Adrasteia

2540 threats detected MBytes 31216.txt

Hello. My sister is running Malware Bytes on her computer currently and so far has found: Vendor PUP.Optional.SweetPacks Location C:\Windows\System32\ljkb\lmrn.dll There is 8 in that location. And 1 SweetPacks in location C:\Windows\SysWOW64\jmdp\lmrn.dll PUP.Optional.InstallBrain Location 1: C:\Windows\SysWOW64\ARFC\wrtc.exe Location 2: C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe PUP.Optional.BrowseForTheCause Location: C:\system32\tasks\BrowseForTheCauseUpdate There is also DMUninstaller in add/remove programs she tried to remove but receives an error to contact the computer administrator. Which the administrator account is her account. Could this be an infection too? I'll post the full log as an attachment when it's done. Thanks in advance

Hello, I've used Malware Bytes for a while now and normally don't have a problem with removing stuff... until now. I've never had Registry Keys come up as infected and have no clue if they're safe to remove. Most are from PUP.Optional.OpenCandy and PUP.Optional.ASK.Gen. I'm thinking they can be removed but second opinions are good since I'm unsure. Thanks for any help Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 19PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub, , [1f22435f5c2f979f54c3c4d938ca5ea2], Files: 10PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\install.1442192940.zip, , [bf82505292f965d138f857b4639ff60a], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCComSDK.dll, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCSetupHlp.dll, , [98a94b57ed9ef83e128e7c11bc48e719], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYDD312.tmp.1442125352\HTA\3rdparty\OCComSDK.dll, , [63dea2006229d85e032db655c73b28d8], PUP.Optional.Winsock.WnskRST, C:\Windows\System32\plsapp64.dll, , [162bb0f2c7c4eb4b166116ca14ef7f81], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb0828e4ec-8e23-4d6b-9dc2-dd373ec7d3e6.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb30b9f026-d3a3-4056-9aa6-847a39cacf0d.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb7d3a7dc9-b407-45e1-ac35-bbe7ef84e59a.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb9ebd4803-685e-4b6f-a6a9-29caaf3b6142.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stbed116ee1-a318-4965-b864-661435122d53.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], Physical Sectors: 0(No malicious items detected) (end)