Adrasteia Posted December 8, 2015 ID:1005688 Share Posted December 8, 2015 Hello,I've used Malware Bytes for a while now and normally don't have a problem with removing stuff... until now. I've never had Registry Keys come up as infected and have no clue if they're safe to remove. Most are from PUP.Optional.OpenCandy and PUP.Optional.ASK.Gen. I'm thinking they can be removed but second opinions are good since I'm unsure. Thanks for any help Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 19PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub, , [1f22435f5c2f979f54c3c4d938ca5ea2], Files: 10PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\install.1442192940.zip, , [bf82505292f965d138f857b4639ff60a], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCComSDK.dll, , [48f93e644348af87300016f5cb37c937], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCSetupHlp.dll, , [98a94b57ed9ef83e128e7c11bc48e719], PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYDD312.tmp.1442125352\HTA\3rdparty\OCComSDK.dll, , [63dea2006229d85e032db655c73b28d8], PUP.Optional.Winsock.WnskRST, C:\Windows\System32\plsapp64.dll, , [162bb0f2c7c4eb4b166116ca14ef7f81], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb0828e4ec-8e23-4d6b-9dc2-dd373ec7d3e6.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb30b9f026-d3a3-4056-9aa6-847a39cacf0d.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb7d3a7dc9-b407-45e1-ac35-bbe7ef84e59a.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb9ebd4803-685e-4b6f-a6a9-29caaf3b6142.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stbed116ee1-a318-4965-b864-661435122d53.log, , [1f22435f5c2f979f54c3c4d938ca5ea2], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted December 8, 2015 ID:1005690 Share Posted December 8, 2015 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Yes all of those entries in Malwarebytes log need to go, also run the following scan so we can see if your system requires anymore attention... Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt and Shortcut.txt are checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply. Thank you, Kevin.. Link to post Share on other sites More sharing options...
kevinf80 Posted December 14, 2015 ID:1006860 Share Posted December 14, 2015 Do you still need help? Link to post Share on other sites More sharing options...
Naathim Posted December 19, 2015 ID:1007929 Share Posted December 19, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts