troj rustok-n

same story as a recent poster: web site tells me i am infected with troj rustok-n: here is the scan log: I am having trouble updating and using spyhunter - not sure if it's related. Spy hunter and Verizon security scans show no infection.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:58 AM, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Consumer Input\ConsumerInput.exe
C:\Program Files\Consumer Input\ConsumerInputUa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\pualkelley\My Documents\hijackgpthis.exe

post says message is too big. I'll send the rest in next post?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.nytimes.com//?oref=login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\ConsumerInputUa.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - SearchUrl - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paakmaan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks.yahoo.com/YbConvFav.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB8F513-7FEF-46F5-A231-622A27BAA27A}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{75C461D7-70E5-4953-B18D-03A94CBC465A}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2AB5A1-4C31-4241-B9A4-9C01C1D0D7CD}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F0C306-28A6-4E57-8E97-D607A8FCBC49}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0167240-E308-4904-B2B1-2D84D7FF5328}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16147 bytes

Hello. I see you have Paltalk messenger installed.
Paltalk uses popups for ads to help pay for it, while the ads themself may not be malicious, clicking the ads may take you to a malicious website.
I'd recommend you remove it and use a free, better alternative like Skype.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB8F513-7FEF-46F5-A231-622A27BAA27A}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{55092A5E-F7CC-4835-A630-30420B2826D5}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{75C461D7-70E5-4953-B18D-03A94CBC465A}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2AB5A1-4C31-4241-B9A4-9C01C1D0D7CD}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F0C306-28A6-4E57-8E97-D607A8FCBC49}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{E0167240-E308-4904-B2B1-2D84D7FF5328}: NameServer = 85.255.114.104,85.255.112.103
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.31
Database version: 1604
Windows 5.1.2600 Service Pack 2

1/3/2009 6:34:11 PM
mbam-log-2009-01-03 (18-34-11).txt

Scan type: Quick Scan
Objects scanned: 61000
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 21
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1db8f513-7fef-46f5-a231-622a27baa27a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{97138c17-ad30-4480-a84b-9953adebb559}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bb2ab5a1-4c31-4241-b9a4-9c01c1d0d7cd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c1f0c306-28a6-4e57-8e97-d607a8fcbc49}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e0167240-e308-4904-b2b1-2d84d7ff5328}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1db8f513-7fef-46f5-a231-622a27baa27a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{97138c17-ad30-4480-a84b-9953adebb559}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bb2ab5a1-4c31-4241-b9a4-9c01c1d0d7cd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c1f0c306-28a6-4e57-8e97-d607a8fcbc49}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e0167240-e308-4904-b2b1-2d84d7ff5328}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1db8f513-7fef-46f5-a231-622a27baa27a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1db8f513-7fef-46f5-a231-622a27baa27a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{55092a5e-f7cc-4835-a630-30420b2826d5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{75c461d7-70e5-4953-b18d-03a94cbc465a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{97138c17-ad30-4480-a84b-9953adebb559}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{bb2ab5a1-4c31-4241-b9a4-9c01c1d0d7cd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{bb2ab5a1-4c31-4241-b9a4-9c01c1d0d7cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c1f0c306-28a6-4e57-8e97-d607a8fcbc49}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c1f0c306-28a6-4e57-8e97-d607a8fcbc49}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e0167240-e308-4904-b2b1-2d84d7ff5328}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e0167240-e308-4904-b2b1-2d84d7ff5328}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.104,85.255.112.103 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 09-01-02.01 - pualkelley 2009-01-03 23:39:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.204 [GMT -5:00]
Running from: c:\documents and settings\pualkelley\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 20:21 . 2009-01-03 20:52 d-------- c:\windows\system32\CatRoot_bak
2009-01-03 18:22 . 2009-01-03 18:22 d-------- c:\documents and settings\pualkelley\Application Data\Malwarebytes
2009-01-03 18:22 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 18:21 . 2009-01-03 18:22 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 18:21 . 2009-01-03 18:21 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 18:21 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 15:32 . 2009-01-03 15:32 d--hs---- c:\windows\ftpcache
2008-12-21 01:16 . 2008-12-21 01:17 d-------- c:\program files\Consumer Input
2008-12-21 01:16 . 2008-12-21 01:16 d-------- c:\documents and settings\pualkelley\Application Data\compete
2008-12-08 14:26 . 2008-12-30 14:21 d-------- C:\ASTROLOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 04:47 321,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-04 04:45 4,639,520 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-04 04:43 63,140 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-04 04:43 31,076 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-03 23:16 --------- d-----w c:\program files\Paltalk Messenger
2009-01-03 23:16 --------- d-----w c:\documents and settings\pualkelley\Application Data\Paltalk
2008-12-30 18:35 --------- d-----w c:\program files\Windows Live
2008-12-30 18:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-30 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-27 20:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 18:51 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-12-01 09:30 --------- d-----w c:\documents and settings\pualkelley\Application Data\Verizon
2008-12-01 09:01 --------- d-----w c:\program files\Radialpoint
2008-12-01 08:58 --------- d-----w c:\program files\Raxco
2008-12-01 08:58 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-01 08:56 --------- d-----w c:\program files\verizon
2008-12-01 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon
2008-12-01 08:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 08:45 --------- d-----w c:\program files\Symantec
2008-12-01 00:22 --------- d-----w c:\program files\eMusic Remote
2008-11-30 23:41 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-11-30 23:41 --------- d-----w c:\program files\Yahoo!
2008-11-29 01:53 --------- d-----w c:\program files\eMusic Download Manager
2008-11-26 05:18 --------- d-----w c:\program files\iTunes
2008-11-26 05:18 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 05:17 --------- d-----w c:\program files\iPod
2008-11-26 05:17 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 05:05 --------- d-----w c:\program files\QuickTime
2008-11-17 20:25 --------- d-----w c:\program files\Quicken
2008-11-17 20:25 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-11-14 02:33 --------- d-----w c:\program files\Common Files\Adobe
2008-11-08 04:45 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-07-05 22:47 254 -c--a-w c:\documents and settings\pualkelley\Application Data\wklnhst.dat
2008-09-08 16:48 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-09-12 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"Consumer Input"="c:\program files\Consumer Input\ConsumerInput.exe" [2007-09-20 390488]
"Consumer Input Update"="c:\program files\Consumer Input\ConsumerInputUa.exe" [2007-09-20 152920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-23 352256]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-12-05 864256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-22 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-10-20 2303216]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\pualkelley\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 59080]
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 651264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2005-11-29 329472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 01:46 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-31 96496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-02-08 29744]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-29 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2004-08-04 07:00]

2009-01-03 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-12-05 10:59]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe


.

------- Supplementary Scan -------
.
uStart Page = www.nytimes.com//?oref=login
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
FF - ProfilePath - c:\documents and settings\pualkelley\Application Data\Mozilla\Firefox\Profiles\hott1uzs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=112&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\pualkelley\Application Data\Mozilla\Firefox\Profiles\hott1uzs.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrk7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\SpiralFrog\NPSFDMGR.dll
FF - plugin: c:\program files\spiralfrog\wmp\np-mswmp.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 23:45:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1404)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\verizon\Verizon Internet Security Suite\Fws.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\verizon\Verizon Internet Security Suite\RPS.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\RAMASST.exe
c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-01-03 23:55:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 04:54:21

Pre-Run: 33,121,759,232 bytes free
Post-Run: 33,193,197,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

264 --- E O F --- 2008-01-10 00:56:59

Looks good, what problems remain?

Well, the Spy Hunter is giving me a Windows C++ library runtime error (or something similar) immediately upon opening. Can I just uninstall and reload a copy from them? Like I said, don't know if it's related, but it started happening about the same time.

That's probably because you need to install VB runtime.
Please download VB6 from here and install it:
http://www.microsoft.com/downloads/details.aspx?FamilyID=25437D98-51D0-41C1-BB14-64662F5F62FE&displaylang=en

Try Spy hunter again.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.