Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wowfx.dll, Shell.exe, And Can't Install Or Change Settings


  • Please log in to reply
2 replies to this topic

#1 midnight_fixer

midnight_fixer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 25 December 2007 - 01:47 AM

hi,

i'm fixing a neighbor's laptop tonight. i've rarely had so much trouble with a machine.

it's a Dell Inspiron E1405, running Windows XP Home Edition Service Pack 2 (build 2600), 1.87 gigahertz Intel Pentium III, with 74 Gig HDD. (probably listing too much here) the machine is running Defender Pro AV. the pc has been leeching wireless from the building here, but another pc works just fine so that doesn't explain the almost total lack of connectivity with IE6 here.

anyway, I had these errors on boot:

1 - "Bad Image" - "The application or DLL C:\WINDOWS\System32\wowfx.dll is not a valid Windows image. Please check this
against your installation diskette." this message would come up about 25 times, each time with a different title bar, listing a different filename, some of them: igfxtray.exe, SynTPEnh.exe, userinit.exe, etc.....
2 - "C:\WINDOWS\shell.exe" - "Windows cannot find 'C:\WINDOWS\shell.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

the wowfx.dll message would come up every time i clicked on any thing, it seemed - any file or application. it would also come up seemingly randomly. i was barely able to download Belarc Advisor (for my own information), but the pc would open about 5 instances so it didn't run properly until i took the following measures.

this is what i did so far:
uninstalled these from Safe Mode (couldn't do it otherwise):
-Google Toolbar
-Google Desktop
-LimeWire
-all AOL stuff (even though a message comes up on startup regarding a need to Reinstall due to an error)
-Blackhawk Striker (a game thing)
-WildTangent
-Viewpoint Manager
-a couple other nonessential programs whose names i didn't write down

in RegEdit, i deleted the wowfx.dll string from SecurityProvider keys (forgot whole path but i read to do it on a forum), deleted the wowfx.dll file from C:\windows\system32. i also disabled about 7 BHO's from within IE Add-Ons. i allowed the Dell utility to cleanup the startup from programs that no longer exist.

i can't install anything, so i can't get HijackThis working. i tried to run it straight from a CD, but i got an error message and it wouldn't run. anytime i try to do anything an Admin can do, i get a message that the action is restricted: "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." [by the way, all 3 accounts have admin rights so far.] i can do a limited number of things in Safe Mode, but can't so much as access my friend's account files. in any case, now i can get the Google homepage up, but can't connect to anything else. there are no more random messages, just the shell.exe one on boot mostly.

any advice would be much appreciated! i'm determined to fix this machine, but since it at least runs more smoothly now, i'm considering simply backing up her data and reformatting. is there anything i can do, without being able to install antivirus tools and such?

Edit: ok i was able to copy HijackThis off a CD onto the HDD and run it. however, i can't access the internet to email myself a copy onto the other machine here. so i will tell you the main things i saw that looked suspicious and which i removed:
(several browser redirects)
R3 - URLSearchHook: (no name) - {EA745889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
(AOL dialer thing)
(iTunes thing)
msmsgs.exe which i found unnecessary
AIM stuff
07 - HKLM/Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
(AOL stuff)

later noticed this and removed it:
020 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll [i had noticed this in the registry but didn't know if i should remove the entire key with subkeys or just that one or what]
after fixing the above, i got an error message: "An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=020 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll) Error #5 - Invalid procedure call or argument"

i then ran the scan again, seeing nothing suspicious except this which i fixed:
09 - Extra 'Tools' menuitem: @xpsp3res.dll, -20001 - Pe2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\NetworkDiagnostic\spnetdiag.exe (file missing)

F2 and 07 seemed the most suspicious to me! i'm going to remove them and see what happens, for now.... now i'm getting page cannot be displayed errors with IE6...maybe i was overly eager with the fixing.

Another edit: I can install things again! i'm prepared to burn a CD and install whatever is recommended. for now, i was ready to burn a CD with NOD32, Ad-Aware, Spybot Search & Destroy, Avast, AVG, and Comodo Firewall, plus a few other things.

thanks!

Edited by midnight_fixer, 25 December 2007 - 02:24 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:56 AM

Posted 25 December 2007 - 01:29 PM

Take a look, http://www.2-spyware.com/remove-wildtangent.html and http://www.google.com/search?hl=en&q=Defender+Pro

Louis

#3 Chingoo

Chingoo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 27 December 2007 - 01:44 AM

I am having the same problem. Can you help me with this, im not exactly a computer expert here. How were you able to remove 07 - HKLM/Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Any help would be nice. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users