[===============] AnalyzerXP by TL - forum.networktechs.com (
www.IamNotaGeek.com) [===============]
22/01/2007
14:15
Some of the files listed could be safe and valid, so before you do anything, research further.
You could also submit this log on forum.networktechs.com - Spyware Central for help.
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 22/01/2007 at 14:12:17
RSOP results for DILAN\Dilan Shah on DILAN : Logging Mode
----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Standalone Workstation
OS Version: 5.1.2600
Domain Name: DILAN
Domain Type: N/A<Local Computer>
Site Name: N/A
Roaming Profile:
Local Profile: C:\Documents and Settings\Dilan Shah
Connected over a slow link?: Yes
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 22/01/2007 at 13
23
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
Last time Group Policy was applied: 22/01/2007 at 13
23
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
None
Everyone
Debugger Users
BUILTIN\Administrators
BUILTIN\Users
LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS\Tasks
04/12/2006 23:34 284 AppleSoftwareUpdate.job
1 File(s) 284 bytes
0 Dir(s) 3,623,675,904 bytes free
TaskName Next Run Time Status
==================================== ======================== ===============
AppleSoftwareUpdate 16:26:00, 26/01/2007
MP Scheduled Scan 02:15:00, 23/01/2007
INFO: No event triggers found.
=====] Looking for suspicious file types in WINDOWS folder:
W32i - - - - 224,256 03-31-1999 c:\windows\comctl32.oca
W32i - - - - 43,520 03-31-1999 c:\windows\msmapi32.oca
W32i - - - - 53,248 09-15-2003 c:\windows\_apprun.eee
W32i - - - - 129,536 07-23-1999 c:\windows\_auhccup1.lld
W32i - - - - 71,749 10-28-2005 c:\windows\_hcextoutput.lld
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS
W32i - - - - 2,067,140 11-29-2005 c:\windows\system32\avcodec.dll
W32i - - - - 24,576 08-15-2003 c:\windows\system32\coinst.dll
W32i - - - - 23,040 09-18-2000 c:\windows\system32\cssms_in.dll
DOS - - - - 9,833 09-03-2001 c:\windows\system32\ddmi.vxd
DOS - - - - 9,321 11-11-2001 c:\windows\system32\dlpt.vxd
W32i - - - - 20,480 07-01-2002 c:\windows\system32\mpfapi.dll
DOS - - - - 25,225 11-27-2002 c:\windows\system32\mpfirewl.vxd
W32i - - - - 45,056 09-24-2001 c:\windows\system32\navlogon.dll
DOS - - - - 5,672 08-17-1998 c:\windows\system32\quartz.vxd
DOS - - - - 120,379 09-24-2001 c:\windows\system32\symevnt.386
W16 - - - - 10,240 08-17-1998 c:\windows\system32\vidx16.dll
W32i - - - - 262,416 10-17-1999 c:\windows\system32\_asfv2.lld
W16 - - - - 11,776 03-25-2003 c:\windows\system32\_zport4as.lld
W32i - - - - 55,936 12-06-2002 c:\windows\system32\drivers\mpfirewall.sys
W32i - - - - 27,440 08-23-2001 c:\windows\system32\drivers\secdrv.sys
SafeDisk Driver (used by games to authenticate CD and prevent burning a copy of protected applications) has been detected on this system! If everything is working fine, ignore this entry.
05/09/2006 23:01 2,451,824 ieapfltr.dat
=====] List of files located at the root of the C Drive:
Volume in drive C has no label.
Volume Serial Number is 20E8-C18D
Directory of C:\
01/12/2002 11:21 245,792 CLASSES.1ST
01/12/2002 11:38 0 CONFIG.BAK
18/01/2007 22:20 0 conmgr.log
19/01/2007 17:31 193,508 hpfr5550.log
26/12/2004 15:43 348 install.log
01/12/2002 11:10 3,833 RECOVERY.LOG
01/12/2002 15:04 470 SCANDISK.LOG
26/12/2004 15:59 3,723 _NavCClt.Log
21 File(s) 453,308 bytes
0 Dir(s) 3,623,391,744 bytes free
=====] Directory Analysis - PROGRAM FILES:
04/12/2006 23:37 <DIR> iPod
04/12/2006 23:37 <DIR> iTunes
21/08/2006 14:46 <DIR> Windows Defender
17/08/2006 15:46 <DIR> Driving Test Success 2006-2007
24/04/2006 09:23 <DIR> ArcSoft
03/04/2006 12:30 <DIR> Ahead
01/04/2006 15:59 <DIR> SAMSUNG
01/04/2006 09:38 <DIR> Elaborate Bytes
30/03/2006 18:03 <DIR> FileZilla
16/03/2006 22:41 <DIR> WinRAR
(Ignore the ones you know of)
=====] Directory Analysis - COMMON FILES (subfolder of Program Files folder):
04/04/2006 22:21 <DIR> L&H
03/04/2006 12:32 <DIR> Nero
=====] Directory Analysis - WINDOWS folder:
Volume Serial Number is 20E8-C18D
Directory of C:\WINDOWS
10/01/2007 14:42 <DIR> ie7updates
09/12/2006 12:00 <DIR> WBEM
09/12/2006 11:58 <DIR> ie7
03/04/2006 12:33 <DIR> InCD
24/08/2005 19:24 <DIR> report
24/08/2005 19:24 <DIR> AU_Backup
24/08/2005 19:20 <DIR> AU_Log
09/05/2005 17:05 <DIR> Downloaded Installations
15/12/2004 11:25 <DIR> Motive
10/10/2004 18:21 <DIR> occache
31/03/2004 20:55 <DIR> henry screensaver dir
04/12/2002 23:48 <DIR> Minidump
04/12/2002 09:59 <DIR> Modio
0 File(s) 0 bytes
189 Dir(s) 3,623,416,832 bytes free
=====] Process Analysis - User-based processes with their Services:
Image Name PID Services
========================= ====== =============================================
WebClient
sqlservr.exe 188 MSSQL$SQLEXPRESS
AOLDial.exe 524 N/A
AOLSP Scheduler.exe 568 N/A
dslstat.exe 596 N/A
dslagent.exe 668 N/A
fts.exe 132 N/A
MpfTray.exe 1256 N/A
ctfmon.exe 1800 N/A
MpfAgent.exe 2084 N/A
alg.exe 3324 ALG
AcroRd32.exe 3920 N/A
=====] Process Analysis - Currently running Service based Processes:
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
InCDsrv.exe 1076 Console 0 1,520 K
AOLacsd.exe 1860 Console 0 2,200 K
defwatch.exe 1908 Console 0 944 K
ewidoctrl.exe 1940 Console 0 1,708 K
inetinfo.exe 1956 Console 0 6,312 K
mdm.exe 1984 Console 0 2,764 K
MpfService.exe 2024 Console 0 2,260 K
sqlservr.exe 188 Console 0 1,516 K
AOLDial.exe 524 Console 0 1,660 K
AOLSP Scheduler.exe 568 Console 0 428 K
dslstat.exe 596 Console 0 696 K
dslagent.exe 668 Console 0 232 K
fts.exe 132 Console 0 1,048 K
MpfTray.exe 1256 Console 0 1,228 K
ctfmon.exe 1800 Console 0 1,440 K
MpfAgent.exe 2084 Console 0 724 K
alg.exe 3324 Console 0 2,616 K
AcroRd32.exe 3920 Console 0 6,468 K
[====================] End of Log [====================]
Reply With Quote