[CompCav]

First does it have a firewall with it?

If so please turn it all on and re run Security check and post the results.

[Advertisements]

CompCav,

I turned everything ON in Kasper. Here follows the log:

Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SEO SpyGlass
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[Andre Silva]

CompCav,

I turned everything ON in Kasper. Here follows the log:

Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SEO SpyGlass
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[CompCav]

To ensure your computer is taking full advantage of Windows 7 security features, use the Windows Security Center to check your system’s settings.

[list=1]

[*]Click Start.
[*] Click Control Panel.
[*] Under System and Security, click Review your computer's status.
[*] If it is not already expanded, click the arrow in the drop-down box to right of Security to expand the section. All options should be turned on.


Please tell me if any of them are turned off in your next reply.

[Andre Silva]

Everything is ON except "Network Access Protection"

[CompCav]

Perfect! I will now prepare the next steps, I will do that when I get to my computer later this afternoon.

[Andre Silva]

Thanks, CompCav! I really appreciate it. Looking forward to your next reply.

All the best,

André

[CompCav]

Please rerun security check for me and post the log so that I can prepare the next steps!

[CompCav]

Step 1

• Please reopen on your desktop by right clicking and selecting Run as administrator.
• Copy and Paste the following code into the textbox.
  
  

  :files
  netsh advfirewall reset /c 
  netsh advfirewall set allprofiles state off /c
  
  
  :Commands
  [emptytemp]
  [createrestorepoint]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2

Please post:

OTL fix log

[Andre Silva]

Here follows the log:


Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SEO SpyGlass
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[CompCav]

Now run the OTL fix in post #38.

[Andre Silva]

OTL log here:

All processes killed
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Izilda\Desktop\cmd.bat deleted successfully.
C:\Users\Izilda\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Izilda\Desktop\cmd.bat deleted successfully.
C:\Users\Izilda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Izilda
->Temp folder emptied: 137099263 bytes
->Temporary Internet Files folder emptied: 5438214 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18226664 bytes
->Google Chrome cache emptied: 127526793 bytes
->Flash cache emptied: 878 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9646 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 315136 bytes

Total Files Cleaned = 275.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 07182013_163248

Files\Folders moved on Reboot...
C:\Users\Izilda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27A7941E-76B6-49B2-BEE3-8F7207CCE13E}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{573C160F-134B-4FE9-924D-EC333E89B524}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5C6516EA-2592-4BC6-AEED-9ECABC13258F}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C61F021-370D-489D-BC0B-F9844DCB5782}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{761ECEF7-ECB6-43E3-82FF-354AD2D416B6}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{790C71EC-06D7-4824-9B64-150FC620948B}.tmp not found!
File\Folder C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C8B0395C-9EB8-4206-BCA7-9BB5D4AE00E2}.tmp not found!
C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[CompCav]

Good news! Your logs appear to be clean now.

We need to do an update and clean the tools off your computer next.


Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

• If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
• Uncheck the Ask Toolbar, McAfee Scanner, or Chrome installs as well, you do not need these from Adobe.

Tool Cleanup

Run AdwCleaner and press uninstall

Run OTL and hit the cleanup button. It will remove all the programs we have used plus itself. It will ask you to reboot the computer, please do so.

Clear Restore Points

Go Start > All Programs > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press System Restore and Shadow Copies Cleanup button




Please let me know when these steps are done so we can finish up.

[Andre Silva]

Hello CompCav,

I followed and completed all steps thoroughly. What's next?

Cheers.

[CompCav]

Here are some recommendations to keep you clean:



Avoid P2P and Cracked and or illegal Software

This is where most of your issues originated and their download and use subject you to a multitude of infections.



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)



Keep MalwareBytes' and run it at least monthly after you update it.




Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

[Andre Silva]

T H A N K Y O U CompCav! I really appreciate all your help and valuable time!

Please let me know if there is anything else I should do.

All the best!

Andre