Windows 10: Can somebody interpret this output from MBAM please

My suspicions were raised when browsing a local news site and Edge couldn't open the page and I was left looking at the refresh the page or search options. Then I noticed the address in the bar began with something like SSL-cam/gibberish etc etc /search%SMH. Apologies, but I hastily closed the browser and didn't copy the exact string.

By the way SMH is the website I was trying to view.

I ran the free version of MBAM and it wouldn't run. Stuck at updating and the time elapsed ticking over. I closed MBAM and ran it in Chameleon mode with the following output saved;
Code: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 29/11/2016 Scan Time: 9:18 AM Logfile: scan.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.28.01 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 10 CPU: x64 File System: NTFS User: dwick Scan Type: Threat Scan Result: Completed Objects Scanned: 299927 Time Elapsed: 3 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\mystart.com, , [7e239a2bc3d7d75f2a68df01d130bb45], PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\www.mystart.com, , [227f30953763f93df39f20c08879b34d], PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\mystart.com, , [e6bba124d1c98caa5241b12fbc457b85], PUP.Optional.MyStart, HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\www.mystart.com, , [d6cb5b6afb9f66d0880bc917b54c0bf5], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)[/quote] Here's the output from the terminal window;
Code: MBAM-Chameleon ver. 3.1.29.0 Press any key to continue Installing Driver... Protected Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\ ...Done! Trying to start Malwarebytes Anti-Malware, please wait... ...Done! Updating MBAM... Done! Killing known malicious processes, please wait... Mbam-killer Timeout set to 1800 seconds. Mbam-killer is scanning - Press C to cancel... 198570: HKU\S-1-5-21-454648519-1538227085-1954309458-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERS.Mbam-killer scan is complete. Mbam-killer is exiting. Trying to start a scan - please wait... Waiting for scan to complete Done! Removing protection driver... ...Done! Press any key to continue[/quote] Now the reason I ask about this is that I tried using several all-in-one homepages and MyStart.com happened to be one of them. So if I'm not mistaken this just confirms my stupidity.

:)

 

Please help me interpret WinDbg output for WIN8_DRIVER_FAULT

ffffd781`56da1528 fffff80d`0de18d1d*** ERROR: Module load completed but symbols could not be loaded for dump_iaStorA.sys

dump_iaStorA+0xb8d1d

iaStorA.sys dated 4/10/2017 Intel Rapid Storage Technology driver

Part of the chipset drivers - check with Lenovo.

That may not be the root cause.

Other real possibilities include malware (virus and rootkits) and memory issues though those are not the only ones.

-----

Memory tests do not catch all errors such as mismatched memory (possible even for sticks that appear to be identical) and when faster memory is placed in the system behind slower memory. So it is best to also swap sticks in and out to check for those even if
all memory tests fail to show a problem.

To test RAM check here - let it run 4+ hours or so. <-- best method

www.memtest.org

MemTestX86 - Test RAM With

http://www.tenforums.com/tutorials/14201-memtes...

For the Windows Memory Diagnostic Tool.

Type in Cortana's search box -> Windows Memory Diagnostics

........find at top of the list - click it. in Windows 8/8.1/10 the name is "Windows Memory Diagnostic".

-----

If you need to check for malware here are my recommendations - these will allow you to do a thorough check and removal without ending up with a load of spyware programs running resident which can cause as many issues as the malware and maybe harder to detect
as the cause.

No one program can be relied upon to detect and remove all malware. Added that often easy to detect malware is often accompanied by a much harder to detect and remove payload. So its better to be overly thorough now than to pay the high price later. Check with
these to an extreme overkill point.

How do I find and remove a virus?

http://windows.microsoft.com/en-US/windows-8/ho...

TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN it will show any infections in the report after running - if it will not run change the name from tdsskiller.exe to tdsskiller.com. Whether it finds anything or not
does not mean you should not check with the other methods below.

http://support.kaspersky.com/viruses/solutions?...

Microsoft Safety Scanner

http://www.microsoft.com/security/scanner/en-us...

Malwarebytes - free

http://www.malwarebytes.org/products/malwarebyt...

SuperAntiSpyware Portable Scanner - Free

http://www.superantispyware.com/portablescanner...

AdwCleaner

http://www.bleepingcomputer.com/download/adwcle...

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).

HitmanPro.Alert Ransomware Prevention, Secondary Scanner and Zero-Day Exploit Protection | hitmanpro.com

Zemana - scroll down to Free - Advanced Malware Detection and Removal - also Effective against Rootkits and BootKits

Zemana Anti-Malware | Advanced Malware Removal Software

What is Windows Defender Offline?

http://windows.microsoft.com/en-US/windows/what...

Windows Defender Offline system requirements

http://windows.microsoft.com/en-US/windows/wind...

--------------------------------------------------------

If needed here are some online free scanners to help

Online Malware Detection

----------------------------------

Other Free online scans

http://www.google.com/search?hl=en&source=h...

 

Please help me interpret WinDbg output for WIN8_DRIVER_FAULT

Well something is weird since the one you displayed if your Question is for a Lenovo and the ones you posted for me to download are Alienware and a few months old. For a computer that was a lot older and the BugCheck is different.

BugCheck 9F, {3, ffff960d8dc4e060, fffff800e4278a30, ffff960d91a4d010}

Probably caused by : usbhub.sys

BiosReleaseDate = 10/28/2009

SystemManufacturer = Alienware

SystemProductName = Aurora

SystemFamily = 0

SystemVersion = 00

SystemSKU = 0

BaseBoardManufacturer = Alienware

BaseBoardProduct = 04VWF2

BaseBoardVersion = A00

CPUID: "Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz"

MaxSpeed: 2670

CurrentSpeed: 2673

The cause of those back on 12/1/2017 was CYUSB3.sys Cypress USBSuite.

 

To totally remove mystart folow this Remove MyStart Toolbar and mystart.com (Removal Guide)

 

MalwareTips, and Bleepingcomputer is a great and trusted source for virus removal guide.

 

Thanks for the replies.

Only I didn't have any toolbars installed. There was absolutely no sign of any malevolent activity or oddness over the last week or so until the strange behaviour of Edge not being able to display my news site this morning, and of course the strange url it returned above.

 

Hi:

It is generally safe to allow MBAM to remove what it finds.

Those detections are all PUPs (Potentially Unwanted Programs).
See here as well:
Malwarebytes gets tougher on PUPs | Malwarebytes Labs

PUPs are not malware, per se, but they are considered junk/crap and most folks do not want them on their computers.
They are typically installed either intentionally -- because the user wants the program -- or inadvertently (as some sort of bundled "freebie"along with a standard program, and the user does not opt out during installation).

Eventually, having that crap on your system can lead to more serious stuff.
I would not want any of that on my system.
(Some of them can be hard to fully remove, necessitating multiple scans with multiple, additional malware removal tools or custom scripts. So I would rescan again after removal, to be sure you are clean.)

On the other hand, if you want to keep any of those (NOT recommended), you can follow the steps here.

MM

 

Thanks MoxieMomma,

I understand a little more of what those results mean now.

Many thanks.