Hello. Can someone please help me with this wowfx.dll?
I use Windows XP Pro. Service Pack 3
AVG ver.8 is my antivirus software. I also have installed Spyware Doctor
Below is my Log created by SDFix.exe
Please respond ASAP, Thx.
SDFix: Version 1.240
Run by Administrator on Fri 11/14/2008 at 10:31 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Resetting AppInit_DLLs value
Rebooting
Checking Files :
Trojan Files Found:
Could Not Remove C:\WINDOWS\system32\wowfx.dll
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 10:41:43
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
C:\WINDOWS\system32\wowfx.dll Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 13 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 6 Apr 2007 56 A.SHR --- "C:\WINDOWS\system32\71EB3CDC85.sys"
Fri 6 Apr 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 29 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Robert\4 sale\Outlook Express\msimn.exe"
Tue 10 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
I use Windows XP Pro. Service Pack 3
AVG ver.8 is my antivirus software. I also have installed Spyware Doctor
Below is my Log created by SDFix.exe
Please respond ASAP, Thx.
SDFix: Version 1.240
Run by Administrator on Fri 11/14/2008 at 10:31 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Resetting AppInit_DLLs value
Rebooting
Checking Files :
Trojan Files Found:
Could Not Remove C:\WINDOWS\system32\wowfx.dll
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 10:41:43
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000""%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019""C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000""%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
C:\WINDOWS\system32\wowfx.dll Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 13 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 6 Apr 2007 56 A.SHR --- "C:\WINDOWS\system32\71EB3CDC85.sys"
Fri 6 Apr 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 29 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Robert\4 sale\Outlook Express\msimn.exe"
Tue 10 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
