MalwareBytes found Registry. Ok to remove?

[RandomSauce]

I recently installed MalwareBytes and ran a quick scan. It found 13 threats; 12 registry and one file. The file I know is ok to remove but I would like a confirmation for the registry. I will post the log:

_________________________________________________________________________________________________________________

Registry Keys Detected: 12

HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.

HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.

HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.

HKCR\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> No action taken.

HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> No action taken.

_________________________________________________________________________________________________________________

Are these ok to remove? Thanks in advance!

[RandomSauce]

I don't know if this is necessary but I will include the one file that MalwareBytes found as well:

Files Detected: 1

C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> No action taken.

My research has shown that "SelectionLinks" is a somewhat of a browser extension that is placed onto a PC without the user's approval. This is supported by a .txt file that I found in the OApps folder. The file stated as follows:

<!-- Insertion Success! -->

__________________________________________________________________________________________________________________

Again, any help is appreciated.

[MrCharlie]

Yes, you can have MB delete them.

Then...........

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

[RandomSauce]

Thank you for your reply! I deleted them through MB and clicked search in adwcleaner. The log states as follows:

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 22:40:33

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : jared - JARED-HP

# Boot Mode : Normal

# Running from : C:\Users\jared\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\OApps

Folder Found : C:\ProgramData\APN

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-2521616187-526552309-1382155318-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\jared\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1225 octets] - [08/02/2013 22:40:33]

########## EOF - C:\AdwCleaner[R1].txt - [1285 octets] ##########

[MrCharlie]

OK, that's some more adware so lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

[RandomSauce]

I have completed the steps and rebooted. All seems well! Is there anything else I need to do?

[MrCharlie]

No not for that.

But would like to do a quick check of your computer security?

If so..........

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[RandomSauce]

The logfile:

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 22:46:01

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : jared - JARED-HP

# Boot Mode : Normal

# Running from : C:\Users\jared\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\ProgramData\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\jared\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1350 octets] - [08/02/2013 22:40:33]

AdwCleaner[s1].txt - [1143 octets] - [08/02/2013 22:46:01]

########## EOF - C:\AdwCleaner[s1].txt - [1203 octets] ##########

[RandomSauce]

checkup.txt

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 13

Java version out of Date!

Adobe Reader 10.1.5 Adobe Reader out of Date!

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

[MrCharlie]

Java 7 Update 13 <------The correct version and update are installed..this is OK

Java version out of Date! <---ignore

Adobe Reader 10.1.5 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[RandomSauce]

Many thanks for your help MrCharlie!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!