Please help, do not know what to do.

Hello Guys,
My system:
Toshiba / Satellite C55-A / Intel (R) Celeron (R) N2820
64 bit Windows 8.1
I am at the end of my rope. I have tried everything. First, let me say I am not good at technical things on a computer, just enough to be dangerous. So if some things I say seem crazy, they probably are. So here is the story. About a week ago I received a email on my go daddy webmail. www.login.securserver.net. That is how I long into that email. Now, that is not my main email. My main email is gmail, which I use the most.
The email I received on the go daddy email was a Notice of Apperance in Court #00406341. It contained a zip file, Court Notification 00406341.zip. Of course being stupid, I unzipped the file, thinking it was something important, since I have some court cases ongoing for business.
With research I think it is a Kuluoz or another one that starts with A. cant remember.
It put a zip file in my downloads folder Court_Notification_00406341.doc, which shows as File Type: Java Script file, 8.84kb. That is the only one I noticed, not sure if they are more somewhere. Then things started getting a little weird. Nothing major, I still get emails, still send them, and my system seems to be running normally, except for Avast Mail Shield security exclusions , It keeps poping up at least 40 times a day, saying
"avast! has identified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.

Click the ‘View’ button for more details about the certificate.

If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.

Legitimate public sites and mail servers should not ask you to do this.
Now, here I used to get different info, like websites, IP address, etc. But for the last few days only thing I have been getting is a IP address for the server, and
C:\Windows\SysWOW64\regsvr32.exe - As the location.

SERVER

Location: *****

CERTIFICATE STATUS

This site attempts to identify itself with invalid information.

Problems:

The certificate is not trusted."
I always click on confirm security exclusion, I hope that was the right thing to do.
Now, next, thinking I could fix it, here are the things I have ran.
• Spy Hunter 4 - No cleaning, I did not pay
• AdWare Cleaner
• Rough Killer x64
• Spy Bot Search and Destory
• Free Windows Registery Cleaner
I think that is it. But, still getting the pop ups. I am at the end of my rope. Then I see on the forum a thread, or what I should do, so here it is.
I first ran the Malwarebytes as instructed. It was ran with Avast on. Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2015
Scan Time: 6:01 AM
Logfile: MALWAREBYTES SCAN LOG.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.19.03
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Philip

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432604
Time Elapsed: 38 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [b3ec4a998dfd7bbb2b5e5b2e47bbe719],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [1689796ae2a84ee85d2c8dfcd82a8779],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Linkey.Linkey, Quarantined, [1689796ae2a84ee85d2c8dfcd82a8779],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [3d627f64bcce9f9747966c2bd92be31d],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [e2bdde05296160d686571186c93bad53],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [ffa03ba83753b5814c9384136e9606fa],
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, Quarantined, [7629be2582088caa8e078103cd371ee2],
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Framed Display, Quarantined, [762903e0652571c5088d275dc53fcd33],

Registry Values: 1
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2793440623-1628646824-2415799637-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^e223adc9, Quarantined, [eeb1568d3753142208eb4b44689cd22e],

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Queue, Quarantined, [49566083701aee48dc1390733fc47f81],

Files: 17
PUP.Optional.InstallCore.A, C:\Users\Philip\AppData\Local\Temp\farbar-recovery-scan-tool.exe-1437339921757.exe, Quarantined, [465952919bef38fed2498c1d28d99070],
PUP.Optional.TweakBit.A, C:\Users\Philip\Downloads\fix-my-pc-setup.exe, Quarantined, [e0bfb52e7119330345ef3c2b64a12cd4],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.frameddisplay.com_0.localstorage, Quarantined, [247b6b78f595999d7ea74350020234cc],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.frameddisplay.com_0.localstorage-journal, Quarantined, [f0af3fa413770630f1342f649074ab55],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.frameddisplay.com_0.localstorage, Quarantined, [188707dc117947ef0b1a6f24857f21df],
PUP.Optional.FramedDisplay.A, C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.frameddisplay.com_0.localstorage-journal, Quarantined, [138c02e1c5c539fd28fd1e75e222e818],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log, Quarantined, [e1be3ba8b2d88aacc42a32d131d2bd43],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\StatDB.json, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Unfixed.err, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\CheckSerialNumber.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\PCCleaner.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Logs\PCCleanerLogic.log, Quarantined, [49566083701aee48dc1390733fc47f81],
PUP.Optional.TweakBit.A, C:\ProgramData\TweakBit\PCCleaner\1.x\Queue\Queue-Report.rpq, Quarantined, [49566083701aee48dc1390733fc47f81],

Physical Sectors: 0
(No malicious items detected)

Next I ran the FarBar Recovery Tool

See attachments.

Then next I ran the , ASWmbr.exe, with avast on. Here is the log
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-07-20 07:19:45

07:19:45.944 OS Version: Windows x64 6.2.9200
07:19:45.945 Number of processors: 2 586 0x3703
07:19:45.947 ComputerName: GREGORY UserName: Philip
07:19:51.282 Initialize success
07:19:51.318 VM: initialized successfully
07:19:51.320 VM: Intel CPU supported virtualized
07:19:57.330 VM: supported disk I/O storport.sys
07:20:01.625 AVAST engine defs: 15071902
07:20:09.602 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000021
07:20:09.606 Disk 0 Vendor: TOSHIBA_MQ01ABF050 AM003M Size: 476940MB BusType: 11
07:20:09.741 VM: Disk 0 MBR read successfully
07:20:09.746 Disk 0 MBR scan
07:20:09.752 Disk 0 unknown MBR code
07:20:09.758 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:20:09.876 Disk 0 scanning C:\WINDOWS\system32\drivers
07:20:23.275 Service scanning
07:20:58.981 Service vkgcut C:\WINDOWS\System32\drivers\hnrradon.sys LOCKED
07:21:05.681 Modules scanning
07:21:05.699 Disk 0 trace - called modules:
07:21:05.756 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
07:21:05.763 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xffffe001540c3450]
07:21:05.767 3 CLASSPNP.SYS[fffff801d2759170] → nt!IofCallDriver → \Device\00000021[0xffffe0015407a440]
07:21:06.863 AVAST engine scan C:\WINDOWS
07:21:09.185 AVAST engine scan C:\WINDOWS\system32
07:25:50.557 AVAST engine scan C:\WINDOWS\system32\drivers
07:26:12.382 AVAST engine scan C:\Users\Philip
07:27:20.037 Disk 0 MBR has been saved successfully to “C:\Users\Philip\Desktop\MBR.dat”
07:27:20.048 The log file has been saved successfully to “C:\Users\Philip\Desktop\aswMBR.txt”

Do not copy/paste the content of log file, but just attach them please.

Sorry, will do.

Hello,

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Hello,

First let me say thank you for taking your time to help me with this issue. You are a saint.

I ran the Zoek as requested, and it auto rebooted my computer. When it come back online I had the following two errors.

The module
“C:\Users\Philip\AppData\Local\YmbhPack\New.dll”
failed to load

Make sure the binary is stored at the specified path or
debug it to check for problems with the binary or
dependent.DLL files

The specified module could not be found


The module
“C:\Users\Philip\AppData\Local\UZLmedia\New.dll”
failed to load

Make sure the binary is stored at the specified path or
debug it to check for problems with the binary or
dependent.DLL files

The specified module could not be found

I attacked the log from the ZoeK

It is fine, these are malware leftovers.

[img=https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif] Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[]Right-click on [img=https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif] icon and select [img=https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg] Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).[/
]
[*]Make sure that Addition option is checked.[/]
[*]Press Scan button and wait.[/
]
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.[/*]

Please upload them into your next reply.

Hello,

I have not received any of the Mail Sheild pop ups since. The computer seems to be little faster. Everything is looking fine. Yeaaaaaaaa.

Here are the scan logs , Let me know if its all ok…

I spoke to fast.

Once I closed the Far Bar, my computer went crazy… It shut down google chrome, and opened up, then shut it down and open up, then switched it to my home page to mystartsearch, and also downloaded a SG Miner… Then when i try to un install the my start search it will not uninstall.

I had to turn off my Avast, to run the Far Bar, because it shows it as a virus. Now, when i turn avast back on, it has blocked three or four things… Why would the Far Bar download, put so much stuff on my computer? Is this a problem ?

Ok. After a crazy while, everything finally seems back ok, except for the my start search, and what ever bundled software it put on my computer. Need to get rid of that. The pop ups from Avast Mail Shield have not been coming, and everything else seems ok, Only that my start search. It slipped through while I had my Avast off running the Far Bar.

I will await your instructions.

Please uninstall Wajam

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes’ Anti-Malware

Please re-run
https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes’ Anti-Malware.

[*]First of all, select update.
[*]Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
[*]In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
[*]Click the Scan tab, choose Threat Scan is checked and click Scan Now.
[*]If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
[*]Upon completion of the scan (or after the reboot), click the History tab.
[*]Click Application Logs and double-click the newest Scan Log.
[*]At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Hello,

As for the Farbar Recovery, I can not get it to run without turning off my Avast. Each time i download it, the avast will detect a virus, and the download will fail. Then when I do turn off the Avast, that is why I got all of the issues with the Far Bar download before. I am not sure if it is where I am downloading it from that has all of that stuff bundled with it. I tried to run the one app that was already on my computer, and when i right click on it and hit run as admin. The avast pops up a virus, and takes away the icon and program. So not much I can do with that. I am scared to turn off the Avast again.

I did run the Malwarebytes, and everything seems to be great now. The google browser is working, and everything seems back to normal… Here is the scan log attached. Is all ok now?

Yes, MalwareBytes removed some malware that I also targeted in FRST fix. Anyway, I would like you to run FRST fix, so disable Avast and run FRST.

Hello,

Can you please give me a link, where I can download the FRST, that does not have all of the bundled items with it? Just a FRST only download?

FRST is completely clean and do not contain any kind of software bundled within.

Download link is below:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Hello,

Yes, I had no problem with that download. Maybe I downloaded the other one from a different site. Sorry about that. Anyways, here is the reports.

Can you perform FRST fix I provided on the previous page?

Hello,

I ran the fix. Here is the log attached.

Good. Is your PC fine now?