I dont recognize these lines in the hjt
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
I did not delete DDS or do the system restore steps yet in case we are not done. I dont detect any problems on the pc that are noticeable, all appears to be good. it just worries me a bit that the SAS found all this crap left over still. i have not done any browser surfing other than on yahoo and this forum in about a week. Firefox is set to clear private data when it closes and I use CCleaner once in awhile too to clear old temp files. Thanks again buddy, magerac
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/28/2009 at 01:53 AM
Application Version : 4.25.1012
Core Rules Database Version : 3732
Trace Rules Database Version: 1702
Scan type : Quick Scan
Total Scan Time : 03:03:00
Memory items scanned : 676
Memory threats detected : 0
Registry items scanned : 499
Registry threats detected : 0
File items scanned : 333656
File threats detected : 120
Adware.Tracking Cookie
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a.websponsors[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a.websponsors[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@affiliates.commissionaccount[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@airtrafficcontrolequipment[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@airtrafficcontrolequipment[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atwola[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atwola[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@azjmp[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bravenet[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c5.zedo[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cache.trafficmp[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cache.trafficmp[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickarrows[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbooth[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbooth[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager.edgesuite[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager.edgesuite[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d3.zedo[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@date.ventivmedia[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@discounthotelny[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@discounthotelny[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exitexchange[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exitexchange[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exoclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exoclick[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hornymatches[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imediablast[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imediablast[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indextools[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@linkstattrack[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nacromedia[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@partner.finditquick[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@partner.finditquick[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@precisionclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@primetrafficsite[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@redirect.clickshield[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@redirect.clickshield[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sales.liveperson[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sales.liveperson[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchfeed[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchfeed[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serw.clicksor[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serw.clicksor[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@teen[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[4].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.clickxchange[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.clickxchange[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.icityfind[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.icityfind[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[3].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[3].txt
Adware.Vundo Variant
D:\I386\APPS\APP000058\SYSTEM32\USP10.DLL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:14 PM, on 1/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html ... P&M=GM5472
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5472
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5472
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5472
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GM5472
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021}
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 7564 bytes