XP Start -up - Settings not saved ??

[Canuckluck]

My problem started a week ago with the MonaRonaDona malware. I was able
to delete it with help from this forum. Thank you.

I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry
Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.

Now I have a new problem (ugh), my desktop has changed, although all my
Shortcuts are there. Whenever I startup my computer, everything needs to
be re-set again.

Nothing seems to be saved from my previous settings ??

I need to re-sign in to all my sites. All my help sites like Spybot,
need to have all protection reset each time I restart my computer.

I am normally signed into places like Hotmail, Yahoo, etc. etc., but
not now. It is like I am a new user or something.

Thank you in advance for any help

This is a copy of Hijackthis log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:51 PM, on 3/5/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = 'Google'
(http://www.google.ca)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
'Google' (http://www.google.ca)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
'Google' (http://www.google.ca)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
'Google' (http://www.google.ca)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
'Google' (http://www.google.ca)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rogers.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
'AnalyzeThis' (http://tinyurl.com/283pe3)
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper -
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program
Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Norton Personal Firewall -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: (no name) - {AE02D645-4D58-47DC-BD0D-B01F262A38A0} -
C:\WINDOWS\System32\asferro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common
Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common
Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program
Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant
PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program
Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunServices: [System Services] uxbukzw.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common
Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O16 - DPF: KenoPop! by pogo -
http://game3.pogo.com/v/8.1.7.44/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lottso by pogo -
http://game3.pogo.com/v/8.1.7.44/applet/lottso/lottso-en_US.cab
O16 - DPF: Photobucket Publisher -
http://s274.photobucket.com/csve/ie_plugin.php
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {533133A9-0452-462D-9E04-2F64AECCE631} -
http://www.ibingo.com/bin/v6/setup.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class)
- https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Program
Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN)
- Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\DJSNETCN.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. -
C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10376 bytes

 

[PD43]

Re: XP Start -up - Settings not saved ??

Canuckluck <Canuckluck.35tp1w@no.email.invalid> wrote:

>My problem started a week ago with the MonaRonaDona malware. I was able
>to delete it with help from this forum. Thank you.
>
>I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry
>Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.
>
>Now I have a new problem (ugh), my desktop has changed, although all my
>Shortcuts are there. Whenever I startup my computer, everything needs to
>be re-set again.

My advice would be to start resetting everything by visiting all the
websites and logging in manually.

There might not be a shorter way.

 

[PA Bear [MS MVP]]

Re: XP Start -up - Settings not saved ??

1. We do not interpret HijackThis logs in the public newsgroups.

2. One or more options/settings in an ever-growing number of third-party
applications may be disallowing the change(s) from "sticking". These include
but are not limited to Ad-aware's Ad-Watch, Spybot Tea Timer,
SpywareBlaster, SpySweeper, Spyware Doctor, *Norton AntiVirus*, McAfee
VirusScan and/or Antispyware, and Zone Alarm (Free, Pro, & Security Suite).

3. Make certain MonaRonaDona's gone: http://aumha.net/viewtopic.php?t=32239

4. Is your NAV subscription current?

5. Why don't you have *any* Service Packs or critical updates installed?

When to flatten and reinstall Windows
http://aumha.net/viewtopic.php?t=28580

Tip: You should "flatten and reinstall Windows"
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Canuckluck wrote:
> My problem started a week ago with the MonaRonaDona malware. I was able
> to delete it with help from this forum. Thank you.
>
> I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry
> Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.
>
> Now I have a new problem (ugh), my desktop has changed, although all my
> Shortcuts are there. Whenever I startup my computer, everything needs to
> be re-set again.
>
> Nothing seems to be saved from my previous settings ??
>
> I need to re-sign in to all my sites. All my help sites like Spybot,
> need to have all protection reset each time I restart my computer.
>
> I am normally signed into places like Hotmail, Yahoo, etc. etc., but
> not now. It is like I am a new user or something.
>
> Thank you in advance for any help
>
> This is a copy of Hijackthis log :
>
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 12:14:51 PM, on 3/5/2008
> Platform: Windows XP (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 (6.00.2600.0000)
> Boot mode: Normal
<snip>

 

[Malke]

Re: XP Start -up - Settings not saved ??

Canuckluck wrote:

>
> My problem started a week ago with the MonaRonaDona malware. I was able
> to delete it with help from this forum. Thank you.
>
> I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry
> Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.
>
> Now I have a new problem (ugh), my desktop has changed, although all my
> Shortcuts are there. Whenever I startup my computer, everything needs to
> be re-set again.
>
> Nothing seems to be saved from my previous settings ??
>
> I need to re-sign in to all my sites. All my help sites like Spybot,
> need to have all protection reset each time I restart my computer.
>
> I am normally signed into places like Hotmail, Yahoo, etc. etc., but
> not now. It is like I am a new user or something.
>
> Thank you in advance for any help
>
> This is a copy of Hijackthis log :

(snip)

We don't analyze HJT logs in the MS newsgroups. It takes a great deal of
time and expertise to analyze HJT logs and there are privacy issues. I'll
give you a link to something that may help, but if it doesn't and/or you
want to be sure your computer is really clean, register at one of the
specialty forums listed below. Read its posting FAQ and post your HJT log
there. Not here.

In the meantime, you might want to try this fix from MVP Kelly Theriot:
http://www.kellys-korner-xp.com/xp_tweaks.htm - Save Settings on Exit (Line
54)

HijackThis links

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!