I had POPFile on my pc for spam, and just recently uninstalled it. It left a bunch of crap on my pc, so I ran CCleaner and got rid of most of it; however, I'm unable to get rid of the internet links that installed with the program. I've tried deleting them, but everytime I restart, they show up. Anyone have any ideas??
Hi Jamaal10, to where do the links appear? To your desktop? Or are they pop-ups? Post a HijackThis log to here. Instructions -> http://forums.afterdawn.com/thread_view.cfm/263784 (steps 3-5)
They are showing up in my C:\Documents and Settings\user\Start Menu\Programs and C:\D and S\user\S M\Programs\Startup folders. Here is the HJT log file: Logfile of HijackThis v1.99.1 Scan saved at 1:30:19 PM, on 3/27/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\CSI\DIMENS~1.1B\MSSQL7\binn\sqlservr.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\CSI\DIMENS~1.1B\MSSQL7\binn\sqlagent.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\Starter.Exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\CSI\Dimension21 V3.1b\MSSQL7\Binn\sqlmangr.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\Program Files\CSI\Dimension21 V3.3\Dimension.exe C:\Program Files\Ericom Software\PowerTerm\ptw32.exe C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE C:\Program Files\CSI\Dimension21 V3.3\patusage\patusage.exe C:\Program Files\CSI\Dimension21 V3.3\Shared\ProdSrch33.exe C:\Program Files\CSI\Dimension21 V3.3\po\po.exe C:\Program Files\CSI\Dimension21 V3.3\Shared\ProdSrch33.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\System32\Starter.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\CSI\Dimension21 V3.1b\MSSQL7\Binn\sqlmangr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://versasoftware.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Ok, that problem with POPfile is a bug in the software, more information -> http://sourceforge.net/tracker/index.php?func=detail&aid=1086002&group_id=63137&atid=502956 You don't have a firewall on your computer. Install one firewall to your computer. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com You seem to have many suspicious processes running from a folder C:\Program Files\CSI\Dimension21 V3.3 Do you know what these are? Lets try to solve that POPFile problem. Get Registry Search Tool from here -> http://www.billsway.com/vbspage/ Download it, unzip it to your desktop, start it. ->Search for POPFile ->Post the findings to here
Sorry for the delay. I downloaded the Reg tool and searched for POPfile and nothing came up, so then I just did a regular search for it, and it was gone. Not quite sure why it decided to go away now, but that'll work! By the way, all of the processes from the CSI\Dimension 21 folder pertain to a healthcare program that we use. Thanks for your help!
