Thanks for the quick turnaround. I did the recommended steps and here are the log files
-----------------------------WinPFind---------------------------------------------------
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 6/17/2005 7:41:44 PM 3335839 C:\WINDOWS\pPokerSetup.exe
Checking %System% folder...
PEC2 3/18/2003 9:05:48 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 8/4/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
69.59.186.63 8/30/2005 9:20:32 AM 10240 C:\WINDOWS\SYSTEM32\eenaa.dll
209.66.67.134 8/30/2005 9:20:32 AM 10240 C:\WINDOWS\SYSTEM32\eenaa.dll
web-nex 8/30/2005 9:20:32 AM 10240 C:\WINDOWS\SYSTEM32\eenaa.dll
winsync 8/30/2005 9:20:32 AM 10240 C:\WINDOWS\SYSTEM32\eenaa.dll
69.59.186.63 8/30/2005 9:20:32 AM 46080 C:\WINDOWS\SYSTEM32\ffjsskd.dll
209.66.67.134 8/30/2005 9:20:32 AM 46080 C:\WINDOWS\SYSTEM32\ffjsskd.dll
web-nex 8/30/2005 9:20:32 AM 46080 C:\WINDOWS\SYSTEM32\ffjsskd.dll
winsync 8/30/2005 9:20:32 AM 46080 C:\WINDOWS\SYSTEM32\ffjsskd.dll
PEC2 3/18/2003 11:20:00 PM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 10:28:40 PM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 11:12:12 PM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 10:31:58 PM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
aspack 8/4/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 4/15/2005 4:53:02 PM 197120 C:\WINDOWS\SYSTEM32\screensaver.scr
winsync 8/4/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 1:34:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/30/2005 3:14:56 PM S 2048 C:\WINDOWS\bootstat.dat
8/30/2005 3:13:26 PM S 64 C:\WINDOWS\CSC\00000001
8/30/2005 3:14:46 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/30/2005 3:16:06 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/30/2005 3:14:58 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
8/30/2005 3:19:32 PM H 163840 C:\WINDOWS\system32\config\software.LOG
8/30/2005 3:15:02 PM H 1093632 C:\WINDOWS\system32\config\system.LOG
8/8/2005 9:30:42 AM HS 664 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\650a1baf-2f2e-4d50-a59d-f3de81e0cab1
8/8/2005 9:30:42 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
7/28/2005 8:39:10 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\13f1bb5d-d5b9-42d3-b17d-f0e9fce5bd15
7/28/2005 8:39:10 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/30/2005 3:13:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/8/2004 3:12:42 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 2/23/2003 2:05:00 AM 65584 C:\WINDOWS\SYSTEM32\SMSCfg.cpl
Microsoft Corporation 2/23/2003 2:05:00 AM 38944 C:\WINDOWS\SYSTEM32\SMSCPL32.cpl
Microsoft Corporation 2/23/2003 2:05:00 AM 60448 C:\WINDOWS\SYSTEM32\smsrc.cpl
Sony Corporation 8/6/2002 6:00:00 PM 53248 C:\WINDOWS\SYSTEM32\SNSetup.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
8/30/2005 1:34:58 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/3/2004 2:03:24 PM 167704 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/3/2004 2:03:24 PM 167704 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
4/13/2005 2:57:08 PM 666 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cctray.lnk
10/29/2004 2:08:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/1/2004 12:21:56 PM 815 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
8/30/2005 9:20:30 AM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rrka.exe
10/29/2004 4:26:00 PM 1852 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
11/3/2004 11:17:52 AM 801 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to HKServ.lnk
11/3/2004 11:18:08 AM 843 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to SPMgr.lnk
8/30/2005 9:20:30 AM 2447 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
3/4/2005 1:14:42 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/29/2004 7:45:18 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
10/29/2004 2:08:32 PM HS 84 C:\Documents and Settings\Sean\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
10/29/2004 7:45:18 AM HS 62 C:\Documents and Settings\Sean\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mmnyxtkx
{f22e3db6-6c2a-4d2f-8dfb-4ad8054bf4bb} = C:\WINDOWS\system32\eenaa.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OfficeScan NT
{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} = C:\Program Files\Trend Micro\OfficeScan Client\tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\P4Exp
{6A23F5CE-AE86-47de-97F8-8A7BED9C9F19} = C:\Program Files\Perforce\p4exp.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Program Files\TextPad 4\System\shellext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\P4Exp
{6A23F5CE-AE86-47de-97F8-8A7BED9C9F19} = C:\Program Files\Perforce\p4exp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OfficeScan NT
{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} = C:\Program Files\Trend Micro\OfficeScan Client\tmdshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\P4Exp
{6A23F5CE-AE86-47de-97F8-8A7BED9C9F19} = C:\Program Files\Perforce\p4exp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{588C9FE0-885D-4194-B9FF-29C6F1481026}
= C:\Program Files\Perforce\p4exp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\system32\wuauclt.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = @C:\Program Files\Messenger\Msgslang.dll,-61144 : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ISBMgr.exe D:\Program Files\Sony\ISB Utility\ISBMgr.exe
SonyPowerCfg C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
Apoint C:\Program Files\Apoint\Apoint.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKSERV.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe
Switcher.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Hcontrol C:\WINDOWS\Hcontrol.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
Picasa Media Detector C:\Program Files\Picasa2\PicasaMediaDetector.exe
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
MsmqIntCert regsvr32 /s mqrt.dll
SC4
RA_XP C:\Program Files\WholeSecurity\Enterprise Edition\EnterpriseRA.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
winsync C:\WINDOWS\system32\ssgps4.exe reg_run
SMS Application Launcher C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key ûÇú÷ˆBmª-ldŸ¨€
Hint agent
FileName0 C:\WINDOWS\system32\RSACi.rat
WarnOnOff 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\
http://www.rsac.org/ratingsv01.html
v 0
s 0
n 0
l 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption PLEASE READ FOR IMPORTANT INFORMATION
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/30/2005 3:27:49 PM
-----------------------------TrackQOO--------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ISBMgr.exe"="D:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"Hcontrol"="C:\\WINDOWS\\Hcontrol.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"SC4"=""
"RA_XP"="C:\\Program Files\\WholeSecurity\\Enterprise Edition\\EnterpriseRA.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"winsync"="C:\\WINDOWS\\system32\\ssgps4.exe reg_run"
"SMS Application Launcher"="C:\\WINDOWS\\MS\\SMS\\CORE\\BIN\\LAUNCH32.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- mmnyxtkx
{f22e3db6-6c2a-4d2f-8dfb-4ad8054bf4bb}
C:\WINDOWS\system32\eenaa.dll
Subkey --- OfficeScan NT
{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}
C:\Program Files\Trend Micro\OfficeScan Client\tmdshell.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- P4Exp
{6A23F5CE-AE86-47de-97F8-8A7BED9C9F19}
C:\Program Files\Perforce\p4exp.dll
Subkey --- TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480}
C:\Program Files\TextPad 4\System\shellext.dll
Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll
Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Subkey --- WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B}
C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {588C9FE0-885D-4194-B9FF-29C6F1481026}
C:\Program Files\Perforce\p4exp.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {6EC11407-5B2E-4E25-8BDF-77445B52AB37}
C:\WINDOWS\system32\wuauclt.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
cctray.lnk
desktop.ini
Post-it® Software Notes Lite.lnk
rrka.exe
Service Manager.lnk
Shortcut to HKServ.lnk
Shortcut to SPMgr.lnk
VPN Client.lnk
WinZip Quick Pick.lnk
==============================
C:\Documents and Settings\Sean.Sutherland\Start Menu\Programs\Startup
cctray.lnk
desktop.ini
Post-it® Software Notes Lite.lnk
rrka.exe
Service Manager.lnk
Shortcut to HKServ.lnk
Shortcut to SPMgr.lnk
VPN Client.lnk
WinZip Quick Pick.lnk
desktop.ini
Konfabulator.lnk
==============================
C:\WINDOWS\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
SMSCfg.cpl Microsoft Corporation
SMSCPL32.cpl Microsoft Corporation
smsrc.cpl Microsoft Corporation
SNSetup.cpl Sony Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
vgactl.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation