[help please]

To preface this....I am computer illiterate, so please don't talk over my head.


I just had the geek squad restore my computer cause I had a virus and my computer would not boot up. So I got my computer back home, connected to the internet, downloaded my firewall protection (zone alarm pro), updated Norton..etc

After I shutdown my computer and tried to reboot it......it just took me to a blank desktop......then my windows media player all of sudden opened up.....I waited for awhile to see if things would change.....then a message came up (wish I would've jotted it down) and then my desktop icons came back.

I have left my computer on since cause I am afraid it won't reboot again. I have done virus/spyware scans and things look ok in that department. I am wondering if I have to reinstall windows (I read about that on here...but I am afraid to do it)

Please give me some advice.

[Advertisements]

You will probably need to restart it again as you need to check msconfig to see if media player is configured to start up. If it is, and you disable it using msconfig, you will have to restart your computer.

Go to Start/run... type in msconfig

Go to the last tab of the Sytem Configuration Utility (msconfig) and check for an entry regarding media player. Uncheck it if it's there, then restart your computer.

The delay in your startup could be caused by the launching of media player, but it's hard to tell unless you're willing to restart your computer. Also, there is no other way to get to read that error message again. If you get the error message, jot it down this time, and if there is a button to click to get "details" about the error, click it and jot down the info "word for word" and post it here.

makai

[makai]

You will probably need to restart it again as you need to check msconfig to see if media player is configured to start up. If it is, and you disable it using msconfig, you will have to restart your computer.

Go to Start/run... type in msconfig

Go to the last tab of the Sytem Configuration Utility (msconfig) and check for an entry regarding media player. Uncheck it if it's there, then restart your computer.

The delay in your startup could be caused by the launching of media player, but it's hard to tell unless you're willing to restart your computer. Also, there is no other way to get to read that error message again. If you get the error message, jot it down this time, and if there is a button to click to get "details" about the error, click it and jot down the info "word for word" and post it here.

makai

[help please]

This was before I saw your reply:

I was brave, so I just restarted my computer......same thing happened. No desktop icons.....windows media player is open.......10 mins later my icons show up and a message appears.


This time I managed to write down what popped up:

Windows cannot find '/idlist,:1724,c:/ make sure you typed the name correctly and start again... etc..


So help please!

Edited by help please, 04 August 2005 - 01:09 AM.

[Stasiek]

don't be afraid to restart the pc, like you stated the pc has been fixed by your geeksquad

as far as the automatic loading you can do what makai stated or just open the start/programs/startup folder and delete any thing that's there it will prevent from loading the software during startup which can speed up your load time

Edited by Stasiek, 04 August 2005 - 01:12 AM.

[makai]

Windows cannot find '/idlist,:1724,c:/ make sure you typed the name correctly and start again... etc..

Is there no "details" button you can click on in the error message window?

Is there something that follows c:/?

Something is trying to load at startup, but is probably corrupted, that's why it's taking so long. You need to eliminate startup items until you find out who the culprit is.

Go into msconfig and see if there is a referece to the info in the error message, and uncheck it.

makai

[help please]

There is no details button on the message that pops up.

When I restart my computer, I cannot access the start menu....so I have left it running.

I did the msconfig, startup tab thing.....and this is what i have in there:

StartEAK
smtray
coloreal
evntsvc
WksSb
WkDetect
ybrwicon
IPMon32
zlclient
winampa
msmsgs
ypager
clfmon
Microsoft Works ca


I don't know if you can tell just by the names if anything shouldn't be in there. Do I have to disable one at a time to figure out what is corrupted? Or do I disable all?


Thanks for your help

[makai]

You don't have to disable all of them at once, but yes you will have to eventually disable all until you find out which may be causing your problem.

Start with these...

IPMon32
msmsgs

If the problem persists, go HERE, read the documentation on the page, download HijackThis, run a scan, save a log, and post it in this thread.

makai

[help please]

Logfile of HijackThis v1.99.1
Scan saved at 11:33:34 PM, on 8/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\userinit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://geekhp/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123118793593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

[help please]

I tried to do the misconfig trials.....but I rebooted my computer and got the same thing again: no icons and the media player open.....

I've waited along time and the icons have not come back. I still cannot access my start menu.


I've gotten to the interent by going in the mdeia player menu and selecting download visualizations......

I did a trend housecall scan and it showed i have no viruses.....

I tried to do a windows update..and it just disconected me from the interent when I was downloading.......


Above is my hijack this log.......hopefully someone can help


thanks in advance

[makai]

Ok...
Launch HJT again... go to Config/Misc tools/Generate StartupList log... save it, and post it here.

makai

[TechStar Computer Services]

I recommend running MSCONFIG again, enabling everything, and running Hijack This. This way it will list anything that might be hidden after the initial attempt to stop uneccesary processes.

Also, can you give any specs about the PC.. type msinfo32.exe (start, run, type "msinfo32.exe " hit enter
Copy and Paste the System Summary information. It would help a little.
Also.. how old is the PC, new, replaced, or original hard drive?

Edited by TechStar Computer Services, 05 August 2005 - 12:26 AM.

[darth_ash]

U have a Malware infection (F2),
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[help please]

here it is makai:

StartupList report, 8/5/2005, 9:54:25 AM
StartupList version: 1.52.2
Started from : C:\HJT.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\userinit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\HJT.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CPQEASYACC = C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
Smapp = C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
WCOLOREAL = "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
WinampAgent = C:\Program Files\Winamp\winampa.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
ctfmon.exe = C:\WINDOWS\system\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[Compaq]
SetRefresh = C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Registration reminder 1.job
Registration reminder 2.job
Registration reminder 3.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[yucsetreg Class]
InProcServer32 = C:\Program Files\Yahoo!\common\yucconfig.dll
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1123118793593

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[YahooYMailTo Class]
InProcServer32 = C:\Program Files\Yahoo!\common\ymmapi.dll
CODEBASE = http://download.yaho...mail/ymmapi.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\System32\SET13.tmp => C:\WINDOWS\System32\winhttp.dll||?

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,030 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[help please]

I found a way to get my desktop back!.....I've launched Cleanup from the windows media player...and I got the same message and the return of the icons again....

so far this has worked twice

I will now try to run cleanup again and run an adware, virus, and windows update.

Then I will post another hijack this log somewhere on here

..but now i have to go to work


thanks again for all the help

[help please]

So I am now at Kinkos.........after I updated my Norton definitions, my computer rebooted and just left me the blank desktop blue screen. The windows media player did not pop up.

Am I know going to have to restore my computer again?