Hello,
I scan my pc with CounterSpy on a regular basis. Recently it's been detecting "pxwma.dll" and some associated registry keys as high-risk adware. When I search the web for additional info I'm getting mixed results. Some sites are stating the process is associated with adware called "Webredir" (a URL redirect app) while other show it as a safe process installed by Sonic Solutions, i.e.; Roxio. I've been ignoring it for the last week or so but would like to get to the bottom of this. Does anyone have any info?
Infected files detected
c:\windows\system32\pxwma.dll
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 c:\WINDOWS\system32\PXWMA.dll
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\ProgID interface.InterfaceObj.1
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\TypeLib {FAC55B9F-8F6A-4A41-AE16-36845D4679B2}
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\VersionIndependentProgID interface.InterfaceObj
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} CInterfaceObj Object
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} AppID
Thanks,
-Mike
2
Anyone Detected "pxwma.dll" (linked To Sonic/roxio) As Adyware?
Started by
michaeltee
, Apr 04 2006 05:45 AM
8 replies to this topic
#2
Beerman
-
- Digital Guru
- -8,338 posts
Digital Beer Guru
- Gender:Male
- Location:Just outside the Big Easy
Posted 04 April 2006 - 05:56 AM
Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.
Paul
------
Katrina survivor, current BP survivor
Custom Built ASUS M4A79T Deluxe - AMD X4-955-Corsair XMS3 8GB DDR3 Memory-XFX HD-487A-ZHFC Radeon HD 4870 1GB Vid card - Sony & Pioneer DVD Drives-HAF922 Case-1 WD 1TB, 1 Seagate 1TB and 1 Rack Drive-HVR 2250 & HDHomerun Tuners- Creative Soundblaster X-Fi Titanium- Acer H233H monitor-1 ATI DCT-W7 X64 Ultimate
#2-M4A79XTD EVO-AMD X4-925-4GB Corsair Ballistix Tracer DDR3 1600-Antec 750 PSU-Sony DVD/RW-2-1TB HD's- Zalman CNPS9700 LED heatsink-InfiniTV 4 in a Coolermaster 690 II case-W7 x64 Ultimate
------
Katrina survivor, current BP survivor
Custom Built ASUS M4A79T Deluxe - AMD X4-955-Corsair XMS3 8GB DDR3 Memory-XFX HD-487A-ZHFC Radeon HD 4870 1GB Vid card - Sony & Pioneer DVD Drives-HAF922 Case-1 WD 1TB, 1 Seagate 1TB and 1 Rack Drive-HVR 2250 & HDHomerun Tuners- Creative Soundblaster X-Fi Titanium- Acer H233H monitor-1 ATI DCT-W7 X64 Ultimate
#2-M4A79XTD EVO-AMD X4-925-4GB Corsair Ballistix Tracer DDR3 1600-Antec 750 PSU-Sony DVD/RW-2-1TB HD's- Zalman CNPS9700 LED heatsink-InfiniTV 4 in a Coolermaster 690 II case-W7 x64 Ultimate
#3
michaeltee
-
- Members
-
- 24 posts
Rookie
Posted 04 April 2006 - 06:02 AM
pcostanza, on Apr 4 2006, 06:56 AM, said:
Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.
#4
tbrewst
-
- Digital Guru
-
- 12,409 posts
Digital Guru
- Gender:Male
- Location:Taos,NM
Posted 04 April 2006 - 06:15 AM
I have it on my machine but have never had any software identify it as adware or spyware.
"Do you wanna see me crawl across the floor to you?
Do you wanna hear me beg you to take me back?
I'd gladly do it because....."
Terry
AMD Athlon II X4 640 3.0Ghz processor
ASUS M4A88T-M/USB3 Motherboard w/VIA 8 channel sound
Power Color ATI HD5550 512mb DDR3 video card
4Gb DDR3 10666 memory
1Tb Hitachi SATA hard drive
(2) Lite-On iHAS224-06 SATA DVD drives
Rosewill Destroyer case
Dell DX-20A6Q QFlix DVD burner
Cambridge Soundworks THX 5.1 speaker system
I-inc iH-252HPB 25" widescreen monitor connected via HDMI
Dell 1100 Laser printer
Roxio USB Capture Device
Windows 7 OS
Do you wanna hear me beg you to take me back?
I'd gladly do it because....."
Terry
AMD Athlon II X4 640 3.0Ghz processor
ASUS M4A88T-M/USB3 Motherboard w/VIA 8 channel sound
Power Color ATI HD5550 512mb DDR3 video card
4Gb DDR3 10666 memory
1Tb Hitachi SATA hard drive
(2) Lite-On iHAS224-06 SATA DVD drives
Rosewill Destroyer case
Dell DX-20A6Q QFlix DVD burner
Cambridge Soundworks THX 5.1 speaker system
I-inc iH-252HPB 25" widescreen monitor connected via HDMI
Dell 1100 Laser printer
Roxio USB Capture Device
Windows 7 OS
#5
michaeltee
-
- Members
-
- 24 posts
Rookie
Posted 04 April 2006 - 06:46 AM
tbrewst, on Apr 4 2006, 07:15 AM, said:
I have it on my machine but have never had any software identify it as adware or spyware.
-Mike
Edited by michaeltee, 04 April 2006 - 06:49 AM.
#6
cdanteek
-
- Digital Guru
-
- 20,236 posts
Digital Guru
- Gender:Male
- Location:Prairie Rapids Crossing.
Posted 04 April 2006 - 07:02 AM
michaeltee, on Apr 4 2006, 02:02 PM, said:
Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)
http://www.file.net/.../pxwma.dll.html
http://castlecops.co...-pxwma_dll.html
cd
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
My Computer Specs click show.
1.Click here Beginners Guide - Blank DVD Media Type Definitions & What A Firmware Upgrade Is for Your Burner.
2.Click here Firmware HQ - site dedicated to providing you with the latest firmware releases for your optical disc drives.
3.Click here CD-DVD Speed
4.Click here CD-DVD Speed - A user guide
5.Click here Enabling/Checking DMA in Windows Vista, XP, 2000, Me, 9x.
6.Click hereYou can no longer access the CD drive or the DVD drive.
7.click here Drive Not Recognized By Roxio, PX Engine 3_00_58a. Old Version<-> EMC 7.5 Up PX Engine 4.18.16a. Update .Click here
8.Click here How to uninstall IE 7 and WMP 11.
9.Click here ImgBurn Current version: 2.5.3.0 (5,262 KB) CD / DVD / HD DVD / Blu-ray burning application
10.Click here InfoTool (Drive, Disk, Configuration, Software, Hardware, DMA settings, etc.).
11.Click here. Complete Uninstall of Creator 2011 & Creator 2012
12.Click here. Complete Uninstall of Creator 2009 and 2010 (Windows Vista and 7)
13.Click here Complete Uninstall of Creator 2009 and 2010 (Windows XP)
14.Click here Complete Uninstall of Easy Media Creator 9 & 10 on Windows Vista
15.Click here Complete Uninstall of Easy Media Creator 7.5, 8, 9, & 10 on Windows XP
16. Click here WinZip Data Compression Utility <> Click here WinRAR Data Compression Utility Click here 7-Zip Data Compression Utility
17. Click here Finding Your Computer Specs And Roxio Software Version Number.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
My Computer Specs click show.
Spoiler
1.Click here Beginners Guide - Blank DVD Media Type Definitions & What A Firmware Upgrade Is for Your Burner.
2.Click here Firmware HQ - site dedicated to providing you with the latest firmware releases for your optical disc drives.
3.Click here CD-DVD Speed
4.Click here CD-DVD Speed - A user guide
5.Click here Enabling/Checking DMA in Windows Vista, XP, 2000, Me, 9x.
6.Click hereYou can no longer access the CD drive or the DVD drive.
7.click here Drive Not Recognized By Roxio, PX Engine 3_00_58a. Old Version<-> EMC 7.5 Up PX Engine 4.18.16a. Update .Click here
8.Click here How to uninstall IE 7 and WMP 11.
9.Click here ImgBurn Current version: 2.5.3.0 (5,262 KB) CD / DVD / HD DVD / Blu-ray burning application
10.Click here InfoTool (Drive, Disk, Configuration, Software, Hardware, DMA settings, etc.).
11.Click here. Complete Uninstall of Creator 2011 & Creator 2012
12.Click here. Complete Uninstall of Creator 2009 and 2010 (Windows Vista and 7)
13.Click here Complete Uninstall of Creator 2009 and 2010 (Windows XP)
14.Click here Complete Uninstall of Easy Media Creator 9 & 10 on Windows Vista
15.Click here Complete Uninstall of Easy Media Creator 7.5, 8, 9, & 10 on Windows XP
16. Click here WinZip Data Compression Utility <> Click here WinRAR Data Compression Utility Click here 7-Zip Data Compression Utility
17. Click here Finding Your Computer Specs And Roxio Software Version Number.
#7
michaeltee
-
- Members
-
- 24 posts
Rookie
Posted 04 April 2006 - 07:41 AM
cdanteek, on Apr 4 2006, 08:02 AM, said:
Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.
Edited by michaeltee, 04 April 2006 - 07:47 AM.
#8
patatrox
-
- Root Admin
-
- -466 posts
Roxio Mac Guy
Posted 04 April 2006 - 08:19 AM
michaeltee, on Apr 4 2006, 11:41 AM, said:
Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.
Most definately not spyware...
PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamicli...info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.
What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.
- patatrox
Follow Roxio on Twitter - http://www.twitter.com/RoxioProducts
Follow patatrox on Twitter - http://www.twitter.com/toastguy
Follow Roxio on Twitter - http://www.twitter.com/RoxioProducts
Follow patatrox on Twitter - http://www.twitter.com/toastguy
#9
michaeltee
-
- Members
-
- 24 posts
Rookie
Posted 04 April 2006 - 08:39 AM
patatrox, on Apr 4 2006, 09:19 AM, said:
Most definately not spyware...
PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamicli...info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.
What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.
PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamicli...info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.
What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.
http://www.sunbeltso...com/contact.cfm
Thanks for the clarification :-)
-Mike
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
