Ok - let's have a go at this:

-- Download the attached FixIt.zip and Extract the FixIt Folder from the ZIP and place it on the ill computer.
In the FixIt Folder, you'll find RunThis.bat.
Run...

Finally! LOL! Lovin' that Vista!

See if you are able to install Adobe now - hopefully that will complete OK and then we can look at security again.

Typical busy Fall weekend upcoming - will...

Great - I'm going to use the same procedure I'm using in another thread to try to restore permissions on the ill compy so we can get things to run.

PP:)

AllRightyThen - On we go!

Let's try again to set up that reg key and see what happens:

Open another elevated command prompt and Copy&Paste

reg add...

Well - The vast majority of what was removed were baddies that had been quarantined by combofix and things in System Restore.
So, I'd wager most if not all malware is now gone.

I'd like to try a...

That's terrible!

Are you sure you've been hacked? There are a lot of ways to steal identities and defraud people these days....

That said, you did have traces of rootkit activity on your...

Ok - Let's do this:

Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the Everything...

OK - I was a bit sloppy with that batch file, but not enough to cause that error.
Let's have another go at it:


-- Download the attached FixPerms.zip to your Desktop and Extract the FixPerms...

Let me rewrite it - something's hinky.

Will post it again asap - could be tomorrow, though. Or late tonight.

PP:)

OK - I think those might be remnants . . . . or very well hidden.

When I get home I'll put together something to remove them just to be safe.

PP:)

I'll be happy to suggest some things once we sort this mess out :)

PP

OK - Either it wasn't extracted from the zip or it wasn't located properly.

Try extracting it to the desktop and then Copy and paste FixPerms.cmd into the C:\ProgramFiles\Windows Resource...

OK - those might just be registry remnants. I'm not certain.

We'll just try to pull them out manually - these particular keys can be tricky.

I'm heading out the door - I'll have to post the...

OK . . . I guess it's in no hurry . . . I've never seen that before. LOL!

I really hope it gives us some good progress.

No rush. No worries. I'll be around.

PP:)

Combofix noted an MBR problem that seems to be remaining. We need to boot to Recovery Console to address that.
I was hoping to get a stable shell running before we do that.

At reboot, select...

OK - Let's give this a whack at it:

-- Download the attached FixPerms.zip to your Desktop and Extract FixPerms.cmd from the ZIP to the folder where subinacl.exe was installed --->...

Great! That ought to make navigating the compy a bit easier.

What I'd like to do is have you Rename all instances of Explorer.exe on your computer to Explorer.OLD.

Do command prompt and...

My bad - I didn't process that last post properly....

Let's definitely allow AVP Tool to finish this current scan and neutralize/delete the baddies.

Keep me posted on the progress.

PP:)

That's odd.
The "bootstrapper" kind of controls the update/install/setup, if I am not mistaken.
Not sure why it would run out of the blue unless it was set to auto-update....



We can try...

Good grief!

Please run the AVP Tool again.
-- Click the Manual Cure Tab
-- Click the Collect system information Button and let it run
-- When it finishes, it will say Completed. Report saved...

That looks OK.

How are things running?

A few minor things:

-- Looks like you still have remnants of Norton firewall. You should remove them.

All of these need to be uninstalled. Update...

You might have better luck posting here:

http://forum.zebulon.fr/
http://forum.zebulon.fr/securite-f40.html

Cheers :)
PP

No worries - we're all busy with real life :)

For some reason, combofix is not getting this. It should...

-- Is the recovery console still installed?

Also, see if you can do this:
--...

I am not sure how everything "fits together" with Adobe suite, so I really can't offer much there. My typical solution is to remove it all and try again - but we can't do that here.

-- I'd like...

Great!

First, use the new account and see if you are able to install Adobe.

It probably won't be that easy . . . . LOL!

If that fails, try using the new account and open an elevated command...

Great! We'll get to that later.
I'd like to try the below first.



Try steps 1 2 7 8 & 9 in the linky below. Be sure to save the new password, etc....
...

OK - We still need to boot to recovery console and run fixmbr, but I think it might be prudent to hold off for the time being.

Please download peek.bat...

OK - At quick glance, that looks better. A few more steps left, but before we do them:

-- How are things running?

-- I'd like a fresh GMER Scan. Delete you current copy of GMER and Download a...

OK - let's try whacking at this with a different tool:

Please Download Kaspersky's AVP Tool (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/)

-- Move AVP Tool to the Desktop of the ill...

OK - Here we go:

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows...

No stress at all!

I wish I were sitting in front of the ill machine - forum settings are not always best for these issues.

-- I am a bit more busy than I expected to be this week, so please...

Well . . . That estimation was probably a bit low. I haven't priced XP recently, but I'd imagine you'll find it for significantly less than Vista or 7.

-- Let's have another try with MBAM. ...

LOL! . . . Macs have problems too :)

I've been unexpectedly busy this week (not that I'm complaining given the economy) so please bear with me.

-- For the registry issue, please download and...

Sorry - I've been unexpectedly busy!

Will post a CFScript as soon as I can. Hang in there!

PP:)

I do not know how much of an exaggeration that is.....
It's that bloody UAC - Now, you did say you disabled this, but I want to double-check that.
Also, there are a couple programs we can try as...

No - because of the licensing issues and M$ Windows Genuine Advantage, you'd not be able to get the critical updates and patches that are the first line of defense against infections such as this...

That's encouraging that combofix is running - unfortunately, it is not getting this. Which is odd, because it should.
The only reason I can think it isn't is no recovery console. But you did install...

OK - That's probably best. If no disk, then I think the choice will be pretty obvious :)

Fastest and easiest and most effective thing to do is to reinstall Windows. 'Course, you'll lose everything (programs, etc..) and will need to get updated/patched immediately.

-- Do you have your...

OK - what's the plan?
Format / Reinstall Windows? Or do you want to try to clean this sucker?

PP:)