Spyware Scan Details Start Date: 9/11/2005 12:05:16 PM End Date: 9/11/2005 12:14:06 PM Total Time: 8 mins 50 secs
Detected Threats
AproposMedia Browser Modifiermore information... Details: AproposMedia is a browser modifier that installs with PeopleOnPage (POP). AproposMedia displays pop-up advertisements and changes browser settings. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Detected Spyware Cookies No spyware cookies were found during this scan.
Looks like it got rid of the IBIS toolbar which is great because I had a million pop-ups until it did. Thanks so much for your help. This Apropos Media is going to need to be removed deeply because it just keeps replicating! Arrgh! =)
When running an Ewido scan no windows or programs should be open!. Do not use the Computer while the Ewido scan is running!
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/ When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
Launch ewido, there should be a big "E" icon on your desktop, double-click it.
The program will prompt you to update; click the "OK" button
The program will now go to the main screen
Update ewido:
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
* Now open Ewido Security Suite
Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Close Ewido
Restart your computer in normal mode and please post the log from the Ewido scan.
I downloaded and updated the Eiwdo software but for some crrazy reason my computer won't open in safe mode! Is that possibly malware causing that? I have tried it about 10 times and hit the F8 button at different times but to no avail. Any ideas for me to get to safe mode?
Launch Notepad (not wordpad), and copy and paste the Bolded below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
You may have to disable your Microsoft AntiSpyware in order for this script to run or if you receive a pop-up asking if you want this script to run, allow it.
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Aprps]
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information.
Now run your Microsoft AntiSpyware and see if you still get the Apropos Media ( Browser modifier)message.
Please let me know whether your problem clears up or not.
Please go to
http://bragart.org/Toddfix.zip Save the file.
Open it and double click the Toddfix.reg and allow the script to run. ( You might have to disable your AntiSpyware in order to allow the script to run)
Now run your Microsoft AntiSpyware and see if you still get the Apropos Media ( Browser modifier)message.
Please let me know whether your problem clears up or not.
ALgal
1.2K Posts
0
September 10th, 2005 23:00
Hello toddomohundro,
I do not see any problems in your log unless you do not want your page set to
http://www.enlightenedmillionaireinstitute.com/index.php
What kind of problems are you experiencing?
ALgal
1.2K Posts
0
September 11th, 2005 14:00
Hello Todd,
Could you run the Microsoft AntiSpyware and copy and post the log here so I could see it?
toddomohundro
7 Posts
0
September 11th, 2005 14:00
I have two problems on the computer that come up when I run MS Anti Spyware:
Apropos Media ( Browser modifier)
IBIS Toolbar (Adware)
I have deleted them both many times but they always come back so they must be replicating. Thanks so much for your help!!! =)
Todd
toddomohundro
7 Posts
0
September 11th, 2005 15:00
Here is my Anti-Spyware log for just now:
Spyware Scan Details
Start Date: 9/11/2005 12:05:16 PM
End Date: 9/11/2005 12:14:06 PM
Total Time: 8 mins 50 secs
Detected Threats
AproposMedia Browser Modifier more information...
Details: AproposMedia is a browser modifier that installs with PeopleOnPage (POP). AproposMedia displays pop-up advertisements and changes browser settings.
Status: Ignored
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\Software\Aprps
HKEY_LOCAL_MACHINE\Software\Aprps\Client PartnerId WB.VER2
Detected Spyware Cookies
No spyware cookies were found during this scan.
Looks like it got rid of the IBIS toolbar which is great because I had a million pop-ups until it did. Thanks so much for your help. This Apropos Media is going to need to be removed deeply because it just keeps replicating! Arrgh! =)
ALgal
1.2K Posts
0
September 11th, 2005 17:00
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
Launch ewido, there should be a big "E" icon on your desktop, double-click it.
The program will prompt you to update; click the "OK" button
The program will now go to the main screen
Update ewido:
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
* Now open Ewido Security Suite
Click on scanner
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Restart your computer in normal mode and please post the log from the Ewido scan.
toddomohundro
7 Posts
0
September 11th, 2005 19:00
I downloaded and updated the Eiwdo software but for some crrazy reason my computer won't open in safe mode! Is that possibly malware causing that? I have tried it about 10 times and hit the F8 button at different times but to no avail. Any ideas for me to get to safe mode?
Thanks so much for your continued help!
Todd
ALgal
1.2K Posts
0
September 11th, 2005 20:00
Hi Todd,
Let's just see what you get with it running in normal mode for now.
toddomohundro
7 Posts
0
September 11th, 2005 21:00
EWI found 91 infected objects...here are the scan results:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:43:25 PM, 9/11/2005
+ Report-Checksum: E436D6AC
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\saap -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-19\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-19\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-19\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-19\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-19\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-19\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-19\Software\saap -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-20\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-20\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-20\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-20\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-20\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-20\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-20\Software\saap -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1409082233-688789844-1957994488-1004\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1409082233-688789844-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1409082233-688789844-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1409082233-688789844-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1409082233-688789844-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-18\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-18\Software\saap -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\SYSTEM\mac80ex.idf/C:/WINDOWS/SYSTEM/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wflockd5ieogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokoazehowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@adopt.specificclick[3].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050621183416.zip/Documents and Settings/Todd Omohundro/Cookies/todd omohundro@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050621183416.zip/windows/cookies/anyuser@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\61C03F7F-CFB5-4902-9BD2-2F9303\8AB20559-E14B-4B5F-9F35-34BC92 -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@www.dell.txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\anyuser@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@1us.cqcounter[1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@image.masterstats[3].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@ehg-lowermybills.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Todd Omohundro\Cookies\todd omohundro@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@www.dell.txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@1us.cqcounter[1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\todd omohundro@image.masterstats[3].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\toddomohundro@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\toddomohundro@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\toddomohundro\Cookies\toddomohundro@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
::Report End
ALgal
1.2K Posts
0
September 12th, 2005 16:00
Hello Todd,
Does your Microsoft AntiSpy still detect these?
Apropos Media ( Browser modifier)
IBIS Toolbar (Adware)
toddomohundro
7 Posts
0
September 12th, 2005 21:00
I just ran Anti Spyware when I got home and Apropos Media is still there. It just replicates itself when you delete it.
Todd
ALgal
1.2K Posts
0
September 13th, 2005 00:00
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
toddomohundro
7 Posts
0
September 13th, 2005 02:00
My computer won't let me do it...
A message says: You can't import a binary registry file that is not in the registry first.
Something like that... thanks so much for your patience with this
Todd
ALgal
1.2K Posts
0
September 14th, 2005 17:00
You will find instructions at http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617
It is important to back up your registry before making any changes to it.
Save the file.
Open it and double click the Toddfix.reg and allow the script to run. ( You might have to disable your AntiSpyware in order to allow the script to run)
Please let me know whether your problem clears up or not.
Message Edited by ALgal on 09-14-2005 01:14 PM