Hello Guys,
My system:
Toshiba / Satellite C55-A / Intel (R) Celeron (R) N2820
64 bit Windows 8.1
I am at the end of my rope. I have tried everything. First, let me say I am not good at technical things on a computer, just enough to be dangerous. So if some things I say seem crazy, they probably are. So here is the story. About a week ago I received a email on my go daddy webmail. www.login.securserver.net. That is how I long into that email. Now, that is not my main email. My main email is gmail, which I use the most.
The email I received on the go daddy email was a Notice of Apperance in Court #00406341. It contained a zip file, Court Notification 00406341.zip. Of course being stupid, I unzipped the file, thinking it was something important, since I have some court cases ongoing for business.
With research I think it is a Kuluoz or another one that starts with A. cant remember.
It put a zip file in my downloads folder Court_Notification_00406341.doc, which shows as File Type: Java Script file, 8.84kb. That is the only one I noticed, not sure if they are more somewhere. Then things started getting a little weird. Nothing major, I still get emails, still send them, and my system seems to be running normally, except for Avast Mail Shield security exclusions , It keeps poping up at least 40 times a day, saying
"avast! has identified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the ‘View’ button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
Now, here I used to get different info, like websites, IP address, etc. But for the last few days only thing I have been getting is a IP address for the server, and
C:\Windows\SysWOW64\regsvr32.exe - As the location.
SERVER
Location: *****
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."
I always click on confirm security exclusion, I hope that was the right thing to do.
Now, next, thinking I could fix it, here are the things I have ran.
• Spy Hunter 4 - No cleaning, I did not pay
• AdWare Cleaner
• Rough Killer x64
• Spy Bot Search and Destory
• Free Windows Registery Cleaner
I think that is it. But, still getting the pop ups. I am at the end of my rope. Then I see on the forum a thread, or what I should do, so here it is.
I first ran the Malwarebytes as instructed. It was ran with Avast on. Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/20/2015
Scan Time: 6:01 AM
Logfile: MALWAREBYTES SCAN LOG.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.19.03
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Philip
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432604
Time Elapsed: 38 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [b3ec4a998dfd7bbb2b5e5b2e47bbe719],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [1689796ae2a84ee85d2c8dfcd82a8779],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Linkey.Linkey, Quarantined, [1689796ae2a84ee85d2c8dfcd82a8779],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [3d627f64bcce9f9747966c2bd92be31d],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [e2bdde05296160d686571186c93bad53],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [ffa03ba83753b5814c9384136e9606fa],
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, Quarantined, [7629be2582088caa8e078103cd371ee2],
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Framed Display, Quarantined, [762903e0652571c5088d275dc53fcd33],
Registry Values: 1
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2793440623-1628646824-2415799637-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^e223adc9, Quarantined, [eeb1568d3753142208eb4b44689cd22e],
Registry Data: 0
(No malicious items detected)
Folders: 7
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Queue, Quarantined, [49566083701aee48dc1390733fc47f81],
Files: 17
PUP.Optional.InstallCore.A, C:\Users\Philip\AppData\Local\Temp\farbar-recovery-scan-tool.exe-1437339921757.exe, Quarantined, [465952919bef38fed2498c1d28d99070],
PUP.Optional.TweakBit.A, C:\Users\Philip\Downloads\fix-my-pc-setup.exe, Quarantined, [e0bfb52e7119330345ef3c2b64a12cd4],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.frameddisplay.com_0.localstorage, Quarantined, [247b6b78f595999d7ea74350020234cc],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.frameddisplay.com_0.localstorage-journal, Quarantined, [f0af3fa413770630f1342f649074ab55],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.frameddisplay.com_0.localstorage, Quarantined, [188707dc117947ef0b1a6f24857f21df],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.frameddisplay.com_0.localstorage-journal, Quarantined, [138c02e1c5c539fd28fd1e75e222e818],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\StatDB.json, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Unfixed.err, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\CheckSerialNumber.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\PCCleaner.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\PCCleanerLogic.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Queue\Queue-Report.rpq, Quarantined, [49566083701aee48dc1390733fc47f81],
Physical Sectors: 0
(No malicious items detected)