Ok, this is what I got on the SEARCH of my C drive

I was looking for Scenic News.exe because I ran the AIM fix and it

said it quarentined it.

Interesting....I just started a "search" on my C drive and out

pops "windows Antispyware Notice"

Says Programs added to the startup registry are loaded

automatically when Windows starts. This change will generally

occur when software is installed. You can allow this chang if it

is recongnized and expected.

Name: Client Application

Description: DTM

Publisher: NONE

PATH: C:\windows\scenic news.exe

would I like to allow, block or what?

I didn't install it just now I was searching for it. int he

search the first thing that popped up was

Scenic News.exe C:\I386 WHAT IS THAT FOLDER FOR?

21982_Scenic News.exe.bak C:\Documents and

Settings\Karan|Desktop\aimfix_quarantine

21985_Scenic News.exe.bak C:\Documents and

Settings\Karan|Desktop\aimfix_quarantine

Scenic News.exe- Google Search google(www.google.com)

Scenic news.exe C:\WINDOWS

Scenic news.exe-09CFFD98.pf C:\Windows\Prefetch

Scenic news.exe-058EOF50.pf C:\Windows\prefetch

Ok, I wouldnt touch the files that say quarantine. I hope you

blocked the start up entry because if not than your infected

again. What else is in that folder? Or is that file all by itself

TexasFilly

When I go to BLOCK that then it says it will BLOCK Client Application from my startup programs and this may cause probs for programs that requires this program, this doesn't say anything about Scenic new.exe on it. I don't need ANY Client Applications? I blocked it and now I'm getting a rundll error and this one that I've never seen before....says Run a DLL as an APP this program is not responding.

What program did that error come from?

It didn't say!!!! I was in here answering email!!!!!

Tarun, Iwanted you to look at this, I'm not sure what happened last night, But before I hit the sack, I ran adaware and things were clean. I never rebooted my computer.

Just a moment ago I ran adaware again and I've got that dang 180Solutions AGAIN!!!! I rememebered working like, over 20 hours on that **** last time. Where is this thing coming from?

I've not gotten anymore pop ups from anything today. But 12 criticals on adaware now. Eleven of them are ok and go away, but this 190Solutions GRRRRRRRRRRRRRRRRRRRRRRRRR

*in a meak voice* what now?

Logfile of HijackThis v1.99.1

Scan saved at 3:47:10 PM, on 10/20/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\unzipped\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.41/aces...s-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/vide...k-ob-assets.cab

O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/cana...a-ob-assets.cab

O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab

O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/crib...e-ob-assets.cab

O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.34/domi...o-ob-assets.cab

O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab

O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.64/pool...l-ob-assets.cab

O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.0.34/jigs...w-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.41/gin/gin-ob-assets.cab

O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lott...o-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.4.64/mahj...g-ob-assets.cab

O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.41/paig...w-ob-assets.cab

O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab

O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.34/popp...2-ob-assets.cab

O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squa...s-ob-assets.cab

O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.64/spad...s-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/word...2-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124130515984

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Also when I go to close a program, (pogo in this instance) then it makes a noise and won't open or close!!!!

Well can I reboot my computer yet? Please :w00t:

That's ok and no, no problems it seems, but what about the hijack post? Is it ok?

I was told the log looks fine. Yessssssssssssss my pc feels lots better since I ran aim fix, Thanks

Rebooting now :w00t:

Logfile of HijackThis v1.99.1

Scan saved at 12:23:01 AM, on 10/21/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\unzipped\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.41/aces...s-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/vide...k-ob-assets.cab

O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/cana...a-ob-assets.cab

O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab

O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/crib...e-ob-assets.cab

O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.34/domi...o-ob-assets.cab

O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab

O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.64/pool...l-ob-assets.cab

O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.0.34/jigs...w-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.41/gin/gin-ob-assets.cab

O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lott...o-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.4.64/mahj...g-ob-assets.cab

O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.41/paig...w-ob-assets.cab

O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab

O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.34/popp...2-ob-assets.cab

O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squa...s-ob-assets.cab

O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.64/spad...s-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/word...2-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124130515984

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Hmmmm ok, I use to have zonealarm but they use to have alot of spyware, is that taken care of now?

Everything is acting normal again, but kinda bothers me still about that 180Search and the first thing I had on here this go round.....what was that? LOL sorry, it's at the beginning of this topic.

Hmmmm ok, I use to have zonealarm but they use to have alot of spyware, is that taken care of now?

Everything is acting normal again, but kinda bothers me still about that 180Search and the first thing I had on here this go round.....what was that?  LOL sorry, it's at the beginning of this topic.

<{POST_SNAPBACK}>

SCENIC NEWS.EXE it's still in my C:1386

If it's in the C:\I386 file it should be deleted as that file doesn't belong.

Thanks you two!!! I deleted that Scenic news.exe out of that folder I386, is it hiding in my registry and does it matter?

Also I went to download zonealarm, but they have a new one, it's 6.0.667.000 do I download that one? Or do you want me to stick with the 5.0 one?

Thanks again

Texas

Ok, downloading now, hang around around just a moment and see if I have any questions about it please because you said to pay attention to a couple of things. BRB :w00t:

LOL thanks, ok, I'm setting it up and it says that it has found a new connection between my computer and the internet or another computer????? Ummmmm I'm not connected to another computer at this time. IP Address 172.16.0.0 and type is Private Network Detected. What does all that mean?

Ty

Ok, cool cool! My IP address is totally different that's why I was asking. Ya see, my EX was on this computer awhile back and I just wondered if he did something so that he can control it from his home, in Okla? Would that be where this new IP address came from? Or is it the DSL's address? I'm so confused anymore. I never got into remote stuff, wish I had now. And I don't do anything that he shouldn't see, just weird is all. Dang, I'm getting parinoid in my old age! LMAO Just kidding. Thanks R

Ok cool, it could be I guess (since that IP address is used alot) from Dell so that if I have probs then they can RCA with my computer. I worked for them, and won't call them LMAO I'll stick with ya'll!

Thanks as usual! :w00t: