Firewall gets shut down

[Scalerwave]

I'm new to the forum so bare with me...I don't know what OTL or aswMBR means but I couldn't post the message without checking the box.

I'm unsure how it started except I was surfing today when suddenly Adobe tries to update out of nowhere. I shut down the window but it kept popping up like every 5 minutes. I updated manually to 11.4 but it still pops up.

Next, something called "FP_AX_CAB_INSTALLER.exe" starts running in Task Manager so I shut it down.

I notice that Spybot finds something odd with my Firewall setting so I check it and find that it's off. I try to turn it on but the message "Due to an unidentified problem, Windows cannot Display Windows Firewall settings."

Checking the "Services" under MsConfig, I see that "Service Center" missing so I check the Registry and find that the folder "WSCSVC" is gone so I export the folder from my other machine.

After rebooting, the Firewall is on but after about a minute, it mysteriously turns itself off.

I figured I would try a Repair Install which is going now.

That's where I am now. Any help is appreciated.

 

[Jack]

Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to back up any personal files and folders before you start.
<hr />
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
<ul>
<li>Close any open browsers.</li>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</> </em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. Combofix will now start scanning your computer.
4. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> DO NOT mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li>DO NOT "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>IF after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>
<hr />
STEP 2: Run a scan with Farbar Service Scanner

<ol> <li>Download Farbar Service Scanner from the below link.
<><a title="External link" href="http://download.bleepingcomputer.com/farbar/FSS.exe" rel="external">FABAR SERVICE SCANNER</a></> <em> (This link will automatically download Farbar Service Scanner on your computer)</em></li>
<li>Run the ulity and checkmark all the boxes</li>
<li> Click on the Scan button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/09/fabar.png" /></li>
<li>Add the log that will produce in your next reply.</li></ol>
What's next?

Please post in your next reply:
1.Combofix log
2.Fabar log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Scalerwave]

Ok, one problem ComboFix encountered while attempting to setup a restore point, was that for some reason, I don't have "Windows Recovery Console" Installed. It wanted to connect to internet and download and install it. I clicked "no" thinking I would check with you first but it went ahead with the scan after that.

It said that the machine is infected with Rootkit.ZeroAccess. It has inserted itself into the tcp/ip Stack. Then it says be patient this may take some moments... then says it must reboot. I rebooted and it started the scan again.

It completed Stage 1 and so on then it rebooted and prepared the log report.

FSS went pretty quick. So far the Firewall is staying on and no Adobe Install screens have popped up. I'm on a wired router and have to plug it back in. I'll let you know how it goes from there although, I did have internet access before... no doubt due to having no wifi to worry about.

Thanks !

UPDATE: Internet access appears ok and still no problem with Firewall or Adobe Installer.

One odd thing though... each time I click on an icon like a HDD shortcut or "My Computer", a pop screen comes up saying "Windows Installer... Preparing to install". Seems like the normal window will come up shortly after. Should I do another "Repair" install of Windows?

 

[Jack]

We need to use Combofix to remove some stuff from your machine.
<ol>
<li>Make sure that the copy of ComboFix that you downloaded earlier is on your Desktop but Do not run it!
If it is not on your Desktop, the below script will not work.</li>
<li>Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste ALL the text present INSIDE the code box below:

Clear Java Cache:: 

File::
c:\windows\SET5E.tmp
c:\windows\SET52.tmp
c:\windows\SET4F.tmp
c:\windows\SET5D.tmp
c:\windows\SET51.tmp
c:\windows\SET4E.tmp
c:\windows\SETC1.tmp
c:\windows\SETB5.tmp
c:\windows\SETB2.tmp
c:\windows\system32\FlashPlayerInstaller.exe

NOTICE: This script was written specifically for Scalerwave, to be use on this particular machine. Running this script on any another machine may cause damage to the operating system!</li>
<li>Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.</li>
<li>At this point, you MUST EXIT ALL BROWSERS before continuing, and temporarily disable your anti-virus, script blocking and any anti-malware real-time protection as they can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".</li>
<li>You should have both the<> ComboFix</> and <>CFscript.txt</> icons on your Desktop.</li>
<li>Now use your mouse to <>drag CFscript.txt on top of ComboFix as seen in the below image.</>
<img src="http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif" alt="Posted Image" /></li>
<li>Follow the prompts.</li>
<li>When it finishes, a log will be produced named <>c:\combofix.txt</></li>
<li><>Attach the new log generated by ComboFix</> to your next reply.</li>
</ol>
<>Note:</> <>DO NOT</> mouseclick combofix's window while it is running. That may cause it to stall.
<hr />
STEP 2: Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />


What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Combofix log
2.Kaspersky TDSSKiller
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[Scalerwave]

Wow, this is intense... ok, I'm on it.

Update:

ComboFix tells me there is a newer version of ComboFix but I just selected "No" when asked if I wanted to update.

ComboFix asked to download and install "Microsoft Windows Recovery Console" should I allow that? Not sure, for now I just selected no.

Kaspersky only found "Suspicious" items but they looked familiar for the most part.

I'll try out the "Windows Installer" and see what happens...

Update:
Still have the same problem with the "Windows Install" pop-up.

Other than that, the computer seems to be ok.

 

[Jack]

You didn't copy the entire code that was inside the code box.....Lets do the same process once again.This time however please install the Windows Recovery Console and allow Combofix to update.

<ol>
<li>Make sure that the copy of ComboFix that you downloaded earlier is on your Desktop but Do not run it!
If it is not on your Desktop, the below script will not work.</li>
<li>Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste ALL the text present INSIDE the code box below:

KillAll:: 

File::
c:\windows\SET63.tmp
c:\windows\SET54.tmp
c:\windows\SET50.tmp
c:\windows\SET62.tmp
c:\windows\SET56.tmp
c:\windows\SET53.tmp
c:\windows\SETB2.tmp

NOTICE: This script was written specifically for Scalerwave, to be use on this particular machine. Running this script on any another machine may cause damage to the operating system!</li>
<li>Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.</li>
<li>At this point, you MUST EXIT ALL BROWSERS before continuing, and temporarily disable your anti-virus, script blocking and any anti-malware real-time protection as they can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".</li>
<li>You should have both the<> ComboFix</> and <>CFscript.txt</> icons on your Desktop.</li>
<li>Now use your mouse to <>drag CFscript.txt on top of ComboFix as seen in the below image.</>
<img src="http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif" alt="Posted Image" /></li>
<li>Follow the prompts.</li>
<li>When it finishes, a log will be produced named <>c:\combofix.txt</></li>
<li><>Attach the new log generated by ComboFix</> to your next reply.</li>
</ol>
<>Note:</> <>DO NOT</> mouseclick combofix's window while it is running. That may cause it to stall.
<hr />
STEP 2: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">ROGUEKILLER DOWNLOAD LINK</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.
<hr />
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 4: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

What's next?

Please add in your next reply:
1.Combofix log
2.RogueKiller logs
3.ESET log
4. Kaspersky Virus Removal log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Scalerwave]

Overall the computer seems to be running fine although I have the same problem with the Windows Installer. Some of the extra viruses found were in software that hadn't been installed yet.

Ok here are the log files. Thanks again bud.

 

[Jack]

Can you please post a screenshot of the pop-up that you are seeing?
To take a screenshot, press the "PrtSc" (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or png, Not bmp).Post this screenshot in your posts.
Next,lets get a fresh log from your system:
STEP 1: Run a scan with Security Check
<ol><li>Download <>Security Check</> from the below link:
<a href="http://screen317.spywareinfoforum.org/SecurityCheck.exe" target="_blank">SECURITY CHECK DOWNLOAD LINK</a> (This link will automatically download Security Check on your computer)</li>
<li>Double-click <>SecurityCheck.exe</></li>
<li>Follow the onscreen instructions inside of the black box.</li>
<li>A <>Notepad</> document should open automatically called <>checkup.txt</>; please post the contents of that document.
</ol>
<hr/>
STEP 2: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Security Check log
2.OTL log
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[Scalerwave]

I attached a few pix so you can see what I'm talking about.

1. Services.msc pic - shows me turning Windows Installer Service back on and setting it to manual
2. Preparing to Install example - shows what happens when I click "My Documents"
3. Preparing to Install example pt2 - shows "My Documents" opened after about 30 seconds or so goes by. Folder and drive shortcuts do the same thing.

OTL only produced one Txt file so I attached a pic of the settings I used.

 

[Jack]

Lets try to fix your Windows Installer policies ....
STEP 1: Backup your Windows Registry with ERUNT.
<ol><li>Download ERUNT from the below link.
<a title="External link" href="http://www.larshederer.homepage.t-online.de/erunt/" rel="nofollow external">ERUNT DOWNLOAD LINK</a> <em>(This link will open a new webpage from where you can download ERUNT on your computer)</em></li>
<li>Start ERUNT, confirm the Welcome message.
<li>Type in the name of a restore folder where the backed up registry files should be saved, or click "..." to browse your computer's drives and select a folder.
You can also simply leave the default, which is a folder named ERDNT inside your Windows folder, the advantage being that you have access to this folder from the Windows Recovery Console in case Windows does not boot anymore.</li>
<li>Select the following backup options:

• <>System registry:</>
  [*]<> Current user registy: </>.
  [*]<>Other open user registries: </></li>

<li>Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.</li></ol>
STEP 2: Run the custom Windows registry fix
<ol><li>Download the below registry fix.
NOTICE: This script was written specifically for Scalerwave, to be use on this particular machine. Running this script on any another machine may cause damage to the operating system!
[attachment=2576]
</li>
<li>Right click on fix.reg and select merge, then accept the warning if it appears and you are done.</li></ol>

 

[Scalerwave]

Update:

The install and merge went ok but the problem still remains. Here's a pic I took after rebooting and clicking "My Documents" again.

 

[Jack]

Scalerware,did you by any chance recently tried to install an Adobe product?What other products have you recently (before this Windows Installer issue started) installed.

Please follow the steps below to enter the Event Viewer program in XP. This will give me more information into what is causing your issue.

1. Go to Start and then click on Run
2. Type in eventvwr.msc and press Enter
3. On left side click on Applications On right side look for any RED X about the time of a incident
4. On left side click on System. On right side look for any Red X about the same time of a incident
   Also look for any yellow exclamation mark at the same time in either of the above
5. If you find any double click on one at a time and take a screenshot.

 

[Scalerwave]

The logs for Application and System only go back to Monday the 29th but I did install an update for Adobe Flash player on Saturday night I think. This was after being constantly bombarded with the Adobe Flash automatic update screen though. It kept popping up saying there was a new version of Flash ready. I closed the popup and went to Adobe's site to get the update and then installed it. The Adobe updater kept popping up anyway though which made me start looking for a virus and finally noticed the firewall was down.... etc

It seems that you're on to something here though. This "Windows Installer" program looks to be trying to install Adobe software. There were no RED X's but there are Warnings saying that it is trying to install Adobe software whenever I click on a folder, shortcut, my computer, my documents etc.

Example:

In the screenshot for Application at 4:44:24...

Event ID 1004 - Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'Distiller', component '{4E57287A-4975-48CC-9DAF-5D93F4AB88C2}' failed. The resource 'C:\WINDOWS\system32\spool\Drivers\W32X86\PSCRIPT5.DLL' does not exist.

Event ID 1001 - Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'PDFMakerForIE' failed during request for component ''

Event ID 11708 -
Product: Adobe Acrobat 7.0 Professional -- Installation failed.


In the screenshot for Application at 4:36:46...

Event ID 1004 - Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'Distiller', component '{4E57287A-4975-48CC-9DAF-5D93F4AB88C2}' failed. The resource 'C:\WINDOWS\system32\spool\Drivers\W32X86\PSCRIPT5.DLL' does not exist.

Event ID 1001 - Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'PDFMakerForIE' failed during request for component ''

Event ID 11708 - Product: Adobe Acrobat 7.0 Professional -- Installation failed.

In the above example, I clicked on the C:\ HDD Shortcut Icon... Now I will click on "My Documents" and compare what happens.

Okay, "My Documents" triggered the Installer and after 30 seconds, the pop up disappeared and "My Documents" folder appeared.

New Warnings starting at 5:00:06 appear under "Application"

Event ID 1004 -
Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'Distiller', component '{4E57287A-4975-48CC-9DAF-5D93F4AB88C2}' failed. The resource 'C:\WINDOWS\system32\spool\Drivers\W32X86\PSCRIPT5.DLL' does not exist.

Event ID 1001 -
Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'PDFMakerForIE' failed during request for component ''

Event ID 11708 -
Product: Adobe Acrobat 7.0 Professional -- Installation failed.

WTH?

 

[Scalerwave]

Update:

I just remembered that I was looking for a book online and found this link that I downloaded:

hxxp://www.torrentreactor.net/torrents/2242202/Meyl-Scalar-Waves-%28first-Tesla-physics-textbook-for-engineers%29-%282003%29-zip

I downloaded the zip file which contained 2 files and I clicked on the book before noticing that it was an application file instead of a doc or pdf file. This happened around the same time as the Adobe Flash pop up window started coming up but I'm not sure the exact order.

After clicking what I assumed was the book file in this zip, it disappeared and I didn't know what to make of it. So I deleted the zip file and the remaining file. Crap !

 

[Jack]

Can you go into Add or Remove Programs and uninstall Adobe Acrobat 7.0 Professional if it's there........
I can't find your OTL log (did you remove it?),but I do remember some context menus from Adobe Acrobat which might be responsible for this error.

PS. AVOID DOWNLOADING FROM WAREZ SITES !

 

[Scalerwave]

Yeah, I had to delete some file uploads because the site said I ran out of room for uploads.

Did you want the OTL again?

I'll Uninstall Adobe 7 and get back with an update.

Is it possible to check the file on that warez site? Or does it matter? Just curious to see if it's the culprit.

Can you go into Add or Remove Programs and uninstall Adobe Acrobat 7.0 Professional if it's there........
I can't find your OTL log (did you remove it?),but I do remember some context menus from Adobe Acrobat which might be responsible for this errors.

PS. AVOID DOWNLOADING FROM WAREZ SITES!

 

[Scalerwave]

Update:

I can't seem to uninstall from Control Panel. I had to turn on the Windows Installer to even try and uninstall but after the Windows Installer pop up disappears, I get a message pop up saying...

This Patch Package could not be opened. Verify that it exists and that you can access it... etc blah blah blah

I checked the Adobe directory for an uninstall file but don't see one. I should be able to use a Microsoft Cleanup tool to remove it though unless there is a better way.

Yeah, I had to delete some file uploads because the site said I ran out of room for uploads.

Did you want the OTL again?

I'll Uninstall Adobe 7 and get back with an update.

Is it possible to check the file on that warez site? Or does it matter? Just curious to see if it's the culprit.

Can you go into Add or Remove Programs and uninstall Adobe Acrobat 7.0 Professional if it's there........
I can't find your OTL log (did you remove it?),but I do remember some context menus from Adobe Acrobat which might be responsible for this errors.

PS. AVOID DOWNLOADING FROM WAREZ SITES!

 

[Jack]

Scalerwave ,lets try to remove the Acrobat 7.0 context menu items:
1.Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
2.Unzip the archive and then click on autoruns
3.The Autoruns for Windows will start,go to the Explorer tab and take a screenshot.

 

[Scalerwave]

Here ya go...

Scalerwave ,lets try to remove the Acrobat 7.0 context menu items:
1.Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
2.Unzip the archive and then click on autoruns
3.The Autoruns for Windows will start,go to the Explorer tab and take a screenshot.

 

[Jack]

Ok Scalerwave,lets uncheck the Adobe.Acrobat.ContextMenu entry under HMLK\Software\Classes\*\ShellEx\ContextMenuHandlers ..