Not sure if to remove these or not

gutterboy · December 10, 2017

I have recently run a scan and it has come up with some stuff I don't recognize and/or registry keys, I am unsure if I can remove these as I don't want to break anything.

Here is my log, I have bolded the ones I am unsure of:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/10/17
Scan Time: 3:50 PM
Log File: d412a920-dd7e-11e7-8fd8-408d5c54ae58.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3456
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brett-PC\Brett

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 2491232
Threats Detected: 23
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 hr, 15 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.InstallCore, HKU\S-1-5-21-4229797087-2605377926-706642509-1000\SOFTWARE\csastats, No Action By User, [2], [260986],1.0.3456
PUP.Optional.ProductSetup, HKU\S-1-5-21-4229797087-2605377926-706642509-1000\SOFTWARE\PRODUCTSETUP, No Action By User, [12951], [242047],1.0.3456

Registry Value: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-4229797087-2605377926-706642509-1000\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [12951], [242047],1.0.3456

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 20
PUP.Optional.APNToolBar, C:\PROGRAM FILES (X86)\FORMATFACTORY\FFMODULES\PACKAGE\ASK\ASKPIP_FF_.EXE, No Action By User, [6059], [76243],1.0.3456
PUP.Optional.WinWrapper, C:\USERS\BRETT\DOWNLOADS\FFSETUP3.7.5.0-72369105.EXE, No Action By User, [7307], [103747],1.0.3456
Generic.Malware/Suspicious, M:\D\PROGRAM FILES\INFOGRAMES\TACTICAL OPS\SYSTEM\TOPROTECT.EXE, No Action By User, [0], [392686],1.0.3456
Generic.Malware/Suspicious, M:\D\PROGRAM FILES\INFOGRAMES\TACTICAL OPS\TOPSETUP.EXE, No Action By User, [0], [392686],1.0.3456
PUP.Optional.ASK, M:\RECYCLER\S-1-5-21-1060284298-343818398-725345543-1003\DM69\UNIT_APP_75\TOOLBAR.EXE, No Action By User, [474], [383618],1.0.3456
PUP.Optional.ASK, M:\RECYCLER\S-1-5-21-1060284298-343818398-725345543-1003\DM457.EXE, No Action By User, [474], [383618],1.0.3456
PUP.Optional.ASK, M:\RECYCLER\S-1-5-21-1060284298-343818398-725345543-1003\DM314.EXE, No Action By User, [474], [383618],1.0.3456
Generic.Malware/Suspicious, K:\#C STUFF\MY RECEIVED FILES1\CARLO_AINT_NEAR.RAR, No Action By User, [0], [392686],1.0.3456
PUP.Optional.AuslogicsBoostSpeed, G:\PROGRAM FILES\AUSLOGICS\REGISTRY CLEANER\DISKWIPEHELPER.DLL, No Action By User, [1579], [464521],1.0.3456
PUP.Optional.AuslogicsBoostSpeed, G:\PROGRAM FILES\AUSLOGICS\REGISTRY CLEANER\AXBROWSERS.DLL, No Action By User, [1579], [464521],1.0.3456
PUP.Optional.AuslogicsBoostSpeed, G:\PROGRAM FILES\AUSLOGICS\REGISTRY CLEANER\DISKCLEANERHELPER.DLL, No Action By User, [1579], [464521],1.0.3456
PUP.Optional.AuslogicsBoostSpeed, G:\PROGRAM FILES\AUSLOGICS\REGISTRY CLEANER\DISKDEFRAGHELPER.DLL, No Action By User, [1579], [464521],1.0.3456
PUP.Optional.AuslogicsBoostSpeed, G:\PROGRAM FILES\AUSLOGICS\REGISTRY CLEANER\TRACKERASERHELPER.DLL, No Action By User, [1579], [464521],1.0.3456
HackTool.AutoKMS, G:\WINDOWS\AUTOKMS\AUTOKMS.EXE, No Action By User, [1868], [352842],1.0.3456
PUP.Optional.ASK, D:\PROGRAM FILES\DVD CRAP\FFSETUP220.ZIP, No Action By User, [474], [383618],1.0.3456
PUP.Optional.DownLoadAdmin, D:\PROGRAM FILES\CBSIDLM-TR1_15-MY_SCREEN_RECORDER-ORG-10972953.EXE, No Action By User, [4], [106277],1.0.3456
PUP.Optional.BundleInstaller, D:\PROGRAM FILES\VLC-2.1.3-WIN32.EXE, No Action By User, [19], [425688],1.0.3456
PUP.Optional.Koyote, D:\PROGRAM FILES\FREESCREENTOVIDEOSETUP-R0-N-BF.EXE, No Action By User, [6179], [76873],1.0.3456
PUP.Optional.AuslogicsRegistryCleaner, D:\PROGRAM FILES\REGISTRY-CLEANER-SETUP.EXE, No Action By User, [5854], [381599],1.0.3456
PUP.Optional.AuslogicsRegistryCleaner, D:\PERL\REGISTRY-CLEANER-SETUP.EXE, No Action By User, [5854], [381599],1.0.3456

Physical Sector: 0
(No malicious items detected)

(end)

I'm pretty sure HackTool.AutoKMS, G:\WINDOWS\AUTOKMS\AUTOKMS.EXE, No Action By User, [1868], [352842],1.0.3456 has come up before as a false positive.

Thanks!

AdvancedSetup · December 13, 2017

Hello @gutterboy

No it's not a false positive. AutoKMS is a tool designed to steal software and many users claim it was installed without their knowledge.

I don't see anything there that would cause an issue by removing. The system does put files in quarantine though if you later decide you want it back.

Just create a new System Restore Point, then have Malwarebytes remove all.

Thanks

Ron

Sign In

Not sure if to remove these or not

Recommended Posts

gutterboy

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information