SystemLook 30.07.11 by jpshortstuff
Log created at 19:53 on 15/04/2014 by Małgorzata
Administrator - Elevation successful

========== filefind ==========

Searching for "appmgr.dll"
C:\Windows\SysWOW64\appmgr.dll	--a---- 295936 bytes	[09:21 23/03/2014]	[01:11 14/04/2008] 76422D781C0FBBB368F8559DC12A39B1
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-appmgr_31bf3856ad364e35_6.1.7601.17514_none_58df6170cc98ffe6\appmgr.dll	--a---- 479232 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] DDA6773DACE0774160AAA927ECF8ADCD
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-appmgr_31bf3856ad364e35_6.1.7601.17514_none_fcc0c5ed143b8eb0\appmgr.dll	--a---- 339968 bytes	[03:25 21/11/2010]	[03:25 21/11/2010] F68878CF6A7EA29EACEAD49A268FC447

Searching for "fde.dll"
C:\FRST\Quarantine\C\Windows\SysWOW64\GPBAK\fde.dll	--a---- 124416 bytes	[09:21 23/03/2014]	[03:24 21/11/2010] B70B2E022318E7EF942EEAC7126E6972
C:\Pliki\fde.dll	--a---- 124416 bytes	[08:54 15/04/2014]	[12:19 20/11/2010] B70B2E022318E7EF942EEAC7126E6972
C:\Windows\System32\fde.dll	--a---- 171520 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] 0A98C4E4975F5D735F8361FFEBF2793D
C:\Windows\SysWOW64\fde.dll	--a---- 124416 bytes	[03:24 21/11/2010]	[12:19 20/11/2010] B70B2E022318E7EF942EEAC7126E6972
C:\Windows\winsxs\amd64_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_063200e5724abc1a\fde.dll	--a---- 171520 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] 0A98C4E4975F5D735F8361FFEBF2793D

Searching for "fdeploy.dll"
C:\FRST\Quarantine\C\Windows\SysWOW64\GPBAK\fdeploy.dll	--a---- 59904 bytes	[09:21 23/03/2014]	[03:24 21/11/2010] 6F241D9C35D157A376003CDEF2E26CAE
C:\Pliki\fdeploy.dll	--a---- 59904 bytes	[08:54 15/04/2014]	[12:19 20/11/2010] 6F241D9C35D157A376003CDEF2E26CAE
C:\Windows\System32\fdeploy.dll	--a---- 72192 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] E5E13FCBD1D247BF4CCD8BE3C7D8A5EA
C:\Windows\SysWOW64\fdeploy.dll	--a---- 59904 bytes	[03:24 21/11/2010]	[12:19 20/11/2010] 6F241D9C35D157A376003CDEF2E26CAE
C:\Windows\winsxs\amd64_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_3ddb97ac675ddf20\fdeploy.dll	--a---- 72192 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] E5E13FCBD1D247BF4CCD8BE3C7D8A5EA

Searching for "gptext.dll"
C:\FRST\Quarantine\C\Windows\SysWOW64\GPBAK\gptext.dll	--a---- 18944 bytes	[09:21 23/03/2014]	[01:15 14/07/2009] BE331669F6FBDDD153AB4F0BDAC165CA
C:\Pliki\gptext.dll	--a---- 18944 bytes	[08:54 15/04/2014]	[01:15 14/07/2009] BE331669F6FBDDD153AB4F0BDAC165CA
C:\Windows\System32\gptext.dll	--a---- 22528 bytes	[23:50 13/07/2009]	[01:40 14/07/2009] 7762386362DC5E1971DC61CC98369A98
C:\Windows\SysWOW64\gptext.dll	--a---- 18944 bytes	[23:34 13/07/2009]	[01:15 14/07/2009] BE331669F6FBDDD153AB4F0BDAC165CA
C:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_9344be31a8b7d6bd\gptext.dll	--a---- 22528 bytes	[23:50 13/07/2009]	[01:40 14/07/2009] 7762386362DC5E1971DC61CC98369A98

Searching for "gpedit.dll"
C:\FRST\Quarantine\C\Windows\SysWOW64\GPBAK\gpedit.dll	--a---- 951808 bytes	[09:21 23/03/2014]	[01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Pliki\gpedit.dll	--a---- 951808 bytes	[08:54 15/04/2014]	[01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Windows\System32\gpedit.dll	--a---- 1000960 bytes	[23:54 13/07/2009]	[01:40 14/07/2009] CC532E5812B1ED7C24AFDAA8EFB8DBF3
C:\Windows\SysWOW64\gpedit.dll	--a---- 951808 bytes	[23:38 13/07/2009]	[01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_2a271e3c7e986f2c\gpedit.dll	--a---- 1000960 bytes	[23:54 13/07/2009]	[01:40 14/07/2009] CC532E5812B1ED7C24AFDAA8EFB8DBF3

Searching for "gpedit.msc"
C:\Windows\System32\gpedit.msc	--a---- 34871 bytes	[10:22 23/03/2014]	[12:00 23/08/2001] C9AD01520798DC5CD144C2DCE97657C3
C:\Windows\SysWOW64\gpedit.msc	--a---- 34871 bytes	[09:21 23/03/2014]	[12:00 23/08/2001] C9AD01520798DC5CD144C2DCE97657C3
C:\Windows\winsxs\amd64_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.1.7600.16385_none_ccd7905990f3c9d2\gpedit.msc	--a---- 147439 bytes	[21:44 13/07/2009]	[20:47 10/06/2009] 6C054DA115C2CA2C523ABD159ED7814B
C:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_061cea2d58306e62\gpedit.msc	--a---- 147456 bytes	[13:21 12/04/2011]	[13:21 12/04/2011] B917A2342A22D7ACD06867D1D3C4D659
C:\Windows\winsxs\x86_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.1.7600.16385_none_70b8f4d5d896589c\gpedit.msc	--a---- 147439 bytes	[21:53 13/07/2009]	[21:28 10/06/2009] 6C054DA115C2CA2C523ABD159ED7814B
C:\Windows\winsxs\x86_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_a9fe4ea99fd2fd2c\gpedit.msc	--a---- 147456 bytes	[13:21 12/04/2011]	[13:21 12/04/2011] B917A2342A22D7ACD06867D1D3C4D659

Searching for "KernelBase.dll"
C:\Users\Małgorzata\AppData\Local\Temp\KernelBase.dll	--a---- 274944 bytes	[17:08 09/04/2014]	[17:06 09/04/2014] 1B7343C3765638D4D17CB925F84F8ABE
C:\Windows\System32\KernelBase.dll	--a---- 424448 bytes	[17:36 18/01/2014]	[02:13 02/08/2013] B22C00ED0491FD7B8803D7DDE2849F4C
C:\Windows\SysWOW64\KernelBase.dll	--a---- 274944 bytes	[17:36 18/01/2014]	[01:50 02/08/2013] 1B7343C3765638D4D17CB925F84F8ABE
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb\KernelBase.dll	--a---- 419840 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] DA68C291B4EF2DEC9C5963266BCAE454
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17617_none_852b8086cb30e407\KernelBase.dll	--a---- 421888 bytes	[18:44 18/01/2014]	[18:44 18/01/2014] 8F3F2B1F6027B6FAA5E2CDE5C1468153
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17932_none_8510e4eecb4594ab\KernelBase.dll	--a---- 424448 bytes	[18:47 18/01/2014]	[18:47 18/01/2014] CF0997050DB2B359D7F4103092296A1B
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17965_none_84f37608cb5b3483\KernelBase.dll	--a---- 424960 bytes	[17:37 18/01/2014]	[17:41 04/10/2012] 6F2E324703E6D22B9934C33DA48F1F01
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18015_none_85295dc6cb32dc10\KernelBase.dll	--a---- 424448 bytes	[17:36 18/01/2014]	[05:41 30/11/2012] 1F56F209585F350A5666E3CC7931FD67
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18229_none_852292cecb3757ab\KernelBase.dll	--a---- 424448 bytes	[17:36 18/01/2014]	[02:13 02/08/2013] B22C00ED0491FD7B8803D7DDE2849F4C
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.21728_none_85ab4dafe455b919\KernelBase.dll	--a---- 421376 bytes	[18:44 18/01/2014]	[18:44 18/01/2014] D2B6D1D7BF067FD928BE6C743936168F
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22091_none_85587823e494f8df\KernelBase.dll	--a---- 424960 bytes	[18:47 18/01/2014]	[18:47 18/01/2014] AFAC934B9872FFAB8EC6D633351CE6C5
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22125_none_85a82aa5e45897cb\KernelBase.dll	--a---- 424960 bytes	[17:37 18/01/2014]	[17:37 04/10/2012] F141171E61C46AA18F6E0CCB9ADC5BBE
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22177_none_85741b9de47f562e\KernelBase.dll	--a---- 424448 bytes	[17:36 18/01/2014]	[05:52 30/11/2012] 6072F9B801FD361ABCDD2A2C6D39D106
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22411_none_85aeff1be4540df3\KernelBase.dll	--a---- 424448 bytes	[17:36 18/01/2014]	[06:22 02/08/2013] F99AD1793B230CCA0A1BBE1893D7AE62
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22436_none_859e60b5e45fc488\KernelBase.dll	--a---- 424448 bytes	[17:31 18/01/2014]	[02:19 29/08/2013] 24F7C956C7AF8B42CF939FF64C97483F
C:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22616_none_85b40459e44f86f4\KernelBase.dll	--a---- 421376 bytes	[05:51 09/04/2014]	[11:08 04/03/2014] 68AE26D0AC41E6CA10AC7B4582CEBD5B
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_8f7d2814ff945cd6\KernelBase.dll	--a---- 269824 bytes	[03:24 21/11/2010]	[03:24 21/11/2010] 61EABC3358D869519D851B08C8FA512D
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17617_none_8f802ad8ff91a602\KernelBase.dll	--a---- 272384 bytes	[18:44 18/01/2014]	[18:44 18/01/2014] 8B93EBD0681D84C41CE71FA218BE884E
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17932_none_8f658f40ffa656a6\KernelBase.dll	--a---- 274944 bytes	[18:47 18/01/2014]	[18:47 18/01/2014] 53BB811ED12D2C867B354390FABF9612
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17965_none_8f48205affbbf67e\KernelBase.dll	--a---- 274944 bytes	[17:37 18/01/2014]	[16:47 04/10/2012] 0978C2B33BDD0A7E6C563AA337DC8BA0
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18015_none_8f7e0818ff939e0b\KernelBase.dll	--a---- 274944 bytes	[17:36 18/01/2014]	[04:53 30/11/2012] E954A79D6A754A5475582CACED1565E6
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18229_none_8f773d20ff9819a6\KernelBase.dll	--a---- 274944 bytes	[17:36 18/01/2014]	[01:50 02/08/2013] 1B7343C3765638D4D17CB925F84F8ABE
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.21728_none_8ffff80218b67b14\KernelBase.dll	--a---- 272384 bytes	[18:44 18/01/2014]	[18:44 18/01/2014] F67CA813AD0928D18F3D6CE366D1B6A9
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22091_none_8fad227618f5bada\KernelBase.dll	--a---- 274944 bytes	[18:47 18/01/2014]	[18:47 18/01/2014] EAAAAAB00BCC4528552A218CA4FAC645
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22125_none_8ffcd4f818b959c6\KernelBase.dll	--a---- 275456 bytes	[17:37 18/01/2014]	[16:36 04/10/2012] 73E19DCCD1AFAC2F06A66FD476C850D6
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22177_none_8fc8c5f018e01829\KernelBase.dll	--a---- 275456 bytes	[17:36 18/01/2014]	[04:57 30/11/2012] EC10F0E7278272E392190292DD6324E0
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22411_none_9003a96e18b4cfee\KernelBase.dll	--a---- 275456 bytes	[17:36 18/01/2014]	[05:55 02/08/2013] 55778CD85B499203AFE8ADA65BA4CFF7
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22436_none_8ff30b0818c08683\KernelBase.dll	--a---- 275456 bytes	[17:31 18/01/2014]	[01:57 29/08/2013] 0E391CCD2FA253F7765524B2BD926D2A
C:\Windows\winsxs\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.22616_none_9008aeac18b048ef\KernelBase.dll	--a---- 275456 bytes	[05:51 09/04/2014]	[10:38 04/03/2014] F9236769DACF16F3FDE6325941D6A93A

========== dir ==========

C:\Windows\PolicyDefinitions - Parameters: "/s"

---Files---
DeviceRedirection.admx	--a---- 2391 bytes	[20:50 10/06/2009]	[20:50 10/06/2009]
EnhancedStorage.admx	--a---- 5097 bytes	[20:40 10/06/2009]	[20:40 10/06/2009]
InetRes.adml	--a---- 530642 bytes	[10:40 23/03/2014]	[21:28 18/01/2014]
inetres.admx	--a---- 1663755 bytes	[06:12 10/04/2014]	[06:02 01/02/2014]
NCSI.admx	--a---- 3615 bytes	[20:34 10/06/2009]	[20:34 10/06/2009]
RacWmiProv.admx	--a---- 1273 bytes	[21:08 10/06/2009]	[21:08 10/06/2009]
ReAgent.admx	--a---- 1236 bytes	[20:52 10/06/2009]	[20:52 10/06/2009]
sdiageng.admx	--a---- 2519 bytes	[20:48 10/06/2009]	[20:48 10/06/2009]
sdiagschd.admx	--a---- 2027 bytes	[20:49 10/06/2009]	[20:49 10/06/2009]
Search.admx	--a---- 43882 bytes	[20:34 10/06/2009]	[20:34 10/06/2009]
ShapeCollector.admx	--a---- 1187 bytes	[21:08 10/06/2009]	[21:08 10/06/2009]
Terminalserver-WinIP.admx	--a---- 8056 bytes	[06:48 05/02/2014]	[06:48 05/02/2014]
WindowsMediaDRM.admx	--a---- 1254 bytes	[22:28 13/07/2009]	[21:01 10/06/2009]
WindowsMediaPlayer.admx	--a---- 22974 bytes	[22:28 13/07/2009]	[21:01 10/06/2009]

C:\Windows\PolicyDefinitions\en-US	d------	[05:37 14/07/2009]
InetRes.adm1	--a---- 436935 bytes	[10:49 23/03/2014]	[21:27 18/01/2014]
InetRes.adml	--a---- 439643 bytes	[06:12 10/04/2014]	[23:49 26/03/2014]

C:\Windows\PolicyDefinitions\pl-PL	d------	[13:21 12/04/2011]
DeviceRedirection.adml	--a---- 3520 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
EnhancedStorage.adml	--a---- 7451 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
InetRes.adml	--a---- 537554 bytes	[06:12 10/04/2014]	[23:56 26/03/2014]
NCSI.adml	--a---- 5180 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
RacWmiProv.adml	--a---- 1133 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
ReAgent.adml	--a---- 2114 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
sdiageng.adml	--a---- 4256 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
sdiagschd.adml	--a---- 2989 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
Search.adml	--a---- 66156 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
ShapeCollector.adml	--a---- 1989 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
TerminalServer-WinIP.adml	--a---- 10766 bytes	[06:48 05/02/2014]	[06:48 05/02/2014]
WindowsMediaDRM.adml	--a---- 2238 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]
WindowsMediaPlayer.adml	--a---- 24689 bytes	[13:21 12/04/2011]	[13:21 12/04/2011]

C:\Windows\system32\GroupPolicy - Parameters: "/s"

---Files---
GPT.INI	--a---- 127 bytes	[10:15 23/03/2014]	[10:26 23/03/2014]

C:\Windows\system32\GroupPolicy\adm	d------	[10:20 23/03/2014]
admfiles.ini	--ah--- 53 bytes	[10:20 23/03/2014]	[09:33 23/03/2014]
conf.adm	--a---- 40282 bytes	[10:20 23/03/2014]	[06:56 24/07/2009]
inetres.adm	--a---- 1431144 bytes	[10:20 23/03/2014]	[06:57 24/07/2009]
system.adm	--a---- 1744202 bytes	[10:20 23/03/2014]	[06:56 24/07/2009]
wmplayer.adm	--a---- 67374 bytes	[10:20 23/03/2014]	[09:45 17/07/2004]
wuau.adm	--a---- 40856 bytes	[10:20 23/03/2014]	[09:47 17/07/2004]

C:\Windows\system32\GroupPolicy\Machine	d------	[09:33 23/03/2014]
Registry.pol	--a---- 8 bytes	[10:15 23/03/2014]	[10:26 23/03/2014]

C:\Windows\system32\GroupPolicy\User	d------	[09:33 23/03/2014]

C:\Windows\SysWOW64\GroupPolicy - Parameters: "/s"

---Files---
gpt.ini	--a---- 39 bytes	[09:33 23/03/2014]	[13:41 23/03/2014]

C:\Windows\SysWOW64\GroupPolicy\adm	d------	[09:21 23/03/2014]
admfiles.ini	---h--- 53 bytes	[09:33 23/03/2014]	[09:33 23/03/2014]
conf.adm	--a---- 40282 bytes	[09:21 23/03/2014]	[06:56 24/07/2009]
inetres.adm	--a---- 1431144 bytes	[09:21 23/03/2014]	[06:57 24/07/2009]
system.adm	--a---- 1744202 bytes	[09:21 23/03/2014]	[06:56 24/07/2009]
wmplayer.adm	--a---- 67374 bytes	[09:21 23/03/2014]	[09:45 17/07/2004]
wuau.adm	--a---- 40856 bytes	[09:21 23/03/2014]	[09:47 17/07/2004]

C:\Windows\SysWOW64\GroupPolicy\Machine	d------	[13:41 23/03/2014]

C:\Windows\SysWOW64\GroupPolicy\Machine\Scripts	d------	[13:41 23/03/2014]

C:\Windows\SysWOW64\GroupPolicy\Machine\Scripts\Shutdown	d------	[13:41 23/03/2014]

C:\Windows\SysWOW64\GroupPolicy\Machine\Scripts\Startup	d------	[13:41 23/03/2014]

-= EOF =-