Malwarebytes didnt detect win32/bundled.toolbar.ask virus

[frankduc]

Hi,

Malwarebytes did'nt detect win32/bundled.toolbar.ask virus, it was found by ESET online scanner.

According to ESET it was in docandsetting/adm/localsettings/temp/apnstub.exe.

I deleted the file in docandsett and also in regedit.

Do you think i'm ok and i can relax.

Cause i saw another page on the forum related to that virus or malware and the guy had more infected files but went throught a bunch of scanning process.

Should i do the same and try what exactly?

Frank

Thank you

[Firefox]

Hello and Welcome to Malwarebytes

Malware and viruses change on an hourly basis so its hard for any one product to detect everything right away. That being said, its hard to say if you can now relax without checking your logs....

Being that you think you may be infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[frankduc]

Here's the result:

JTR:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.9 (04.22.2013:1)

OS: Microsoft Windows XP x86

Ran by adm on 2013-04-26 at 11:29:51,10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8BDCB7F-7CCF-4A3E-B220-BE3CA095CC9C}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\APNTOOLBARINSTALLER.EXE-0E28109B.pf

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\adm\Application Data\fixcleaner"

Successfully deleted: [Folder] "C:\Program Files\fixcleaner"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\searchplugins\askcom.xml

Successfully deleted the following from C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");

Emptied folder: C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\minidumps [3 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2013-04-26 at 11:32:31,04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JTR2:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.9 (04.22.2013:1)

OS: Microsoft Windows XP x86

Ran by adm on 2013-04-26 at 11:35:38,78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\minidumps [3 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2013-04-26 at 11:38:06,04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWARECL2

# AdwCleaner v2.202 - Rapport créé le 26/04/2013 à 11:40:47

# Mis à jour le 23/04/2013 par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : adm - D7F70391

# Mode de démarrage : Normal

# Exécuté depuis : C:\Documents and Settings\adm\Bureau\adwcleaner.exe

# Option [Recherche]

***** [services] *****

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\Conduit

Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\CT2653012

Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

***** [Registre] *****

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Clé Présente : HKLM\Software\MetaStream

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Clé Présente : HKLM\Software\Viewpoint

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s4wiatli.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2530 octets] - [26/04/2013 11:39:17]

AdwCleaner[R2].txt - [2461 octets] - [26/04/2013 11:40:47]

########## EOF - C:\AdwCleaner[R2].txt - [2521 octets] ##########

ADWCLEANER S1:

# AdwCleaner v2.202 - Rapport créé le 26/04/2013 à 11:41:13

# Mis à jour le 23/04/2013 par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : adm - D7F70391

# Mode de démarrage : Normal

# Exécuté depuis : C:\Documents and Settings\adm\Bureau\adwcleaner.exe

# Option [suppression]

***** [services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\Conduit

Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\CT2653012

Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

***** [Registre] *****

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Clé Supprimée : HKLM\Software\MetaStream

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Clé Supprimée : HKLM\Software\Viewpoint

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s4wiatli.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2530 octets] - [26/04/2013 11:39:17]

AdwCleaner[R2].txt - [2590 octets] - [26/04/2013 11:40:47]

AdwCleaner[s1].txt - [2538 octets] - [26/04/2013 11:41:13]

########## EOF - C:\AdwCleaner[s1].txt - [2598 octets] ##########

RKreport1:

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html

Site Web : http://www.sur-la-toile.com/RogueKiller/

Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Demarrage : Mode normal

Utilisateur : adm [Droits d'admin]

Mode : Recherche -- Date : 26/04/2013 11:45:32

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> TROUVÉ

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> TROUVÉ

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++

--- User ---

[MBR] b4922cfe6062b12456b46fa00283b7ba

[bSP] 1409156998e9b70ec4e339e44f8064e5 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149456 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Termine : << RKreport[1]_S_26042013_114532.txt >>

RKreport[1]_S_26042013_114532.txt

RKREPORT2

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html

Site Web : http://www.sur-la-toile.com/RogueKiller/

Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Demarrage : Mode normal

Utilisateur : adm [Droits d'admin]

Mode : Suppression -- Date : 26/04/2013 11:46:41

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REMPLACÉ (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++

--- User ---

[MBR] b4922cfe6062b12456b46fa00283b7ba

[bSP] 1409156998e9b70ec4e339e44f8064e5 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149456 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Termine : << RKreport[2]_D_26042013_114641.txt >>

RKreport[1]_S_26042013_114532.txt ; RKreport[2]_D_26042013_114641.txt

[David H. Lipman]

win32/bundled.toolbar.ask is not a virus.

At most it is a low level Potentially Unwanted Program (aka; PUP).

As noted, "Junkware Removal Tool (JRT) by Thisisu" It's Junkware and not necessarily malware.

[frankduc]

Sorry i posted at the wrong place again.