TexasFilly Posted October 20, 2005 Share Posted October 20, 2005 Ok, this is what I got on the SEARCH of my C drive I was looking for Scenic News.exe because I ran the AIM fix and it said it quarentined it. Interesting....I just started a "search" on my C drive and out pops "windows Antispyware Notice" Says Programs added to the startup registry are loaded automatically when Windows starts. This change will generally occur when software is installed. You can allow this chang if it is recongnized and expected. Name: Client Application Description: DTM Publisher: NONE PATH: C:\windows\scenic news.exe would I like to allow, block or what? I didn't install it just now I was searching for it. int he search the first thing that popped up was Scenic News.exe C:\I386 WHAT IS THAT FOLDER FOR? 21982_Scenic News.exe.bak C:\Documents and Settings\Karan|Desktop\aimfix_quarantine 21985_Scenic News.exe.bak C:\Documents and Settings\Karan|Desktop\aimfix_quarantine Scenic News.exe- Google Search google(www.google.com) Scenic news.exe C:\WINDOWS Scenic news.exe-09CFFD98.pf C:\Windows\Prefetch Scenic news.exe-058EOF50.pf C:\Windows\prefetch Ok, I wouldnt touch the files that say quarantine. I hope you blocked the start up entry because if not than your infected again. What else is in that folder? Or is that file all by itself TexasFilly When I go to BLOCK that then it says it will BLOCK Client Application from my startup programs and this may cause probs for programs that requires this program, this doesn't say anything about Scenic new.exe on it. I don't need ANY Client Applications? I blocked it and now I'm getting a rundll error and this one that I've never seen before....says Run a DLL as an APP this program is not responding. What program did that error come from? It didn't say!!!! I was in here answering email!!!!! Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 20, 2005 Author Share Posted October 20, 2005 Tarun, Iwanted you to look at this, I'm not sure what happened last night, But before I hit the sack, I ran adaware and things were clean. I never rebooted my computer. Just a moment ago I ran adaware again and I've got that dang 180Solutions AGAIN!!!! I rememebered working like, over 20 hours on that **** last time. Where is this thing coming from? I've not gotten anymore pop ups from anything today. But 12 criticals on adaware now. Eleven of them are ok and go away, but this 190Solutions GRRRRRRRRRRRRRRRRRRRRRRRRR *in a meak voice* what now? Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 20, 2005 Author Share Posted October 20, 2005 Logfile of HijackThis v1.99.1 Scan saved at 3:47:10 PM, on 10/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\unzipped\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.41/aces...s-ob-assets.cab O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/vide...k-ob-assets.cab O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/cana...a-ob-assets.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/crib...e-ob-assets.cab O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.34/domi...o-ob-assets.cab O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.64/pool...l-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.0.34/jigs...w-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.41/gin/gin-ob-assets.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lott...o-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.4.64/mahj...g-ob-assets.cab O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.41/paig...w-ob-assets.cab O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.34/popp...2-ob-assets.cab O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squa...s-ob-assets.cab O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.64/spad...s-ob-assets.cab O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/word...2-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124130515984 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 20, 2005 Author Share Posted October 20, 2005 Also when I go to close a program, (pogo in this instance) then it makes a noise and won't open or close!!!! Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 Well can I reboot my computer yet? Please :w00t: Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 That's ok and no, no problems it seems, but what about the hijack post? Is it ok? Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 I was told the log looks fine. Yessssssssssssss my pc feels lots better since I ran aim fix, Thanks Rebooting now :w00t: Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 Logfile of HijackThis v1.99.1 Scan saved at 12:23:01 AM, on 10/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\unzipped\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.41/aces...s-ob-assets.cab O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/vide...k-ob-assets.cab O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/cana...a-ob-assets.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/crib...e-ob-assets.cab O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.34/domi...o-ob-assets.cab O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.64/pool...l-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.0.34/jigs...w-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.41/gin/gin-ob-assets.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lott...o-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.4.64/mahj...g-ob-assets.cab O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.41/paig...w-ob-assets.cab O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.34/popp...2-ob-assets.cab O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squa...s-ob-assets.cab O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.64/spad...s-ob-assets.cab O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/word...2-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124130515984 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 Hmmmm ok, I use to have zonealarm but they use to have alot of spyware, is that taken care of now? Everything is acting normal again, but kinda bothers me still about that 180Search and the first thing I had on here this go round.....what was that? LOL sorry, it's at the beginning of this topic. Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 Hmmmm ok, I use to have zonealarm but they use to have alot of spyware, is that taken care of now? Everything is acting normal again, but kinda bothers me still about that 180Search and the first thing I had on here this go round.....what was that? LOL sorry, it's at the beginning of this topic. <{POST_SNAPBACK}> SCENIC NEWS.EXE it's still in my C:1386 Quote Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 21, 2005 Administrator Share Posted October 21, 2005 If it's in the C:\I386 file it should be deleted as that file doesn't belong. Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 21, 2005 Author Share Posted October 21, 2005 Thanks you two!!! I deleted that Scenic news.exe out of that folder I386, is it hiding in my registry and does it matter? Also I went to download zonealarm, but they have a new one, it's 6.0.667.000 do I download that one? Or do you want me to stick with the 5.0 one? Thanks again Texas Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 22, 2005 Author Share Posted October 22, 2005 Ok, downloading now, hang around around just a moment and see if I have any questions about it please because you said to pay attention to a couple of things. BRB :w00t: Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 22, 2005 Author Share Posted October 22, 2005 LOL thanks, ok, I'm setting it up and it says that it has found a new connection between my computer and the internet or another computer????? Ummmmm I'm not connected to another computer at this time. IP Address 172.16.0.0 and type is Private Network Detected. What does all that mean? Ty Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 22, 2005 Author Share Posted October 22, 2005 Ok, cool cool! My IP address is totally different that's why I was asking. Ya see, my EX was on this computer awhile back and I just wondered if he did something so that he can control it from his home, in Okla? Would that be where this new IP address came from? Or is it the DSL's address? I'm so confused anymore. I never got into remote stuff, wish I had now. And I don't do anything that he shouldn't see, just weird is all. Dang, I'm getting parinoid in my old age! LMAO Just kidding. Thanks R Quote Link to comment Share on other sites More sharing options...
TexasFilly Posted October 22, 2005 Author Share Posted October 22, 2005 Ok cool, it could be I guess (since that IP address is used alot) from Dell so that if I have probs then they can RCA with my computer. I worked for them, and won't call them LMAO I'll stick with ya'll! Thanks as usual! :w00t: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.