Solved Win 7 not able to use windows update

[MH Lindsey]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-10-2015 08:56:37 Tweaking.com - Windows Repair
23-10-2015 09:05:46 Installed Microsoft Fix it 50123
23-10-2015 10:18:31 Windows Backup
23-10-2015 11:59:57 Windows Backup
24-10-2015 14:51:37 Windows Update
25-10-2015 11:27:41 JRT Pre-Junkware Removal
25-10-2015 11:53:03 Windows Update
25-10-2015 12:16:41 Windows Update
25-10-2015 19:17:16 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-10-26 07:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {120C3EEE-D549-4E10-826F-6A4EE7BEACCB} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1372E1D3-6055-4A0E-8B03-C8EF50BA584B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4AC4A426-2325-4C59-961B-9294393AF981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {5FEFE352-C7AC-4633-B3C6-CCDBC135C07A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {779CE893-318F-40F6-9C15-F730EBF6B7E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {912A5CE6-5DE9-459D-AF28-68EC4A727B70} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-10-16] (AVAST Software)
Task: {92E09224-2D34-4D2F-A9B5-0EC0D4A7DC8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {9A800362-9A69-4495-B4C5-444C98C6BC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {BC4604B9-547C-46B9-8DA6-E362E591E93E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D0FB0777-3B4E-43BD-976A-AC750B3F4308} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-07-06] (Avast Software s.r.o.)
Task: {D572F709-6207-4C94-B2A8-2E57EE0FAE7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E4F3D9DD-8603-4A22-A6A9-35493D895C77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-09-01 16:54 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-11 11:16 - 2005-06-15 17:04 - 00529920 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\NICServ.exe
2010-10-11 11:16 - 2005-08-26 11:55 - 01992192 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\UMCCfg.exe
2015-10-26 07:17 - 2015-10-26 07:17 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102601\algo.dll
2015-10-26 17:08 - 2015-10-26 17:08 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102602\algo.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2007-09-17 13:54 - 2007-09-17 13:54 - 01122304 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\ACE.dll
2007-12-13 12:26 - 2007-12-13 12:26 - 01400832 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO.dll
2007-12-13 14:45 - 2007-12-13 14:45 - 00524288 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_PortableServer.dll
2007-12-13 14:42 - 2007-12-13 14:42 - 00540672 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_AnyTypeCode.dll
2008-03-07 14:11 - 2008-03-07 14:11 - 00056920 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\Transport.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\zlib1.dll
2007-12-13 14:40 - 2007-12-13 14:40 - 00043008 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_Codeset.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00197208 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\DBPlugin.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00251992 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ExchangePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00328280 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ImagePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00233560 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\MSSQLPlugin.dll
2010-10-11 11:16 - 2005-02-24 12:51 - 00208896 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\dot1x_dll.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00155648 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\SSLEAY32.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00827392 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\LIBEAY32.dll
2010-10-11 11:16 - 2005-01-19 14:39 - 00045056 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\ZDWLAN.dll
2010-08-31 16:43 - 2009-06-03 12:34 - 03764224 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-08-31 16:43 - 2009-06-03 12:43 - 01703936 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-10-13 11:46 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-12-11 10:30 - 2014-12-11 10:30 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com

There are 11 more sites.

IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com

There are 11 more sites.

IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com

There are 11 more sites.

IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxp://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxps://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com

There are 13 more sites.


==================== Other Areas ============================

 

[MH Lindsey]

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-729058967-3014044393-3231255247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Escrow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C2138813-5807-4F21-9EFC-1B06F4FDA6A4}C:\program files (x86)\novosoft\handy backup\hbagent.exe] => (Allow) C:\program files (x86)\novosoft\handy backup\hbagent.exe
FirewallRules: [UDP Query User{B5D1D5E6-174A-49A8-B798-F34CAE450E68}C:\program files (x86)\novosoft\handy backup\hbagent.exe] => (Allow) C:\program files (x86)\novosoft\handy backup\hbagent.exe
FirewallRules: [{43DD7D8E-B540-4211-9FAE-E2FC5788AAC2}] => (Block) C:\program files (x86)\novosoft\handy backup\hbagent.exe
FirewallRules: [{987A5468-DE8D-4EEC-8BED-81C19CFFACC9}] => (Block) C:\program files (x86)\novosoft\handy backup\hbagent.exe
FirewallRules: [TCP Query User{CEA28CC4-4EF3-498B-969B-E1F607DFB492}C:\program files (x86)\novosoft\handy backup\backup.exe] => (Allow) C:\program files (x86)\novosoft\handy backup\backup.exe
FirewallRules: [UDP Query User{7090B88D-CE81-43FE-8971-F77B7A316211}C:\program files (x86)\novosoft\handy backup\backup.exe] => (Allow) C:\program files (x86)\novosoft\handy backup\backup.exe
FirewallRules: [{F82D78E2-0910-480F-92FB-3AC81A222CC7}] => (Block) C:\program files (x86)\novosoft\handy backup\backup.exe
FirewallRules: [{4BA0F170-50EB-4C86-8702-331D5D9DA43C}] => (Block) C:\program files (x86)\novosoft\handy backup\backup.exe
FirewallRules: [{84DD1854-BC3D-4E68-8CE2-E642B5B6CA02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61EB39D0-9FD2-42E3-9655-90A7D10BD53B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Ralink RT61 Turbo Wireless LAN Card
Description: Ralink RT61 Turbo Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology Corp.
Service: rt61x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2015 09:03:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "ReachFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Printing, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.RegularExpressions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "ReachFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Printing, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64". The error returned was Error: The specified assembly is not installed.
.

Error: (10/25/2015 09:03:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (10/26/2015 05:07:04 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/26/2015 05:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/26/2015 07:37:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2015 07:36:21 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/26/2015 07:32:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2015 07:16:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/25/2015 10:10:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/25/2015 10:10:04 PM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AAKS-60Z1A0

Firmware Version: 06.0

Serial Number: WD-WCAWF5831452

Port: 0

Error: (10/25/2015 10:10:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/25/2015 10:10:03 PM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AAKS-60Z1A0

Firmware Version: 06.0

Serial Number: WD-WCAWF5831452

Port: 0


CodeIntegrity:
===================================
Date: 2015-10-26 07:36:21.493
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 07:36:21.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Sempron(tm) 140 Processor
Percentage of memory in use: 72%
Total physical RAM: 1790.49 MB
Available physical RAM: 490.08 MB
Total Virtual: 3580.98 MB
Available Virtual: 2072.88 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.77 GB) (Free:392.57 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.89 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[MH Lindsey]

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Escrow (2015-10-27 19:05:56) Run:1
Running from C:\Users\Escrow\Desktop
Loaded Profiles: Escrow (Available Profiles: Escrow)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-729058967-3014044393-3231255247-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-729058967-3014044393-3231255247-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKU\S-1-5-21-729058967-3014044393-3231255247-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-729058967-3014044393-3231255247-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
2011-05-25 09:50 - 2011-07-18 09:04 - 0001854 _____ () C:\Users\Escrow\AppData\Roaming\GhostObjGAFix.xml
2011-12-21 11:45 - 2013-07-15 17:37 - 0131072 ____H () C:\Users\Escrow\AppData\Roaming\svfiles.log
2010-11-04 07:46 - 2013-07-15 18:24 - 0000114 _____ () C:\Users\Escrow\AppData\Roaming\sview.ini
2015-10-15 13:00 - 2015-10-23 10:03 - 0007665 _____ () C:\Users\Escrow\AppData\Local\resmon.resmoncfg

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-729058967-3014044393-3231255247-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-729058967-3014044393-3231255247-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKU\S-1-5-21-729058967-3014044393-3231255247-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-729058967-3014044393-3231255247-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
LMIRfsClientNP => service removed successfully
catchme => service removed successfully
LMIInfo => service removed successfully
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => service removed successfully
C:\Users\Escrow\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\Escrow\AppData\Roaming\svfiles.log => moved successfully
C:\Users\Escrow\AppData\Roaming\sview.ini => moved successfully
C:\Users\Escrow\AppData\Local\resmon.resmoncfg => moved successfully

==== End of Fixlog 19:05:56 ====

 

[MH Lindsey]

Need to update you that after I ran your fix log txt, I decided to allow the computer to run the windows updates that were in its que..all 5 failed. I have it set so it downloads them but let's me pick the ones I want. I will try again when they reload and keep you posted

 

[Broni]

OK.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[MH Lindsey]

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 51
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.226
Adobe Reader XI
Mozilla Firefox (41.0.2)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

[MH Lindsey]

Farbar Service Scanner Version: 26-07-2015
Ran by Escrow (administrator) on 28-10-2015 at 15:58:36
Running from "C:\Users\Escrow\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[MH Lindsey]

Wow!..weird things again. The Old Timer software crashed on first run. Had to force the machine off. It did its thing on the 2nd run. Tried Computer and Control Panel button and they will not open anything - it just hangs. Care to comment before doing the Sophos?

OK - did another shut down and restart. This time all of the windows updates are back and control panel button is working. Going to let the 4 of them update. Then will move on to Sophos.

 

[Broni]

Shut the computer down.
Wait 1 minute, restart and try again.

 

[MH Lindsey]

Got Sophos done - no details to report. Says its clean.

 

[Broni]

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[MH Lindsey]

Will do. Many thanks for all you do!

 

[Broni]

Way to go!!
Good luck and stay safe