corrupt folders, hijacked google searches, windows search crashes,and adaware stalls.

Shawn160 · April 30th, 2007

Hi. as you can see I have quite a few issues. The latest is I have two folders that can't be accessed with windows explorer or moveonboot. As soon as I select my music in Windows explorer it closes with an error message windows explorer needs to close bla bla bla. My computer was recently in the shop, with a caput motherboard, and my hd had to be reformatted, but the tech backed up my files. He put my old documents and settings on the desktop, but I also had a new documents and settings folder. I moved everything in the old my documents, which was under my name, in to the new one, which was just called owner's documents, and moved my name's music folder into the my music folder in my documents, and that's when the problems started to surface here, with DEP closing windows explorer every time I would get in to the now almost empty documents and settings folder sitting on my desktop, or my old music folder inside my my music. I would check windows explorer as an exception in the DEP change settings dialogue when it popped up, and it worked for a while, then a few days later it comes back up. I just checked it again today, this time in the system dialogue in control panel, so it doesn't pop up, but windows explorer just crashes now when I select my music, or when I go in to that old documents and settings folder. I can't delete that old folder at all. Even before I moved all these files and folders however, I've had trouble with the windows search. If I search certain folders or the entire C-drive for something, it crashes or DEP pops up and it crashes, depending on whether the box stayed checked. I've done a disk defrag but it didn't help. I am able to go in to my music with a43, a windows explorer alternative I found today, and I can move certain files and folders, but I get an access violation when trying to move other subfolders. I can't delete anything at all with a45, but I'm moving what I can over to the D drive. I've tried running adaware several times, and it always stalls at some point. Spybot works fine but it doesn't help. Registry booster works fine, but it doesn't help either. Nod32 doesn't find anything, although there a number of files that it shows as locked "error opening file", but the folks on the nod32 forums all say don't worry about that. I've tried to get rid of all temporary internet and temp files in all of the documents and settings folders I have, but some temporary internet files are constantly in use and can't be deleted. I've also not been able to click on any google search results without getting hijacked by ads. I have to cut and paste links from google in to another explorer window. This only happens with google. But I haven't been able to find any BHO's that are obviously malicious. Some time ago I ran hijackthis and tried to find out about every entry just by searching, got rid of all entries that were flagged as suspicious by posters in various forums, and ran my log through an automated analyser online, but the problem still persists. The hardest thing for me is I'm a totally blind computer user, I use a screen reader, window eyes, so I can't do a damned thing in safe mode myself. Here's my hijackthis file, hope someone can find something in it. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 3:13:45 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINEYES\WESERV.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINEYES\wineyes.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINEYES\SPEECH32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINEYES\GWM32.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINEYES\bdisplay.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170079968232
O17 - HKLM\System\CCS\Services\Tcpip\..\{88516631-F7D5-4ED6-AC2E-778C847625BF}: NameServer = 216.129.224.1,216.220.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: GWMHOOK.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Window-Eyes Professional (windoweyes) - Unknown owner - C:\WINEYES\WESERV.EXE

**LordOfLA** · May 1st, 2007

The only entry that I don't recognise is on line O20. Delete that, reboot and see how you get on.

Shawn160 · May 1st, 2007

Originally Posted by LordOfLA

The only entry that I don't recognise is on line O20. Delete that, reboot and see how you get on.

Oh you mean WgaLogon.dll?
Check out
http://www.bleepingcomputer.com/star...dll-17279.html
for that one, it's a valid windows program. The other two o20's relate to Window Eyes, my screen reader. I've read that gwmhook is flagged by certain spyware detectors as spyware, but window eyes 6.0 needs it to run. Thanks.

**BouncingSoul** · May 1st, 2007

I think the O20 line he was talking about was the O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll, that is a component of your screen reader so it's fine. I don't see anything spyware related on your hijackthis log. The frequent crashes sound more like bad memory to me. I'd run memtest to check for errors

http://www.memtest86.com/

**LordOfLA** · May 1st, 2007

And: O20 - AppInit_DLLs: GWMHOOK.DLL

April 30th, 2007	Top \| #1
Shawn160 OSNN Junior Addict Joined: April 2007 Location: Kansas USA Posts: 4 Reputation: 0 Power: 0	corrupt folders, hijacked google searches, windows search crashes,and adaware stalls. Hi. as you can see I have quite a few issues. The latest is I have two folders that can't be accessed with windows explorer or moveonboot. As soon as I select my music in Windows explorer it closes with an error message windows explorer needs to close bla bla bla. My computer was recently in the shop, with a caput motherboard, and my hd had to be reformatted, but the tech backed up my files. He put my old documents and settings on the desktop, but I also had a new documents and settings folder. I moved everything in the old my documents, which was under my name, in to the new one, which was just called owner's documents, and moved my name's music folder into the my music folder in my documents, and that's when the problems started to surface here, with DEP closing windows explorer every time I would get in to the now almost empty documents and settings folder sitting on my desktop, or my old music folder inside my my music. I would check windows explorer as an exception in the DEP change settings dialogue when it popped up, and it worked for a while, then a few days later it comes back up. I just checked it again today, this time in the system dialogue in control panel, so it doesn't pop up, but windows explorer just crashes now when I select my music, or when I go in to that old documents and settings folder. I can't delete that old folder at all. Even before I moved all these files and folders however, I've had trouble with the windows search. If I search certain folders or the entire C-drive for something, it crashes or DEP pops up and it crashes, depending on whether the box stayed checked. I've done a disk defrag but it didn't help. I am able to go in to my music with a43, a windows explorer alternative I found today, and I can move certain files and folders, but I get an access violation when trying to move other subfolders. I can't delete anything at all with a45, but I'm moving what I can over to the D drive. I've tried running adaware several times, and it always stalls at some point. Spybot works fine but it doesn't help. Registry booster works fine, but it doesn't help either. Nod32 doesn't find anything, although there a number of files that it shows as locked "error opening file", but the folks on the nod32 forums all say don't worry about that. I've tried to get rid of all temporary internet and temp files in all of the documents and settings folders I have, but some temporary internet files are constantly in use and can't be deleted. I've also not been able to click on any google search results without getting hijacked by ads. I have to cut and paste links from google in to another explorer window. This only happens with google. But I haven't been able to find any BHO's that are obviously malicious. Some time ago I ran hijackthis and tried to find out about every entry just by searching, got rid of all entries that were flagged as suspicious by posters in various forums, and ran my log through an automated analyser online, but the problem still persists. The hardest thing for me is I'm a totally blind computer user, I use a screen reader, window eyes, so I can't do a damned thing in safe mode myself. Here's my hijackthis file, hope someone can find something in it. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 3:13:45 PM, on 4/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINEYES\WESERV.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINEYES\wineyes.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINEYES\SPEECH32.EXE C:\WINDOWS\System32\alg.exe C:\WINEYES\GWM32.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINEYES\bdisplay.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170079968232 O17 - HKLM\System\CCS\Services\Tcpip\..\{88516631-F7D5-4ED6-AC2E-778C847625BF}: NameServer = 216.129.224.1,216.220.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: GWMHOOK.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Window-Eyes Professional (windoweyes) - Unknown owner - C:\WINEYES\WESERV.EXE

May 1st, 2007	Top \| #2
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: corrupt folders, hijacked google searches, windows search crashes,and adaware sta The only entry that I don't recognise is on line O20. Delete that, reboot and see how you get on. If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

May 1st, 2007	Top \| #3
Shawn160 OSNN Junior Addict Joined: April 2007 Location: Kansas USA Posts: 4 Reputation: 0 Power: 0	Re: corrupt folders, hijacked google searches, windows search crashes,and adaware sta Originally Posted by LordOfLA The only entry that I don't recognise is on line O20. Delete that, reboot and see how you get on. Oh you mean WgaLogon.dll? Check out http://www.bleepingcomputer.com/star...dll-17279.html for that one, it's a valid windows program. The other two o20's relate to Window Eyes, my screen reader. I've read that gwmhook is flagged by certain spyware detectors as spyware, but window eyes 6.0 needs it to run. Thanks.

May 1st, 2007	Top \| #4
BouncingSoul Stranger Than Fiction Joined: January 2004 Location: Sioux Falls, SD Posts: 1,289 Reputation: 877 Power: 122	Re: corrupt folders, hijacked google searches, windows search crashes,and adaware sta I think the O20 line he was talking about was the O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll, that is a component of your screen reader so it's fine. I don't see anything spyware related on your hijackthis log. The frequent crashes sound more like bad memory to me. I'd run memtest to check for errors http://www.memtest86.com/

May 1st, 2007	Top \| #5
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: corrupt folders, hijacked google searches, windows search crashes,and adaware sta And: O20 - AppInit_DLLs: GWMHOOK.DLL If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

Latest News Posts

Latest Forum Posts

Latest Member Blogs

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Clear google searches. What do you use?	VenomXt	Windows Desktop Systems	5	June 12th, 2007 10:07pm
clicking link on irc search engine crashes IE	stryke23x	Windows Desktop Systems	0	September 5th, 2004 5:43am
Windows Update Stalls at 0%	Van G	Windows Desktop Systems	7	November 21st, 2002 6:18pm
Help, the default IE search page has been hijacked	UofEEE	Windows Desktop Systems	2	August 14th, 2002 2:45pm
when i click on Shared folders, Xp crashes	kReVy	Windows Desktop Systems	1	March 22nd, 2002 10:01pm