Hello Excal,
I have attached the WinPFind report and the Trackqoo report below.
WinPFind ReportWARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
web-nex 8/14/2005 8:04:52 PM 1350 C:\WINNT\IE4 Error Log.txt
Checking %System% folder...
PEC2 3/18/2003 10:05:48 PM 2052096 C:\WINNT\SYSTEM32\atl71.pdb
69.59.186.63 9/6/2005 7:36:56 PM 133120 C:\WINNT\SYSTEM32\flkfl.dll
209.66.67.134 9/6/2005 7:36:56 PM 133120 C:\WINNT\SYSTEM32\flkfl.dll
web-nex 9/6/2005 7:36:56 PM 133120 C:\WINNT\SYSTEM32\flkfl.dll
winsync 9/6/2005 7:36:56 PM 133120 C:\WINNT\SYSTEM32\flkfl.dll
69.59.186.63 9/6/2005 7:36:56 PM 181760 C:\WINNT\SYSTEM32\ionioor.dll
209.66.67.134 9/6/2005 7:36:56 PM 181760 C:\WINNT\SYSTEM32\ionioor.dll
web-nex 9/6/2005 7:36:56 PM 181760 C:\WINNT\SYSTEM32\ionioor.dll
winsync 9/6/2005 7:36:56 PM 181760 C:\WINNT\SYSTEM32\ionioor.dll
PEC2 3/19/2003 12:20:00 AM 10357760 C:\WINNT\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 11:28:40 PM 8252416 C:\WINNT\SYSTEM32\MFC71d.pdb
PEC2 3/19/2003 12:12:12 AM 10333184 C:\WINNT\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 11:31:58 PM 8293376 C:\WINNT\SYSTEM32\mfc71ud.pdb
PECompact2 7/6/2005 7:26:32 PM 1366872 C:\WINNT\SYSTEM32\MRT.exe
aspack 7/6/2005 7:26:32 PM 1366872 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 6/19/2003 2:05:04 PM 529168 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 12/7/1999 7:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/10/2005 6:54:24 PM H 54156 C:\WINNT\QTFont.qfn
9/6/2005 7:43:56 PM H 643964 C:\WINNT\ShellIconCache
9/6/2005 7:44:06 PM S 64 C:\WINNT\CSC\00000001
9/4/2005 11:04:46 PM S 64 C:\WINNT\CSC\00000002
9/4/2005 8:51:08 PM S 64 C:\WINNT\CSC\csc1.tmp
7/9/2005 11:35:16 PM H 65 C:\WINNT\Downloaded Program Files\desktop.ini
7/28/2005 7:04:24 PM H 0 C:\WINNT\inf\oem21.inf
9/6/2005 7:38:38 PM H 1024 C:\WINNT\system32\config\default.LOG
9/6/2005 7:47:56 PM H 1024 C:\WINNT\system32\config\SAM.LOG
9/6/2005 7:46:00 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
9/6/2005 7:50:42 PM H 1024 C:\WINNT\system32\config\software.LOG
9/6/2005 7:44:10 PM H 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 12/7/1999 7:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 12/7/1999 7:00:00 AM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 9:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 8/26/2002 12:11:40 PM 36864 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/8/2004 2:12:42 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/7/1999 7:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 8:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 9/23/1999 7:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/26/2002 12:11:40 PM 36864 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/12/2004 2:07:20 PM 703 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
12/7/2004 1:00:22 AM 672 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE Utility.lnk
5/29/2005 7:40:34 PM 1674 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
10/21/2004 9:00:08 PM 1580 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON CardMonitor.lnk
9/6/2005 7:37:02 PM 2303 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
1/25/2004 12:49:28 PM 1568 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/6/2005 7:36:56 PM 417792 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntcn.exe
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
2/20/2004 7:28:48 PM 1568 C:\Documents and Settings\Mohana\Application Data\mpauth.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fqkfqxns
{305f638b-082e-41f2-a810-a457bb11473d} = C:\WINNT\system32\flkfl.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Program Files\TextPad 4\System\shellext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINNT\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AtiPTA Atiptaxx.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Synchronization Manager mobsync.exe /logon
EPSON Stylus CX6400 C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
winsync C:\WINNT\system32\auzaui.exe reg_run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel
= C:\WINNT\system32\cqm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/6/2005 7:57:19 PM
Trackqoo Report[/u]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="Atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Synchronization Manager"="mobsync.exe /logon"
"EPSON Stylus CX6400"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2L1.EXE /P19 \"EPSON Stylus CX6400\" /O6 \"USB001\" /M \"Stylus CX6400\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"winsync"="C:\\WINNT\\system32\\auzaui.exe reg_run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- fqkfqxns
{305f638b-082e-41f2-a810-a457bb11473d}
C:\WINNT\system32\flkfl.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll
Subkey --- TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480}
C:\Program Files\TextPad 4\System\shellext.dll
Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll
Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll
Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll
Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
BlackICE Utility.lnk
Cisco Systems VPN Client.lnk
EPSON CardMonitor.lnk
Microsoft Broadband Networking.lnk
Microsoft Office.lnk
ntcn.exe
==============================
C:\Documents and Settings\Mohana\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
BlackICE Utility.lnk
Cisco Systems VPN Client.lnk
EPSON CardMonitor.lnk
Microsoft Broadband Networking.lnk
Microsoft Office.lnk
ntcn.exe
==============================
C:\WINNT\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
Thanks,
Mona
Edited by Excal, 06 September 2005 - 07:26 PM.