broadcaster pop-up

a pop-up keeps coming. sometimes it closes sometime it doesn't

I get amoena pop-ups too

here is the log

Logfile of HijackThis v1.99.1
Scan saved at 08:48:15, on 16.5.2007 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {0305487e-5c43-4555-ad94-c78b16c4b581} - C:\WINDOWS\system32\shgole.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp1.tmp.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA239-E2C8-4D69-9783-647A81666B9C}: NameServer = 84.54.137.1 84.54.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: shgole - C:\WINDOWS\SYSTEM32\shgole.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

 

Hello and welcome to WindowsBBS Forums and sorry for the long delay in a reply.

Please click here select Save. Save FindAWF to your desktop.

Double Click FindAWF.exe and let it run, it will create the file awf.txt on your desktop when finished.

Open awf.txt in notepad, select Edit> Select All> Edit> Copy> and Paste the contents.

Then:
Download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the [Start Update] button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close AVG anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• AVG will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the [Save report as] button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Close AVG and reboot your system back into Normal Mode and post the results of the AVG report scan as well as a new HJT log.

 

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:35, on 20.5.2007 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {0305487e-5c43-4555-ad94-c78b16c4b581} - C:\WINDOWS\system32\shgole.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA239-E2C8-4D69-9783-647A81666B9C}: NameServer = 84.54.137.1 84.54.137.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe



AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:19:41 20.5.2007 г.

+ Scan result:



C:\Documents and Settings\admin\Local Settings\Temp\tmp5.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\tmp56.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070517-074324-243.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070517-074331-214.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070517-200419-317.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070518-001638-635.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070518-001647-163.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070519-222405-266.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070520-004359-392.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\shgole.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\2ATCMWFP\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\2ATCMWFP\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).

 

AWF log please.

 

sorry
forgot this one


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\BAK

04.08.2004 Ј. 01:56 15я360 ctfmon.exe
05.07.2005 Ј. 14:34 828я416 mmm.exe
31.10.2005 Ј. 21:43 86я016 StartupMonitor.exe
3 File(s) 929я792 bytes

Directory of C:\PROGRA~1\LCLOCK\BAK

19.09.2004 Ј. 12:27 65я536 LClock.exe
1 File(s) 65я536 bytes

Directory of C:\PROGRA~1\TASKSW~1\BAK

24.08.2005 Ј. 15:11 61я952 TaskSwitchXP.exe
1 File(s) 61я952 bytes

Directory of C:\PROGRA~1\UTILIT~1\ERASER\BAK

25.07.2003 Ј. 17:15 536я576 eraser.exe
1 File(s) 536я576 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

28.10.2005 Ј. 21:05 344я064 atiptaxx.exe
1 File(s) 344я064 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe "
828416 Jul 5 2005 "C:\WINDOWS\system32\bak\mmm.exe "
86016 Oct 31 2005 "C:\WINDOWS\system32\bak\StartupMonitor.exe "
65536 Sep 19 2004 "C:\Program Files\LClock\bak\LClock.exe "
61952 Aug 24 2005 "C:\Program Files\TaskSwitchXP\bak\TaskSwitchXP.exe "
536576 Jul 25 2003 "C:\Program Files\Utilities\Eraser\bak\eraser.exe "
344064 Oct 28 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe "


end of report

 

Sorry for long reply, I'm not very proficient with these so I was asking for some help. We need to get a scan of a file.

Please go to Jotti Online File Scanner
At the top of the Jotti page, there is a blank box, with a 'browse' button next to it.

• 
  
  Navigate to the following file then hit the 'Submit' button:
  C:\WINDOWS\system32\bak\mmm.exe<<<--this file
  
  Post the results back here for me please.

 

Scan taken on 22 May 2007 11:24:54 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

 

Ok, attached is a batch file for us to change some things. For one we'll be moving that mmm.exe file somewhere it won't do any harm, given the results, I'm still not convinced it's legit.


Save the zip to your desktop.

Locate fixawf.zip on your desktop and run the contents. A dos window will appear briefly, this is normal. Then reboot.

Advise of any more problems.