swapx

I can't seem to get rid of t.swapx
I have tried adaware and spybot without success
coolwwwsearch keeps coming up in spybot and the homepage is always directed to swapx

Please help if you can. Here is what hijackthis reported


Edit by chaslang: Unrequested, inline log deleted

 

The winlogin.exe would not delete through hijack this and I could not find it in any folders or by running a search.

Here are the new hijackthis results

 

Hi MolotoV,

Please download this tool: Pocket KillBox

Run Pocket Killbox and select the Delete on Reboot option.

Then copy and paste the following into the Box: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

and Click Delete (red X) and then Yes or OK until your machine reboots.

Then Scan with HJT and attach that log. A few of the items that need to be removed are still there. Chas or I will check back.

Best Luck
PP

 

Taken care of

Here is the next HJT report

 

Hi MolotoV,

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

First, navigate to C:\WINDOWS\System32\w8c6s4xcm66o9zdll.dll and verify that this is the correct path for the DLL.
If it is not there, try looking for it here: C:\WINDOWS\w8c6s4xcm66o9zdll.dll

After you find the correct path, run Pocket Killbox and again choose the Delete on Reboot option. Navigate to w8c6s4xcm66o9zdll.dll and press the Delete button (red X) and then Yes or OK until your machine reboots.

After your machine reboots, navigate to where the file should be and make sure it is gone.

Once it is gone, scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\W8C6S4~3.DLL

O20 - AppInit_DLLs: w8c6s4xcm66o9zdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE the following if it should somehow remain:

C:\WINDOWS\System32\W8C6S4~3.DLL

Reboot to Normal Windows and Scan with HijackThis and attach that log. That ought to get it Chas or I will check back.

PP

 

It looks to me like it did the trick. If not let me know

Here is what is hopefully the final hijackthis report
Thankyou very much for your help

 

You're losing your touch, old timer! See what happens when you are away for a week or two??

MolotoV - Your HJT log looks good! I suggest that you implement some of Chaslang's recommendations HERE:How to protect yourself from malware!

I definitely recommend that you use the following tools:
Ad-Aware SE Personal

SpyBot-Search & Destroy - Remember to use the "Immunize" feature

SpywareBlaster

These are all FREE! Just remember to Internet Update them regurlarly! They, along with a good Anti-Virus and Firewall & keeping your Windows up-to-date will do wonders in helping to keep Malware off your computer!

Best
PP