1. Joined : Aug 2015
    Posts : 38
    Win 10 Home
       1 Week Ago #1

    Can somebody interpret this output from MBAM please


    My suspicions were raised when browsing a local news site and Edge couldn't open the page and I was left looking at the refresh the page or search options. Then I noticed the address in the bar began with something like SSL-cam/gibberish etc etc /search%SMH. Apologies, but I hastily closed the browser and didn't copy the exact string.

    By the way SMH is the website I was trying to view.

    I ran the free version of MBAM and it wouldn't run. Stuck at updating and the time elapsed ticking over. I closed MBAM and ran it in Chameleon mode with the following output saved;
    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 29/11/2016
    Scan Time: 9:18 AM
    Logfile: scan.txt
    Administrator: Yes
    
    Version: 2.2.1.1043
    Malware Database: v2016.11.28.01
    Rootkit Database: v2016.11.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Enabled
    
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: dwick
    
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 299927
    Time Elapsed: 3 min, 18 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 4
    PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\mystart.com, , [7e239a2bc3d7d75f2a68df01d130bb45], 
    PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\www.mystart.com, , [227f30953763f93df39f20c08879b34d], 
    PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\mystart.com, , [e6bba124d1c98caa5241b12fbc457b85], 
    PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\www.mystart.com, , [d6cb5b6afb9f66d0880bc917b54c0bf5], 
    
    Registry Values: 0
    (No malicious items detected)
    
    Registry Data: 0
    (No malicious items detected)
    
    Folders: 0
    (No malicious items detected)
    
    Files: 0
    (No malicious items detected)
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)
    Here's the output from the terminal window;
    Code:
    MBAM-Chameleon ver. 3.1.29.0
    Press any key to continue
    Installing Driver...
    Protected Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\
    ...Done!
    Trying to start Malwarebytes Anti-Malware, please wait...
    ...Done!
    
    Updating MBAM...
    
    
    Done!
    Killing known malicious processes, please wait...
    
    Mbam-killer Timeout set to 1800 seconds.
    Mbam-killer is scanning - Press C to cancel...
    198570: HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERS.Mbam-killer scan is complete.
    Mbam-killer is exiting.
    
    Trying to start a scan - please wait...
    Waiting for scan to complete
    
    Done!
    Removing protection driver...
    ...Done!
    Press any key to continue
    Now the reason I ask about this is that I tried using several all-in-one homepages and MyStart.com happened to be one of them. So if I'm not mistaken this just confirms my stupidity.
      My System SpecsSystem Spec

  2.    1 Week Ago #2

    To totally remove mystart folow this Remove MyStart Toolbar and mystart.com (Removal Guide)
      My System SpecsSystem Spec


  3. Joined : Jul 2016
    Posts : 236
    Windows 10
       1 Week Ago #3

    Samuria said: View Post
    To totally remove mystart folow this Remove MyStart Toolbar and mystart.com (Removal Guide)
    MalwareTips, and Bleepingcomputer is a great and trusted source for virus removal guide.
      My System SpecsSystem Spec


  4. Joined : Aug 2015
    Posts : 38
    Win 10 Home
       1 Week Ago #4

    Thanks for the replies.

    Only I didn't have any toolbars installed. There was absolutely no sign of any malevolent activity or oddness over the last week or so until the strange behaviour of Edge not being able to display my news site this morning, and of course the strange url it returned above.
      My System SpecsSystem Spec


  5. Joined : Aug 2015
    Posts : 754
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       1 Week Ago #5

    Hi:

    It is generally safe to allow MBAM to remove what it finds.

    Those detections are all PUPs (Potentially Unwanted Programs).
    See here as well:
    Malwarebytes gets tougher on PUPs | Malwarebytes Labs

    PUPs are not malware, per se, but they are considered junk/crap and most folks do not want them on their computers.
    They are typically installed either intentionally -- because the user wants the program -- or inadvertently (as some sort of bundled "freebie"along with a standard program, and the user does not opt out during installation).

    Eventually, having that crap on your system can lead to more serious stuff.
    I would not want any of that on my system.
    (Some of them can be hard to fully remove, necessitating multiple scans with multiple, additional malware removal tools or custom scripts. So I would rescan again after removal, to be sure you are clean.)

    On the other hand, if you want to keep any of those (NOT recommended), you can follow the steps here.

    MM
      My System SpecsSystem Spec


  6. Joined : Aug 2015
    Posts : 38
    Win 10 Home
       1 Week Ago #6

    Thanks MoxieMomma,

    I understand a little more of what those results mean now.

    Many thanks.
      My System SpecsSystem Spec


 


Similar Threads
Thread Forum
Solved How to interpret setupact.log and setuperr.log from failed W10 install
Are there any tools that help pinpoint the real errors as opposed to all the "noise". My setuperr file is "only" 65KB but the setupact file is, and I'm not making this up, 32,866 KB. Is a setupact file that big a "good thing" or a "really,...
Installation and Setup
How to interpret the Task Manager stats
I am trying to figure out where is the bottleneck in my system, namely disk I/O or CPU, for my video editng tasks. I newly loaded Win 10 Pro on a SSD drive, but found no difference in the final encoding performance, whether I put all the Video...
Performance & Maintenance
Make sort by name interpret 0002 < 001 etc
Good day! Is there anyway to get this? I was so sure this was how sort by name really worked but it's not even the case in windows 7. I need to name certain files in the same folder in order 0001, 0002, 0003 and so on and then 001, 002, 003, 004...
Customization
Solved Updated to newest version of Mbam but ....
Still getting the below message on my user account even with Mbam rules downloaded and applied. Doesn't happen on Admin account , i guess i have to download Mbam rules for the "user account" as well . I uninstalled correctly and restarted as...
AntiVirus, Firewalls and System Security
Two dimensional interface harder to interpret?
Does anyone else feel that the "new" (old?) two-dimensional feel of Windows 10 makes it a bit harder to interpret where one window ends and another begins when there are multiple windows/dialogues stacked on top of each other?
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:44.
Find Us
Twitter Facebook Google+



Windows 10 Forums