Following your advice, I rebooted with the Gpart disk. All went according to plan. Outstanding explanation of the steps, thank you.
Then I ran into a fork in the road. Your most recent comment suggested that I delete the bad 1MB and reboot in normal windows and run combo fix. At the time, however, I was following the gpart instructions from earlier. At that time you had asked me to do the Gpart reboot, then a windows vista recovery reboot, then combofix.
Not thinking, I tried to do a windows reboot with the vista 32 bit RC disk you had asked me to burn. At some point in the process it asked me for my vista product key. I got out a flashlight and crawled under the desk to note the code on the sticker on the back of the computer. Upon entering it, I was told it was no good. Another bout on the floor with the flashlight, same result.
So, I did a bit of googling and discovered that I could download a product key finder. As I was doing that I realized that your most recent comment had not asked me to use the vista RC disk. So...I went ahead and did a combofix scan.
It seems that for the present everything is back in working order.
I'm posting the log below and you can tell me how things look. Before I post, a question. Once we sort this out, would you recommend that I delete the various things I have downloaded onto my non-infected computer (gpart, roguekiller, imgblaster, etc)?
ComboFix 11-12-30.02 - computer 12/30/2011 19:09:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1879 [GMT -5:00]
Running from: c:\users\computer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Naver
c:\users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E}
c:\users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E}\chrome.manifest
c:\users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E}\chrome\content\overlay.xul
c:\users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E}\install.rdf
c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\system32\npkpdb.dll
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 00:23 . 2011-12-31 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 00:04 . 2011-12-31 00:04 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-12-31 00:04 . 2011-12-31 00:04 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-12-31 00:04 . 2011-12-31 00:04 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-12-31 00:04 . 2011-12-31 00:04 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-12-31 00:04 . 2011-12-31 00:04 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-12-31 00:04 . 2011-12-31 00:04 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-12-31 00:04 . 2011-12-31 00:04 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-12-31 00:04 . 2011-12-31 00:04 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-12-31 00:04 . 2011-12-31 00:04 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-12-31 00:03 . 2011-12-31 00:03 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-12-31 00:03 . 2011-12-31 00:03 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-12-31 00:03 . 2011-12-31 00:03 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-12-31 00:03 . 2011-12-31 00:03 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-12-31 00:03 . 2011-12-31 00:03 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-12-31 00:03 . 2011-12-31 00:03 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-12-31 00:03 . 2011-12-31 00:03 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-12-31 00:03 . 2011-12-31 00:03 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-12-31 00:03 . 2011-12-31 00:03 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCF8321F-4697-4D24-8177-42B1D4E77D23}\MpKsl85b86a12.sys
2011-12-31 00:03 . 2011-12-31 00:03 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCF8321F-4697-4D24-8177-42B1D4E77D23}\offreg.dll
2011-12-30 23:56 . 2011-12-30 23:56 -------- d-----w- c:\program files\Magical Jelly Bean
2011-12-30 22:52 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCF8321F-4697-4D24-8177-42B1D4E77D23}\mpengine.dll
2011-12-30 22:50 . 2011-12-30 22:52 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-29 21:16 . 2011-12-29 21:16 -------- d-----w- C:\_OTL
2011-12-29 04:18 . 2011-12-29 04:18 -------- d-----w- c:\programdata\WindowsSearch
2011-12-28 23:26 . 2011-12-28 23:26 0 ---ha-w- c:\users\computer\AppData\Local\BITEFF.tmp
2011-12-13 18:16 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 18:16 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 18:16 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-13 18:16 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 18:16 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 18:16 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 18:16 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-02-28 00:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 22:01 . 2011-06-10 18:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 07:47 . 2010-10-15 20:59 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 01:49 . 2011-10-11 01:50 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE100024-E385-4BFB-91E2-1C98AC24FDCB}\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"MaAgent"="c:\program files\MarkAny\ContentSAFER\MaAgent.exe" [2008-09-17 57344]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-01-09 274608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl217763fb;MpKsl217763fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAD5A8B3-2EE7-40F8-8DCF-03C65E017537}\MpKsl217763fb.sys [x]
R1 MpKsl42400db6;MpKsl42400db6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1490991C-584C-4F53-802A-545BEB3C0BC4}\MpKsl42400db6.sys [x]
R1 MpKsl99200a83;MpKsl99200a83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41558724-A731-4328-AD63-F160B7AAAA2B}\MpKsl99200a83.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca3672f1e23590;Google Update Service (gupdate1ca3672f1e23590);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 133104]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-19 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 133104]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-11-16 21176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl85b86a12;MpKsl85b86a12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCF8321F-4697-4D24-8177-42B1D4E77D23}\MpKsl85b86a12.sys [2011-12-31 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [2010-05-25 250145]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL85B86A12
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:11]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:11]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000Core.job
- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 17:37]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000UA.job
- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 17:37]
.
2011-12-28 c:\windows\Tasks\Norton Security Scan for computer.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 10:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0309&m=et1161-07
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} - hxxp://cdn.naver.com/naver/comic/viewer/2007/0126/naver/NHNComicViewer.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPI.cab
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://packgoon.hangame.com/common/HanSetup1020.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Mnet/QuickManagerNHN/Modules/NSAppHelper.cab/NSAH_20100202001.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MRDaemon.exe - c:\program files\Naver\QuickManager2\MRDaemon.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-12-30 19:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-30 19:26:27
ComboFix-quarantined-files.txt 2011-12-31 00:26
.
Pre-Run: 161,408,229,376 bytes free
Post-Run: 162,177,396,736 bytes free
.
- - End Of File - - 0D99847FD2464EE11D3D7519462736FC