[===============] AnalyzerXP by TL - forum.networktechs.com (
www.IamNotaGeek.com) [===============]
16/01/2007
19:06
Some of the files listed could be safe and valid, so before you do anything, research further.
You could also submit this log on forum.networktechs.com - Spyware Central for help.
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 16/01/2007 at 19:04:10
RSOP results for DILAN\Dilan Shah on DILAN : Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Standalone Workstation
OS Version: 5.1.2600
Domain Name: DILAN
Domain Type: N/A<Local Computer>
Site Name: N/A
Roaming Profile:
Local Profile: C:\Documents and Settings\Dilan Shah
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 16/01/2007 at 18:40:50
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: 16/01/2007 at 18:40:50
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
None
Everyone
Debugger Users
BUILTIN\Administrators
BUILTIN\Users
LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS\Tasks
04/12/2006 23:34 284 AppleSoftwareUpdate.job
1 File(s) 284 bytes
0 Dir(s) 3,745,669,120 bytes free
TaskName Next Run Time Status
==================================== ======================== ===============
AppleSoftwareUpdate 16:26:00, 19/01/2007
MP Scheduled Scan 02:15:00, 17/01/2007
INFO: No event triggers found.
=====] Looking for suspicious file types in WINDOWS folder:
W32i - - - - 53,248 09-15-2003 c:\windows\apprun.exe
W32i - - - - 129,536 07-23-1999 c:\windows\auhccup1.dll
W32i - - - - 224,256 03-31-1999 c:\windows\comctl32.oca
W32i - - - - 71,749 10-28-2005 c:\windows\hcextoutput.dll
W32i - - - - 43,520 03-31-1999 c:\windows\msmapi32.oca
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS
05/12/2002 17:23 19,274 001299_.tmp
02/04/2006 12:37 19,528 003920_.tmp
10/12/2002 16:15 69,632 DUMP478c.tmp
10/12/2002 16:15 69,632 DUMP4b39.tmp
10/12/2002 16:15 69,632 DUMP4c0b.tmp
10/12/2002 16:15 69,632 DUMP4fc3.tmp
10/12/2002 16:15 69,632 DUMP546b.tmp
10/12/2002 16:15 69,632 DUMP57d2.tmp
10/12/2002 16:15 69,632 DUMP59c7.tmp
10/12/2002 16:15 69,632 DUMP60c7.tmp
10/12/2002 16:15 69,632 DUMP6121.tmp
10/12/2002 16:15 69,632 DUMP6199.tmp
10/12/2002 16:15 69,632 DUMP6515.tmp
10/12/2002 16:15 69,632 DUMP66d7.tmp
10/12/2002 16:15 69,632 DUMP6c29.tmp
10/12/2002 16:15 69,632 DUMP6d6a.tmp
10/12/2002 16:15 69,632 DUMP6eb4.tmp
19 File(s) 2,182,803 bytes
0 Dir(s) 3,745,651,712 bytes free
W32i - - - - 262,416 10-17-1999 c:\windows\system32\asfv2.dll
W32i - - - - 2,067,140 11-29-2005 c:\windows\system32\avcodec.dll
W32i - - - - 24,576 08-15-2003 c:\windows\system32\coinst.dll
W32i - - - - 23,040 09-18-2000 c:\windows\system32\cssms_in.dll
DOS - - - - 9,833 09-03-2001 c:\windows\system32\ddmi.vxd
DOS - - - - 9,321 11-11-2001 c:\windows\system32\dlpt.vxd
W32i - - - - 20,480 07-01-2002 c:\windows\system32\mpfapi.dll
DOS - - - - 25,225 11-27-2002 c:\windows\system32\mpfirewl.vxd
W32i - - - - 45,056 09-24-2001 c:\windows\system32\navlogon.dll
DOS - - - - 5,672 08-17-1998 c:\windows\system32\quartz.vxd
DOS - - - - 120,379 09-24-2001 c:\windows\system32\symevnt.386
W16 - - - - 10,240 08-17-1998 c:\windows\system32\vidx16.dll
W16 - - - - 11,776 03-25-2003 c:\windows\system32\zport4as.dll
W32i - - - - 55,936 12-06-2002 c:\windows\system32\drivers\mpfirewall.sys
W32i - - - - 27,440 08-23-2001 c:\windows\system32\drivers\secdrv.sys
SafeDisk Driver (used by games to authenticate CD and prevent burning a copy of protected applications) has been detected on this system! If everything is working fine, ignore this entry.
02/03/2006 11:17 0 02.tmp
10/12/2006 19:50 1,744 d3d9caps.dat
05/09/2006 23:01 2,451,824 ieapfltr.dat
W32i DLL ENU 58.6.0.0 shp 141,424 08-24-2006 c:\windows\downloaded program files\asinst.dll
W32i DLL ENU 6.5.2.7 shp 357,376 02-02-2006 c:\windows\downloaded program files\housecall_activex.dll
W32i DLL ENU 1.0.0.2 shp 113,152 03-17-2005 c:\windows\downloaded program files\msnmessengersetupdownloader.ocx
W32i DLL ENU 2004.3.0.20 shp 124,072 12-22-2004 c:\windows\downloaded program files\naveng32.dll
W32i DLL ENU 2004.3.0.20 shp 685,224 12-22-2004 c:\windows\downloaded program files\navex32a.dll
W32i DLL ENU 5.70.0.1088 shp 435,712 10-03-2005 c:\windows\downloaded program files\xscan53.ocx
=====] List of files located at the root of the C Drive:
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\
21/09/2006 08:49 9,820 2EF.tmp
01/12/2002 11:21 245,792 CLASSES.1ST
01/12/2002 11:38 0 CONFIG.BAK
12/01/2007 15:12 0 conmgr.log
02/12/2002 00:09 16 CTJINI.INI
02/01/2007 20:22 192,652 hpfr5550.log
26/12/2004 15:43 348 install.log
01/12/2002 11:10 3,833 RECOVERY.LOG
01/12/2002 15:04 470 SCANDISK.LOG
26/12/2004 15:59 3,723 _NavCClt.Log
24 File(s) 463,324 bytes
0 Dir(s) 3,745,650,176 bytes free
=====] Directory Analysis - PROGRAM FILES:
04/12/2006 23:37 <DIR> iPod
04/12/2006 23:37 <DIR> iTunes
21/08/2006 14:46 <DIR> Windows Defender
17/08/2006 15:46 <DIR> Driving Test Success 2006-2007
24/04/2006 09:23 <DIR> ArcSoft
03/04/2006 12:30 <DIR> Ahead
01/04/2006 15:59 <DIR> SAMSUNG
01/04/2006 09:38 <DIR> Elaborate Bytes
30/03/2006 18:03 <DIR> FileZilla
16/03/2006 22:41 <DIR> WinRAR
(Ignore the ones you know of)
=====] Directory Analysis - COMMON FILES (subfolder of Program Files folder):
04/04/2006 22:21 <DIR> L&H
03/04/2006 12:32 <DIR> Nero
=====] Directory Analysis - WINDOWS folder:
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS
10/01/2007 14:42 <DIR> ie7updates
09/12/2006 12:00 <DIR> WBEM
09/12/2006 11:58 <DIR> ie7
03/04/2006 12:33 <DIR> InCD
24/08/2005 19:24 <DIR> report
24/08/2005 19:24 <DIR> AU_Backup
24/08/2005 19:20 <DIR> AU_Log
09/05/2005 17:05 <DIR> Downloaded Installations
15/12/2004 11:25 <DIR> Motive
10/10/2004 18:21 <DIR> occache
31/03/2004 20:55 <DIR> henry screensaver dir
04/12/2002 23:48 <DIR> Minidump
04/12/2002 09:59 <DIR> Modio
0 File(s) 0 bytes
189 Dir(s) 3,745,650,176 bytes free
=====] Process Analysis - User-based processes with their Services:
Image Name PID Services
========================= ====== =============================================
WebClient
sqlservr.exe 196 MSSQL$SQLEXPRESS
AOLDial.exe 500 N/A
AOLSP Scheduler.exe 516 N/A
dslstat.exe 568 N/A
dslagent.exe 652 N/A
fts.exe 748 N/A
MpfTray.exe 1012 N/A
ctfmon.exe 1476 N/A
MpfAgent.exe 1804 N/A
alg.exe 2484 ALG
=====] Process Analysis - Currently running Service based Processes:
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
InCDsrv.exe 1068 Console 0 2,344 K
AOLacsd.exe 1780 Console 0 2,456 K
defwatch.exe 1848 Console 0 1,380 K
ewidoctrl.exe 1896 Console 0 2,056 K
inetinfo.exe 1916 Console 0 9,688 K
mdm.exe 1960 Console 0 3,336 K
MpfService.exe 2000 Console 0 2,984 K
sqlservr.exe 196 Console 0 1,104 K
AOLDial.exe 500 Console 0 1,084 K
AOLSP Scheduler.exe 516 Console 0 1,040 K
dslstat.exe 568 Console 0 784 K
dslagent.exe 652 Console 0 320 K
fts.exe 748 Console 0 1,456 K
MpfTray.exe 1012 Console 0 4,624 K
ctfmon.exe 1476 Console 0 1,824 K
MpfAgent.exe 1804 Console 0 1,060 K
alg.exe 2484 Console 0 3,464 K
[====================] End of Log [====================]
Reply With Quote