ok, thanks very much for the advice and direction. I'm going to change my user names a p/words today as you recommended. have 2 questions: The infected PC is offline now. If i backup my files before reformatting the drive, do i need to worry about the infection residing in itunes, .pdf or any Msoft Office file types? I'm concerned that i'd reinfect my laptop if i copy my files back after reloading Windows. I'm on another machine now. Before i reset all my passwords, is this one clean? Thanks again..... RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version Started in : Normal mode User : Rob McCormick [Admin rights] Mode : Scan -- Date : 04/25/2013 11:45:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[64] : NtCreateKey @ 0x8262DFA5 -> HOOKED (Unknown @ 0xA03AAFC0) SSDT[72] : NtCreateProcess @ 0x826DA72B -> HOOKED (Unknown @ 0xA03AA200) SSDT[73] : NtCreateProcessEx @ 0x826DA776 -> HOOKED (Unknown @ 0xA03AA4C0) SSDT[75] : NtCreateSection @ 0x8268F689 -> HOOKED (Unknown @ 0xA03ABC80) SSDT[78] : NtCreateThread @ 0x826DA560 -> HOOKED (Unknown @ 0xA03AC160) SSDT[123] : NtDeleteKey @ 0x825FB83C -> HOOKED (Unknown @ 0xA03AB540) SSDT[126] : NtDeleteValueKey @ 0x825F621F -> HOOKED (Unknown @ 0xA03AB800) SSDT[165] : NtLoadDriver @ 0x825B5AD0 -> HOOKED (Unknown @ 0xA03AC4A0) SSDT[194] : NtOpenProcess @ 0x82657EF2 -> HOOKED (Unknown @ 0xA03AAA40) SSDT[197] : NtOpenSection @ 0x8266EBA2 -> HOOKED (Unknown @ 0xA03ABE20) SSDT[324] : NtSetValueKey @ 0x8262EDD1 -> HOOKED (Unknown @ 0xA03AB280) SSDT[334] : NtTerminateProcess @ 0x826292F0 -> HOOKED (Unknown @ 0xA03AAD00) SSDT[358] : NtWriteVirtualMemory @ 0x82654033 -> HOOKED (Unknown @ 0xA03ABFC0) SSDT[382] : NtCreateThreadEx @ 0x82647F82 -> HOOKED (Unknown @ 0xA03AC300) SSDT[383] : NtCreateUserProcess @ 0x8260EE26 -> HOOKED (Unknown @ 0xA03AA780) S_SSDT[572] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0xA03ACB00) S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xA03AC920) _INLINE_ : NtCreateKey -> HOOKED (Unknown @ 0xA03AAFC5) _INLINE_ : NtCreateProcess -> HOOKED (Unknown @ 0xA03AA205) _INLINE_ : NtCreateProcessEx -> HOOKED (Unknown @ 0xA03AA4C5) _INLINE_ : NtCreateSection -> HOOKED (Unknown @ 0xA03ABC85) _INLINE_ : NtCreateThread -> HOOKED (Unknown @ 0xA03AC165) _INLINE_ : NtDeleteKey -> HOOKED (Unknown @ 0xA03AB545) _INLINE_ : NtDeleteValueKey -> HOOKED (Unknown @ 0xA03AB805) _INLINE_ : NtLoadDriver -> HOOKED (Unknown @ 0xA03AC4A5) _INLINE_ : NtOpenProcess -> HOOKED (Unknown @ 0xA03AAA45) _INLINE_ : NtOpenSection -> HOOKED (Unknown @ 0xA03ABE25) _INLINE_ : NtSetValueKey -> HOOKED (Unknown @ 0xA03AB285) _INLINE_ : NtTerminateProcess -> HOOKED (Unknown @ 0xA03AAD05) _INLINE_ : NtWriteVirtualMemory -> HOOKED (Unknown @ 0xA03ABFC5) _INLINE_ : NtCreateThreadEx -> HOOKED (Unknown @ 0xA03AC305) _INLINE_ : NtCreateUserProcess -> HOOKED (Unknown @ 0xA03AA785) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: HITACHI HTS541616J9SA00 +++++ --- User --- [MBR] 2de4c9e623116fefb281e08d7256f4d0 [bSP] 22542c83ee86097459dc05da1780809c : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: IMD-0 +++++ --- User --- [MBR] 7ac7cfe9c18d4f619b97a8c759ffd7dc [bSP] 3e29b9212929285cc4c2dd61ea901aa8 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 512 Mo Error reading LL1 MBR! Error reading LL2 MBR! Finished : << RKreport[1]_S_04252013_02d1145.txt >> RKreport[1]_S_04252013_02d1145.txt