celmo

I had to run the app after booting to safe mode.

Thank you for your help. I had to reboot into Safe mode to run the application. I notice that during that time, windows 10 help tab kept openning up over and over, even after I closed Chrome. Not sure what that is about. Otherwise, the cleanup seemed to work.

Had to submit what I had pasted so I could restart. Attached the log visible after restart. From the MS tool: (no threats detected) I haven't seen any pop up warning from MB since yesterday evening. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.54, November 2017 (build 5.54.14383.1) Started On Fri Dec 01 05:29:26 2017 Engine: 1.1.14306.0 Signatures: 1.257.0.0 Run Mode: Interactive Graphical Mode AdwCleaner[C0].txt

I was able to complete the scan. Here are the results. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/30/17 Scan Time: 4:58 PM Log File: ff50be4c-d621-11e7-9423-782bcb9b1e20.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3384 License: Trial -System Information- OS: Windows 10 (Build 17046.1000) CPU: x64 File System: NTFS User: W10-XPS\chris -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 380464 Threats Detected: 17 Threats Quarantined: 17 Time Elapsed: 15 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Rootkit.Fileless.MTGen, HKU\S-1-5-21-487436262-1151004194-535688579-1002_Classes\qrytrili\SHELL\OPEN\COMMAND, Quarantined, [1384], [261826],1.0.3384 Registry Value: 1 Rootkit.Fileless.MTGen, HKU\S-1-5-21-487436262-1151004194-535688579-1002_Classes\qrytrili\SHELL\OPEN\COMMAND|, Quarantined, [1384], [261826],1.0.3384 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 15 PUP.Optional.AdvancedSystemCare, C:\USERS\CHRIS\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Quarantined, [1219], [396386],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [9091], [455072],1.0.3384 PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [9091], [455072],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.ASK, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [528], [454827],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [580], [454832],1.0.3384 Physical Sector: 0 (No malicious items detected) (end) Scan report from yesterday: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/30/17 Scan Time: 4:58 PM Log File: ff50be4c-d621-11e7-9423-782bcb9b1e20.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3384 License: Trial -System Information- OS: Windows 10 (Build 17046.1000) CPU: x64 File System: NTFS User: W10-XPS\chris -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 380464 Threats Detected: 17 Threats Quarantined: 17 Time Elapsed: 15 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Rootkit.Fileless.MTGen, HKU\S-1-5-21-487436262-1151004194-535688579-1002_Classes\qrytrili\SHELL\OPEN\COMMAND, Quarantined, [1384], [261826],1.0.3384 Registry Value: 1 Rootkit.Fileless.MTGen, HKU\S-1-5-21-487436262-1151004194-535688579-1002_Classes\qrytrili\SHELL\OPEN\COMMAND|, Quarantined, [1384], [261826],1.0.3384 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 15 PUP.Optional.AdvancedSystemCare, C:\USERS\CHRIS\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Quarantined, [1219], [396386],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [9091], [455072],1.0.3384 PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [9091], [455072],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.ASK, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [528], [454827],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [580], [454832],1.0.3384 PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [580], [454832],1.0.3384 Physical Sector: 0 (No malicious items detected) (end) restarting system. AdwCleaner[S0].txt

My browser crashes when I click on that tab to download FRST. I had to run in Safe Mode. Addition.txt FRST.txt

When I attempt to begin this process, I see the MB icon in the trey but when I attempt to open it, nothing happens. I will remove and reinstall and try again. Did so but had the same results. It appears all the options are ON, but I cannot access the settings.

When I attempt to begin this process, I see the MB icon in the trey but when I attempt to open it, nothing happens. I will remove and reinstall and try again.

I am running Win 10 Home 64 bit and keep getting notified of a blocking of going to the n65adserv.com site. Can you assist? I tried running in Safemode but Malwarebyte reported that the service could not be started in Safe Mode.