Posts by dlh6213

Do you know what this is: C:\WINDOWS\System32\langwrbk.exe
It's not showing up on every log, but it's on most of them. If you don't, can you right-click on it and get the Properties for it? That's the only questionable thing I see.

I haven't tried Alex's suggestion yet; here is some more info that may help generate more ideas. I changed the Folder Options to not 'Hide protected operating system files'. I was then able to see three items:

Recycler Folder -- 3 folders, 6 files, 24KB
System Volume Information Folder -- 0 folders, 0 files, no space used
Pagefile.sys (System File) -- 102,400KB

I tried to delete them but couldn't; tried it from Safe Mode, and still couldn't. Could this be what's keeping me from formatting? If so, how do I get rid of them?

maybe you can help me out... I accidentally formatted my hard drive on my pc. It is now completley blank, as if I just purchased a brand new hard drive... What my question is for you, how could I install an operating system back on the hard drive? The only thing I can think of is hooking the hard drive up to this computer, and booting up in dos...? and trying to see if that works... can you please help me...

DFWDRUMMER, you should start a new thread. What OS do you want to install? For XP, see this thread:
http://www.daniweb.com/techtalkforums/thread6632.html

I would assume that Fujitsu deals with this in a similar manner to Dell:

Call Fujitsu tech support and tell them the problem. They will ask for verification that you are indeed the rightful owner of this laptop and email you a password that will give you access.

(That was one heck of a long discussion!)

Cain -- I have no problem accessing/using the drive; just doing some general maintanence. If I can't do it, it's no big deal, but I'd like to know why I can't.

Christian -- You were correct about the swap file; that never even occured to me (I didn't have it there last time I did this). The problem is, even after getting rid of it, it still won't format. I tried Safe Mode again, but still no luck.

Any other ideas?

There are a couple of attachments in this thread that should help you out:
http://www.daniweb.com/techtalkforums/thread11350.html

I wanted to clean up one of my drives (partition "f"), so I moved everything I wanted to keep to another partition ("h"), and deleted what I didn't want. I then tried to format the drive but got a message saying it couldn't be done (screenshots attached). I've done this before without any problems and I can't figure out what's wrong. I tried booting into Safe Mode, but got the same message. I then tried the Diagnostic Safe Mode, same thing again. Anyone know how I can format this drive?

Using WidowsXP Home

Before you fix anything with HJT, there are two things you need to do first; you should get the latest version of it, which is 1.98.2, and you should put it in it's own folder so it can safely save backups -- like C:\Documents and Settings\KingSt\Desktop\HJT\HijackThis.exe (instead of C:\Documents and Settings\KingSt\Desktop\HijackThis.exe)

After you've done that, close all browser windows, scan with the new HJT, and post a new log please.

Go to this thread and get hijackthis:
http://www.daniweb.com/techtalkforums/thread5690.html
Make sure you download the latest version, 1.98.2, and post your log in the Viruses and Spyware forum.

I've seen people here recommended using msconfig to disable services, but in a class I took, the instructor said that Selective Startup should only be used to help resolve issues -- as a diagonstic tool; other then that, Windows should be set to Normal Startup. This is why I always recommend using the Services tool for changing process startup options (and you also get the Automatic and Manual options there). What is your opinion on this?

Starting a new thread... http://www.daniweb.com/techtalkforums/showthread.php?p=69029#post69029

Go to your Control Panel, Administrative Tools, Services; find cthelper in the list and right-click on it; select Properties, click on the General tab, and find the section that says "Startup type:" Click the drop-down arrow and select Disabled. Click OK at the bottom and you're done.

Sorry for the double post, hit the wrong button.

Did you use kazaabegone to get rid of Kazaa? If so, LSPFIX may help repair your connection (it might work even if you didn't use kazaabegone). But if you can't connect you'll have to download it on another computer and transfer it to yours. You can download it from http://www.computercops.biz/downloads-file-334.html

If you haven't used kazzaabegone yet, you should, to make sure all traces have been removed. You can get it here:
http://www.spychecker.com/program/kazaagone.html

Did you use kazaabegone to get rid of Kazaa? If so, LSPFIX may help repair your connection (it may anyway). But if you can't connect you'll have to download it on another computer and transfer it to yours. You can download it from http://www.computercops.biz/downloads-file-334.html

:lol: So on Nov. 9, I came home and out comes my brother, dripping from the shower, demanding to know where hsi copy of Halo2 was. I played dumb.
But, me and my mother dedcided to go ahead and give it to him. He was happy. I have not seen him since.

LOL! :lol: So how did he know you had it?

My son spent the weekend trying to teach me how to use it!

Here's a bit of info crunchie dug up that you may be interested in:

CTHELPER.EXE

From sysinfo Quote:
CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync).
Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it.

(You can always have HJT fix entries which indicate "file missing" or "no file"; HJT is basically telling you that those entries are just "broken pointers" to a file which no longer exists on your system.)

That may not be entirely true; unless the bug has been fixed, crunchie gave this bit of advice last month:

"Only fix these if you do not have Java Sun.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Hijackthis has a bug that misinterprets some 09 entries."

Is this a good anti-spyware? Anyone know if it's worth it? It's the type of one where you have to buy it from the store. Is this as good as Spybot or Ad Aware?

Sarah, Spysweeper is a legitimate/licensed program, but as mentioned previoulsy, there are free alternatives that are just as good.

If you ever have questions about the validity of spyware programs, check them out at this site:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Close all browser windows, scan with HJT, and have it fix the following entries:
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_linjian123_9220 (file missing)
O9 - Extra button: Instant Messenger - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messeng...nger.yahoo.com/ (file missing)
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

That's all I see, anyone see anything else?

Hypnotoad, first of all you're not suppose to tag onto someone else's thread, you need to start your own ("Do not piggyback threads by posting your question as a reply to another question." Found in the rules: http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules).

Secondly, there is a notice at the top of this forum to post all HJT logs in the Security forum.

HJT also needs to be in it's own folder to safely save backups, like
C:\Documents and Settings\Happ\Desktop\HJT\HijackThis.exe
(instead of C:\Documents and Settings\Happ\Desktop\HijackThis.exe).
And, all browser windows should be closed before scanning with HJT (including Firefox).

After you've put HJT into a safe folder, close all browser windows, scan with HJT, and post a new log in the Security/Bugs forum, along with a description of any problems you are having.

Oops, another name change, the Security forum is now called Viruses, Spyware, and other Nasties, so post your log there.

One more thing before you post a new log. Right now you are running HJT from your desktop, it should be in a folder so it can safely save backups. A folder on your desktop will work, like C:\Documents and Settings\The Big G.THEBIGG\Desktop\HJT\HijackThis.exe (instead of C:\Documents and Settings\The Big G.THEBIGG\Desktop\HijackThis.exe)

You have a few things to fix there, but right now you are running HJT from your desktop, it should be in a folder so it can safely save backups. A folder on your desktop will work, like C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe (instead of C:\Documents and Settings\Owner\Desktop\HijackThis.exe)

After you've done that, go to Add/Remove Programs and remove Windows AdControl

Close all windows, scan with HJT, and have it fix these entries:
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe

Then go to C:\Program Files and delete the Windows AdControl folder.

Reboot, close all windows, scan with HJT, and post a new log please.

...I just received an email to my account, and until I get this problem fixed, I am unable to access my email- (grrrrrrrr)...

The emails you're talking about are probably the ones that are generated automatically when someone responds to a thread you are subscribed to. Can you get to your email now?

I don't know what happened, but you are now using an older versions of HJT (1.97.7), but you were using the latest version before (1.98.2). You should scan again with the newer version and post another log.

As for your son, there is no reliable way to keep him out of trouble without standing there looking over his shoulder. The best thing to do is to have a talk with him (like you haven't done that already, right?)

To help protect your system, you should keep it updated with Window Updates and use a utility like SpywareBlaster (it's free!).

This is just a theory, so if anyone knows whether or not this is possible, please let me know.

It's possible you could have several applications set to auto-update when the computer is restarted. When you connect right away, they all fight to get their respective updates. By not connecting right away, they may stop trying to update and turn their 'update' off till the next reboot. When you do connect, some may still get their updates, but others may wait until you restart your computer. And it may not be only applications you have installed, there could also be some malware trying to connect itself amongst them. Anti-virus programs don't stop everything!

(Does this make any sense?) :confused:

I don't doubt that such a utility exists, but I don't know of any.

What I've done, however, is to create shortcuts to all Temp folders for all users and put them in one folder on my desktop. Sure, you still have to go through each folder individually, but it sure beats logging on to all the different accounts!

This either didn't get fixed or it came back; before you fix anything with HJT, be sure all browser window are closed (including Firefox). Then scan with HJT and have it fix the following entry:
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

That's the only thing I see.

You also need to go to Windows Update to get all your Critical Updates. And you should get CWShredder and SpywareBlaster, links to both can be found in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Hi gbear, you have some things to fix there, but right now you're running HJT from a temp folder. In order for it to safely save backups, it should be in a permanent folder. Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there.

HJT also needs to have all browser windows closed in order for it to make fixes properly. So, after you've moved HJT to a safe folder, close all browser windows, scan with HJT, and post a new log please.

Good job getting that log cleaned up! I don't see where you've deleted anything you shouldn't have. This link will give you some info about HJT:
http://hjt.wizardsofwebsites.com/#r

I only see a couple more things that should be fixed. But one of the experts might see something I missed.

Make sure all browser windows are closed, scan with HJT, and have it fix the following entries:
R3 - Default URLSearchHook is missing
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...11a0351cafa03db

...In actual fact I was looking for free software for reg cleaning... ;)

You can get System Mechanic free if you purchase some PNY RAM:
http://www.iolo.com/pny/landing.cfm?pid=9687C57E-2913-43D9-8ED6-8C2C05E597B5&adid=FA32CDE2-E6A5-4258-BB69-2AB87FF28BF6

...in Win98, the SCANDISK or DEFRAG is not working properly. It takes forever to run, but still without any result.

Try running them from Safe Mode.

Dragonoids, you will need to start your own thread. Before you do that, however, have a look through this thread and follow the advice. It will also explain what you need to know about posting a hijackthis log:
http://www.daniweb.com/techtalkforums/thread5690.html

Should this line be in the log, If so why !!! .
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://ourchurch.com

That's the primary site DJ is trying to access. But you would have needed to see the first thread to know that:
http://www.daniweb.com/techtalkforums/thread13978.html

Hi again,

In order for HJT to fix things properly, all browser windows need to be closed. Please be sure all browser windows are closed, scan with HJT, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

If you're getting any Bigfix errors, check this link:
http://support.microsoft.com/?kbid=318571

Reboot and see if you can access that site.
FYI -- I can access http://www.ourchurch.com, but when I try http://www.ourchurch.com/l/lighthouse4j/ I get the Not Found message.

It's possible this patch may have helped:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

I don't use Trend Micro either, but when you open it there should be a Management Console or something similar where you can set it to show in the Task Tray. I don't know if this will help, but here is a link to the manual:
http://www.trendmicro.com/ftp/documentation/guides/pcc2005-qsg.pdf

Hi there, you have a few things to fix, but first of all you are running hijackthis from a temporary folder. The backups hijackthis creates can be accidentally deleted when not in a permanent folder. Please do the following;

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Close all browser windows, scan with HJT, and post a new log please.

Try this:
http://www.video-drivers.com/drivers/58/58784.htm

1. As long as you have Kazaa and other P2P programs installed, they will continue to create problems. Go to Add/Remove Programs in the Control Panel and remove them. Run Kazaabegone from here to be sure all remnants of kazaa have been removed:
http://www.spychecker.com/program/kazaagone.html

2. Close all windows, scan with the updated HJT, and have it fix this entry:
O4 - HKLM\..\Run: [ynaqqah] C:\WINDOWS\System32\foyyiehl.exe

3. Go to C:\WINDOWS, System32 folder and delete this, if found: foyyiehl.exe

4. Update hijackthis to v1.98.2.

5. Empty the contents of all Temp and Temporary Internet folders for all users.

6. Follow the recommendations in this thread to clean up some of the remaining problems:
http://www.daniweb.com/techtalkforums/thread5690.html (don't leave out SpywareBlaster)

7. Close all windows, scan with the updated HJT, and post a new log.

Yes, post your hijackthis log in this thread so we can see exactly what you have.

Can you ask the person who gave it to you?

Forget the link, I'll just copy what relates to you here:

1. As long as you have Kazaa and other P2P programs installed, they will continue to create problems. Go to Add/Remove Programs in the Control Panel and remove them. Run Kazaabegone from here to be sure all remnants of kazaa have been removed:
http://www.spychecker.com/program/kazaagone.html

2. Go to Windows Update to get all the Critical Updates for your system (but don't get SP2 until after you have cleared your system of malware).

3. Update hijackthis to v1.98.2.

4. Empty the contents of all Temp and Temporary Internet folders for all users.

5. Follow the recommendations in this thread to clean up some of the remaining problems:
http://www.daniweb.com/techtalkforums/thread5690.html (don't leave out SpywareBlaster!)

6. Close all windows, scan with the updated HJT, and post a new log.

Thykos, close all windows, scan with HJT and have it fix the following entries:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28bbcaa...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

I don't know if that will solve you're problem, but that's all I see. Maybe one of the pro's will spot something I missed.

Where does Spyware Doctor say the problem is? If it's in a restore folder, check this thread:
http://www.daniweb.com/techtalkforums/thread13362.html

C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

If you're using a Toshiba laptop (and it looks like you are), you should keep those entries. Check this link for info:
http://www.windowsstartup.com/wso/detail.php?id=22

Toshiba sure adds a lot of processes :eek:

Hey there dlh. Thanks for your input. I appreciate it. I will definitely consider adding a donate X form to the subscription page. However, I think you misunderstood me. As I said, I need about one dollar per signup. However, I don't plan on asking my members for this money. Instead, I plan on perhaps partnering with some company in that I would put their advertisement on the registration page or work some sort of partnership out where I end up making about one dollar per signup through advertising. Definitely not going to be charging the members.

Yes, I did misunderstand, and that sounds like a great idea if you can find someone to do it.

I had another thought to promote donations. A while back you had a contest where the winner got a cash reward; well, how about one where the prize is a 'Subscription' membership (for whatever period you deem appropriate)? This would increase awareness of the Donation section.

Hi Dani, I noticed you got the donation link at the top now (Help Us Out: Donate), I think that will help. I do have a couple of suggestions for you to consider.

I don't think charging everyone a dollar is going to work because some people don't have the means of paying online and some will be turned off just by asking for money (regardless of the amount). I think the donation route is the best way to go, but find ways to encourage more -- such as putting the link at the top.

I think the link should be reworded too, a few suggestions (instead of 'Help Us Out: Donate'):
Help us out by donating
Help us out by making a small donation
If we've helped you, help us out by making a small donation
It costs money to provide this service, please help us out by making a small donation

I also have a suggestion (yeah, I know, I'm full of It) for the donation page. Instead of just the two subscription options, add one more for the donater to specify any amount -- without a subscription.

These are just a few things to think about since you asked for ideas. :)

Personally, I don't see any difference in the time it takes to load; and I just don't like have anything on my computer that isn't necessary.

I guess it's a personal choice if anyone wants to keep them or delete them, no harm to the system either way.

If anyone was wondering what they were for, like I was, now they know :).

Well, it looks like you got moved :). After you've followed the steps in the linked post, you need to update hijackthis; you can try it's internal Update feature or get it from here:
http://www.softpedia.com/progDownload/x-Download-5034.html

Then close all windows, scan with HJT and post a new log. Also include what type of problem you're having.

1. As long as you have Kazaa and other P2P programs installed, they will continue to create problems. Go to Add/Remove Programs in the Control Panel and remove them. Run Kazaabegone from here to be sure all remnants of kazaa have been removed:
http://www.spychecker.com/program/kazaagone.html

2. Empty the contents of all Temp and Temporary Internet folders for all users.

3. Follow the recommendations in this thread to clean up some of your problems (SpyBot, Stinger, SpywareBlaster, etc.):
http://www.daniweb.com/techtalkforums/thread5690.html

4. After you've done that, close all windows, scan with HJT, and post a new log so we can see what's left to do.

Hey prman, welcome to DaniWeb! All hijackthis logs are supposed to be posted in the Security forum. You can either repost it there or wait and see one of the moderators move it for you.

You should also have a look at post #4 in this thread to help you get started:
http://www.daniweb.com/techtalkforums/thread13525.html

Good luck!