Application backdoor suspect

[skp () sargam com]

We have a very unusual situation. We have a client that uses a software to
connect to a vendor for information.

This software connects and than says synchronizing. Here is where we have
issues with the client. If a computer connecting has been once used by a
employee who is not with the company anymore than the sync process errors
out. Although no username is asked until after the synch the software still
sends info to the main server during the synch process. It apparently sends
info of the employee that used the computer before.

If the software connects from a newly installed OS than no issues it sync's
and than ask for a username password.

We tried uninstalling the software getting rid of any registry key that
references the software and than reinstalled. Still error if connecting from
a machine used by a ex-employee. The vendor says since the account has been
disabled that's why the error. Issue is that the software should not look
for a username password at the synch process.


My question is there a way to see what files the application is calling on
during the synch process. I want to see what other info it is sending. Its
troubling to know that the app is sending info that is not relevant to its
starting up.


SKP