Ok here's my About:Buster report and my new HijackThis report
Scanned at: 7:54:44 PM on: 12/5/2004
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\addat32.exe:jzmqv
C:\WINDOWS\addmr32.exe:uzevp
C:\WINDOWS\apiep.exe:xcatf
C:\WINDOWS\ieqi32.exe:rdvws
C:\WINDOWS\ipll.exe:zcmkn
C:\WINDOWS\iput.exe:jdeyi
C:\WINDOWS\jautoexp.dat:nlysr
C:\WINDOWS\javaeb32.exe:fmrfl
C:\WINDOWS\javaiv.dll:ueiie
C:\WINDOWS\javaqb32.exe:nfany
C:\WINDOWS\KB824105.log:ssgux
C:\WINDOWS\KB825119.log:klzzr
C:\WINDOWS\KB837001.log:vjknt
C:\WINDOWS\kbbktv.dat:ykngq
C:\WINDOWS\kftul.dll:qlglk
C:\WINDOWS\mfchy32.exe:bnjwg
C:\WINDOWS\mhmhmw.dat:tnbja
C:\WINDOWS\netai.exe:cqoun
C:\WINDOWS\netnm.exe
cjtb
C:\WINDOWS\netqm.exe:urzzh
C:\WINDOWS\netva32.exe:gcbzd
C:\WINDOWS\ntbtlog.txt:fkkse
C:\WINDOWS\n_cclhvn.dat:nruhx
C:\WINDOWS\n_djxbhi.dat:rtqfn
C:\WINDOWS\sdkfg.exe:dwzwf
C:\WINDOWS\sdkwx.exe:yzuue
C:\WINDOWS\sysdm32.exe:xtivj
C:\WINDOWS\twunk_16.exe
xcvc
C:\WINDOWS\twunk_32.exe:dxhlw
C:\WINDOWS\UNINST32.EXE:szyka
Removed 3 Random Key Entries
Removed! : C:\WINDOWS\coskyy.dat
Removed! : C:\WINDOWS\dxfzc.dat
Removed! : C:\WINDOWS\icjms.dat
Removed! : C:\WINDOWS\iduff.dat
Removed! : C:\WINDOWS\jprdz.dat
Removed! : C:\WINDOWS\kcvuj.dat
Removed! : C:\WINDOWS\lhqrk.dat
Removed! : C:\WINDOWS\nhoxg.dat
Removed! : C:\WINDOWS\n_inzaqp.dat
Removed! : C:\WINDOWS\n_preawj.dat
Removed! : C:\WINDOWS\pvbku.dat
Removed! : C:\WINDOWS\swwmj.dat
Removed! : C:\WINDOWS\wthhc.dat
Removed! : C:\WINDOWS\wyxjj.dat
Removed! : C:\WINDOWS\xveqi.dat
Removed! : C:\WINDOWS\zwjrb.dat
Removed! : C:\WINDOWS\system32\aoqfj.dat
Removed! : C:\WINDOWS\system32\fnoao.dat
Removed! : C:\WINDOWS\system32\hcmeq.dat
Removed! : C:\WINDOWS\system32\icmoq.dat
Removed! : C:\WINDOWS\system32\lahwu.dat
Removed! : C:\WINDOWS\system32\vqsbx.dat
Removed! : C:\WINDOWS\system32\xjvoj.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\addat32.exe:jzmqv
C:\WINDOWS\addmr32.exe:uzevp
C:\WINDOWS\apiep.exe:xcatf
C:\WINDOWS\ieqi32.exe:rdvws
C:\WINDOWS\ipll.exe:zcmkn
C:\WINDOWS\iput.exe:jdeyi
C:\WINDOWS\jautoexp.dat:nlysr
C:\WINDOWS\javaeb32.exe:fmrfl
C:\WINDOWS\javaiv.dll:ueiie
C:\WINDOWS\javaqb32.exe:nfany
C:\WINDOWS\KB824105.log:ssgux
C:\WINDOWS\KB825119.log:klzzr
C:\WINDOWS\KB837001.log:vjknt
C:\WINDOWS\kbbktv.dat:ykngq
C:\WINDOWS\kftul.dll:qlglk
C:\WINDOWS\mfchy32.exe:bnjwg
C:\WINDOWS\mhmhmw.dat:tnbja
C:\WINDOWS\netai.exe:cqoun
C:\WINDOWS\netnm.exe
cjtb
C:\WINDOWS\netqm.exe:urzzh
C:\WINDOWS\netva32.exe:gcbzd
C:\WINDOWS\ntbtlog.txt:fkkse
C:\WINDOWS\n_cclhvn.dat:nruhx
C:\WINDOWS\n_djxbhi.dat:rtqfn
C:\WINDOWS\sdkfg.exe:dwzwf
C:\WINDOWS\sdkwx.exe:yzuue
C:\WINDOWS\sysdm32.exe:xtivj
C:\WINDOWS\twunk_16.exe
xcvc
C:\WINDOWS\twunk_32.exe:dxhlw
C:\WINDOWS\UNINST32.EXE:szyka
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
Logfile of HijackThis v1.98.2
Scan saved at 8:03:41 PM, on 12/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\adddp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\khayes\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\flebn.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\flebn.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\flebn.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07850CE3-1044-C87E-2D7E-A3B83871E631} - C:\WINDOWS\atlli32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe