I have been infected by this dreaded virus over the weekend. Here is my hijackthis log anyhelp will be greatly appreciated.thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:20 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Windows\System32\CTT\XYNTService.exe
C:\Windows\System32\CTT\Comm_Select.exe
C:\Program Files\Cisco\RSVPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\EDSER_TOOLBAR\LOCK_WATCH.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synergy\synergyc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\taskmgr.exe
C:\downloads\Hijack(GP)This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.usaac.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.us.army.mil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.us.army.mil/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DVConfigUpdate] C:\Program Files\Tumbleweed\Desktop Validator\dvconfigupdate.exe
O4 - HKLM\..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [SCANDEL] C:\~USAAC\Ops\SCANDEL\FI.BAT
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PROD_DNS] C:\~USAAC\Wkstn_CFG\DNS\PRODUCTION\DNS_APPLAUNCHER.exe
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [USAAC_URPP] C:\~USAAC\Wkstn_CFG\Misc\UURPP.Exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [EDS_DNS_TOOL] C:\Program Files\EDSER_TOOLBAR\LOCK_WATCH.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: ApproveIt for Office Setup.lnk = ?
O4 - Global Startup: ApproveIt StartUp.lnk = ?
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RSVPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: EDS DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\WINDOWS\SYSTEM32\~EDSDNS.VBS
O9 - Extra 'Tools' menuitem: EDS DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\WINDOWS\SYSTEM32\~EDSDNS.VBS
O9 - Extra button: ARMY DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39737} - C:\WINDOWS\SYSTEM32\~USARECDNS.VBS
O9 - Extra 'Tools' menuitem: ARMY DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39737} - C:\WINDOWS\SYSTEM32\~USARECDNS.VBS
O9 - Extra button: SAPWEB - {70954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\EDSER_TOOLBAR\~SAPWEB.exe
O9 - Extra 'Tools' menuitem: SAPWEB - {70954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\EDSER_TOOLBAR\~SAPWEB.exe
O9 - Extra button: INFOCENTRE - {70954C80-4F0F-11d3-B17C-00C0DFE39739} - C:\WINDOWS\SYSTEM32\~INFOCENTRE.VBS
O9 - Extra 'Tools' menuitem: INFOCENTRE - {70954C80-4F0F-11d3-B17C-00C0DFE39739} - C:\WINDOWS\SYSTEM32\~INFOCENTRE.VBS
O9 - Extra button: PROJECT CENTRAL - {70954C80-4F0F-11d3-B17C-00C0DFE39740} - C:\WINDOWS\SYSTEM32\~PROJECTCENTRAL.VBS
O9 - Extra 'Tools' menuitem: PROJECT CENTRAL - {70954C80-4F0F-11d3-B17C-00C0DFE39740} - C:\WINDOWS\SYSTEM32\~PROJECTCENTRAL.VBS
O9 - Extra button: EDS PAY STUB - {70954C80-4F0F-11d3-B17C-00C0DFE39741} - C:\WINDOWS\SYSTEM32\~PAYSTUB.VBS
O9 - Extra 'Tools' menuitem: EDS PAY STUB - {70954C80-4F0F-11d3-B17C-00C0DFE39741} - C:\WINDOWS\SYSTEM32\~PAYSTUB.VBS
O9 - Extra button: EDS_OWA - {7BA2E250-8076-23C6-6FF3-12F35C72CCFA} - C:\Program Files\EDSER_TOOLBAR\~EDS_OWA.exe
O9 - Extra 'Tools' menuitem: EDS_OWA - {7BA2E250-8076-23C6-6FF3-12F35C72CCFA} - C:\Program Files\EDSER_TOOLBAR\~EDS_OWA.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://my.usaac.army.mil (HKLM)
O15 - Trusted Zone: *.army.mil (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195477946815
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: Pointsec Media Encryption - C:\WINDOWS\SYSTEM32\pmewnp.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Comm_Select - Unknown owner - C:\Windows\System32\CTT\XYNTService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco\RSVPN Client\cvpnd.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Media Encryption Logging Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
O23 - Service: Pointsec Media Encryption Policy Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
O23 - Service: Pointsec Media Encryption Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Tumbleweed Desktop Validator - Tumbleweed Communications Inc. - C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
--
End of file - 14618 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:20 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Windows\System32\CTT\XYNTService.exe
C:\Windows\System32\CTT\Comm_Select.exe
C:\Program Files\Cisco\RSVPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\EDSER_TOOLBAR\LOCK_WATCH.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synergy\synergyc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\taskmgr.exe
C:\downloads\Hijack(GP)This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.usaac.army.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.us.army.mil/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.us.army.mil/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DVConfigUpdate] C:\Program Files\Tumbleweed\Desktop Validator\dvconfigupdate.exe
O4 - HKLM\..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [SCANDEL] C:\~USAAC\Ops\SCANDEL\FI.BAT
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PROD_DNS] C:\~USAAC\Wkstn_CFG\DNS\PRODUCTION\DNS_APPLAUNCHER.exe
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [USAAC_URPP] C:\~USAAC\Wkstn_CFG\Misc\UURPP.Exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [EDS_DNS_TOOL] C:\Program Files\EDSER_TOOLBAR\LOCK_WATCH.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: ApproveIt for Office Setup.lnk = ?
O4 - Global Startup: ApproveIt StartUp.lnk = ?
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RSVPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: EDS DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\WINDOWS\SYSTEM32\~EDSDNS.VBS
O9 - Extra 'Tools' menuitem: EDS DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\WINDOWS\SYSTEM32\~EDSDNS.VBS
O9 - Extra button: ARMY DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39737} - C:\WINDOWS\SYSTEM32\~USARECDNS.VBS
O9 - Extra 'Tools' menuitem: ARMY DNS - {70954C80-4F0F-11d3-B17C-00C0DFE39737} - C:\WINDOWS\SYSTEM32\~USARECDNS.VBS
O9 - Extra button: SAPWEB - {70954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\EDSER_TOOLBAR\~SAPWEB.exe
O9 - Extra 'Tools' menuitem: SAPWEB - {70954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\EDSER_TOOLBAR\~SAPWEB.exe
O9 - Extra button: INFOCENTRE - {70954C80-4F0F-11d3-B17C-00C0DFE39739} - C:\WINDOWS\SYSTEM32\~INFOCENTRE.VBS
O9 - Extra 'Tools' menuitem: INFOCENTRE - {70954C80-4F0F-11d3-B17C-00C0DFE39739} - C:\WINDOWS\SYSTEM32\~INFOCENTRE.VBS
O9 - Extra button: PROJECT CENTRAL - {70954C80-4F0F-11d3-B17C-00C0DFE39740} - C:\WINDOWS\SYSTEM32\~PROJECTCENTRAL.VBS
O9 - Extra 'Tools' menuitem: PROJECT CENTRAL - {70954C80-4F0F-11d3-B17C-00C0DFE39740} - C:\WINDOWS\SYSTEM32\~PROJECTCENTRAL.VBS
O9 - Extra button: EDS PAY STUB - {70954C80-4F0F-11d3-B17C-00C0DFE39741} - C:\WINDOWS\SYSTEM32\~PAYSTUB.VBS
O9 - Extra 'Tools' menuitem: EDS PAY STUB - {70954C80-4F0F-11d3-B17C-00C0DFE39741} - C:\WINDOWS\SYSTEM32\~PAYSTUB.VBS
O9 - Extra button: EDS_OWA - {7BA2E250-8076-23C6-6FF3-12F35C72CCFA} - C:\Program Files\EDSER_TOOLBAR\~EDS_OWA.exe
O9 - Extra 'Tools' menuitem: EDS_OWA - {7BA2E250-8076-23C6-6FF3-12F35C72CCFA} - C:\Program Files\EDSER_TOOLBAR\~EDS_OWA.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://my.usaac.army.mil (HKLM)
O15 - Trusted Zone: *.army.mil (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195477946815
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: Pointsec Media Encryption - C:\WINDOWS\SYSTEM32\pmewnp.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Comm_Select - Unknown owner - C:\Windows\System32\CTT\XYNTService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco\RSVPN Client\cvpnd.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Media Encryption Logging Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmelog.exe
O23 - Service: Pointsec Media Encryption Policy Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmepol.exe
O23 - Service: Pointsec Media Encryption Service - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Pointsec Media Encryption\Program\pmefsvc.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Tumbleweed Desktop Validator - Tumbleweed Communications Inc. - C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
--
End of file - 14618 bytes