• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

3 errors on startup

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#1
I am using Windows XP Home on a HP Pavilion dv5000 and i have been experiencing problems for a long time.
When I start my laptop up or reboot it, I get 3 error-like messages displayed on my desktop one after the other.

The first one says:

"Windows cannot find 'C:\WINDOWS\system32\wmoxca\services.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

I click OK and another one pops up:

"Could not load or run 'C:\WINDOWS\system32\wmoxca\services.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."

Once again, I click OK and the last one appears:

"Error loading C:\PROGRA~1\MYWEBS~1\bar\2.bin\MYWSBAR.DLL

The specified module could not be found."

I would appreciate any help
Thanks in advance.
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#2
That last error looks like it's related to MyWebSearch or one of their related programs which is dubious at best. Go to add/remove programs and uninstall anything that looks like it or similar including MyWay. After that you still might have leftover malware.


  • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
    It is a combination of the words malicious and software.
    The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
  • Required Cleanup Steps
    1. Disable the Spybot Search & Destroy TEA TIMER if enabled
    2. Run a Temporary file and cache cleaner (ATF)
    3. Run 2 Anti-Malware scanners
    4. Run an Online Anti-Virus / Anti-Malware Scanner
    5. Clear out old System Restore points
    6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file
The reason to run multiple scanners is to ensure that no single scanner is missing something.
The time it takes will vary depending on your system and your internet connection speed.
Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.
The ESET online scan should take between 1 to 3 hours.
In most cases, these scans will suffice to clean and disinfect your computer.
Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page
To keep this guide printer-friendly, use your cursor to highlight the contents below.
From your browser select File - Print and in the printer dialog box under "Print range"
click the Selection choice to print out these instructions for removal of malware.​
__________________________________________________​

STEP 1
  • Disable Spybot Search & Destroys' TEA TIMER: (if installed)
    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.
__________________________________________________​

STEP 2
  • Follow these instructions carefully.
  • Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware.
  • You can also download it from Majorgeeks.com
  • When you run ATF-Cleaner, check the items as shown below for Main.
  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  • NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  • Then click on "Empty Selected".
.
__________________________________________________​

STEP 3
  • Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com
    • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    • You do not have to send them your e-mail address, just click next.
    • You can leave the automated check for updates on.
    • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
    • On the Top Left select the Scan your computer button.
    • Make sure there is a CHECK MARK on all Fixed Drives.
    • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.
__________________________________________________​

STEP 4
  • Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download)
    • Accept all defaults for the installer
    • Allow the program to update the definitions
    • Click on the Quick Scan and click Next.
    • If any items are found allow it to clean them and then Reboot your computer.
__________________________________________________​

STEP 5
  • Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner
    • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    • Accept the terms and click "Start".
    • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    • Click "Start" to begin the scan.
    • When completed restart your computer
__________________________________________________​

Make sure your internet firewall security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
At that time, you will receive instructions to ***ist you in removing malicious programs from your Add/Remove program list if warranted.

If required this is the download link for TrendMicro™ HijackThis™
Unless instructed to by the Technician helping you then do not download this tool.

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.
Please follow the instructions here
How to turn off and turn on System Restore in Windows XP
How to turn off and turn on System Restore in Windows Vista
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#3
Hi

When you are finished with all the scans download HijackThis in the link above and do the Scan and save a log file. Then copy and paste the log here.
 

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#4
Thanks for the help.
I will get back to you after the scans and I will save a log file and post it on here.
Muchly appreciated!
 

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#5
I have never been so patient!!! lol
After the scans, all three popups are still appearing when the laptop is rebooted.

I have done a HijackThis scan and saved the log file.
Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:18, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\wmoxca\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\RunServices: [Microsoft Windows] system.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146320126750
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9884 bytes
 
W

Wolfeymole

#6
Well Beeb we have quite a few issues here.
You appear to be running two anti virus programs namely AVG and Norton or remnants of Norton.
You are also running Blubster which is P2P software.

Please bear with us while our Malware techs take up on this when they get online shortly.
I must advise however that you will be asked to remove Blubster as it could seriously affect your chances of your machine being in a full working condition again.
 

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#7
Thanks for the info, wolfeymole.
My dad removed Norton a while back after being warned by a specialist but obviously not fully.
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#8
Hi

While you wait there are many needless start up programs.

Go to Start -> Run and in the box type msconfig, click on the Startup tab and uncheck everything except any references to AVG or your Internet Security or Windows Defender and jusched.

Then the computer will reboot and just tick the Don't show this at startup box.
 

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#9
thanks, maynard
i have done what you said, and some of the things that were checked and I unchecked said: MWSBAR or services. After unchecking these and restarting my computer, I now have no pop-ups appearing.
Thank you!!!
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#10
Hi beeb;
I'm glad it's working better. As maynard said though it's only the start. He knows you still have more issues. "Good job again maynard".

As wolfey said as long as you have these "certain programs" you will continue to have other issues as they come bundled with malware that might re-install.

Use add/remove programs to uninstall ALL P2P file sharing programs.
Do the same for add on toolbars unless you are sure of them.

I would also suggest a better antivirus than AVG.

And lastly wait for out techs to review your posts and your log.
 

beebmaster

FPCH Member
Joined
May 12, 2008
Messages
6
#11
I know that its only the start. My laptop is in bad shape and is not protected as it should be and I have recently been dowloading other anti-virus programs and when scanning, these have picked up spyware etc. that AVG hasn't. I removed MY WEB SEARCH a long time ago using add/remove and after wolfey told me that blubster is causing me problems, i removed it using add/remove.