ScanDisk detected an invalid long filename

Hi,
A friend of mine brought his computer over hoping I would be able to solve the problem but I just don't know what to do. The problem is:
When the machine boots up it starts a 'scandisk" and when it gets to a certain spot, it says, "Scandisk detected an invalid long filename entry on this drive but was unable to fix it. To fix this problem, run scandisk for Windows. "

I said OK and then tried to go to System Tools, Scan Disk and I get an error message, ":Explorer performed an illegal operation "
I then tried to go through the MS-Dos prompt and typed "Scandisk" and I get an error message saying: Winoldap performed an illegal operation. "

Could you please try to help me figure out this problem and get his computer running again. The last thing he said he did was try to go on a website on the Internet Explorer and never got to the site but from there the computer had problems.

Thanks for your help.

Jean

 

What type ( Brand ) of machine is it ?

BillyBob

 

Hi,
Thanks for answering so promptly. I just looked at the front of his computer and it must be one that was built for him as it doesn' have any label on it.

I tried to right click "My Computer" to look at the information but when I try anything, it says " "Explorer performed an error" and won't do anything.

Jean

 

Heres hoping that you have a bootable floppy and a Win98 CD. Or at least some form of a recovery CD. Cause I believe this is going to require a re-install of Windows. Let us know what you have and we can take it form there.

BillyBob

 

I did manage to scan disk in "Safe Mode" but it made no difference. I still get the :Explorer error if I try to do anything when Windows Boots up.

Yes, I have a Windows 95 startup disk and my Windows 98 disk.

Is it possible to reload the windows without wiping everything off his computer?

Thanks for your help.

Jean

 

It most certainly is but needs to be done a bit different and carefully. And can be well worth they try.

First off I do not know if the long file name will create problems or not. I am hoping that some one will jump in here that can answer that.

And I have to assume that the CD is the same version of Windows that is on the machine. You can put 98SE over 98FE ( acts as an upgrade ) but the other way around won't work properly.

Step 1.. Boot from a power off state to the floppy. It makes no different what version of Windows the floppy is as long as it sets up the CDROM for use. Becasue all we are doing here is booting the machine.

Step2..Insert the CD.

Step3.. At the A:/ prompt type [CDROM letter]/Win98/setup. So it will look like D:/win98/setup.

Step3a..Once you get the setup started remove the Floppy. If you do not it will create problems when the setup gets ready to restart.

During the process you will be asked some questions. One of which will be for the product key.

Another will be where do you want Windows installed. If all things are proper then it will be C:\Windows. This is one reason for booting from the floppy etc. so that the install does not know that a Windows folder already exists and there will be no part of Windows running or in RAM and will not ( usually anyway ) make a 2nd Windows folder. Which it will do if you boot from the HD. But just WATCH CAREFULLY so that it does go into C:\Windows.

From here on I do not recall any more places where you will need to answer questions. It should take care of it self.

Need more help or have questions. come on back.

Good luck.
BillyBob

 

I'm so disappointed. I did follow your instructions to the letter and reinstalled Windows 98. Apparently it made no difference as when I try to open a program or change a display setting, I still get the error "Explorer peformed an illegal operation." Would it help if I told you what the "Details" are?

I have not had the error mesage about the invalid long filename entry though. I also was able to complete the scan disk when the machine came up after I had to restart because it was hung up.

What do you think? Should I give up and tell my friend I cannot fix his problem.

Thanks.

Jean

 

Jean, hi, please post the error message or at least the main code, even if you cannot get the machine going again the information may be useful to someone in the future (or put them out of their mizery ).

I think it relates to a registry problem (the basics of which do not get changed by a reinstall). You should be able to run a few "diagnostic" programs without running through the registry, eg.:
Set up and install HijackThis that you have uncompressed (unzipped) to a floppy disk. You can make a log and save it back to another floppy disk and post it here or in the security forum. I think HT is a Windows program, so boot to Windows and run it from the command line (go to Start > Run and browse to HijackThis.exe or type in the address).
There is a DOS version of an antivirus you can get for free (if the system seems inadequate for antivirus):
http://www.f-prot.com/download/home_user/download_fpdos.html
It is 2.4mb compressed. I have run it from a "burnt" CD or you could use Winzip to span it over a few floppies to transfer it from your computer to the "infected" computer. Note: It is does not have mouse control, you must use the keyboard to run it.
I have run an old version of Spybot from a burnt CD.

Two other possibilities.
(Maybe the easiest) Run msconfig, go to the Startup tab and uncheck everything except System Tray. If Windows runs OK, go back and recheck anything that seems to be "legit... ", you then need to sort out the "legit..." from the "sus ".
Explorer runs...mmmm... "where everything is ". There may be a problem that relates to the harddrive, you could find the brand of the harddrive and run the manufacturer's utilities, the HD may not be set up properly.

This sounds like a pretty tough problem. Hope there may be some food for thought here.

Matt

 

Sorry to read that the re-install did not work completely.

NO !! do not give up yet. There is more help around.

BillyBob

 

Hi everyone,

I tried running Hijack this a couple of times and I finally was able to get this information from the log:

Logfile of HijackThis v1.97.7
Scan saved at 10:21:07 AM, on 4/14/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL (file missing)
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.google.com/ "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38406.8069560185
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab


I also was finally able to get msconfig to run in Safe Mode and turned off everything except System Tray. I haven't had the error message since turning everything off. I haven't had time to go back and sort out the different running programs one at a time. Will do this later.

Here is the information on the Windows Explorer error:
:Explorer
This program has performed an illegal operation and will be shut down.
Details:
EXPLORER caused an invalid page fault in module KERNEL32.DLL at 015f:bffbff0f.
Registers:
EAS=00000000 CS=015f EIP=bffbff0f EFLGS=00010202
EBS=00000007 SS=0167 ESP=0223e25c EBP=0223e268
ECX=00000007 DS=0167 ESI=aa4b68bd FS=2faf
EDX=bffc9b04 ES=0167 EDI=0223e417 GS-0000
Bytes at CS:EIP:
f3 a6 8a 46 ff 33 c9 3a 47 ff 77 04 74 04 49 49
(more but I didn't get the info.)

I'll get back to you and see if it starts the Explorer error message when I start turning things on.

Thanks again.

Jean

 

Due to a HJT log being used, I moved the thread.

You can use HJT to remove this useless line.
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL (file missing)

Why not post the log again with everything enabled?

 

Hi,

I have been checking to see what if turned on in msconfig creates the Explorer error. So far when I turned on (the very first one) Task Monitor, I started to have problems with the error. So I turned it off again and will today work more with that.

If I turn on or "Why not post the log again with everything enabled?" I never can do anything because that error message comes up and the computer is hung up and I have to power down. Although I will try again and get back to you.

We have coming here (sunny Florida) right now so can't spend too much time on this until they leave Monday.

I'll be in touch soon.

Jean

 

I don't know where you moved the HJT log to so I'm posting this again with all the progams turned on. I'm not sure if the other is the same or not.

As you said, "Why not post the log again with everything enabled?" here it is:

Logfile of HijackThis v1.97.7
Scan saved at 4:25:19 PM, on 4/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\CLMPANEL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL (file missing)
F1 - win.ini: load=ptsnoop.exe
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.google.com/ "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [CLMFrontPanel] clmpanel /i
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38406.8069560185
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

Maybe this will show more so I can get this annoying error message out of the way.

What should I do now?

Jean

 

Hi Jean,

Recommend you download the newest version of HijackThis.exe[/b]]HijackThis.exe, create a new folder on your desktop and save it there. Open HijackThis to the misc tools section and click Generate Startup List. Save that and click back, then run another scan and save the log. Post both logs here.

 

Until you post a new log, I see two things that are famous for causing problems.

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

You can remove the Qttask.exe. It is part of Quicktime and is useless and is a resource hog.
The Findfast is best disabled through the Findfast icon in the Control Panel.

 

OK, I downloaded the newest version of Hijack This. I could not run the HiiJack this unless I put the computer in Safe Mode. When I tried it on normal startup, everytime I tried to scan it with HiJack This, I received the Explorer: error.

I don't know if it matters to run it in "Safe Mode" but here are the results. of both the Startup List and log file.

StartupList report, 4/15/05, 5:57:50 PM
StartupList version: 1.52.2
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
VsecomrEXE = C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
CLMFrontPanel = clmpanel /i
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TaskMonitor = C:\WINDOWS\taskmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Mozilla Quick Launch = "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
spc_w = "C:\Program Files\NZSearch\nzspc.exe" -w

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=ptsnoop.exe
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/4/2005, 20:27:38)

[rename]
nul=C:\WINDOWS\TEMP\setup.exe

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38406.8069560185

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 4,470 bytes
Report generated in 0.625 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


and the Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:00:35 PM, on 4/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL (file missing)
F1 - win.ini: load=ptsnoop.exe
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.google.com/ "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\qefkl3ad.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [CLMFrontPanel] clmpanel /i
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

Will the above be helpful?

Jean

P.S. I will disable Find Fast and delete Qttask.exe.

 

Jean, I know you are running out of time to work on it.

I can see one or two things that may cause problems.
There are several browsers installed (or were installed at some stage). Netscape, IE with AOL, Mozilla and the Netzero email.

I think you should sit down with your friend and go to Add/remove programs. Select and remove any programs that are no longer required. Remove anthing that can be reinstalled (preferably with an updated version), so say he/she likes using Netscape, remove the current version, download and install the latest version. The same with the Netzero program.

Be as ruthless as you can, remove anything that is not really necessary.

Go to Start > Programs. Some programs will have an "uninstall" listed there. Uninstall anything no longer necessary.

Hopefully this will catch the program that is causing the problem.

If you happen to run out of time, show your friend how to get to msconfig. Disable the startup items as previous. You friend could recheck the items one at a time every few boots and identify the program that is causing it.

It may not necessarily be caused by spyware or something sinister. It could just be startup program that has "gone wrong ", eg., several browsers fighting for control.

Matt

 

Hi everyone,

I downloaded Housecall and had them scan the computer for a virus. It showed that there were no viruses on the system.

I then went into msconfig and turned on everything (one at a time) except the TaskMonitor. The computer is working GREAT, no error messages.

What do you think? Could it be that TaskMonitor was causing the problem? Can I just delete TaskMonitor so it never opens again. For now this is the only thing in msconfig - startup - that is not turned on. I also search for it and renamed it to taskMonitor1.exe so nothing can find the original one.

Do you think I should just give it back to him and hope it stays working without any error message.

Thank you for all the time you have taken to help me.

Jean

 

I've been pondering what to do here, Jean. Here's what Task Monitor is doing;

Enumerating Task Scheduler jobs:

Windows Critical Update Notification.job

Try configuring automatic updates off, reboot and see if they are still in the task list. Remove from there if it is. Alternatively, leave it off in msconfig. Just make sure they understand to check for Windows Updates regularly.

 

Jean, you can leave TaskMonitor unchecked in the startup list with no ill effects. I have had it unchecked for a long time. Also suggest deleting all the files under C:\Windows\Applog as this is where taskmonitor creates the files it tracks. Would NOT delete taskmonitor.exe file from Windows tho'. Taskmonitor was put in windows to speed up defrags, but with today's faster access HD's it's really redundant.