unwanted pop-ups and explorer pages on booting up

  lpg 19:59 08 Dec 04
Locked

Whenever I boot up the machine,the following happens -

1. A dialog box headed RUNDLL pops up saying that it can't find "programs/wild tangent/apps/CDA/cdaengine0400.dll".

This is presumably because I've cleaned up wild tangent in a previous sweep, so it isn't there to load, but the registry is still looking for it. Although this is a minor problem, I'd still like to get rid of it....

and then

2. Without any prompting, an Internet Explorer page appears, with the address line click here, which immediately changes to another page with the address "you have been paid". If closed down right away, that's all that happens, but if the machine is unattended, several more pop-ups appear and (if closed)continue to re-appear every few minutes PLUS unwanted toolbars are installed. As well as at boot-up, this also seems to happen on a timed basis, I'd guess every 12 hours.

This is very irritating and we don't even use explorer, we use Mozilla Firefox.

Now, we've got Norton and I've followed instructions from majorgeeks.com on cleaning and sweeping the machine, I've got CWshredder, Adaware SE, Spy Bot, Spyware Blaster, CCleaner, McAfee Stinger, Kill2Me, etc and I've run them all.

Without success.
(System restore only works of course for the toolbar installations, etc., not for the general problem.)

Any new suggestions? We're running XP and Explorer 6. Thank you in advance.

  VoG II 20:09 08 Dec 04

Please post a HJT log click here

Post the entire log and let an expert like Nellie2 look at it. You may need to post it in portions because of the 800 word limit on this site. Also please double-space it by adding a blank line every other line.

  lpg 20:51 08 Dec 04

Every time I try to post the above, i get a message "an error has occurred, you have accessed this site incorrectly"

  VoG II 20:54 08 Dec 04

You need to post maybe 20 lines at a time.

  lpg 21:13 08 Dec 04

Logfile of HijackThis v1.98.2
Scan saved at 20:35:43, on 08/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

  lpg 21:14 08 Dec 04

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

  lpg 21:15 08 Dec 04

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\windows\mActiveX.exe

C:\WINDOWS\System32\mssp.exe

  lpg 21:16 08 Dec 04

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\System32\kxjdcb.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Valve\Steam\Steam.exe

C:\Program Files\eFax Messenger Plus 3.2\J2GDllCmd.exe

C:\Program Files\eFax Messenger Plus 3.2\J2GTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe

C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program
Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\SpywareGuard\sgbhp.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

  lpg 21:17 08 Dec 04

C:\WINDOWS\System32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\John\Desktop\hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe

  lpg 21:18 08 Dec 04

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [wqoforshbiyd] C:\WINDOWS\System32\hkywzzm.exe

O4 - HKLM\..\Run: [xd68Y8H] C:\documents and settings\john\local settings\temp\xd68Y8H.exe

O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [REGRUN] C:\windows\mActiveX.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe

O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

  lpg 21:18 08 Dec 04

O4 - HKCU\..\Run: [Boee] C:\Documents and Settings\John\Application Data\atta.exe

O4 - HKCU\..\Run: [Iuwvkq] C:\WINDOWS\System32\kxjdcb.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…