Jump to content

Adwcleaner keeps finding issue, but Malware Bytes does not


Recommended Posts

I kee running Adwcleaner. It keeps finding 1 thread. I keep trying to clean and repair. When it restarts - and I scan again - it is there again. It never can go away.

The issue is:

PUP.Optional.DriverUpdatePlus   HKCU\Software\BSD

 

However - I can do a full scan with Malwarebytes Premium, and it does not find anything. Any suggestions? Adwclearner found other issues. After the very 1st time, it just keeps finding the same problem over and over - without fixing it.


From reading the first log - there is reference to HKLM and Checkpoint softwware. Could this just be files from the free online Housecall AntiVirus software that Checkpoint has? I have run this before in the past. If so, I would think this alert is not that big of a deal, right?

 

The first time I ran Adwcleaner - this is the log:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-17-2018
# Duration: 00:00:40
# OS:       Windows 7 Home Premium
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

Deleted       msgplusservice

***** [ Folders ] *****

Deleted       C:\ProgramData\messenger plus! for skype
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\messenger plus! for skype
Deleted       C:\Program Files (x86)\yuna software

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\BSD
Deleted       HKLM\Software\Wow6432Node\BSD
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype
Deleted       HKCU\Software\Check Point Software Technologies LTD
Deleted       HKLM\Software\Wow6432Node\Check Point Software Technologies LTD
Deleted       HKLM\Software\Wow6432Node\yuna software
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-349108568-3649487596-1582600567-1000\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-349108568-3649487596-1582600567-1000\Components\3152E1F19977892449DC968802CE8964
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\msgplusservice
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       Ask
Deleted       http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=8d519e1c1bd04bcca33bca3790a877bf&tu=10OWz009M2B0CO0&sku=&tstsId=&ver=&
Deleted       AOL
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2963 octets] - [17/12/2018 13:46:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

 

NOW- EVERY OTHER TIME I RUN IT, I GET THIS:

 

Here is the Adwcleaner log:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-17-2018
# Duration: 00:01:05
# OS:       Windows 7 Home Premium
# Scanned:  32299
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverUpdatePlus   HKCU\Software\BSD

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2963 octets] - [17/12/2018 13:46:12]
AdwCleaner[C00].txt - [2781 octets] - [17/12/2018 13:48:24]
AdwCleaner[S01].txt - [1392 octets] - [17/12/2018 13:56:16]
AdwCleaner[C01].txt - [1558 octets] - [17/12/2018 13:56:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 

Link to post
Share on other sites

30 minutes ago, LDTate said:

Hello  and
:welcome:

Please see the above for DriverUpdatePlus

 

I saw that thread prior to making my post. The problem is that Malware Bytes doesn't find anything when I run it. And, it is up to date. I only see it in AdWcleaner over and over (that program never gets rid of it despite the attempt)

Link to post
Share on other sites

 

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Experts

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply. 

Link to post
Share on other sites

We are going to do a clean install of MBAM

open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.


    Place a check-mark next to Accept License Agreement and click Next
    Click the Start Repair button and follow the onscreen instructions.

Link to post
Share on other sites

Can you tell me what file it gets stuck on or is it a different file every time?

Give this a try

Restart your computer in Safe Mode.

Using the F8 or F5 Method:

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options

select the Safe Mode With Networking

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.


Open Malwarebytes (MBAM) and delete all in Quarantine

**Power Off** (shutdown, the pc.

Wait a few minutes.


Restart in Normal Mode and make sure it's gone

Link to post
Share on other sites

You will not lose your activation license.

Lets get fresh logs now

Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply. 

Link to post
Share on other sites

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Link to post
Share on other sites

Interestingly enough - the autoscan feature finished at 2:07am. But, if I do it manually, it gets stuck. It never finishes, and just gets stuck and goes forever.

 

Also, it did find 1 entry the last time I ran it before it go stuck. But since it got stuck, I could never eliminate that 1 issue left over from zone alarm.

Link to post
Share on other sites

Try turning Off Norton before running a MBAM scan

 

Turn off Norton. In the notification area on the taskbar, right-click the Norton icon, and then click Disable Auto-Protect. In the Security Request window, in the Select the duration drop-down list, select the duration for which you want to turn off Norton

Link to post
Share on other sites

Disabling Norton seemed to fix it.

 

I also went in and deleted a few file manually that adwcleaner would never get rid of - remaining Zone Alarm files that I found . I had looked on another website and found the location of a few files that often get left behind on a Zone Alarm install... Now, nothing shows up on either scan. 


And, now Malware Bytes runs 100% with no sticking or getting stuck.

 

Thanks for all your help! 

Link to post
Share on other sites

Great Job

You're quite welcome. I'm happy to have helped, and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Thanks for choosing Malwarebytes!

Peace Be With You


Help Secure your browsers

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari

https://www.ublock.org/

Opera

https://addons.opera.com/en-gb/extensions/details/ublock/?display=en

Edge

https://www.microsoft.com/en-us/store/p/ublock-origin/9nblggh444l4

AdBlock for IE

https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-released


Cryptolocker Ransomware: What You Need To Know

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Tech Support Scams

http://blog.malwarebytes.org/tech-support-scams/#help

Seven tips to keep your PC safe

http://blog.malwarebytes.org/intelligence/2013/06/seven-tips-to-keep-your-pc-safe-this-summer/


LD Tate

Malware Removal Specialist

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.