Hello,
I have attached the WinPFind and Trackqoo reports below.
WinPFind WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
web-nex 8/14/2005 8:04:52 PM 1350 C:\WINNT\IE4 Error Log.txt
Checking %System% folder...
PEC2 3/18/2003 10:05:48 PM 2052096 C:\WINNT\SYSTEM32\atl71.pdb
69.59.186.63 8/30/2005 6:50:08 PM 10240 C:\WINNT\SYSTEM32\jbkjb.dll
209.66.67.134 8/30/2005 6:50:08 PM 10240 C:\WINNT\SYSTEM32\jbkjb.dll
web-nex 8/30/2005 6:50:08 PM 10240 C:\WINNT\SYSTEM32\jbkjb.dll
winsync 8/30/2005 6:50:08 PM 10240 C:\WINNT\SYSTEM32\jbkjb.dll
PEC2 3/19/2003 12:20:00 AM 10357760 C:\WINNT\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 11:28:40 PM 8252416 C:\WINNT\SYSTEM32\MFC71d.pdb
PEC2 3/19/2003 12:12:12 AM 10333184 C:\WINNT\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 11:31:58 PM 8293376 C:\WINNT\SYSTEM32\mfc71ud.pdb
PECompact2 7/6/2005 7:26:32 PM 1366872 C:\WINNT\SYSTEM32\MRT.exe
aspack 7/6/2005 7:26:32 PM 1366872 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 6/19/2003 2:05:04 PM 529168 C:\WINNT\SYSTEM32\RASDLG.DLL
69.59.186.63 8/30/2005 6:50:08 PM 46080 C:\WINNT\SYSTEM32\sgdsgsj.dll
209.66.67.134 8/30/2005 6:50:08 PM 46080 C:\WINNT\SYSTEM32\sgdsgsj.dll
web-nex 8/30/2005 6:50:08 PM 46080 C:\WINNT\SYSTEM32\sgdsgsj.dll
winsync 8/30/2005 6:50:08 PM 46080 C:\WINNT\SYSTEM32\sgdsgsj.dll
winsync 12/7/1999 7:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
69.59.186.63 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
winsync 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 6:44:36 PM 30720 C:\WINNT\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/10/2005 6:54:24 PM H 54156 C:\WINNT\QTFont.qfn
9/1/2005 8:12:12 PM H 1285080 C:\WINNT\ShellIconCache
9/1/2005 8:13:28 PM S 64 C:\WINNT\CSC\00000001
8/15/2005 6:05:56 PM S 64 C:\WINNT\CSC\00000002
8/10/2005 8:17:14 AM S 64 C:\WINNT\CSC\csc1.tmp
7/9/2005 11:35:16 PM H 65 C:\WINNT\Downloaded Program Files\desktop.ini
7/28/2005 7:04:24 PM H 0 C:\WINNT\inf\oem21.inf
8/30/2005 6:51:22 PM H 1024 C:\WINNT\system32\config\default.LOG
9/1/2005 8:17:20 PM H 1024 C:\WINNT\system32\config\SAM.LOG
9/1/2005 8:15:24 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
9/1/2005 8:20:02 PM H 1024 C:\WINNT\system32\config\software.LOG
9/1/2005 8:13:32 PM H 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 12/7/1999 7:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 12/7/1999 7:00:00 AM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 9:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 8/26/2002 12:11:40 PM 36864 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/8/2004 2:12:42 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/7/1999 7:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
8/30/2005 6:44:36 PM 31744 C:\WINNT\SYSTEM32\vgactl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 9/23/1999 7:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/26/2002 12:11:40 PM 36864 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/12/2004 2:07:20 PM 703 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
12/7/2004 1:00:22 AM 672 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE Utility.lnk
5/29/2005 7:40:34 PM 1674 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
10/21/2004 9:00:08 PM 1580 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON CardMonitor.lnk
4/10/2005 9:55:34 PM 782 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
8/30/2005 6:50:42 PM 2303 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
1/25/2004 12:49:28 PM 1568 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
8/30/2005 6:50:06 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntcn.exe
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
2/20/2004 7:28:48 PM 1568 C:\Documents and Settings\Mohana\Application Data\mpauth.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fqkfqxns
{533db6ae-2ecf-490a-8d60-5d3fc3d4472f} = C:\WINNT\system32\jbkjb.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Program Files\TextPad 4\System\shellext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINNT\system32\wuauclt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINNT\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AtiPTA Atiptaxx.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Synchronization Manager mobsync.exe /logon
EPSON Stylus CX6400 C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
VBouncer C:\PROGRA~1\VBouncer\VirtualBouncer.exe
wnqguryw c:\winnt\system32\wnqguryw.exe
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
winsync C:\WINNT\system32\lddlds.exe reg_run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel
= C:\WINNT\system32\cqm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/1/2005 8:27:01 PM
Trackqoo ReportREGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="Atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Synchronization Manager"="mobsync.exe /logon"
"EPSON Stylus CX6400"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2L1.EXE /P19 \"EPSON Stylus CX6400\" /O6 \"USB001\" /M \"Stylus CX6400\""
"VBouncer"="C:\\PROGRA~1\\VBouncer\\VirtualBouncer.exe"
"wnqguryw"="c:\\winnt\\system32\\wnqguryw.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"winsync"="C:\\WINNT\\system32\\lddlds.exe reg_run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- fqkfqxns
{533db6ae-2ecf-490a-8d60-5d3fc3d4472f}
C:\WINNT\system32\jbkjb.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll
Subkey --- TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480}
C:\Program Files\TextPad 4\System\shellext.dll
Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll
Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll
Subkey --- {6EC11407-5B2E-4E25-8BDF-77445B52AB37}
C:\WINNT\system32\wuauclt.dll
Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll
Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
BlackICE Utility.lnk
Cisco Systems VPN Client.lnk
EPSON CardMonitor.lnk
Free WebSite Tools.lnk
Microsoft Broadband Networking.lnk
Microsoft Office.lnk
ntcn.exe
==============================
C:\Documents and Settings\Mohana\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
BlackICE Utility.lnk
Cisco Systems VPN Client.lnk
EPSON CardMonitor.lnk
Free WebSite Tools.lnk
Microsoft Broadband Networking.lnk
Microsoft Office.lnk
ntcn.exe
==============================
C:\WINNT\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
DESK.CPL Microsoft Corporation
fax.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sticpl.cpl Microsoft Corporation
SYSDM.CPL Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
vgactl.cpl
wuaucpl.cpl Microsoft Corporation
Thanks,
Mona
Edited by njustice, 02 September 2005 - 08:06 AM.