SystemLook 30.07.11 by jpshortstuff Log created at 16:29 on 12/06/2012 by 0wocowka Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (No values found) [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] "ThreadingModel"="Both" @="C:\Documents and Settings\0wocowka\Ustawienia lokalne\Dane aplikacji\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="\\.\globalroot\systemroot\Installer\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shdocvw.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe --a--c- 111104 bytes [13:49 09/02/2012] [09:55 09/02/2009] 245A46964D7F534E1D20563ACF215E80 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe --a--c- 111104 bytes [13:49 09/02/2012] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a--c- 111104 bytes [13:49 09/02/2012] [11:19 09/02/2009] 8816E60BF654353E8E0D35ED98875445 C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 111104 bytes [07:38 10/02/2012] [10:10 09/02/2009] ED4E5391100287B9EABF8F2CF4B42235 C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 109056 bytes [07:53 10/02/2012] [17:21 14/04/2008] 3E3AE424E27C4CEFE4CAB368C7B570EA C:\WINDOWS\$NtUninstallKB956572_0$\services.exe -----c- 108544 bytes [21:20 09/02/2012] [12:00 02/03/2006] 3DA8D964D2CC12EF8E8C342471A37917 C:\WINDOWS\ServicePackFiles\i386\services.exe -----c- 109056 bytes [17:21 14/04/2008] [17:21 14/04/2008] 3E3AE424E27C4CEFE4CAB368C7B570EA C:\WINDOWS\system32\services.exe --a---- 111104 bytes [12:00 02/03/2006] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F C:\WINDOWS\system32\dllcache\services.exe -----c- 111104 bytes [13:49 09/02/2012] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F ========== regfind ========== Searching for "{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}" [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] @="C:\Documents and Settings\0wocowka\Ustawienia lokalne\Dane aplikacji\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="\\.\globalroot\systemroot\Installer\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." [HKEY_USERS\S-1-5-21-2025429265-1645522239-682003330-1004\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] @="C:\Documents and Settings\0wocowka\Ustawienia lokalne\Dane aplikacji\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." [HKEY_USERS\S-1-5-21-2025429265-1645522239-682003330-1004_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] @="C:\Documents and Settings\0wocowka\Ustawienia lokalne\Dane aplikacji\{5cb26a82-49ea-45d7-4d3b-52b8ad1cf5c9}\n." -= EOF =-