XP Start -up - Settings not saved ??

[Guest Canuckluck]

My problem started a week ago with the MonaRonaDona malware. I was able

to delete it with help from this forum. Thank you.

 

I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry

Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.

 

Now I have a new problem (ugh), my desktop has changed, although all my

Shortcuts are there. Whenever I startup my computer, everything needs to

be re-set again.

 

Nothing seems to be saved from my previous settings ??

 

I need to re-sign in to all my sites. All my help sites like Spybot,

need to have all protection reset each time I restart my computer.

 

I am normally signed into places like Hotmail, Yahoo, etc. etc., but

not now. It is like I am a new user or something.

 

Thank you in advance for any help

 

This is a copy of Hijackthis log :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:51 PM, on 3/5/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Program Files\Yahoo!\NAV\navapsvc.exe

C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\Yahoo!\YOP\yop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\PROGRA~1\Yahoo!\YOP\secstat.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = 'Google'

(http://www.google.ca)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

'Google' (http://www.google.ca)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

'Google' (http://www.google.ca)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

'Google' (http://www.google.ca)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =

'Google' (http://www.google.ca)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://rogers.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

'AnalyzeThis' (http://tinyurl.com/283pe3)

R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Canon Easy Web Print Helper -

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program

Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)

O2 - BHO: Norton Personal Firewall -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -

C:\Program Files\Yahoo!\NAV\NavShExt.dll

O2 - BHO: (no name) - {AE02D645-4D58-47DC-BD0D-B01F262A38A0} -

C:\WINDOWS\System32\asferro.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] "C:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common

Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [intel Driver] csrs.exe

O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant

PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program

Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\RunServices: [system Services] uxbukzw.exe

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common

Files\Symantec Shared\DJSNETCN.exe

O4 - HKLM\..\RunServices: [intel Driver] csrs.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE

O16 - DPF: KenoPop! by pogo -

http://game3.pogo.com/v/8.1.7.44/applet/speedkeno/speedkeno-en_US.cab

O16 - DPF: Lottso by pogo -

http://game3.pogo.com/v/8.1.7.44/applet/lottso/lottso-en_US.cab

O16 - DPF: Photobucket Publisher -

http://s274.photobucket.com/csve/ie_plugin.php

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {533133A9-0452-462D-9E04-2F64AECCE631} -

http://www.ibingo.com/bin/v6/setup.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI

Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class)

- https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation

(ccISPwdSvc) - Symantec Corporation - C:\Program

Files\Yahoo!\NPF\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN)

- Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\DJSNETCN.exe

O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -

C:\Program Files\Yahoo!\NAV\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: YPCService - Yahoo! Inc. -

C:\WINDOWS\system32\YPCSER~1.EXE

 

--

End of file - 10376 bytes

[Guest PD43]

Re: XP Start -up - Settings not saved ??

 

Canuckluck <Canuckluck.35tp1w@no.email.invalid> wrote:

>My problem started a week ago with the MonaRonaDona malware. I was able

>to delete it with help from this forum. Thank you.

>

>I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry

>Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.

>

>Now I have a new problem (ugh), my desktop has changed, although all my

>Shortcuts are there. Whenever I startup my computer, everything needs to

>be re-set again.

 

My advice would be to start resetting everything by visiting all the

websites and logging in manually.

 

There might not be a shorter way.

[Guest PA Bear [MS MVP]]

Re: XP Start -up - Settings not saved ??

 

1. We do not interpret HijackThis logs in the public newsgroups.

 

2. One or more options/settings in an ever-growing number of third-party

applications may be disallowing the change(s) from "sticking". These include

but are not limited to Ad-aware's Ad-Watch, Spybot Tea Timer,

SpywareBlaster, SpySweeper, Spyware Doctor, *Norton AntiVirus*, McAfee

VirusScan and/or Antispyware, and Zone Alarm (Free, Pro, & Security Suite).

 

3. Make certain MonaRonaDona's gone: http://aumha.net/viewtopic.php?t=32239

 

4. Is your NAV subscription current?

 

5. Why don't you have *any* Service Packs or critical updates installed?

 

When to flatten and reinstall Windows

http://aumha.net/viewtopic.php?t=28580

 

Tip: You should "flatten and reinstall Windows"

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

Canuckluck wrote:

> My problem started a week ago with the MonaRonaDona malware. I was able

> to delete it with help from this forum. Thank you.

>

> I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry

> Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.

>

> Now I have a new problem (ugh), my desktop has changed, although all my

> Shortcuts are there. Whenever I startup my computer, everything needs to

> be re-set again.

>

> Nothing seems to be saved from my previous settings ??

>

> I need to re-sign in to all my sites. All my help sites like Spybot,

> need to have all protection reset each time I restart my computer.

>

> I am normally signed into places like Hotmail, Yahoo, etc. etc., but

> not now. It is like I am a new user or something.

>

> Thank you in advance for any help

>

> This is a copy of Hijackthis log :

>

>

> Logfile of Trend Micro HijackThis v2.0.2

> Scan saved at 12:14:51 PM, on 3/5/2008

> Platform: Windows XP (WinNT 5.01.2600)

> MSIE: Internet Explorer v6.00 (6.00.2600.0000)

> Boot mode: Normal

<snip>

[Guest Malke]

Re: XP Start -up - Settings not saved ??

 

Canuckluck wrote:

>

> My problem started a week ago with the MonaRonaDona malware. I was able

> to delete it with help from this forum. Thank you.

>

> I have DL'd many help sites, OTMoveIt2, Ad-Aware SE, Aml Registry

> Cleaner, CCleaner, Hijackthis, Spybot, Spywareblaster.

>

> Now I have a new problem (ugh), my desktop has changed, although all my

> Shortcuts are there. Whenever I startup my computer, everything needs to

> be re-set again.

>

> Nothing seems to be saved from my previous settings ??

>

> I need to re-sign in to all my sites. All my help sites like Spybot,

> need to have all protection reset each time I restart my computer.

>

> I am normally signed into places like Hotmail, Yahoo, etc. etc., but

> not now. It is like I am a new user or something.

>

> Thank you in advance for any help

>

> This is a copy of Hijackthis log :

 

(snip)

 

We don't analyze HJT logs in the MS newsgroups. It takes a great deal of

time and expertise to analyze HJT logs and there are privacy issues. I'll

give you a link to something that may help, but if it doesn't and/or you

want to be sure your computer is really clean, register at one of the

specialty forums listed below. Read its posting FAQ and post your HJT log

there. Not here.

 

In the meantime, you might want to try this fix from MVP Kelly Theriot:

http://www.kellys-korner-xp.com/xp_tweaks.htm - Save Settings on Exit (Line

54)

 

HijackThis links

 

http://aumha.org/downloads/hijackthis.zip

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another

tutorial

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and

the stickies *first*.

http://www.atribune.org/forums/index.php?showforum=9

http://aumha.net/viewforum.php?f=30

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://spywarewarrior.com/viewforum.php?f=5

 

Malke

--

MS-MVP

Elephant Boy Computers

http://www.elephantboycomputers.com

Don't Panic!