||Gamer- Corsair 400R, Intel Core i5 2500K 4.8 GHZ, Cosair H100, Asus P8P67 Pro, EVGA GTX 670 FTW, Corsair Vengeance 16GB (4x4), Crucial M4 128GB, Corsair 650HX, Windows 7 Pro 64-bit, NV Surround on the way
||Laptop- HP DM4-2191 Intel Core i5 2430, 8GB, Crucial M4 64GB, Windows 7 Pro 64-bit
||Home Server- Foxconn NTA350 AMD E-350, 4GB, WD Scorpio 1TB, Windows Home Server 2011
Time for Win 8 and Server 8
I second combofix, but felt you would already have it as part of your cleanup routine.
The other registry keys that will/can prevent you from running programs like regedit would be the Policy keys, i.e HKCU (and HKLM)\Software\Policies... ..\Microsoft\Windows\CurrentVersion\Policies, etc.
Also, if .exe files in general are blocked, the exefix_xp.com utility from this page: http://windowsxp.mvps.org/exefile.htm (works on Vista and Win 7 too), will get you back up and running.
If the programs aren't critical, just data, you could do what I do when I truly need a clean install and want to make sure to not lose any data: I rename Documents and Setting, Program Files and Windows directories to *.old and then just do a clean install without format. A simple cut and paste operation on the Documents directory, etc., when done puts all data back in its original location. If something is in a non-standard place and I miss it, it is still available on disk.
I ended up using Hiren's lejitsoftwareski boot CD's PE regedit to edit one of the users so that I could get stuff done. Then I ran combofix, which was like drain cleaner.
Anyway, now I'm screwing around with user profiles and remembering why I use portable applications when I have the option. It looks like I'll be able to turn it over to them to get their data off of - rather than having to guess as to what may be important. Hopefully with the rootkit off I'll be able to just let them do the restore installation when/if they want to.
Those rootkit/bootkit bugs can be devastating especially with a Bot that morphs
to infect reg and hide in some of the weirdest places until it or them are awakened
Yep. I've been out of town. Lucky me, I'm going another round with it today to try to fix the broken user profile's rights or port it over. Then I have to mess around with updates and all of that fun stuff. This should be fun with a capital FUUUUUUU.