Firewall gets shut down

[Scalerwave]

Ok, I unchecked it and restarted the computer but Windows installer still comes up.

Event Viewer still has the same messages it seems:

Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'Distiller', component '{4E57287A-4975-48CC-9DAF-5D93F4AB88C2}' failed. The resource 'C:\WINDOWS\system32\spool\Drivers\W32X86\PSCRIPT5.DLL' does not exist.

Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'PDFMakerForIE' failed during request for component ''

Product: Adobe Acrobat 7.0 Professional -- Installation failed

Ok Scalerwave,lets uncheck the Adobe.Acrobat.ContextMenu entry under HMLK\Software\Classes\*\ShellEx\ContextMenuHandlers ..

 

[Jack]

Can you please run this utility from Microsoft: http://support.microsoft.com/mats/Program_Install_and_Uninstall/

 

[Scalerwave]

It says I need to install SP3 first and them run it.

I'll take care of that and be back.

 

[Jack]

It says I need to install SP3 first and them run it.

That would have been my recommendation anyway...So if you can, please go ahead and upgrade to SP3!

 

[Scalerwave]

UPDATE:

It seems that I can't update to SP3. The update site keeps saying there was and error when checking to see which updates I need. Just in case, I turned on Windows Installer and started it but no change.

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)

Is there another way to uninstall Adobe 7?

It says I need to install SP3 first and them run it.

That would have been my recommendation anyway...So if you can, please go ahead and upgrade to SP3!

 

[Jack]

1.You can try to install again Adobe Acrobat 7.0 Professional,to see if it will detect the previous installation issues : http://www.adobe.com/support/downloads/detail.jsp?ftpID=3318
2.If that doesn't work,you can try to use this Adobe uninstaller: http://labs.adobe.com/downloads/acrobatcleaner.html

 

[Scalerwave]

To speed things up I just went ahead and deleted Adobe 7 using the Adobe Cleaner utility but was surprised to find that it still appeared in the Control Panel Add/Remove Progs. Clicking on it though, I got a message saying that it wasn't installed. Huh... not such a good cleaner tool Adobe. I used TuneUp to clean the Registry and got rid of 22 new problems caused by Adobe Cleaner... interesting.

Net result: Success !! The machine appears to be back to normal. The Windows Installer service is back to Manual mode and the menu and shortcuts are still acting normally now.

You are the ##### man. I really appreciate it.

1.You can try to install again Adobe Acrobat 7.0 Professional,to see if it will detect the previous installation issues : http://www.adobe.com/support/downloads/detail.jsp?ftpID=3318
2.If that doesn't work,you can try to use this Adobe uninstaller: http://labs.adobe.com/downloads/acrobatcleaner.html

 

[Jack]

Great!
Ok,lets update JAVA (this is one of the most exploited programs , and most likely the entry point for the ZeroAccess rootit... You should always check and update Java or uninstall it if you don't need it!) and a final malware check!

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start a HitmanPro scan by <>double clicking on the previously downloaded file</> and then following the prompts.

</li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.
<>DO NOT REMOVE ANYTHING!</>,instead click on the Save log button (next to the green Buy now button) , then click on Close.

</li>
<li> Post the HitmanPro log in your next reply</li>
</ol>

---

STEP 2: Update your <>JAVA</>.

Your version of <>Java</><> is out of date</>. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of <>Java</> components and update:
<ol>
<li>Please download  <>JavaRa</> from the below link.
<a title="External link" href="http://download.thewebatom.net/50486674c3d77/JavaRa-2.0.zip" rel="nofollow external"><>JAVARA DOWNLOAD LINK</></a>  (This link will automatically download JavaRa on your computer)</li>
<li>Unzip JavaRa and then run it</li>
<li>Click on Update Java Runtime and then follow the prompts

</li>
</ol>

---

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.HitmanPro logs
2.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[Scalerwave]

Here's the Hitman log...

Looks like just tracking cookies except for a suspicious Punkbuster entry. I deleted everything.

The Java updater ran ok so Java is not up to date. I could try uninstalling it altogether though and see what happens.

 

[Jack]

You can always check if your Java is up to date by using <a title="External link" href="http://java.com/en/" rel="nofollow external"> this site</a> and clicking on <>Do I have Java</>.
With the HitmanPro scan giving us the green light and unless you are having other problems, it is time to do the final steps.

STEP 1 :Remove ComboFix from your computer
<ol>
<li>Hold down the <>Windows key</> + <>R</> on your keyboard. This will display the Run dialogue box</li>
<li>In the Run box, type in <>ComboFix /Uninstall</> <em>(Notice the space between the "x" and "/")</em> then click <>OK</> <a href="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png"><img class="alignnone size-full wp-image-4129" title="Uninstall Combofix" src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png" alt="Combofix uninstall command" width="413" height="212" /></a></li>
<li>Follow the prompts on the screen</li>
<li>A message should appear confirming that ComboFix was uninstalled</li>
</ol>
<hr />
STEP 2: Remove the OTL utility from your computer

Run OTL and hit the <>CleanUp</> button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
<ol>
<li>Go to control panel</li>
<li>Select folder options (Appearance > Folder options in category view)</li>
<li>Select the View Tab.</li>
<li>Under the Hidden files and folders heading select <>Do not show hidden files and folders</>.</li>
<li>Click Yes to confirm.</li>
<li>Click OK.</li>
</ol>
<hr />
STEP 3: Delete the old restore points and ceate a new Restore Point
<ol>
<li>Go to <>Control Panel </>and select <>System </></li>
<li>Select <>System</></li>
<li>On the left select<> System Protection </>and accept the warning if you get one</li>
<li>Select <>System Protection Tab</></li>
<li>Select <>Create</> at the bottom</li>
<li>Type in a name i.e. Clean</li>
<li>Select <>Create</></li>
</ol>
<>Now we can purge the infected ones</>
<ol>
<li>Go <>Start > All programs > Accessories > system tools </></li>
<li>Right click <>Disc cleanup</> and select run as administrator</li>
<li>Select <>Your main drive</> and accept the warning if you get one</li>
<li>For a few moments the system will make some calculations</li>
<li>Select the <>More Options tab</></li>
<li>In the System <>Restore and Shadow Backups select Clean up</></li>
<li>Select <>Delete</> on the pop up</li>
<li>Select OK</li>
<li>Select Delete</li>
</ol>
<hr />
STEP 4: Clean your temporary files to gain more hard drive space and remove the junk files
<ol>
<li>Download Ccleaner from the below link:
CCLEANER DOWNLOAD LINK</a> <em>(This link will automatically download Ccleaner on your computer)</em></li>
<li>Install Ccleaner by following the prompts</li>
<li>Start Ccleaner and the following should be selected by default, if not, please select:
<img src="http://i52.tinypic.com/4l5a4i.png" alt="Posted Image" /></li>
<li>Click <img src="http://i56.tinypic.com/16jox2o.png" alt="Posted Image" /> and choose <img src="http://i40.tinypic.com/5x3nu8.gif" alt="Posted Image" /></li>
<li>Uncheck <img src="http://i51.tinypic.com/amuvj8.gif" alt="Posted Image" /></li>
<li>Then go back to <img src="http://i41.tinypic.com/2jb4qyb.gif" alt="Posted Image" /> and click <img src="http://i25.tinypic.com/nf47ev.gif" alt="Posted Image" /> to run it.</li>
<li>Exit CCleaner.</li>
</ol>

---

What's next?

1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
3. Be an active member in the MalwareTips community!

 

[Scalerwave]

Ok all done, thanks once again ... heading over to SWC forum.

 

[Jack]

This thread is now closed.​

Reason:&nbsp;<span style="color: #ff0000;">Resolved</span>​

<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only.&nbsp;&nbsp;Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.&nbsp;&nbsp;</></span>

<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>

All members requesting Malware Removal Assistance are required to follow all procedures from <a title="" href="http://malwaretips.com/Announcement-Mandatory-scans-and-logs-before-we-start">this thread.</></a>