Log of PUPs after scan

[Dublin70]

This log was generated after I did a scan and quarantined items. Every time I scan they show up. Should not, right? Menu also said the log was going to be exported but I think it was just to this text file. Anyway, new problem? Thanks.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/17/17
Scan Time: 7:15 AM
Log File: 867562ba-b32c-11e7-a610-842b2b80e033.json
Administrator: No

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3031
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Patricia-PC\Fenway

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348841
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 4 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 2
PUM.Optional.NoDrives, HKU\S-1-5-21-1718163577-1655119524-185146448-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, Replaced, [15753], [293339],1.0.3031
PUM.Optional.NoDrives, HKU\S-1-5-21-1718163577-1655119524-185146448-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, Replaced, [15753], [293339],1.0.3031

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

[pondus]

Not PUP ..... but PUM = Potentially Unwanted Modification

info  >>  https://support.malwarebytes.com/docs/DOC-1148

info  >>  https://blog.malwarebytes.com/detections/pum-optional-nodrives/

 

 

Edited October 17, 2017 by pondus

[Dublin70]

I did full system scan and it's still there. I quarantined it again. How do I get rid of it or should I not worry about it. Also, I had a huge file of Corel clip art that I had deleted. Somehow this scan still found them on the system. Takes forever to scan. Don't understand how that folder is still on system somewhere. Anyway, if you could tell me how to get rid of that PUM, I would appreciate it. Thanks very much.

[dcollins]

Most likely a program on your computer is modifying that setting. Unfortunately it's hard to tell exactly what could be changing it.

[Dublin70]

Well as long as it isn't hurting anything, I guess I'll just do a scan and quarantine it all the time. None of the things the PUM says they change don't seem to have changed. 

 Are we still looking at Friday for feedback on the logs I sent you?  Thanks for your help.

[exile360]

There might be a way to tell.  If you run a monitoring tool such as Process Monitor during MB3's removal of the entries then see what process interacts with those keys afterwards, that should hopefully reveal what the offending process/program is.

My best guess would be if you use any sort of software which uses a hidden drive/partition on the disk, such as perhaps an automated backup tool or system rollback software, that might be it.  It could also be some sort of anti-theft solution if it's a mobile computer, as I believe some of those use a hidden partition (they're basically like rootkits because they need to conceal their existence from the thief if the device is stolen so that they don't disable/remove it so that the authorities may track your system down for you).