the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Run HijackThis. Press the Scan button, then Save Log. Notepad will open. In Notepad click Edit menu --> Select All thenEdit menu --> CopyWhen responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.Right click in the message area and click on the paste option to paste the log into the post.

Read other 11 answers
RELEVANCY SCORE 40

I have the swapx "virus" or whatever it is called. already posted log for batch file that I ran. here is the hijack this log. anyone have any suggestions? Also, I don't know what to delete from the hijack this scan. Swaox hijacked my browser, put all these porn sites in my favorites, and wont let me link to webpages, always directing me to either the swapx site or this site: http://here4search.com/enter.htm?id=31130Since running the batch file, see my post and related discussion in XP forum (here's the link: http://www.bleepingcomputer.com/forums/ind...=0&#entry57846), it seems somewhat better, in that i can link to sites without going through the aforementioned sites. However, still can't restore my home page, and if i do, it only lasts one or two visits. I'm sitting with the results of a hijack this scan and need to know what to do. Please help.Logfile of HijackThis v1.99.0Scan saved at 8:22:11 PM, on 1/14/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Sha... Read more

A:HJ log - Please Help - re: Swapx "virus"

Please follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.Step 1:Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer.Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.SpybotAd-awareIf you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.When you scan with both programs, fix everything that it finds.When you are done with the scan and fixing the items. Please continue with the next step.Step 2:It is important that you run Spybot and Adaware before you proceed with this step. Fixing enties with Hijackthis may leave behind unwanted files on your computer if the previous step was not done first.Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.Download HijackThis from:HijackThis Download SiteSave this file into the directory you made previously and then run the program. Click on... Read more

Read other 1 answers
RELEVANCY SCORE 40

Please help! I'll beg if you wish! I'm at my wits end. Please help. Please?!!...I've been infected with SwapX and here is my HJT log:Logfile of HijackThis v1.98.2Scan saved at 3:22:21 PM, on 11/26/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exeC:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Micros... Read more

A:SwapX We've been hijacked! Please help!

Again, please? Can someone help me with this SwapX infection?

Read other 2 answers
RELEVANCY SCORE 40

I have followed the instructions but the o2 and 020 keep coming back.here is my newest log file.Logfile of HijackThis v1.98.2Scan saved at 6:29:30 PM, on 11/19/2004Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\Wt32exe.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\Explorer.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINNT\System32\tblmouse.exeC:\WINNT\System32\31t8wpbw2rthd.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINNT\System32\msvidc32.exeC:\Documents and Settings\denise\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=31403O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32&... Read more

A:please help with CWS SWAPX infection

I have tried to use the killbox to delete the C:\WINNT\System32\W8C6S4~1.DLL and the O20 - AppInit_DLLs: 4smv23rgxpk1moll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dllbut they keep coming back .Please helpLogfile of HijackThis v1.98.2Scan saved at 6:02:15 PM, on 11/19/2004Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\Wt32exe.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\Explorer.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINNT\System32\tblmouse.exeC:\WINNT\System32\31t8wpbw2rthd.exeC:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXEC:\WINNT\System32\msvidc32.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Internet Explo... Read more

Read other 2 answers
RELEVANCY SCORE 40

Hi everyone!I have never posted here before but I've tried fixing this myself to no avail and I don't know where else to turn.The signs of infection are that my homepage is stuck at Swapx and IE typing is very slow. When I run CWS shredder and use Scan the log says the Hosts file is not present. I have run Spybot, Ad-aware and CWS shredder so far but the problem persists. Here is my Hijackthis log:Logfile of HijackThis v1.98.2Scan saved at 8:23:50 PM, on 11/17/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\STARTER.EXEC:\WINDOWS\SYSTEM\SK9910DM.EXEC:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKMONITOR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM... Read more

A:Seem to have SWAPX but no O20 entry

Just wanted to add that I installed AVG anti-virus software and removed 3 trojan horse programs from my computer.Here is my new HJT log....please help!!!!Logfile of HijackThis v1.98.2Scan saved at 5:53:37 PM, on 11/18/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\STARTER.EXEC:\WINDOWS\SYSTEM\SK9910DM.EXEC:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKMONITOR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXEC:\PROGRAM FILES&#... Read more

Read other 6 answers
RELEVANCY SCORE 40

I've never posted before, so not sure what to do next.Downloaded HJT and CWshredder, but ad-aware won't load/install.Here is my hijack log:Logfile of HijackThis v1.97.7Scan saved at 1:57:10 PM, on 11/16/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\ktjjwj.exeC:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXEC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\System32\ctfmon.exeC:\Palm\Hotsync.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WI... Read more

A:win-eto and swapx wont go away

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

Read other 1 answers
RELEVANCY SCORE 40

Hello from Australia,My request and responses below are almost but not quite identical to Floridaboy's log. I have tried to delete this insidious virus using free dowloads of Ad-Aware, Spybot, WinPatrol and had a little help from Spyhunter but to no avail.Any help would be greatly appreciated.Thanks heapsFontanaLogfile of HijackThis v1.98.2Scan saved at 7:31:46 AM, on 15/11/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\IBMTOOLS\APTEZBTN\APTEZBP.EXEC:\CSAFE\AUTOCHK.EXEC:\WINDOWS\SYSTEM\PRINTRAY.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\PROGRAM FILES\COMMON FILES\SCM\LEDTRAY.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\LEXBCES.EXEC:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXEC:&#... Read more

A:SwapX virus has got me too

Your logfile is being analyzed now, and a response will be posted shortly.

Thanks
daveai

Read other 8 answers
RELEVANCY SCORE 40

Can someone help me remove http://t.swapx.cc/h.php?aid=20009 from my computer? My homepage has been hijacked by this site, porn sites have been added to my bookmarks, and when I go to other sites it redirects me to t.swapx.cc.I did read the post from http://www.bleepingcomputer.com/forums/ind...t=0&#entry27387On How to remove the CWS SWAPXI downloaded all the tools. I want to make sure I delete the right files. I'm little confused on what to do on steps 13 and 14.Here is my HijackThis:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS&... Read more

A:HELP! Been Hijack by t.swapx.cc

Hello yeeman,Don't run HijackThis directly from a temporary file. Unzip it/move it to a folder all of its own. HijackThis makes back-ups of everything you fix in case something should go wrong. This way you can restore the back-ups if need be. Running from a temporary file doesn't save back-ups.Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy so it can't be used.You've already downloaded the required tools, so here are the steps to take:Launch the KillBox:Once launched, In the box where it says Full Path of File to Delete copy and paste this in there:C:\WINDOWS\System32\lhvz5lfy7gtj.dllWith Delete on Reboot ticked with a dot, press the Red X.Reboot your p.c.Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.... Read more

Read other 3 answers
RELEVANCY SCORE 40

this is my log:Logfile of HijackThis v1.97.7Scan saved at 12:19:59, on 14/11/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\SpyCatcher\DeleteSatellite.exeC:\WINDOWS\System32\ctfmon.exeC:&... Read more

A:hijacked by swapx

srry, is was using an older versionhere's my new log:Logfile of HijackThis v1.98.2Scan saved at 12:28:07, on 14/11/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\SpyCatcher\DeleteSatellite.exeC:\WI... Read more

Read other 3 answers
RELEVANCY SCORE 40

Help please....I've followed the instructions to kill the problem that keeps t.swapx as my home page but I didn't have a 020 entry, hence this posting.Any assistance you can give will be greatly appreciated.Thanks,Mike TLogfile of HijackThis v1.98.2Scan saved at 18:04:44, on 13/11/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MDM.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXEC:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\STARTER.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\HPZTSB09.EXEC:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXEC:\WINDOWS\SYSTEM\HPHMON05... Read more

A:t.swapx problem

Hi miket
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 2 answers
RELEVANCY SCORE 40

This is ridiculous I wish I knew the person who was responsible for these things. Any way my homepage was jacked and I need some serious helpLogfile of HijackThis v1.98.2Scan saved at 5:26:12 PM, on 11/9/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Iomega\System32\ActivityDisk.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\liosuxr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXEC:\spywarevanisher-free\FreeScanner.exeC:\Program Files\America Online 8.0\aol.exeC:\Program Files\America Online 8.0\waol.exeC:\Program Files\America Online 8.0\aolwbspd.exeC:\Program Files\Internet Explorer\i... Read more

A:t.swapx.cc/h.php?aid=20009

Duplicate.http://www.bleepingcomputer.com/forums/ind...wtopic=4463&hl=Trueth, there is no need to post your log twice. phawgg will post the instructions asap.When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.This topic is closed.

Read other 1 answers
RELEVANCY SCORE 40

I HAVE RUN SEVERAL DIFFERENT SPYWARE PROGRAMS AND NONE OF THEM SEEM TO REMOVE THIS PROBLEM. HOME PAGE KEEPS GETTING HIJACKED TO WRONG SITE. THE FOLLOWING IS MY HIJACK LOG: Logfile of HijackThis v1.98.2Scan saved at 8:24:53 AM, on 11/18/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\CTHELPER.EXEC:\WINNT\system32\SK9910DM.EXEC:\WINNT\GWMDMMSG.exeC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\Program Files\Common Files\Intuit\QuickBooks\... Read more

A:IE HIJACKED BY T.SWAPX.CC

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsCan you look on your hard drive and tell me if you see a filename that looks like this:c:\windows\system32\bbno7125wl1c2yl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dllDoes it really have all those .dll over an over in it?

Read other 17 answers