Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 07:03
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > popfile won't delete
Show topics
 
Forums
Forums
POPFile won't delete
  Jump to:
 
Posted Message
Jamaal10
Senior Member
_ 		27. March 2006 @ 06:08 _ Link to this message    Send private message to this user   
I had POPFile on my pc for spam, and just recently uninstalled it. It left a bunch of crap on my pc, so I ran CCleaner and got rid of most of it; however, I'm unable to get rid of the internet links that installed with the program. I've tried deleting them, but everytime I restart, they show up.

Anyone have any ideas??
[ + quote]
Image Hosting
http://www.xsgfx.com
Advertisement
_ 		__
JaPK
Senior Member
_ 		27. March 2006 @ 08:19 _ Link to this message    Send private message to this user   
Hi Jamaal10, to where do the links appear? To your desktop? Or are they pop-ups?

Post a HijackThis log to here.
Instructions -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Jamaal10
Senior Member
_ 		27. March 2006 @ 09:42 _ Link to this message    Send private message to this user   
They are showing up in my C:\Documents and Settings\user\Start Menu\Programs and C:\D and S\user\S M\Programs\Startup folders.

Here is the HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:30:19 PM, on 3/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\CSI\DIMENS~1.1B\MSSQL7\binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\CSI\DIMENS~1.1B\MSSQL7\binn\sqlagent.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Starter.Exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\CSI\Dimension21 V3.1b\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\CSI\Dimension21 V3.3\Dimension.exe
C:\Program Files\Ericom Software\PowerTerm\ptw32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\CSI\Dimension21 V3.3\patusage\patusage.exe
C:\Program Files\CSI\Dimension21 V3.3\Shared\ProdSrch33.exe
C:\Program Files\CSI\Dimension21 V3.3\po\po.exe
C:\Program Files\CSI\Dimension21 V3.3\Shared\ProdSrch33.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\System32\Starter.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\CSI\Dimension21 V3.1b\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://versasoftware.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = FAMILYHEALTH.local
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
[ + quote]
Image Hosting
http://www.xsgfx.com
JaPK
Senior Member
_ 		28. March 2006 @ 08:00 _ Link to this message    Send private message to this user   
Ok, that problem with POPfile is a bug in the software, more information -> http://sourceforge.net/tracker/index.php?func=detail&aid=1086002&...

You don't have a firewall on your computer.

Install one firewall to your computer.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

You seem to have many suspicious processes running from a folder C:\Program Files\CSI\Dimension21 V3.3
Do you know what these are?



Lets try to solve that POPFile problem.

Get Registry Search Tool from here -> http://www.billsway.com/vbspage/

Download it, unzip it to your desktop, start it.
->Search for POPFile
->Post the findings to here



[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Jamaal10
Senior Member
_ 		29. March 2006 @ 06:14 _ Link to this message    Send private message to this user   
Sorry for the delay.

I downloaded the Reg tool and searched for POPfile and nothing came up, so then I just did a regular search for it, and it was gone. Not quite sure why it decided to go away now, but that'll work!

By the way, all of the processes from the CSI\Dimension 21 folder pertain to a healthcare program that we use.

Thanks for your help!
[ + quote]
Image Hosting
http://www.xsgfx.com
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		29. March 2006 @ 06:24 _ Link to this message    Send private message to this user   
Ok, that is nice to hear.
But install a firewall to your computer.

And you're welcome =)


[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > popfile won't delete
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork